CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
-
@threatresearch @zackwhittaker
THE EXACT MANUFACTURERS AND MODELS. WE'VE KNOWN THEY'D TARGET THESE FOR AT LEAST FIVE YEARS.
FIVE YEARS.
@neurovagrant @threatresearch @zackwhittaker
As part of spinning up on ICS/OT, I've been ingesting all the "cyber" writeups and videos from the vendors that I can.
Two weeks ago I watched a CTO doing a ted-ish talk on why *grid devices* don't need and can't do basic security.
The devices in question control substation contactors up th 500kV. They ship with default creds, and open telnet.I'm trying to figure out how big the upcoming rant is gonna be.
-
@neurovagrant @threatresearch @zackwhittaker
As part of spinning up on ICS/OT, I've been ingesting all the "cyber" writeups and videos from the vendors that I can.
Two weeks ago I watched a CTO doing a ted-ish talk on why *grid devices* don't need and can't do basic security.
The devices in question control substation contactors up th 500kV. They ship with default creds, and open telnet.I'm trying to figure out how big the upcoming rant is gonna be.
@johntimaeus Ooh that sounds like a fascinating watch, is it public / can you share a link?
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker - Everyone is worried about the next stuxnet, but OT / ICS devices often have default creds or... as you point out... no creds...
And yes! The system is airgapped from the IT network! We only access it from the internet!!!!
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker Isn't blaming "Iranian hackers" for this kind of DARVOing it? You didn't put a lock on something you attached to the network. Do you also leave your gas tanks unlocked for any random passersby to open?
-
@tinker @csstrowbridge @zackwhittaker Entered unsecured premises.
-
@johntimaeus Ooh that sounds like a fascinating watch, is it public / can you share a link?
Haven't written the rant quite yet. And I'll probably have to pull it back some because I suspect that corporate lawyers are going to advise me against the phrase "willful reckless negligence for the safety of the nation's critical infrastructure", while I mention specific companies.
Will share if allowed.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker @drwho and they figure it has to be Iranian hackers, not 11 year olds from Detroit, for Reasons
️ -
@zackwhittaker @drwho and they figure it has to be Iranian hackers, not 11 year olds from Detroit, for Reasons
️@leadegroot @zackwhittaker Heh... Last year it would have been Chinese hackers.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker So, they're not so much hackers as they are casual browsers with a penchant for finding open doors.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker Probably royally Shodaned!
-
If it is unprotected, then it is not hacking.
@csstrowbridge @zackwhittaker I’d say the wardialing part part counts, but have to admit they prolly just needed to ask Shodan
-
J jwcph@helvede.net shared this topic
