I'm willing to bet that most IT security experts aren't talking about used cars when they warn of the dangers of disgruntled former employees.
But it was used car owners -- and the car dealership's reputation -- that suffered when the employee in this case, Omar Ramos-Lopez of Austin, Texas, allegedly hacked into his ex-employer's Web-based vehicle immobilization system and disabled more than 100 cars, or made their horns honk for hours.
On Wednesday, KXAN.com of Austin said that Ramos-Lopez, who was laid off by Texas Auto Center in February, was arrested by police for breaching the system. Wired reported that Ramos-Lopez was accused of accessing the Web-based service using the credentials of a current employee.
The system, Webtech Plus, which was operated for the dealership by a company called Pay Technologies, is used to disable cars when their owners fail to make payments. A little black box, Webtech Plus fits snugly under the dashboard.
When Texas Auto Center started to get a flood of customer complaints in late February, it dismissed the problem as a mechanical failure, according to the dealer's manager, Martin Garcia. Some customers whose horns started honking in the middle of the night, he told Wired, had to remove their batteries to stop the noise.
Eventually, the passwords for all of the dealership's accounts had to be reset to put an end to the chaos. The police reportedly tracked down Ramos-Lopez by tracing an IP address they found in Pay Technologies' access logs.
Ramos-Lopez may have been playing with the system for some time. Earlier in the month, the dealership began to notice that someone was logging on and changing customers' names -- including swapping the name on one account to Tupac Shakur, according to AP.
Jeremy Norton, a controller at the dealership, told AP that his employer is "taking extra measures to make sure this never happens again."If nothing else, the incident shows how important it is to use good password practices, no matter what business your organization is in.