Security specialists have traced a hacking attack which
left electronic road signs in Crawley town centre displaying
offensive messages for over two hours to a hacking group in the
US.
The hackers gained access to 11 variable display parking signs
in Crawley, West Sussex, after gaining access to the system through
a remote maintenance website.
The incident has raised concerns among road safety specialists
who warn that similar attacks could have the potential to distract
or mislead drivers and put lives at risk.
"It is worrying because the potential for causing an accident is
quite high," said Phil Blythe, professor of transport at Newcastle
University.
"If the messages look like official messages, such as telling
driver to divert or other misleading information, you could
potentially cause all sorts of chaos."
According to the council, hackers broke into the system at
6:45am on 31 October, reprogramming 11 signs to display obscene
messages and the word Totse, a reference to a US anarchist website,
sparking complaints from motorists.
The signs, which direct motorists to car parks with free parking
spaces, are linked by telephone lines to sensors in 11 car parks
and to a computer terminal in the council's offices.
Liz Robbins, senior engineer at West Sussex District Council,
said that hackers had gained access through an internet site used
by engineers for remote diagnostics. The site had recently replaced
a direct-dial telephone maintenance link.
Only a handful of engineers at the council and at its supplier,
Dambach, had access to the site, which was protected by a
password.
"We changed the remote access to the system. That is how they
got into the computer. It was not a fault in the system itself. It
was just the set up for the remote access," Robbins said.
The passwords have now been changed, and extra passwords added
to protect the system. Engineers also plan to add a virtual private
network to encrypt traffic to the road signs.
A security consultant called in by the council has traced the
attack to an internet address in the US, and an American ISP has
been asked to take action, Robbins said.
The system is managed and maintained by Dambach, a specialist
sign company, which supplies councils across the UK and the
Highways Agency with variable message signs.
The firm declined to comment on the cause of the incident or the
measures it had taken to protect its systems. But the company did
say it was confident that hackers could not strike gain or gain
access to other Dambach systems.
"We are confident it will not happen again because it was just a
local problem during a particular sequence of events when we were
setting the system up," said Carl Dyer, technical manager at
Dambach.
The firm said it would be writing to its customers to explain
what had happened, but did not think it was appropriate to discuss
the issue in public.
US website Totse contains articles on how to make bombs, plastic
explosives, and drugs. One article gives details on how to change
traffic lights.