Sons of IoT: Bikers hack Jeeps in auto theft spree
Gang used lifted codes, stolen logins to bypass onboard security
A Tijuana-based biker gang is accused of hacking hundreds of trucks over two and a half years as part of a multi-million-dollar auto theft ring.
The San Diego offices of the US Department of Justice and the FBI said that nine members of the Hooligans Motorcycle Club used stolen dealer credentials and handheld diagnostic machines to cut and program duplicate keys for a targeted set of Jeep Wrangler trucks, which they later stole and stripped down for parts.
According to the DoJ's indictment, the group worked in small teams to identify specific models of Jeep Wranglers throughout the San Diego area. Once a target vehicle was identified, a member obtained the truck's vehicle identification number (VIN), which is usually printed on the dashboard.
The VIN was then passed to another member, who used database login credentials taken from a Jeep dealer in Cabo San Lucas, Mexico. The database, used by dealerships to perform repairs on the cars, contained the information needed to cut and program duplicate keys.
The DoJ believes that, armed with the duplicate key, a thief popped the hood of the car to disable most of the alarm system and open the door. Then they used a handheld diagnostic tool and a code from the database to pair the duplicate key with the truck and turn off any remaining security features.
A transporter then allegedly drove the stolen trucks, now paired with a valid key, across the US border to Mexico, where they were stripped down for parts to be resold.
This scheme is believed to have netted members of the Hooligans gang around $4.5m in profits from more than 150 vehicles.
The thefts ran for over two and a half years; from January, 2014 through September, 2016 when the group was indicted. The DoJ unsealed and announced the charges this week.
The DoJ has indicted nine members for the scheme, six of whom remain at large as fugitives believed to be hiding out in Mexico. Each of them faces charges of Conspiracy to Commit Transportation of Stolen Vehicles in Foreign Commerce, a crime carrying a maximum of five years in prison per charge. ®
Sponsored: Becoming a Pragmatic Security Leader