Russian Hacker Pwns Gas Pumps with Malicious Code

Russian Hacker Pwns Gas Pumps with Malicious Code
The Siliconreview
29 January, 2018

Hacking in the present era is not just about taking control of computer systems and digital networks – it has reached a whole new level of mastery.

The Russian authorities have taken down a widespread campaign of duping gas consumers. The campaign involved dozens of gas-station employees who used specially designed software on their electronic gas pumps to dupe customers into paying for more fuel than they actually pumped into their tank. The software was predominantly found on gas stations located throughout the south of Russia.

On last Saturday, Federal Security Service (FSB) has arrested a hacker named Denis Zayev in Stavropol, Russia. Denis was accused of developing software programs designed to trick gas customers and selling them to rogue gas-station employees. Having created a notorious virus, Denis Zayev often acted as a seller of a malicious program and sometimes as a co-owner of a channel of fuel theft. Also, Denis used to receive a share from stolen funds which were about hundreds of millions of rubles.

How does the malicious software work?

Every morning, employees of the compromised gas station leave one of the reservoirs empty under a plausible pretext. Then, when a customer makes a purchase, the malicious program automatically undercharges the consumer from 3-to-7 percent of the amount of gasoline purchased. At the same time, the meter on the column and all the accounting programs shows that the entire volume of paid fuel was poured into the tank. And the stolen fuel goes automatically to the tank left empty in the morning. When the tank gets filled with enough gasoline, it gets into the market, and the nasty malicious program helps not to display any transaction data in the cash register system. The left precedes gets withdrawn and the participants in the fraudulent shares it among themselves.