Dumb RF engineer who shut down smart meter base stations is sentenced to jail

In Featured News by Wireless Estimator

text

Many utility companies throughout the country utilize base stations to monitor their meters, and although they might be secure, if the password is easily identified, their network can be corrupted as was the case with numerous water companies in 2014 when an RF engineer took revenge on his employer. The one pictured above was unaffected.

In 2014, a radio frequency engineer upset after being fired from his job which required him to set up base stations that employed omni directional antennas on communications towers to monitor water meters, took revenge upon his unnamed employer and hacked into base stations to shut them down.

He also changed the radio frequency for communications. and altered the code for a computer script to the lyrics of a Pink Floyd song. The disgruntled ex-employee also changed the utility customers’ default password to “f*ckyou”.

The man’s employer had to expend a large amount of time to conduct forensic examinations of the hacking and turned the information over to the FBI.

According to court documents, the intrusions occurred in five cities across the East Coast.

On Nov. 22, 2016, Adam Flanagan, 42, of Bala Cynwyd, Pa. was charged with 12 counts of damaging protected computers by the U.S. Attorney’s Office for the Eastern District of Pennsylvania.

On March 7, Flanagan plead guilty to two counts in a plea deal and On June 14, he was sentenced to 12 months, 1 day in prison.

When he was arrested, Flanagan faced a maximum sentence of 90 years in prison, plus a $3 million fine.

Sentencing guidelines provide for enhanced sentences for attacks on computers involved with critical infrastructure, such as water systems. In this case, Judge Paul Diamond applied the enhancement for interfering with computers used to maintain or operate a critical infrastructure.

Foolishly used his own computer to hack the base stations
FBI agents suspected Flanagan when they found that an IP address used in the intrusions belonged to his Clearwire WiMax modem, and when they first interviewed him, according to the FBI’s plea memorandum, he said he had been drinking when he used his computer to enter the networks:

FBI Special Agent Andrew Pelczar: All right. So from your home computer you would dial in…

Adam Flanagan: Well I worked from home. So I would…

Pelczar: So you were always there.

Flanagan: It was always there… so I had… It was on my computer so when they let me go. It was still there.

Pelczar: I mean I have had other cases like this and what will happen guys will have a couple of beers…

FBI Special Agent Darin Murphy: That’s…

Pelczar: Get a little loose

Flanagan: Pretty much.

Pelczar: You got pissed and had a couple.

Flanagan: Pretty much yeah.

The units that Flanagan corrupted appear to be the Tower Gateway Base Station (TGB), manufactured by FlexNet. Users attempting to access the TGB are required to submit a username and password using a secure shell login.

Data stored on the TGB remains encrypted and the encryption keys are never stored on the same equipment as the data.

Although the unit has secure access controls in place, Flanagan was able to access the system by using the default password that was never changed, not because he was an expert hacker, as identified in the agents’ interview:

Adam Flanagan: I am not at all a master hacker.

FBI Special Agent Darin Murphy: But that’s why we are here, because you look on paper and here’s somebody who’s…

FBI Special Agent Andrew Pelczar: You have skills…

Murphy: Methodically logging in…

Flanagan: Not really. No I don’t.

Pelczar: On paper you do.

Flanagan: That’s not. That’s absolutely not true.

Pelczar: So. All right.

Flanagan: I’m an RF guy. I know rudimentary… ah… logon. A couple of VI scripts. I knew the entrance screen was to do a VI. You know you can do a VI and it gave you a welcome message. So a couple of times I changed the root welcome message to say ‘Ha. Ha’.