Russia gas station equipment infected with malware, hacking illegally hundreds of millions of rubles

According to threatpost, on January 21, the Russian Federal Security Service (FSB) found that hackers are implementing a fraud scheme of gas station equipment, designed to use malicious programs installed on electronic tanker to achieve a 3% reduction per gallon when pumping gasoline To 7% of the purpose, so that customers pay more than the actual amount of fuel purchased. Currently, FSB has arrested the author of the development of malicious programs and involved dozens of gas station employees involved in the fraud.

According to several media reports in Russia, the FSB arrested hacker Denis Zayev in Stavropol, Russia on Saturday, allegations that it has developed several malware programs and sold them to gas station employees for fraudulent consumer use. This malware is currently only found at gas stations in southern Russia.

At the trial, Zayev admitted that gas station employees had split up on the extra money that consumers had paid. In addition, according to FSB’s speculation, the fraud plan may have brought it “hundreds of millions of rubles (1 renminbi equals 8.99 rubles)”.

The FSB said malware cannot only display fake data on tankers but also allow gas station employees to reduce fuel consumption by 3% to 7% per gallon for customers pumping gasoline, as well as registering errors in cash registers and back-end systems. Even more subtle, Zayev’s malware obscures gas-related sales figures from petrol stations. As a result, inspectors and oil companies that remotely monitor gasoline stocks find it harder to detect fraud.

In recent years, hacker incidents for gas stations are not uncommon:

Back in 2014, New York State authorities accused 13 men of using Bluetooth-enabled skimmers to steal more than $2 million in southern U.S. consumers between 2012 and 2013.

In 2015, black hat presentations by researchers Kyle Wilhoit and Stephen Hilt underscored the growing danger of the Internet monitoring system in the United States. They warn that the exposed SCADA system could cause malicious personnel to launch a DDoS attack on the tanker, damaging the car’s engine by recording incorrect fill-in data and manipulating the tanker to provide diesel rather than lead-free gasoline.

Source: ThreatPost