By John Q. Hosedrinker 
The potential suspension of the federal gas tax, proposed as a measure to alleviate rising fuel costs, faces significant hurdles. While a freeze could save drivers approximately 18 cents per gallon, the substantial loss of revenue to the Highway Trust Fund, crucial for infrastructure maintenance and expansion, raises concerns. Experts estimate billions in lost revenue annually, potentially depleting the fund by 2028, and there’s no guarantee that savings would be passed on to consumers. This idea, though floated before, has never been implemented due to these considerable drawbacks.
Read the original article here
It’s a bit alarming to hear that hackers have managed to breach the automatic tank gauge (ATG) systems at gas stations across the United States, with officials pointing fingers at Iran.
What’s particularly concerning is how these breaches reportedly occurred. Apparently, the ATGs were online and, to put it mildly, not very well secured. We’re talking about systems left without passwords, which is a pretty significant oversight. This allowed them to manipulate what was displayed on the tank readings, though thankfully not the actual fuel levels themselves. It really makes you wonder how much other critical infrastructure is out there, just sitting on the internet without even basic protection. It feels less like sophisticated hacking and more like walking through an unlocked door.
The reliance on older technology is a recurring theme here. It seems many businesses and even tech companies are still using hardware and software from decades ago because, well, it “works.” This mentality, coupled with the thought of entire databases being propped up by something as basic as Excel spreadsheets, is a recipe for disaster. It’s the kind of situation that could easily keep you up at night.
Some folks have noticed stations running low on gas, or even completely out of certain types. While some might have assumed it was panic buying due to rising prices, this news suggests another possibility: the stations themselves might not have known their tanks were getting low because their gauge systems were compromised. It’s a chilling thought that such fundamental infrastructure could be so easily misled.
The idea of calling this “hacking” when there were no passwords involved seems generous to some. It raises the question of whether the perpetrators might actually be Americans who are fed up with the escalating gas prices and all the issues surrounding them. It’s interesting how geopolitical narratives shift, and how certain countries are suddenly framed as major adversaries capable of complex cyber operations.
The traditional method of gauging fuel levels, involving physically sticking tanks and manually reading pumps, was a daily task. The automation of these processes, while seemingly convenient, has introduced new vulnerabilities. Some are even joking about whether these systems could be used to get rid of online ads, highlighting the widespread frustration with digital annoyances.
It’s hard to shake the feeling that this isn’t true hacking, but rather the digital equivalent of leaving your passwords taped to your monitor. The notion that Iran would engage in such a seemingly “trivial” act is questioned by some, who expect more impactful actions if they were to launch an attack. Perhaps the real vulnerability lies in the underlying infrastructure itself, which is increasingly becoming a reason to consider alternatives like electric vehicles.
The ease with which these systems were accessed, described as “copy and pasting port numbers from Shodan,” suggests a low barrier to entry for malicious actors. The commentary also touches on a rather cynical view of cybersecurity, suggesting that some professionals might not be as competent as they should be, leading to a general sense of unease about the state of digital security.
There’s a sense of irony in the discussions about who is to blame. Some sarcastically point to past administrations, implying that the current vulnerabilities are a result of deliberate weakening of cybersecurity measures, while others express doubt about Iran’s capabilities, citing previous statements from political figures.
The reality is that some of these automatic tank gauge systems have been around for a very long time, with simple, outdated connections like Cisco dial-up modems that lacked any significant security. Many retailers, it seems, only invest in upgrades when something breaks, often relying on the assumption that “someone else” will handle maintenance.
These systems primarily store information like tank status, testing records, and inventory levels, and are generally not connected to more sensitive networks like card processors or personal data. However, the fact that they’ve remained unpatched and insecure for so long is a significant concern.
From a cybersecurity professional’s perspective, the entire internet often feels like it’s held together with a combination of duct tape and clever programming tricks, with a heavy reliance on the integrity of individuals maintaining open-source software. The thought of how much fuel we actually have in our tanks is a valid question in this context.
The problem with software, especially modern applications, is that the underlying operating systems and libraries can contain exploits. Once discovered, these infrastructures are rarely updated because the process can be incredibly complex and, at times, impossible. There’s a growing call for legislation to enforce and streamline software updates, with potential penalties for non-compliance.
The cybersecurity field itself is not immune to criticism, with some insiders describing a general lack of competence among many professionals. This lack of diligence, coupled with the widespread use of similar underlying software like SCADA in critical infrastructure – which historically wasn’t built with cybersecurity in mind – creates a deeply concerning landscape.
The potential consequences of altering fuel levels, even if indirectly, are significant. If systems can be manipulated to show tanks as empty, it could lead to overfilling during deliveries, causing waste and creating public hazards. This echoes similar incidents observed in other geopolitical situations.
The interconnectedness of systems, from gas stations to power grids and even medical devices, presents a complex web of vulnerabilities. It’s becoming increasingly difficult to distinguish between threats originating from abroad and those from within.
The term “hacking” itself is being re-evaluated by some, as many breaches seem to stem from basic oversights like default passwords or unsecured devices readily accessible via tools like Shodan. The laziness and lack of proactive security measures are highlighted as major contributing factors.
The immediate impact of manipulating fuel level displays could be the disruption of delivery schedules. If the system inaccurately reports low levels, it could lead to a rush to refill, exacerbating shortages and potentially causing widespread fuel run-outs when deliveries are inevitably delayed.
There’s a sentiment that many critical systems are online and unprotected, and this issue isn’t confined to the US. Countries that rely heavily on American software may be equally exposed. The push by some nations to reduce their dependence on US services could, ironically, lead to a safer global online environment.
The ease with which systems can be compromised by simply trying common passwords or exploiting readily available information is a recurring theme. This highlights a fundamental flaw in how security is often implemented, or rather, not implemented at all. The lack of robust security measures is not just a technical issue but often a human one, rooted in negligence and a failure to prioritize digital defense.