Ex-Employee Wreaks Havoc on 100 Cars -- Wirelessly
More than 100 car owners in and around Austin, Texas recently discovered that their cars wouldn't start. Or that their horns wouldn't stop honking -- all night long. Or that their vehicle leases were suddenly (and luckily, temporarily) transferred to deceased rapper Tupac Shakur.
All of these annoyances were thanks to a former collection agent for Austin-based car dealership Texas Auto Center, who is accused of taking revenge on his former employer by remotely disabling more than 100 customer cars. Twenty-year old Oscar Ramos-Lopez reportedly gained unauthorized access into the dealership's remote vehicle immobilization system, which allowed him to stop customer vehicles from starting or cause their horns to honk continuously. Ramos-Lopez is also said to have deleted customer accounts and swapped celebrity names for the names of actual customers, according to a report by Austin NBC affiliate KXAN.
The vehicle disabling technology, powered by Cleveland-based Pay Technologies (PayTeck), is only supposed to be used when someone fails to meet their auto loan or lease obligations. Austin police arrested Lopez on Wednesday charging him with breach of computer security.
Cracking the code
Ramos-Lopez reportedly accessed the remote system by using the ID and password of another employee. It's not clear how long Ramos-Lopez was causing mischief for Auto Center customers, but Wired is reporting that Ramos-Lopez cracked into the dealership's center as early as late February. Ramos-Lopez began by targeting specific customers, but soon discovered he could access files for every car that had the remote access system installed. From there, Ramos-Lopez went down the list, wreaking havoc on Texas Auto Center's customers by destroying records, disabling vehicles, and setting off car horns. Many customers complained Ramos-Lopez's actions forced them to miss work, have their cars towed for repairs, or disable car batteries to stop the honking.
Ramos-Lopez was able to get away with his actions for a little while, but ultimately wasn't able to evade detection. Austin Police were able to discover his identity by matching Ramos-Lopez's Internet Protocol address to PayTeck's login records. Texas Auto Center says it has learned from its mistakes, and has reduced the number of employees who have access to its remote disabling system. The dealership also plans to reset system passwords every time an employee quits or is fired from the car dealership, according to KXAN.
Ramos-Lopez is just the latest person accused of workplace mischief. In May 2009, the FBI arrested an ex-employee of a Texas power company after the man sabotaged his former employer's energy forecast system. Earlier that same year, a security guard at a Dallas-area hospital was charged with felony computer intrusion after installing malicious botnet software in the hospital's security system.
Ultimately though, all three of these would-be master cyber criminals were tracked down by Texas-based law enforcement officers. So let that be a lesson to all you budding saboteurs out there, you might get away with this kind of stuff in some states, but you don't mess with Texas.