Cyber Incident Victim: Electronic Gas Stations
Date:
Jan 2018
Location:
Russia
Summary
A malware campaign targeted electronic gas stations, manipulating fuel pumps to overcharge customers by 3-7% per gallon while diverting portions of purchased fuel to hidden tanks. Russian authorities arrested hacker Denis Zayev, who developed and deployed the malicious software with operator collusion, enabling fraudulent transactions across Southern Russia. The scheme involved compromised pump systems and cash registers issuing falsified receipts, concealing theft as operators resold diverted fuel.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
In early 2018, Russian authorities uncovered a widespread malware campaign targeting electronic gas station pumps across Southern Russia, resulting in systematic overcharging of customers. The scheme, orchestrated by hacker Denis Zayev, involved custom-developed malware installed on both fuel pumps and cash register systems. Zayev collaborated with complicit gas station operators who approved installation of the malicious software, which artificially inflated fuel costs by 3% to 7% per gallon pumped. The malware manipulated pump operations while displaying normal transaction details on interfaces and receipts, concealing the theft from customers. During each fraud cycle, operators maintained an empty reserve tank that received the diverted fuel portions. When customers refueled, the malware automatically redirected a percentage of their purchased gasoline into this hidden reservoir without altering displayed quantities or receipt amounts. This technical deception allowed operators to later resell the accumulated stolen fuel for additional profit, with Zayev receiving a share of illicit earnings. The scam impacted dozens of gas stations primarily located in the Stavropol Territory, Adygea, Krasnodar Territory, Kalmykia, and several North Caucasus republics.
The Russian Federal Security Service (FSB) arrested Zayev in Stavropol on January 20, 2018, charging him with creating and distributing the fraudulent software infrastructure. Investigators determined the malware's deployment required operator collusion, as station personnel actively participated in maintaining the empty reserve tanks and coordinating fuel resales. Local media described the operation as a "giant scam" covering extensive territories, with compromised systems discovered at multiple stations during forensic examinations. The scheme caused direct financial harm to consumers through systematic overpayment while enabling dual profit streams for perpetrators through both immediate overcharges and secondary fuel sales. No technical details about malware detection methods were disclosed, though law enforcement intervention terminated ongoing fraudulent operations at affected stations following Zayev's arrest. The case highlighted vulnerabilities in fuel pump payment systems and demonstrated how insider cooperation could facilitate large-scale technical fraud against consumers.