One of the pumps at a Detroit area gas station was attacked by hackers recently. The compromised pump gave away more than 600 gallons of gas — worth roughly $1800 — while it was under their control.
The attack wasn’t launched under cover of darkness, either. It happened in broad daylight at 1:00 PM.
How is that possible? According to investigators, the attackers utilized a device that allowed them to remotely block the attendant’s control of the pump.
According to a report filed by Fox 2 Detroit, a total of 10 cars utilized the pump during the 90-minute hack. Investigators don’t know yet whether all of the vehicles were aware that they were involved in the high-tech gas heist. The hack made it impossible for station attendant Aziz Awadh to command the pump from a dedicated console.
In an interview with Fox 2, Awadh said “I tried to stop it, but it didn’t work. I tried to stop it here from the screen, but the screen’s not working.” Awadh was forced to use an emergency shutdown kit to cut off the pump. Investigators have reviewed the station’s surveillance footage and police are in the process of tracking down at least two suspects.
Gas station pumps are frequently targeted by criminals, but they’re generally after customers’ payment card numbers and PINs. Cyber thieves steal them by attaching so-called skimmers to a pumps’ credit card terminal.
Another attack forced customers to pay for gas that never even made it into their vehicles’ tanks. A Russian hacker developed malware that redirected gas that should’ve been pumped into vehicles into empty holding tanks at the stations. Station owners were then free to re-sell the gas and boost their profits. The malware assisted with that part of the process, too, by making sure that fill-ups with the ill-gotten fuel looked perfectly normal.