Unknown hackers hit Gas Pump Monitoring Systems in the US

Pierluigi Paganini February 11, 2015

Researchers from Trend Micro discovered that unknown hackers have compromised  Gas Pump Monitoring Systems in the US … it’s security emergency.

Researchers at Trend Micro and many other security firms have observed a significant increase in the number of cyber attacks against systems in oil and energy industries. Another worrying trend observed by the experts is the attention of crooks in Gas Pump Monitoring Systems, experts at Trend Micro have collected evidence of cyber attacks against these devices.

The investigation follows the recent discovery related the vulnerability to cyber attack of more than 5,300 gas stations in the United States. The vulnerability that could be exploited by threat actors to remotely shut down gas stations resides in the automatic tank gauges (ATGs) used to control parameters (i.e. level, temperature) of fuel tanks.

The research conducted by HD Moore of Rapid7 revealed that the Automated tank gauges (ATGs) manufactured by Veeder-Root are vulnerable to remote cyber attacks, but fortunately hackers haven’t yet exploited the vulnerabilities in the wild.

According to Trend Micro Senior Threat Researcher Kyle Wilhoit, the company discovered that bad actors have compromised a pump-monitoring system in the U.S. that was exposed on the internet without proper security measures.

“The Guardian AST Monitoring System is a device designed to monitor inventory, pump levels, and assorted values of pumping systems typically found in gas stations,” he explained. “The pump systems support a variety of products and data points to monitor within the device, which are often easily accessed through the Internet. These are typically deployed online for easy remote monitoring and management of gas providers.” wrote Wilhoit in a blog post.

Unfortunately, it is quite easy to discover gas pump monitoring systems exposed online by using a search engine like Shodan, and is just as easy for a hacker to compromise these devices by exploiting known vulnerabilities.

gas pump research with Shodan

The investigators adopted the same methods to uncover gas pump monitoring systems exposed on the Internet which present evidence of compromise.

The experts consider an attack against pump monitoring system a serious event due to possible damages that it could cause.

“An outage of these pump monitoring systems, while not catastrophic, could cause serious data loss and supply chain problems,” he blogged. “For instance, should a volume value be misrepresented as low, a gasoline truck could be dispatched to investigate low tank values. Empty tank values could also be shown full, resulting in gas stations have no fuel.”

According to the analysis conducted by Trend Micro, the query run on the Shodan search engine revealed that 1,515 gas pump monitoring devices were accessible online, and the bad news is that all are lacking security measures.

“Overall statistics derived from Shodan are concerning. At the time of writing, there were over 1,515 gas pump monitoring devices Internet exposed worldwide, all of them lacking security measures that prevent access by unauthorized entities. The U.S. accounts for 98% of Internet-facing devices.” states the post.

Blocked Domains

The experts also made the following interesting discoveries:

  • Attackers have been using Nmap port-scanning tool on Port 10001.
  • “The pump name was changed from “DIESEL” to “WE_ARE_LEGION,”

I desire to spend a few words on this second point, Anonymous has no reason to hit gas pump monitoring systems, the collective does not hit with the intent to harm to people.

“The pump name was changed from “DIESEL” to “WE_ARE_LEGION,”” Wilhoit noted. “The group Anonymous often uses the slogan “We Are Legion,” which might shed light on possible attributions of this attack. But given the nebulous nature of Anonymous, we can’t necessarily attribute this directly to the group.”

The study conducted by Trend Micro revealed that not only gas pump system is vulnerable to cyber attacks, every Internet-facing devices are actually being targeted by bad actors.

Today someone has changed the pump name blaming Anonymous… what will happen tomorrow?

(Security Affairs –  Gas pump monitoring systems, hacking)



you might also like

leave a comment