Sexy headline. Cool sounding story. The bait is set. Now just to reel me in…

From Wired:

More than 100 drivers in Austin, Texas found their cars disabled or the horns honking out of control, after an intruder ran amok in a web-based vehicle-immobilization system normally used to get the attention of consumers delinquent in their auto payments.

Police with Austin’s High Tech Crime Unit on Wednesday arrested 20-year-old Omar Ramos-Lopez, a former Texas Auto Center employee who was laid off last month, and allegedly sought revenge by bricking the cars sold from the dealership’s four Austin-area lots.

OK, that sounds interesting. I wonder how Ramos-Lopez managed to pull this one off. Could have been a zero day? Some sort of system compromise? System breach using malware?

The troubles stopped five days later, when Texas Auto Center reset the Webtech Plus passwords for all its employee accounts,

Wait, what?

Ramos-Lopez’s account had been closed when he was terminated from Texas Auto Center in a workforce reduction last month, but he allegedly got in through another employee’s account,

He had a password? Since when does that qualify as a “hacker”?

“Omar was pretty good with computers,” says Garcia.

Apparently. Who knew that a little knowledge (ie. password) and a browser could be so powerful.

Sarcasm off. Clarity when dealing with terms is always something to behold. Was this a crime? Yes. Was he a hacker? Hell no.

Article Link

(Image used under CC from nolifebeforecoffee)

Comments

  1. he had someone else’s password. how much did kevin mitnick have? how much do phishers have?

    i’m not saying this guy had lots of technical know-how and deserves respect – but i think the criteria you’re using (“he had a password?”) is the wrong way of making this determination.

  2. @kurt

    And none of the above would I agree to applying that term. But, how is it the wrong way to make the determination? I have to flat out disagree with you this time I’m afraid. That being said, thanks for the comment.

  3. it’s the wrong way to make that determination because it ignores the question of *how* the person got the password.

    though in this case it was probably by shoulder surfing, so the person is still not particularly deserving of respect of any skills displayed.

    there are ways to get passwords that do demonstrate skill, however.

  4. @Kurt

    The wrong way? Hardly. It wasn’t ignored at all. Having worked in numerous companies over the years I’ve seen enough passwords on post-its and in desk drawers to paper a house. Of course there are numerous ways to get the password. In this case I would rely on Occam’s razor.

  5. The guy logged in, using a password he knew. He used the system to do exactly what the system was supposed to do: Disable vehicles.

    He’s no hacker.

  6. in the sense that people use “hacker” nowadays as a replacement for the word “cracker”, he is a hacker as he gained unauthorized access to (iow. he cracked) a system.

    in the original sense that hacker used to be used he certainly is not a hacker as his exploits required no special insight, skill, or talent.

    withhold the mantle of hacker from him if you will, but understand that that necessitates a return of the term cracker to the lexicon.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.