topleft
topright

CIOZone Experts

Opinions and views from expert CIOZone members.


Mar 18
2010

Hack Attack Disables More Than 100 Cars

Posted by meggebrecht in Webtech PlusTexas Auto CenterPay TechnologiesPassword PracticesIT Security

meggebrecht

I'm willing to bet that most IT security experts aren't talking about used cars when they warn of the dangers of disgruntled former employees.

But it was used car owners -- and the car dealership's reputation -- that suffered when the employee in this case, Omar Ramos-Lopez of Austin, Texas, allegedly hacked into his ex-employer's Web-based vehicle immobilization system and disabled more than 100 cars, or made their horns honk for hours.

On Wednesday, KXAN.com of Austin said that Ramos-Lopez, who was laid off by Texas Auto Center in February, was arrested by police for breaching the system. Wired reported that Ramos-Lopez was accused of accessing the Web-based service using the credentials of a current employee.

The system, Webtech Plus, which was operated for the dealership by a company called Pay Technologies, is used to disable cars when their owners fail to make payments. A little black box, Webtech Plus fits snugly under the dashboard.

When Texas Auto Center started to get a flood of customer complaints in late February, it dismissed the problem as a mechanical failure, according to the dealer's manager, Martin Garcia. Some customers whose horns started honking in the middle of the night, he told Wired, had to remove their batteries to stop the noise.

Eventually, the passwords for all of the dealership's accounts had to be reset to put an end to the chaos. The police reportedly tracked down Ramos-Lopez by tracing an IP address they found in Pay Technologies' access logs.

Ramos-Lopez may have been playing with the system for some time. Earlier in the month, the dealership began to notice that someone was logging on and changing customers' names -- including swapping the name on one account to Tupac Shakur, according to AP.

Jeremy Norton, a controller at the dealership, told AP that his employer is "taking extra measures to make sure this never happens again."

If nothing else, the incident shows how important it is to use good password practices, no matter what business your organization is in.
Comments (1)Add Comment
Sean Wilkins
...
written by Sean Wilkins, March 20, 2010
Honestly, I am surprised this is the first time this has happened and gotten so much press attention. With the network being extended to so many different everyday devices it it not that far down the road that a families HVAC be hacked and their car stolen simply through a click of the mouse.

-sean

Write comment
You must be logged in to post a comment. Please register if you do not have an account yet.

busy




White Paper Library

Copyright © 2007-2014 CIOZones. All Rights Reserved. CIOZone is a property of PSN, Inc.