Cyber Incident Victim: BP
Date:
Jun 2018
Location:
United States of America
Summary
A British Petroleum employee was arrested for manipulating gas pump computers to steal over $300,000 in fuel, reflecting a broader trend of gas station cyberattacks targeting fuel theft. Hackers have exploited vulnerabilities in internet-connected pump systems, enabling remote control to dispense gasoline without payment, as seen in incidents where thieves stole hundreds of gallons using specialized devices. Security researchers previously identified widespread flaws in fuel monitoring infrastructure, warning that thousands of stations remained susceptible to such attacks despite some software upgrades. These breaches highlight evolving tactics beyond traditional credit card skimming, occurring alongside rising fuel prices.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In June 2018, a BP employee in New Jersey was arrested for allegedly manipulating gas pump computers to steal over $300,000 worth of fuel. The incident involved unauthorized access to the station's pump control systems, though specific technical methods were not disclosed in available reports. Authorities indicated the employee exploited internal access to alter pump operations, enabling fuel theft. The financial impact exceeded $300,000 before detection, though the exact duration of the scheme remains unspecified. Law enforcement intervention led to the arrest, terminating the theft operation. No customer data breaches or collateral system disruptions were reported in connection with this insider attack. The case highlighted vulnerabilities in fuel station operational controls rather than external cybersecurity threats.
This incident occurred amid broader concerns about gas station vulnerabilities. Security researchers had warned since at least 2015 about internet-connected pump systems being exploitable, with Anonymous hackers reportedly demonstrating such vulnerabilities that year. In March 2018, Kaspersky Lab identified security gaps potentially affecting over 1,000 stations, though BP's infrastructure was not specifically cited. Concurrently, separate fuel theft incidents occurred in Detroit and Texas involving external attackers using remote devices to override pump controls, though these were unrelated to the BP case. The New Jersey arrest represented a distinct insider threat compared to these external hacking attempts. Rising gas prices during this period increased attention on fuel theft incidents across multiple jurisdictions.