Real cases

Data since 2012

Real cases of hacked carsDate
Russian drivers’ data stolen and offered for sale on the dark webMay 2020Read More
Headline Russian drivers’ data stolen and offered for sale on the dark web
Year 2020
Month Mayo
Country Russia
Description 

Anonymous hackers managed to attack a database and put everything it contained up for sale on the deep Internet: in particular, the data of more than 129 million Russian car owners. According to the Russian media Vedomosti, whoever paid the stipulated price could access data such as the owner’s first and last name, address, date of birth and even passport number and contact information.

The price set by the offender to get the complete information of the entire database was 0.3 bitcoins – about 2,500 euros – while if you wanted to have exclusive use of it you had to pay 5 times more: 1.5 bitcoins – about 12,500 euros.

Ashot Hovhannisyan, founder and CTO of DeviceLock, explains in statements reported by Vedomosti that it is common for cybercriminals to offer databases for sale on the Internet. How do they gain access to them? By hacking into the servers that store them. The most commonly breached are those of the police and insurance companies.

Intentionality Cracker
Target Otros
Type of company 
Data / Life Datos
Access Remoto
Recognized by brand No
Source https://cointelegraph.com/news/hackers-sell-data-of-129-million-russian-car-owners-for-bitcoin
Lithuanian ex-cop accused of cracking and stealing vehiclesMay 2020Read More
Headline Lithuanian ex-cop accused of cracking and stealing vehicles
Year 2020
Month Mayo
Country Lithuania
Description 

A former Lithuanian detective has been arrested on charges of using his knowledge as a police officer to abuse his power and being involved in the theft of vehicles equipped with keyless entry systems. According to the investigation, the alleged culprit, named Valdas Raudis, did not act alone but with another person, using digital devices valued at around 18,000 euros. 18,000, an amount that they would certainly have been able to amortize, since the stolen vehicles had a value that could exceed a quarter of a million euros.

Intentionality Cracker
Target Vehículo
Type of company OEM
Data / Life Otros
Access Remoto
System Keyless
Recognized by brand No
Source https://www.bbc.com/news/uk-england-cambridgeshire-52630840
Sheffield license plate monitoring system breachedMay 2020Read More
Headline Sheffield license plate monitoring system breached
Year 2020
Month Mayo
Country United Kingdom
Description 

The automatic license plate recognition system -ANPR- controlled by Sheffield City Council was exposed on the Internet, allowing the data of 8.6 million road trip records to be displayed and exposed to anyone who connects to the network. The data stored is the license plate, location, time… of each car. A single camera was capable of ‘capturing’ 21,000 vehicles, and all this type of information was exposed.

Intentionality Cracker
Target Empresa
Company Townhall
Type of company Public transport
Data / Life Datos
Access Remoto
Recognized by brand No
Source https://www.teiss.co.uk/sheffield-anpr-system-exposure/
Data stolen from a Swiss railway transport companyMay 2020Read More
Headline Data stolen from a Swiss railway transport company
Year 2020
Month Mayo
Country Switzerland
Description 

Switzerland-based international rail vehicle construction company Stadler revealed that it was the victim of a cyber attack that could also have allowed attackers to steal company and employee data. The company said that the attackers managed to infiltrate its network, managing to infect devices with some malicious software. Apparently, the criminals demanded a significant financial ransom for all the stolen information, threatening to leak the stolen data.

Intentionality Cracker
Target Empresa
Company Stadler
Type of company Transporte público
Data / Life Datos
Access Remoto
Recognized by brand No
Source https://www.bleepingcomputer.com/news/security/rail-vehicle-manufacturer-stadler-hit-by-cyberattack-blackmailed/
Mercedes’ Instagram account hackedMay 2020Read More
Headline Mercedes’ Instagram account hacked
Year 2020
Month Mayo
Country Alemania
Description Un grupo no identificado logró hackerar el perfil en Instagram de la cuenta de Mercedes-Benz en Alemania. Fue un usuario y seguidor del perfil de la marca el que se dio cuenta de que se estaba produciendo una actividad inusual en el muro, donde aparecieron informaciones como la imagen de una esvásitica... o solicitar donaciones en BitCoins para hacer frente a la pandemia del COVID19. Incluso en la descripción, el nombre de la cuenta cambió a "Hackeada por catz". La marca tuvo que disculparse públicamente por los inconvenientes que pudieran haberse producido.
Intentionality Cracker
Target Empresa
Company Mercedes-Benz
Type of company OEM
Data / Life Datos
Access Remoto
Recognized by brand 
Source https://www.techtimes.com/articles/249421/20200506/breaking-mercedez-benz-instagram-got-hacked-account-posted-swastika-logo-and-bitcoin-donation.htm
Moldavian tourist arrested for stealing a car via keyless systemMay 2020Read More
Headline Moldavian tourist arrested for stealing a car via keyless system
Year 2020
Month Mayo
Country United Kingdom
Description 

A ‘tourist thief’ from Moldova took advantage of a trip to the UK to steal several cars, including some luxury cars. Vadim Muntean, with the help of an accomplice, stole the vehicles using the signal amplification system, which is used for models equipped with keyless entry and keyless start. They also used systems to interfere with the signal of the trackers fitted to the cars, so that they could not be located via GPS. Among the models stolen was a BMW valued at around 45,000 euros.

Intentionality Cracker
Target Vehículo
Type of company OEM
Data / Life Otros
Access Remoto
System Keyless
Recognized by brand No
Source https://www.dailymail.co.uk/news/article-8276905/Moldovan-burglary-tourist-jailed-ten-months-travelling-UK-steal-keyless-cars.html
Company selling smart parking meters hackedAbr 2020Read More
Headline Company selling smart parking meters hacked
Year 2020
Month Abril
Country United States
Description 

A company in charge of marketing ‘smart’ parking meters and all kinds of technology used by those who control them in cities around the world has been the victim of a ransomware attack, which also exposed some of its internal files on a website used by cybercriminals. The company is called CivicSmart -from Milwaukee, USA-; it sells parking meters equipped with systems that allow payment to be made from an app installed on the cell phone, but also markets the software and hardware used by the controllers -personnel that control the devices-. The attack was carried out using a ransomware known as Sodinokibi or REvil, and was noticed by the Israeli security company Under the Breach. They discovered that the crackers planned to publish up to 159 gigabytes of CivicStart data, such as employee records, contracts with cities, bank statements or the numbers of credit cards used by parking meter customers.

Intentionality Cracker
Target Empresa
Company Civicsmart
Type of company Others
Data / Life Datos
Access Remoto
System Servers
Recognized by brand No
Source https://statescoop.com/smart-parking-meter-vendor-data-stolen-ransomware-attack/
They gain access to a corporate domain with a SIM cardMar 2020Read More
Headline They gain access to a corporate domain with a SIM card
Year 2020
Month Marzo
Country United States
Description 

Pen Test Partners’ researchers got hold of a vehicle’s telematics unit – known by the acronym TCU – removed its SIM card, placed it in a USB modem connected to a laptop, managed to connect to its internal network and, in this way, managed to compromise the entire domain from the outside.

Intentionality Hacker
Target Empresa
Type of company OEM
Data / Life Datos
Access Remoto
System Servers
Reach 1
Recognized by brand No
Source https://www.pentestpartners.com/security-blog/from-a-tcu-to-corporate-domain-admin/
Vulnerabilities discovered affecting car rental company Project Worlds OfficialMar 2020Read More
Headline Vulnerabilities discovered affecting car rental company Project Worlds Official
Year 2020
Month Marzo
Country United States
Description 

System 1 of Project Worlds Official Car Rental – a rental car company – is vulnerable to multiple SQL injection issues, as evidenced by the email and parameters (account.php), uname and pass parameters (login.php), and the id parameter (book_car.php) This allows a malicious user to dump the MySQL database and bypass the login authentication request.

Intentionality Cracker
Target Empresa
Type of company Rent
Data / Life Datos
Access Remoto
System Servers
Recognized by brand No
Source https://nvd.nist.gov/vuln/detail/CVE-2020-11544



Este sitio web utiliza cookies para que usted tenga la mejor experiencia de usuario. Si continúa navegando está dando su consentimiento para la aceptación de las mencionadas cookies y la aceptación de nuestra política de cookies, pinche el enlace para mayor información.plugin cookies

ACEPTAR
Aviso de cookies