CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker the 'competency' of the tRumpsReich regime in full view
-
@threatresearch @zackwhittaker
THE EXACT MANUFACTURERS AND MODELS. WE'VE KNOWN THEY'D TARGET THESE FOR AT LEAST FIVE YEARS.
FIVE YEARS.
@neurovagrant @threatresearch @zackwhittaker The newsman wept as he told us.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
Most industrial equipment that has an Ethernet port is completely unsafe to put naked on the Internet.
But when there's an Ethernet port, somebody's gonna hang a static IP on it and put it on the Net. Because of course they are.
Most of those systems will be the default passwords, or won't stop you just brute forcing, or will even do things like telling you the password if you ask it. (It's expecting the development environment to do the password checking.)
Newer stuff is better, but there's an awful lot of stuff out there with horrid firmware and an Ethernet port.
(Fixing this sort of mess is a big part of my job.)
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker I have zero doubt there are still stations with a Win 95 box reading a bunch of PLCs and dialing a modem to report nightly status.
And they are more secure than this bs.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker oof.
And I'm sure they already know about all of the internet facing devices that monitor and control crude oil levels in tanks and can be disrupted to stop the flow of oil going into pipelines. Protected only by default user/pass. I saw that far to many times when I was the industry.
I'm sure that won't become an issue at all at some point /s
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
Which makes me wonder if they could then initiate false readings too.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker I mean weev went to prison for accessing things unprotected on the web. “Breach” is a dumb word here though.
-
@zackwhittaker I mean, is it even really "hacking" at that point
@XauriEL @zackwhittaker script kiddies are back
-
@threatresearch @zackwhittaker
THE EXACT MANUFACTURERS AND MODELS. WE'VE KNOWN THEY'D TARGET THESE FOR AT LEAST FIVE YEARS.
FIVE YEARS.
@neurovagrant @threatresearch @zackwhittaker
As part of spinning up on ICS/OT, I've been ingesting all the "cyber" writeups and videos from the vendors that I can.
Two weeks ago I watched a CTO doing a ted-ish talk on why *grid devices* don't need and can't do basic security.
The devices in question control substation contactors up th 500kV. They ship with default creds, and open telnet.I'm trying to figure out how big the upcoming rant is gonna be.
-
@neurovagrant @threatresearch @zackwhittaker
As part of spinning up on ICS/OT, I've been ingesting all the "cyber" writeups and videos from the vendors that I can.
Two weeks ago I watched a CTO doing a ted-ish talk on why *grid devices* don't need and can't do basic security.
The devices in question control substation contactors up th 500kV. They ship with default creds, and open telnet.I'm trying to figure out how big the upcoming rant is gonna be.
@johntimaeus Ooh that sounds like a fascinating watch, is it public / can you share a link?
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker - Everyone is worried about the next stuxnet, but OT / ICS devices often have default creds or... as you point out... no creds...
And yes! The system is airgapped from the IT network! We only access it from the internet!!!!
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker Isn't blaming "Iranian hackers" for this kind of DARVOing it? You didn't put a lock on something you attached to the network. Do you also leave your gas tanks unlocked for any random passersby to open?
-
@tinker @csstrowbridge @zackwhittaker Entered unsecured premises.
-
@johntimaeus Ooh that sounds like a fascinating watch, is it public / can you share a link?
Haven't written the rant quite yet. And I'll probably have to pull it back some because I suspect that corporate lawyers are going to advise me against the phrase "willful reckless negligence for the safety of the nation's critical infrastructure", while I mention specific companies.
Will share if allowed.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker @drwho and they figure it has to be Iranian hackers, not 11 year olds from Detroit, for Reasons
️ -
@zackwhittaker @drwho and they figure it has to be Iranian hackers, not 11 year olds from Detroit, for Reasons
️@leadegroot @zackwhittaker Heh... Last year it would have been Chinese hackers.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker So, they're not so much hackers as they are casual browsers with a penchant for finding open doors.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker Probably royally Shodaned!
-
If it is unprotected, then it is not hacking.
@csstrowbridge @zackwhittaker I’d say the wardialing part part counts, but have to admit they prolly just needed to ask Shodan
-
J jwcph@helvede.net shared this topic
