At least one networked gas pump in the United States has been manipulated by an intruder who left the motto of the hacktivist group Anonymous.
“It became apparent that an attacker had modified one of these pump-monitoring systems in the U.S. This pump system was found to be Internet facing with no implemented security measures. The pump name was changed from “DIESEL” to “WE_ARE_LEGION.” The group Anonymous often uses the slogan “We Are Legion,” which might shed light on possible attributions of this attack. But given the nebulous nature of Anonymous, we can’t necessarily attribute this directly to the group,” states a report documenting the incident by security firm Trend Micro.
Researchers came upon the device by using the search engine Shodan, aka ‘Google for devices’, which draws up lists of Internet-facing machines, including video cameras, infrastructure monitoring equipment and critical interfaces such as traffic light control systems.
This sort of vulnerability is unique to America, since the United States contains 98.350 percent of the world’s internet-facing gas pump control mechanisms, with Canada a distant second at 0.528 percent.
Besides Shodan, attackers also use the port-mapping tool Nmap to identify vulnerable devices.
The Guardian AST monitoring system, a type of automated tank gauge (ATG), was the device targeted in this instance.
The Register reports that such gauges “can typically be programmed and monitored through a built-in serial port, a plug-in serial port, a fax/modem, or a TCP/IP circuit board. In order to facilitate remote monitoring over the internet, ATG serial interfaces are often mapped to an internet-facing port. This opens door to potential trouble, especially since serial interfaces are rarely password protected.”