CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker I mean, is it even really "hacking" at that point
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker I stopped reading that article after 3 paragraphs. It just turned into an opinion piece after that. I want a detailed technical description as to what is going on, mostly due to the "US officials suspect Iranian hackers" claim. It sounds like they have no proof. These systems being wide open to anyone is something I've seen working in large corporate American businesses. I'd always remark how open these systems were, and no one cared.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker "breached"? How is it "breaching" a door that was already wide open?
-
"The hacking campaign is also a warning to many US critical infrastructure operators who have struggled to secure their systems despite years of federal exhortations."
Feds: Put a password on it, pwetty pwease
Industry: no
@threatresearch @zackwhittaker Wow what a great way to sanewash negligence.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker did you even read the TOS before you posted this? Do you really want me to agree with that? Do you know how to use the word Nope in a sentence?
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
Customer to clerk: Pump x is not pumping.
Clerk goes in back. Returns.
Clerk: We are out of regular, but there is premium left.
Saw this on 2024 chistmas eve.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker the 'competency' of the tRumpsReich regime in full view
-
@threatresearch @zackwhittaker
THE EXACT MANUFACTURERS AND MODELS. WE'VE KNOWN THEY'D TARGET THESE FOR AT LEAST FIVE YEARS.
FIVE YEARS.
@neurovagrant @threatresearch @zackwhittaker The newsman wept as he told us.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
Most industrial equipment that has an Ethernet port is completely unsafe to put naked on the Internet.
But when there's an Ethernet port, somebody's gonna hang a static IP on it and put it on the Net. Because of course they are.
Most of those systems will be the default passwords, or won't stop you just brute forcing, or will even do things like telling you the password if you ask it. (It's expecting the development environment to do the password checking.)
Newer stuff is better, but there's an awful lot of stuff out there with horrid firmware and an Ethernet port.
(Fixing this sort of mess is a big part of my job.)
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker I have zero doubt there are still stations with a Win 95 box reading a bunch of PLCs and dialing a modem to report nightly status.
And they are more secure than this bs.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker oof.
And I'm sure they already know about all of the internet facing devices that monitor and control crude oil levels in tanks and can be disrupted to stop the flow of oil going into pipelines. Protected only by default user/pass. I saw that far to many times when I was the industry.
I'm sure that won't become an issue at all at some point /s
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
Which makes me wonder if they could then initiate false readings too.
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker I mean weev went to prison for accessing things unprotected on the web. “Breach” is a dumb word here though.
-
@zackwhittaker I mean, is it even really "hacking" at that point
@XauriEL @zackwhittaker script kiddies are back
-
@threatresearch @zackwhittaker
THE EXACT MANUFACTURERS AND MODELS. WE'VE KNOWN THEY'D TARGET THESE FOR AT LEAST FIVE YEARS.
FIVE YEARS.
@neurovagrant @threatresearch @zackwhittaker
As part of spinning up on ICS/OT, I've been ingesting all the "cyber" writeups and videos from the vendors that I can.
Two weeks ago I watched a CTO doing a ted-ish talk on why *grid devices* don't need and can't do basic security.
The devices in question control substation contactors up th 500kV. They ship with default creds, and open telnet.I'm trying to figure out how big the upcoming rant is gonna be.
-
@neurovagrant @threatresearch @zackwhittaker
As part of spinning up on ICS/OT, I've been ingesting all the "cyber" writeups and videos from the vendors that I can.
Two weeks ago I watched a CTO doing a ted-ish talk on why *grid devices* don't need and can't do basic security.
The devices in question control substation contactors up th 500kV. They ship with default creds, and open telnet.I'm trying to figure out how big the upcoming rant is gonna be.
@johntimaeus Ooh that sounds like a fascinating watch, is it public / can you share a link?
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker - Everyone is worried about the next stuxnet, but OT / ICS devices often have default creds or... as you point out... no creds...
And yes! The system is airgapped from the IT network! We only access it from the internet!!!!
-
CNN's Sean Lyngaas back once again with a belter story: Iranian hackers are behind a series of breaches of systems that monitor the amount of fuel in storage tanks serving gas stations in multiple U.S. states.
Per Lyngaas: the hackers "exploited automatic tank gauge systems that were sitting online and unprotected by passwords."
A little louder for the folks in the back:
...."UNPROTECTED BY PASSWORDS."
https://www.cnn.com/2026/05/15/politics/iran-hackers-tank-readers-gas-stations
@zackwhittaker Isn't blaming "Iranian hackers" for this kind of DARVOing it? You didn't put a lock on something you attached to the network. Do you also leave your gas tanks unlocked for any random passersby to open?
-
@tinker @csstrowbridge @zackwhittaker Entered unsecured premises.
-
@johntimaeus Ooh that sounds like a fascinating watch, is it public / can you share a link?
Haven't written the rant quite yet. And I'll probably have to pull it back some because I suspect that corporate lawyers are going to advise me against the phrase "willful reckless negligence for the safety of the nation's critical infrastructure", while I mention specific companies.
Will share if allowed.
