An insidious threat hangs over a critical but little-known infrastructure in the United States: security systems. automatic tank gauging (ATG). These devices, which remotely monitor the levels and temperature of the tanks, are now in the sights of cybercriminals. Faced with the increase in intrusions, a collective of American government agencies, including CISA, launched a joint alert to underline the seriousness of the situation and the risk of significant disruptions.
How do these vital systems become so vulnerable?
The fundamental problem lies in a safety negligence blatant. Many automatic fuel gauging systems are directly connected to the internet without any protection adequate. The situation is made worse by the use of default passwords, never changed, or rudimentary access codes, such as a simple string of six digits, which modern tools can easily bypass.
This is not a surprise, however. As early as 2015, security researchers sounded the alarm. More recently, in October 2023, an analysis revealed no fewer than 11 critical vulnerabilities across several ATG models. Despite these repeated warnings, more than 6,500 systems remained exposed. Attackers thus exploit gaping faultssuch as authentication bypass or command injection, to take the total control devices.
What are the concrete consequences of these hacks?
Once a hacker has penetrated the system, there are many possibilities for harm. The perpetrators of these cyberattacks can discreetly modify inventory values to disrupt supply, delete vital information on tanks or even trigger false security alerts to sow confusion. The most serious danger is that they can disable warning systems and hide a real product leakwith potentially disastrous consequences for the environment.
The impact of these intrusions goes far beyond the virtual world. It can result in the paralysis of local transport networks, colossal financial losses for operators and critical disruptions in the supply chain. In some scenarios, hackers practice blackmail and demand ransoms to restore the situation, while in others it is pure show of force or an act of destabilization.
Who are responsible and how to protect yourself?
For the moment, no official attribution has been made by the agencies as FBI or the NSAeven if suspicions have already weighed on Iranian hacker groups in the past for similar activities. The American government remains cautious and has not yet named anyone responsible for this recent wave of attacks, due to a lack of tangible evidence left by the attackers.
Regardless of the identity of the perpetrators, CISA and its partners have issued clear recommendations and urgent. The most imperative measure is to immediately disconnect these systems from the internet. If remote access is essential, it must be secured behind a firewall or VPN. It is also crucial to change all default passwords, apply security patches provided by manufacturers, and enable a multi-factor authentication robust for each interface.
