Mideast hackers target US gas pumps

Washington

Hackers from Syria and Iran are on the prowl to hold a neighbourhood or city's gasoline supply up for ransom, or, worse, cause it to spill and explode, with Washington being high on the target list, according to a new report.

The report, issued over the weekend by a group of digital security sleuths, found that a number of groups, including the notorious Syrian Electronic Army — known for hacking news groups — are looking for soft targets they can take control of easily through the Internet, and use to cause a variety of mayhem. The report shows that retail gasoline stations offer such opportunities, with recent targets showing up in the nation's capital.

The cyber security company Trend Micro compiled its attempts to lure would-be hackers out into the open with digital honeypots, or in this case "GasPots," to see how bad actors conduct "reconnaissance" and sabotage over the web.

It turns out that the GasPots attracted the largest number of attempted hacks in the United States, including at a GasPot set up in Washington. The GasPots mimic the electronic control servers that retail gasoline networks use to monitor their tank levels, as well as control pressure settings and gas pumps.

Trend Micro said these automatic tank-gauging systems are easy targets. Most retail stations, or their networks, do not use any security software or protocols in using them, according to the white paper.

For instance, Trend Micro found that a "pro-Iran group" known as the Iranian Dark Coders Team hacked into a GasPot in Jordan, changing tank names to include the name of their group. More serious attacks were perpetrated against GasPots in the U.S. Allegedly the Syrian Electronic Army used one such spot in a more serious denial-of-service attack, which hackers use to bring down servers and networks.