Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

GasPot Experiment: Unexamined Perils in Using Gas-Tank-Monitoring Systems

TrendMicro Report, Kyle Wilhoit and Stephen Hilt Forward-Looking Threat Research (FTR) Team: “…In places like the United States (US) and others worldwide, gas stations are primarily privately owned. Some business owners can be described as independent, tech-savvy, and modern. Gas retailers are aware of the risks tied to their business and so heavily invest in equipment that allow them to remotely monitor and manage gas levels to avoid industrial accidents. An explosion of any kind is considered dangerous. Physical damages can have an irreversible impact on a business’s bottom line or the business itself, if an explosion is sufficiently large enough to deplete its assets. For some months now, several Guardian AST gas-tank-monitoring systems have suffered electronic attacks, possibly instigated by hacktivist groups like Anonymous. Successful attacks can affect inventory control, data gathering, and delivery tracking, in turn impacting the availability of gasoline in local stations. To better understand the current gas-tank-monitoring system attack landscape, we developed a way to simulate the existence of these devices to check whether threat actors will find them venues attractive enough to go after. We created virtualized Guardian AST tank-monitoring systems, complete with function and input/output (I/O) controls and other features, that make attackers believe they are real. These are essentially gas- tank-monitoring system honeypots, hence the nickname, “GasPot.” We observed the attacks and watched what the attackers did, essentially gathering intelligence on the nefarious actors. Unlike previous Trend Micro honeypot-deployment projects, which only focused on critical infrastructure, this research features attacks against noncritical industrial control systems (ICS). It was interesting to see if attackers consciously stayed away from more visible critical infrastructures due to legal ramifications. Attacks against noncritical devices that can’t cause as much large-scale harm could serve as practice for more damaging attacks…”

Sorry, comments are closed for this post.