INFORMATION TECHNOLOGY FOR BUSINESS

ITC2013

Topic 5: In a big company of Petrol Station like PETRONAS, SHELL, PETRON, the
computer privacy and security is important in order to protect clients, staff and asset
of the company.

PREPARED BY: OKORONKWO UCHENNA PAUL

DICK KINGSLEY

OSAMA

LECTURER: NORA LIZA

DATE:20/02/2020

1
 TABLE OF CONTENT

INTRODUCTION …………………………………………………………………………………1.0

IDENTIFICATION OF ISSUES…………………………………………………………………2.0

DISCUSSION OF ISSUES……………………………………………………………………….2.1

SOLUTION………………………………………………………………………………………….3.0

CONCLUSION………………………………………………………………………………………4.0

2
1.0. INTRODUCTION

Petrol stations are facilities that sell fuel and engine lubricants for vehicular motors. There are also some
petrol stations that only sell electric energy, and they are called charging stations. But this report will
only discuss the petrol stations that sell fuel, diesel, gas and engine lubricants. Petrol stations in the
past, used to operate the analog fuel dispensing pump and meter; but they were rusty and less efficient
(Robson, et al.,2008). The analog nozzle which was used many decades ago looked like the picture
below;

Fig 1. Picture of an old petrol station with analog dispenser “shutter stock” 2020

The inefficient way the analog dispensing machines worked, gave rise to the computerized dispensing
machines. A lot of research went into how these analog pumps could be computerized after the
emergence of computers; and when these researches were collaborated into the dispensing machine
pumps for petrol stations, they came in the picture below;

3
 Fig 2. Picture of the computerized fuel pumps “Caltex” 2017

Computer is an electronic device, which operates under the control of instructions stored in its memory;
it accepts data, processes, produces information, and stores the results for future use. Computers
process data that are primarily in binary form, according to instructions given in a variable program
(Evans, 2018). The world has digitalized rapidly through the emergence of computer-aided technologies,
which help process information in a speedy, reliable and consistent way. Through computer
programming and design, a lot of works, codes and programs are systematically stored and arranged in
the computer which make works easier, lesser and faster, without the need of intermediaries or human
interferences (Smith, 2013). Because of the multi-tasking nature of the computer, and its ability to store,
process and produce millions of information within a very short period of time; companies both big and
small, corporations, homes, and petrol stations among others, employ the services of computers to
interface their systems and servers to enable them work, coordinate and operate efficiently, fast and
accurately in their day to day operations (Robson, et al., 2008 ).

Everything that has an advantage, comes with some disadvantages. The emergence of computer came
with a lot of improvements in the day to day activities of people in companies, work places and homes,
but with these improvements came some negative or “weaknesses” of computers. And in this report,
we shall look at the issues of computer privacy and security; and then provide solutions that will help
safeguard the computer systems of PETROL STATIONS.

4
2.0. IDENTIFICATION OF ISSUES

There have been some computer related breaches in many petrol stations around the world; and some
of the issues have been identified below:

 PETROL FRAUD
 HACKER INTERFERENCE
 EXPLOSIONS THROUGH TERRORIST ACTIVITIES
 CORRUPTION

2.1. DISCUSSION OF ISSUES

PETROL FRAUD: Petrol stations lose millions of dollars annually through petrol fraud. Some petrol
stations use computer-automated systems that control fuel prices and other information that allow a
unified data base to control one station or a chain of stations (Zetter,2018). Most of these automated
systems are vulnerable to external breaches which could allow attackers to shut down fuel pipes, hijack
credit card payments, and steal card numbers or access back-end networks to control surveillance
cameras and other systems connected to the petrol stations; an attacker can easily change/ alter fuel
prices and steal fuel (Alfred, 2018). A senior security researcher with Kaspersky Lab, discovered a
vulnerability after the screen of a computer on a gas pump crashed in Israel, which exposed a local IP
when he monitored closely. This showed that the petrol station was compromised by an external
attacker who gained access into the control server of the petrol station (Zetter, 2018).

Fig 3. Picture of the compromised computerized fuel pump “flaws in gas station” 2018

5
HACKER INTERFERENCE: Hackers are known to break into cyber securities of most companies and big
cooperations. In 2011, LulzSec hackers broke into Sony Technologies and compromised it by releasing
personal pictures and video of clients, and sending out fake stories which affected many celebrities
(Gurdian, 2012). The petrol stations are not immune to attacks like this, as several hacks have been
reported to have happened in many countries like India, Israel, US and Europe, because many petrol
stations are automated, and they are owned by huge cooperations which run them as a Chain; thereby
using a unified computerized system which allows them to control the petrol stations in an easy efficient
unified way; however, this vulnerability of using one system for many petrol stations (chain) has given
rise to interferences through hackers (Bleepingcomputer, 2018). Hackers change fuel prices to suittheir
selfish gains, personal information belonging to staff and customers such as credit card (which these
hackers clone), credit card numbers, car registeration numbers and social security numbers belonging to
staff and customers have been stolen through hacked computer systems of petrol stations
(Bleepingcomputer, 2018). In the US, a security provider called Raid 7 discovered that through out the
whole country, about 5000 petrol stations are connected to the internet without password,and this is
about 3% of all the petrol stations in the country (Molnar, 2019). The Russian Federal security services
(FSB) discovered a fraud scheme by a hacker who worked with the managers of some petrol stations in
the country. They manipulated the automated system by changing the codes; which diverted 3% to 7%
of the fules sold to customers to an empty undergroung tank; which these hackers resold, and made
hundreds of millions of dollars (Zetter, 2018).

EXPLOSIONS THROUGH TERRORIST ACTIVITIES: A cyber security expert, Polyakov has discovered that
the automated sensor systems used in the petrol stations to monitor the pressure, fuel levels, pipeline
flows, quantity of oil, temperature and weather; can be targeted by terrorists, because these sensors
and internet connected softwares, can be used to carry out deadly assualts locally (Theguardian,2016).
Softwares are used to fill fuels into tanks without detection, these softwares can be used to empty
tanks without detection as well. A system called Burner Management System (BMS) is used to startup
and shutdown furnances used in oil sepration at different levels. This BMS software can be manipulated.
Terrorists can increase the pressure levels in the furnances which can cause explosions of great
magnitude (Theguardian, 2016).

6
CORRUPTION AND CRIMINALITY: People have lost their life’s saving through Credit Card Compromise
occastrated by wicked people who work in the petrol stations or who attacked the computer programs
of petrol stations, by stealing their personal information and giving it to those who will use these
personal information for criminal activities (Theguardian, 2016). Some security cameras have been
compromised and car plate numbers have been stolen, which were sold to armed robbers who used
same for criminal activities thereby putting innocent people into problems. Some petrol station workers
and manager work with some of these wicked people to tap information belonging to customers, and
selling it to criminals that will use those information for criminal activities; thereby enriching themselves
and making other innocent people poor (Theguardian, 2016).

3.0. SOLUTION

It is true that about 72% of all businesses are affected by cyber attacks, petrol stations included. Because
of this fact, more proactive messures must be taken to curb this threat, which is rapidly growing. Cyber
threats have become increasingly rampant in a lot of corperations, companies, businesses and homes.
These threats are broad and can pentrate anywhere, that is why more awareness is needed, and more
cyber literacy and education is needed. Below are some of the solutions that will make petrol stations to
be safe from security threats and breaches (Molnar, 2019).

OLD SYSTEMS CHANGED: In a research done last year, it was discovered that a lot of petrol stations who
makeuse of old systems are prone to privacy and security breach, because some of these old gadgets
were not built to detect cyber threats and breaches (Molnar,2019). So every petrol station that uses old
automated integrated systems should acquire new technologies that are built to detect and stop
external manoeuvres from getting into the system.

PASSWORD FOR EACH PETROL STATION: A cyber security expert ADT opined that in Australia, about
$66 million is lost yearly through petrol fraud (ADT Security, 2015). In view of this catastrophic losses
countries incur due to petrol fraud and hacking activities, petrol stations should put strong passwords in
all their systems. In the US study that shows that 3% of all petrol stations in the US have no password,

7
but connected to public internet, they stand a greater risk of losing money, petrol, and personal
information belonging to staff and customers (Molnar, 2019). There should be strong password in every
computer system in every petrol station. It shouldn’t be a unified password for chain of petrol stations,
but each petrol station should have a unique password for its systems.

EMPLOY CYBER SECURITY COMPANY: Since some petrol stations all over the world incur losses on
yearly basis, the owners should employ the services of experts, who will regularly update the computer
systems with up to date antivirus, and where applicable, they could conduct cyber-security-auditing to
make sure that there are no external attacks coming from hackers, as well as no internal collaborators
who help these external hackers to ruin their petrol stations (ADT Security, 2015).

CASH PURCHASE: Every customer should have a sense of protection. Sometimes petrol station owners
may not be directly affected by any attack that targets credit cards and credit card numbers of
customers, and so, they may not take actions to stop these threats because they are not directly
affected; it is suggested that for the best interest of these customers, they should purchase fuelsand
make payments with cash, instead of using the PoS machine. The reason is that some of the operators of
the PoS machines are willing accomplices of these hackers; so the best approach is cash paments, to
avoid identities to be stolen or monies to be stolen from unsuspecting customers (Molnar, 2019).

8
4.0. CONCLUSION

The emergence of computer systems into the daily operations of big and small corporations, like the
petrol stations came with a lot of improvement and efficiencies. These corporations saw that things
could be done in a very short period of time and in bigger amounts, as such guaranteeing more money
and bigger output to these corporations. Because of the multi-tasking nature of the computer, and its
ability to store, process and produce millions of information within a very short period of time;
companies both big and small, corporations, homes, and petrol stations among others, employ the
services of computers to interface their systems and servers to enable them work, coordinate and
operate efficiently, fast and accurately in their day to day operations (Robson, et al., 2008 ).

But this good news came with a lot of responsibilities in its protection. Just as bad can come out of good,
these improvements in the computerized petrol systems came with some loopholes that made internet
hackers and fraudsters to bypass some security apparatus to defraud the petrol station owners and
workers and customers just as figure 3 explains.

Petrol stations serve humanity on a daily basis. Motors, vehicles, bikes, etc., rely on these stations to be
able to be mobile; so special care should be taken in protecting these outlets from heinous crimes
against them. Customers who go there to patronize the brands they believe in (Petronas, Petron, Shell,
etc.) should be protected against those who want to rip them off. Cyber security is a collective effort. It
is not for the petrol station owners alone, or their staff, but the customers and government should put
concerted effort to make sure that cyber security is improved to the highest amounts, and cyber threats
are reduced to the barest minimum.

9
REFERENCE

McCarthy, G.J Chatto, K Tolhu rst, K 1 998

Overall Fuel Hazard
Guide. Research Report No. 47. Fire
Management Branch, Dept. of
Natural Resources and Environment, Victoria.
McCarthy, G.J Chatto, K Tolhu rst, K 1 998
Overall Fuel Hazard
Guide. Research Report No. 47. Fire
Management Branch, Dept. of
Natural Resources and Environment, Victoria.
McCarthy, G.J Chatto, K Tolhu rst, K 1 998
Overall Fuel Hazard
Guide. Research Report No. 47. Fire
Management Branch, Dept. of
Natural Resources and Environment, Victoria.
McCarthy, G.J Chatto, K Tolhu rst, K 1 998
Overall Fuel Hazard
Guide. Research Report No. 47. Fire
Management Branch, Dept. of
Natural Resources and Environment, Victoria.
Aaron Molnar, 2019, Hackers detect security gaps in petrol stations

Retrieved from, https://www.a1.digital/en-de/blog/hackers-detect-security-gaps-at-petrol-stations/

Alfred Ng, 2018, Gas stations are easy access to managers and hackers

10
Retrieved from; https://www.cnet.com/news/gas-stations-online-are-easy-access-for-managers-and-
hackers/

Candice Lanier, 2018, Hackers increasingly targeting gas stations and credit cards at pump

Retrieved from, https://www.bleepingcomputer.com/news/security/hackers-increasingly-targeting-gas-

stations-and-credit-cards-at-the-pump/

Kim Zetter, 2018, Flaws in gas station software let hackers change prices, steal fuel, erase evidence

Retrieved from, https://www.vice.com/en_us/article/43qkgb/flaws-in-gas-station-software-let-hackers-

change-prices-steal-fuel-erase-evidence

Theguardian, 2016, Hackers targeting internet -connected systems to steal oil, experts warn

Retrieved from https://www.theguardian.com/technology/2016/mar/04/oil-gas-companies-internet-

system-hacking-vulnerability

https://www.theguardian.com/technology/2012/aug/29/lulzsec-hacker-arrest-sony-attack

11