EAST GRAND FORKS, Minn. — The FedExs truck stops at the Triangle Coach Service shop almost daily, so the shop foreman didn’t give a second thought to an email notice of a missed delivery.
The single second it took to open the email resulted in a wasted afternoon and $500 worth of crypto-currency flushed into cyberspace.
The Triangle shop maintains 10 motorcoaches.
“My shop foreman didn’t think anything of the email because we get FedEx and UPS (United Parcel Service) here just about every day,” said Triangle’s owner, Dale Helms. “So he clicked on the site and it locked up the computer immediately. It was one of those ransom deals. They sent an email a little bit later and said they wanted $500 in bitcoins.
“I would have liked to have told them to stuff it, but the guy we got the bitcoins from said, ‘No, no. You don’t want to do that yet.’” Helms said.
David Cooper, highway industry engagement manager in the Transportation Security Administration of the U.S. Department of Homeland Security, said cybercrime is a daily occurrence.
“It is happening not just in transportation, obviously, but in all sectors and industries,” Cooper said. “We don’t have any good data because a lot of it goes unreported.”
The daily flow of transportation cybercrime is motivated not in the pursuit of terrorism but almost always of capitalism. About 288,000 cybercrimes were reported in the U.S. last year, the Federal Bureau of Investigation reported in its annual report from its Internet Crime Complaint Center. Those victims lost an estimated $1.3 billion.
Ransomware, the name for the type of attack aimed at Triangle Coach, was reported 2,673 times last year, resulting in $2.4 million in thefts. Because these crimes often are not reported, the totals likely were much larger.
“They send an email that looks legitimate and official, but it’s not,” Cooper said. “They might ask for certain types of information, like personal or employee or proprietary information, or ask individuals to click on a link, which in many cases people do. Once they click on that link their system gets infected and in some cases can be held for ransom until they are paid to get it released.”
A more common — and the most costly — technique is the business email compromise, a more sophisticated scam that targets organizations that regularly process payments by wire transfer or, less often, by check.
Last year the FBI logged 12,005 reports of business email compromise that cost victims $360.5 million.
Problems often arise in the trucking industry, Cooper said.
“We see a lot of trucking companies whose identities are stolen, then individuals use those identities to get advances for fuel to pick up loads,” he said. “By the time anybody realizes what is going on they are gone and have made $1,000 on a fuel advance.”
The goals of ransomware perpetrators reflect business pricing theory in action — charge small amounts but build profits through volume, meanwhile reducing the risks of detection.
“If they can hit multiple companies a day and get $500 here and $1,000 there, they can make a profit and a living,” Cooper said.
By stealing relatively small amounts, ransomware criminals can be nearly certain they won’t be pursued by law enforcement. After paying to release his shop computer from its hostage-takers, Helms said he intended to call in law enforcement. The man who helped him figure out bitcoin purchasing told him it would be a waste of time.
“He had bitcoins because he was hacked,” Helms said. “He said there is virtually nothing anyone will do about it because $500 is such a small amount. That’s why they do $500 amounts. It is virtually untrackable and the authorities will blow it off. He said he tried and even at his loss — $14,000 — he couldn’t get anything done.”
The bitcoin is a “cryptocurrency” that exists only in the ether of the Internet. According to the website bitcoin.org, “Bitcoin is a consensus network that enables a new payment system and a completely digital money. Bitcoin uses peer-to-peer technology to operate with no central authority or banks; managing transactions and the issuing of bitcoins is carried out collectively by the network.
“Bitcoin is open-source; its design is public, nobody owns or controls bitcoin andand everyone can take part. Through many of its unique properties, bitcoin allows exciting uses that could not be covered by any previous payment system.”
Among those exciting uses is crime.
“The problem with bitcoins and cryptocurrency is that it is almost impossible to trace,” Cooper said. “Once they are able to get monies that way, there is no way to track it down, especially for a small amount. That is why a lot of it is going unreported. There is no obligation to report it.”
Triangle Coach Service could have been hit much harder, Helms acknowledged.
“We were lucky it was on the shop foreman’s computer. It was all of our bus information, our repair logs and our DOT stuff. They didn’t get into the checkbook side of the computer,” he said.
He was able to end the attack in just three or four hours.
“I had never heard of bitcoins until this happened, so we had to find somebody to buy them from,” Helms said. “We had to set up a special account at the bank, buy the coins and put them in that account then email him the account number,.
“He said he would make sure the money was put into that account, then he hit a button and unlocked our computer. We had everything right back. The guy we bought the coins from said some people don’t get their stuff back.
“Our problem was we didn’t back our computers up often enough,” Helms said. “Now we do. And take the drive you are backing up on right out of the building and home with you.”
If your computer is locked, “Then you can clean your computer out or buy a new computer,” he said.
With better backup files, Helms may have been able to tell his cybercrook to “stuff it.”
“If they had been asking for $20,000, people would be more interested in doing something about it. If they had asked for that much I probably would have just wiped my computer out and started over again,” he said.
In addition to vigilance, Cooper recommended a sturdy defensive line.
“The one basic thing I can say to transportation companies is to talk to their IT (information technology) provider, whether it is a third party or in-house, and make sure they have the most up-to-date software they can possibly have to protect their systems. That stuff changes on almost a daily basis.”
Resources and tool kits for dealing with cybercrimes are available at the Department of Homeland Security website at firstname.lastname@example.org.