Colorado Department of Transportation has confirmed reports that more than 2,000 employee computers have been taken offline after hackers gained access to CDOT’s system and encrypted their files, demanding ransom to be paid in Bitcoin to get them unlocked again.
On Wednesday morning, CDOT employees went back to working with pen and paper – at least for now. All computers have been shut down while security officials from the state’s Office of Information Technology and the FBI investigate the attack.
According to Brandi Simmons, a spokesperson for the OIT, the code used is a variant of the ransomware known as SamSam which was used on multiple targets recently, including the Hancock Regional Hospital which reportedly paid $45,000 to have its files unlocked.
Simmons also said that Colorado has “no intention of paying ransomware.” CDOT says it had all of their data backed up and that none of their data was obtained by the hackers.
Connected systems like traffic cameras, traffic alerts, and message boards are unaffected by the attack.
Until the issue is resolved, a spokesperson indicated CDOT will be returning to doing their work the old-fashioned way, saying; “CDOT operated for a long time without computers so we’ll use pen and paper.”
Source: ttnews, denverpost, 2spyware, statescoop
Dan the man says
So I guess when they hack in to autonomous trucks and hold them for ransom they’ll just have to shut them down until the FBI can figure it out.
Larry Crockett says
THAT is what is scary to meet about autonomous trucks. Not that they are driverless. Once they are hacked, they are no longer driverless, and the hacker can do whatever he wants.
Katy says
Absolutelly true
CHristopher Spencer says
And how far down the road and through school zones will the vehicle travel before it’s known to be hacked? Should we count in minutes or lives??
Jerry says
Wow, hacking the CDOT!! I guess it’s just about the money, but just wonder if it’s both money and hating on CDOT.
Darko says
ROFL.
Probably one of COD’s was looking at “no no” websites and caught malware. And they think they are hacked. They got nothing to do at scales since we have these ELD’s, so they have to kill time somehow hahahahhaa
Wendall Barnes says
Sounds like you speak from experience… Lol
Karl says
WOW!!!! yet our info is supposed to be safe an secure. Now they just need to be told that they can use pen and paper for 7 days then the electronics have to be up and running. We all know pen and paper are not safe.
Maybe I can offer them my old tandy pc its a pre 99 processor LMAO
mousekiller says
When you think about it having the govt computers hacked is not such a bad idea. It might wake them up to hire a really good programmer to prevent it in the future.
The FBI has been known to hire the very hackers that they caught to write programs against it things like this and pay them pretty darn good money. My concern is – all the drivers that the FMCSA claims got their license fraudulently , are we really sure that was the reason? There is no defense against a really good hacker at this time and these autonomous trucks have no or very little protection against it. It could just as easy use hacking the autonomous trucks instead of using a gun to attack the undefended.just saying. It’s time some states got a back bone. Or any truck with an electronic engine. Not hard to do according to some smart computer people,
MrYowler says
Hackers are often just smart people who didn’t get jobs working in information technology. They still lovE to do things with computers, so without specific goals or boundaries, they do whatever seems appealing or challenging. If they think differently from system engineers, they often find ways to work systems, that they engineers neglected to consider. Often, they manipulate failure conditions – and clearly, if you have to shut down your computers, that’s a failure condition.
Better programmers might help, but they don’t make you hacker-proof… it just breeds better hackers. The investigation will eventually turn up that the attack came from outside of the country, probably China or Russia, or one of their affiliate nations, and they will be outside of the FBI’s jurisdictional reach, and impossible to individually identify, in any event. They will restore their software from original media, patch the specific bug that enabled this intrusion, recover their data from backups, and go on. It will cost far more than the ransom, and far more than patching the bug as part of a preventative information security policy, would have, whether or not such a policy would protect them from future attacks. They will hire consultants to implement such a policy, in a draconian way, as a knee-jerk reaction. It will make their employees miserable, so they will find ways to work around and evade security policy, and some time after the consultants leave, information security will get defunded, and this will all happen again.
I’m a certified information security professional, turned trucker, because information security is something people demand, but aren’t willing to pay or suffer inconvenience, for. Since I can’t do information security as a form of employment, what do you suppose to I do with those skills?
On a separate note, ELDs are often unbelievably vulnerable.
Just sayin’… 🙂
Brian says
Autonomous vehicles will get hacked by terrorist organization’s and used as weapons of mass destruction in the future.!
Bobby Wilson says
Well I have operated for a long time using a pen and paper on my logs , so why do I need a computer to it for me now. My pen and paper log book was never hacked.
Friendly Neighborhood Hacker says
No computer is safe, no matter what. If something has a signal, it can be hacked. Home network, business, personal wifi, and wifi hotspots, are just a few of the popular ones. Get this: If it produces any sort of radio signal, or frequency, it can be hacked. Even your brand new, trusty e-logs. And yes, autonomous vehicles too, they can be hacked, Qualcomm, Peoplenet, Omnitracs, even your television sitting in your bunk. In some cases, the very computer programs a lot of people use every day are considered malware. There are anti-virus programs that are actually hacker friendly, and Microsoft Windows is a giant virus in itself. What a lot of people don’t know is that the methods we use to hack haven’t really changed much over the years. There are ways around any system. Just know this, The only way to be truly safe, is to not use tech at all, and even if you don’t, you’re still not safe, because, somewhere, some computer has your information on it.
TheBigFoot says
These are the facts. All technology is hackable. The sad part is THEY KNOW THIS. But they take the risk anyway. As a teen I always felt transferring everything to computers was not a good idea. Thinking sinister, like one day, a smart hacker or programmer will take over all computer systems and destroy the world as we know it. (Almost like an evil Mad Max out of control or a comic book villian.) The more this society remains, and becomes, more and more dependent on computer systems, the more those old thoughts I had back then are actually possible.
Look at what happen in the 2016 election with Russia, the FBI, Sony and Equifax breach of files in the last few years. Its only a matter of time before we hear, publically, that machines, vehicles and even weapons, are or have been infiltrated by hackers. Its a slippery slope. We’re becoming more lazy, just like I heard one butt head driver say, ” ELD’s are better because all I have to do is push a button, verses doing paper work”. But look what all comes with just pushing a button. Your freedom, your privacy, your safety, watch dog setting causing unnecessary stress, anxiety, sleep apnea, irregular eating habits, all, that leads to mental disorders and heart failure. And I havent even got to your job security and the reason why you do it in the first place, which is for your money to take care of you and your family.
Computers controlling human behaviors is the dumbest idea yet. These people are very stupid and ignorant to real life events. None of them should be able to hold these positions unless Theyve had hands on experience in it. WE CANT DRIVE FOR ANY ONE UNLESS WE HAVE SOME KIND OF EXPERIENCE. HOW ARE THEY ANY DIFFERENT IN THEIR POSITIONS???