Gas Is Back: Colonial Opens Up the Corpse Juice Hoses Just as Much of East Coast Runs Out

A gas station in Atlanta, Georgia, that was out of gas on Tuesday.

A gas station in Atlanta, Georgia, that was out of gas on Tuesday.
Photo: Ben Margot (AP)

Large swathes of the East Coast are running out of the precious refined corpse juice used to fuel most of the nation’s vehicles, five days after ransomware knocked out most of the 5,500-mile Colonial Pipeline system—the biggest gasoline pipeline in the country, connecting Gulf Coast refineries to cities as far north as New York. Due to a combination of panic buying, hoarding, and regular gas guzzling, some regions have now almost completely run out. (The pipeline is coming back, see update below.)


There’s no shortage of fossil fuels; they just can’t reach their destination thanks to malware that encrypted Colonial computer systems and forced them to shut down the pipeline as a “precautionary measure.” The Colonial Pipeline system ships 2.5 million barrels of gasoline, diesel, and jet fuel a day, which Bloomberg reports is equivalent to the capacity of the entire nation of Germany. According to CNN Business, nearly two-thirds (65%) of gas stations in North Carolina were without gas as of 12:37 p.m. ET, with similar outages at 42% of stations in Georgia, Virginia, and South Carolina. Tennesee (14%), Florida (10%), Maryland (9%), and West Virginia (4%) were also running low. Some cities were even worse off: 71% of stations in metro Charlotte, 60% in Atlanta, 72% in Raleigh, and 73% in Pensacola have run dry.

The total number of stations shut down runs over ten thousand, and gas prices broke $3 a gallon, according to AAA data. Making the situation worse, the pipeline outage coincides with a shortage of fuel truck drivers. The feds have considered waiving the Jones Act, a maritime law that requires U.S.-built and manned ships to transport goods between U.S. ports, in the hope that enlisting foreign vessels could ease the logistical difficulties currently preventing gas from reaching consumers.

Bloomberg reported on Wednesday that a solution to the issue is still days away, with three distribution hubs in Pennsylvania out of gas and long lines of tanker trucks waiting to fill up in New Jersey. The network reported that Colonial will announce on Wednesday whether it will be able to begin the process of restarting the pipeline network.

“Colonial has announced that they’re working toward full restoration by the end of this week, but we are not taking any chances,” Pete Buttigieg, the Secretary of Transportation, told reporters at a press briefing on Wednesday. “Our top priority now is getting fuel to communities that need it, and we will continue doing everything that we can to meet that goal in the coming days.”

Even then, Bloomberg reported, it will take quite a bit of time for normal service to be fully restored:

Colonial has only managed to restart a small segment of the pipeline as a stopgap measure. Even when the pipeline is restored to full service, it will take about two weeks for gasoline stored in Houston to reach East Coast filling stations, according to the most recent schedule sent to shippers. For diesel and jet fuel, the transit time is even longer — about 19 days — because they are heavier and move more slowly.


The FBI believes that the hackers behind the ransomware attack belong to a gang of cybercriminals called DarkSide that has been active since August 2020 and generally does not attack targets in the former Soviet bloc, according to the Associated Press. (Cybersecurity expert Brian Krebs recommends installing a Cyrillic keyboard on your PC to avoid contamination.) Ransomware functions by infiltrating a computer network, duplicating itself to connected machines, and then locking out users from access by encrypting file systems, typically prompting them with a ransom demand in cryptocurrency. Unless there’s a known flaw in the encryption technique or cybersecurity researchers have discovered the specific encryption key used in an attack, it is practically impossible to decrypt a computer network once ransomware has triggered. Hackers have used variants of the malware to attack everything in the U.S. from hospitals and school networks to entire municipal governments in recent years, causing billions in damages.

DarkSide has tried to cultivate a reputation for only using ransomware to attack the rich, not institutions like hospitals, and has given out some of its proceeds in charitable donations. The group has also publicly announced on its website that the Colonial chaos was not intentional or motivated by political reasons. However, as Wired explains, the gang’s business model appears to be ransomware as a service, loaning out its malware and cyber infrastructure to other attackers and pocketing a slice of any profit, and it has tried to shift the blame for the Colonial incident to one of the criminal partners it works with. (Ransomware can also be indiscriminate, spreading to systems never explicitly anticipated by whoever is controlling it.) As of this time, the feds have indicated they do not believe the attack was conducted by or on behalf of a rival nation-state.


According to CBS, it remains unclear whether a ransom has been demanded or whether Colonial intends to pay–the FBI officially encourages ransomware victims not to pay such ransoms but has acknowledged they may feel they have no other choice. The Washington Post reported Colonial has enlisted cybersecurity firm Mandiant (a division of FireEye) to help it rebuild its system from backups, and that DarkSide’s access to the targeted systems has been cut off, meaning there may no longer be any incentive to pay up.

It’s easy to see why DarkSide has tried to distance themselves from the attack—disruption on this scale is drawing a massive federal response and U.S. authorities will be determined to track whoever did this down.


On Wednesday, President Biden told reporters that we should expect to “hear some good news in next 24 hours,” adding that he believes “we’ll be getting that under control.”

“I am not surprised that this happened. It was realistically only a matter of time before there was a major critical infrastructure ransomware incident,” says Brett Callow, a threat analyst at security firm Emsisoft, told Wired. “DarkSide appears to have realized that this level of attention is not a good thing and could bring governments to action. They may stay with smaller attacks now in the hope that they’ll be able to continue making money for longer.”


Update 5:19 PM: Secretary of Energy Jennifer Granholm confirmed moments ago that the CEO of Colonial Pipeline has informed her that pipeline operations would resume around 5 PM this afternoon. The juice will still take some time to make its way around the country.

Update: 6:20 PM: This article has been updated to clarify that the ransomware attack did not directly affect the pipeline control system, and Colonial took it offline as a precautionary measure.


Hackers Threatening East Coast’s Fuel Supply Claim They’re Not Trying to Cause Anybody Trouble

Illustration for article titled Hackers Threatening East Coast's Fuel Supply Claim They're Not Trying to Cause Anybody Trouble

Photo: Michael M. Santiago (Getty Images)

Over the weekend, a cyberattack by the Russia-based ransomware gang DarkSide managed to hamstring America’s largest oil pipeline, Colonial, threatening to choke off significant energy flows to the East Coast.


Per Bloomberg News, the gang pilfered approximately 100GB of data from the company’s IT network in just two hours on Thursday. The attack was part of what is known as a “double extortion scheme,” a tactic used by criminal groups in which they steal and then threaten to leak significant amounts of data from a high-value target in an effort to extort money from the victim. A coalition of private companies, along with major government agencies like the FBI, the NSA, and CISA, apparently worked together to stop further data theft from occurring.

The Biden administration acknowledged the attack Monday, with the President calling the incident a “criminal act, obviously.” Biden also said that he planned to meet with Russian President Vladimir Putin about the attack and that he would encourage him to take “some responsibility to deal with this.”

Like all unscrupulous businessmen, the members of DarkSide have sought to impress upon their victims that the attack was just business, and nothing personal. On Monday, a statement published to the gang’s website emphasized that their “goal is to make money” and that they are not interested in “creating problems for society.” The group stated:

We are apolitical, we do not participate in geopolitics, do not need to tie us with a defined goverment [sic] and look for other our motives. Our goal is to make money, and not creating problems for society. From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.

The gang originally emerged last summer, with the first known sighting of it in August, said Ekhram Ahmad of security firm Check Point Research. DarkSide operates via a Ransomware-as-a-Service model, by which it sells its malware to affiliate groups, who then use it in attacks. The malware has been used in other previous attacks against other energy companies. “What we do know is that to take down extensive operations like the Colonial pipeline reveals a sophisticated and well-designed cyber attack,” said Lotem Finkelsteen, head of threat intelligence with Check Point.

You’d think it would be hard to stand out in a year that has seen a veritable blitz of cyberattacks, each one seemingly more disastrous than the next (see: SolarWinds, Microsoft Exchange, the PulseVPN attacks, and more). Yet this is exactly what DarkSide has managed to do—both via its Batman villain-like ability to spur a coastal energy crisis, and its sheepish apology for, like, causing trouble or whatever.


As disastrous as the incident may be for Colonial, it is likely a boon to the current, ongoing efforts to elevate U.S. cyber policy. The political impact of the attack will likely only be to further strengthen the argument that America needs to take a more aggressive, proactive and organized approach when it comes to tracking and combatting cybercriminal groups—something that those in the cyber community have been lobbying for for some time.

On top of this, the fact that a coalition of private sector companies led the charge to assist in containing the fallout from the incident only further belies the argument, oft made by security professionals, that the solution to these attacks will be forged in a holistic alliance between the public and private sector.


You Should Definitely Update Your Dell Computer Right Now

A flaw dating back to 2009 enables access to Dell and Alienware computers through faulty drivers.

A flaw dating back to 2009 enables access to Dell and Alienware computers through faulty drivers.
Photo: Sam Rutherford / Gizmodo

A public service announcement for anyone who, like me, is using a years-old Dell computer as their primary machine: Dell has released a security patch for a security vulnerability affecting close to 400 different computer models manufactured between 2009 and right now. That’s, uh, a lot of laptops.


The vulnerability was discovered by security research firm SentinelLabs in a driver used by Dell and Alienware’s firmware update utilities. The flaw allows an attacker to access full kernel-level permissions in Windows. Dell’s information page says it has no evidence that the vulnerability has been exploited and that the attacker would have to have direct access to the computer to take advantage of the flaw. But that’s possible through malware, phishing, or granting remote access privileges to, say, someone pretending to be Dell customer service.

Be sure to check Dell’s list of affected computers if you think you fit the criteria. Some of the latest XPS 13 and 15 models are affected, as are Dell’s G-series gaming laptops. There’s also a list of mid-range Inspiron models from over the years and even some workstation towers.

Dell is pushing a security update via its update clients. The FAQ says to expect it by May 10. If you wish to remove affected the driver yourself, there are instructions at the link for locating it on both 32- and 64-bit versions of Windows.

Cybercriminals Bought Facebook Ads for a Fake Clubhouse App That Was Riddled With Malware

Illustration for article titled Cybercriminals Bought Facebook Ads for a Fake Clubhouse App That Was Riddled With Malware

Photo: Josh Edelson/AFP (Getty Images)

Cybercriminals have been pushing Facebook users to download a Clubhouse app “for PC,” something that doesn’t exist. The app is actually a trojan designed to inject malware into your computer. The popular new invite-only chat app is only available on iPhone but worldwide interest in the platform has risen and users are clamoring for Android and, presumably, “PC” versions.


Per TechCrunch, the malicious campaign used Facebook ads and pages to direct platform users to a series of fake Clubhouse websites. Those sites, hosted in Russia, asked visitors to download the app, which they promised was just the most recent version of the product: “We tried to make the experience as smooth as possible. You can check it out right now!” one proclaims.

However, once downloaded, the app would begin signaling to a command and control (C&C) server. In cyberattacks, the C&C is typically the server that informs malware what to do once it has infected a system. Testing of the app through malware analysis sandbox VMRay apparently showed that, in one instance, it tried to infect a computer with ransomware.

Taking advantage of a popular new product to deploy malware is a pretty classic cybercriminal move—and given Clubhouse’s prominence right now, it’s no surprise that this is happening. In fact, researchers recently discovered a different fake Clubhouse app. Lukas Stefanko of security firm ESET revealed how another fictional “Android version” of the app was acting as a front for criminals looking to steal users’ login credentials from others services.

Fortunately, it doesn’t appear that this most recent campaign was too popular, as TechCrunch reports that the Facebook pages associated with the fake app only had a handful of likes.

It’s an interesting little incident, though it may be difficult to find out more about this tricky campaign because the websites hosting the fake app have apparently disappeared. The takedown of the sites appears to have disabled the malware. Facebook has also taken down the ads associated with the campaign.

An Android App That Promised Free Netflix Shockingly Just Highly Annoying Malware

Illustration for article titled An Android App That Promised Free Netflix Shockingly Just Highly Annoying Malware

Photo: OLIVIER DOULIERY/AFP (Getty Images)

So-called pirating apps have been around for years—and they have only gained popularity since covid-19 put us all indefinitely on the couch, phone in hand, awaiting a reason (that never comes) to stop streaming.


Well, not all pirating apps have your content-viewing interests in mind. Enter “FlixOnline.” Until recently, this app sat in Google’s Play Store, promising users the opportunity to gain free mobile access to Netflix from anywhere in the world, even if they didn’t have an account. Sounds too good to be true, right?

Yes, well, exactly.

FlixOnline, discovered by security firm Check Point Research, never actually let users binge Breaking Bad or whatever. Instead, the researchers say, it delivered a self-replicating worm onto their devices—the likes of which could potentially be used by hackers in phishing and data-theft operations.

According to researchers, the Flix wormable malware burrows into a phone by abusing its permissions, then uses a victim’s WhatsApp conversations to spread itself. As soon as you download it, Flix asks for access to a variety of your device’s controls. It then hijacks your WhatsApp and uses it to send spammy messages to people who message you. For instance, if your friend sends you, “Hey dude, whaddup,” Flix will secretly auto-reply for you, sending them a, uh, really subtle advertisement for its fake services:

“2 Months of Netflix Premium Free at no cost For REASON OF QUARANTINE (CORONA VIRUS)* VIRUS)* Get 2 Months of Netflix Premium Free anywhere in the world for 60 days. Get it now HERE” [insert malicious link].

If your friend, lost in a confused fog—baffled by the fact that their pal of many years has transformed, overnight, into a robotic Netflix shill—happens to click on the link provided, they get directed to a website where they can download the app, and the malware replicates itself anew. Researchers say the site could easily serve as a way for hackers to steal a victim’s personal information. In truth, it’s hard to imagine most people being, let’s say, gullible enough to follow that last step, but then again, “123456″ remains a popular password.

So, voila! It’s like a moral lesson about the ills of piracy, packed into a very, very stupid app—an app that does literally nothing except hijack your conversations with friends and loved ones to re-spawn its own daft, useless existence.


Of course, the access supplied by an app like this means a bad actor could definitely abuse it to do more than send annoying messages (they could steal your private information and thereby entrap you in an extortion scheme, for instance). Additionally, if the messages being sent to a victim’s contacts were modified to something other than a hacky Netflix ad, or additional malicious links were added to the hijacked WhatsApp messages, a person could have quite a mess on their hands. So, it’s not just an annoying app, but potentially dangerous, too.

Perhaps the worst thing here is that Flix sat in the Play Store for approximately two months, compromising about 500 devices, according to Check Point (the app has since been taken down). It’s another great example of how Google hasn’t always done an amazing job when it comes to weeding out bad apps being distributed on its platform.


“The fact that the malware was able to be disguised so easily and ultimately bypass Play Store’s protections raises some serious red flags,” said Aviran Hazum, manager of mobile intelligence at Check Point. He added that, while this specific malware campaign was halted, the same malware could be deployed again via a different fake app. So… be careful out there, my pirate friends. Remember: There’s no such thing as free content.

A New Phishing Campaign Sends Malware-Laced Job Offers Through LinkedIn

Illustration for article titled A New Phishing Campaign Sends Malware-Laced Job Offers Through LinkedIn

Photo: Carl Court (Getty Images)

With unemployment at formidable levels and the economy doing weird, covid-related reversals, I think we can all agree that the job hunt is a pretty hard slog right now. Amidst all that, you know what workers really don’t need? A LinkedIn inbox full of malware. Yeah, they don’t need that at all.


Nevertheless, that is apparently what some may be getting, thanks to one group of cyber-assholes.

Security firm eSentire recently published a report detailing how hackers connected to a group dubbed “Golden Chickens” (I’m not sure who came up with that one) have been waging a malicious campaign that preys on job-seekers’ desire for the perfect position.

These campaigns involve tricking unsuspecting business professionals into clicking on job offers that are titled the same thing as their current position. A message, slid into a victim’s DMs, baits them with an “offer” that is really rigged with a spring-loaded .zip file. Inside that .zip is a fileless malware called “more_eggs” that can help hijack a targeted device. Researchers break down how the attack works:

…If the LinkedIn member’s job is listed as Senior Account Executive—International Freight the malicious zip file would be titled Senior Account Executive—International Freight position (note the “position” added to the end). Upon opening the fake job offer, the victim unwittingly initiates the stealthy installation of the fileless backdoor, more_eggs.

Whoever they are, the “Chickens” probably aren’t conducting these attacks themselves. Instead, they are pedaling what would be classified Malware-as-a-service (MaaS)—which means that other cybercriminals purchase the malware from them in order to conduct their own hacking campaigns. The report notes that it is unclear who exactly is behind the recent campaign.

A backdoor trojan like “more_eggs” is basically a program that allows other, more destructive kinds of malware to be loaded into the system of a device or computer. Once a criminal has used the trojan to gain a toehold into a victim’s system, they can then deploy other stuff like ransomware, banking malware, or credential stealers, to wreak more extensive havoc on their victim.


Rob McLeod, Sr. Director of the Threat Response Unit (TRU) for eSentire, called the activity “particularly worrisome” given how the compromise attempts could pose a “formidable threat to businesses and business professionals.”

“Since the COVID pandemic, unemployment rates have risen dramatically. It is a perfect time to take advantage of job seekers who are desperate to find employment. Thus, a customized job lure is even more enticing during these troubled times,” McLeod said.


We reached out to LinkedIn to see what their take on this whole situation is and will update this story if they reply. Considering that employers don’t usually just offer you a job, you would think this campaign wouldn’t be too hard to avoid. Yet people click on random stuff on the internet all the time—usually out of curiosity, if nothing else. Suffice it to say, if you get a job offer that seems too good to be true, probably best to steer clear.

UPDATE, 9:12 p.m. When reached by email, a LinkedIn spokesperson provided the following statement:

“Millions of people use LinkedIn to search and apply for jobs every day — and when job searching, safety means knowing the recruiter you’re chatting with is who they say they are, that the job you’re excited about is real and authentic, and how to spot fraud. We don’t allow fraudulent activity anywhere on LinkedIn. We use automated and manual defenses to detect and address fake accounts or fraudulent payments. Any accounts or job posts that violate our policies are blocked from the site.” 


Employee Indicted for Hacking Kansas Water Utility and Trying to Shut Down Key Systems

As if we didn’t have enough risks to drinking water to manage.

As if we didn’t have enough risks to drinking water to manage.
Photo: Tony Gutierrez (AP)

A federal grand jury is indicting a 22-year-old guy over accusations that he tampered with a public water system. Dude allegedly hacked into a computer system that controls a rural water utility in Ellsworth County, Kansas, then messing with the virtual processes that affect procedures for cleaning and disinfecting drinking water.


On March 31, Wyatt Travnichek was charged with one count of tampering with a public water system and one count of reckless damage to a protected computer during unauthorized access. If convicted, he’ll face up to 25 years in prison and $500,000 in fines.

The story is pretty wild. Travnichek actually worked at the water district, which services more than 1,500 retail customers and 10 wholesale customers in eight Kansas counties, from January 2018 to January 2019. Part of his role was to virtually monitor its water plant after hours by remotely log into the district’s computer system, so in a sense he was just doing his old job.

The Department of Justice alleges that he logged on with the intention to harm, though thankfully, according to Cyberscoop, no one was harmed. According to the indictment, Travnichek “accessed a protected computer without authorization,” then remotely logged on and “performed activities that shut down processes at the facility which affect the facility’s cleaning and disinfecting procedures.”

“By illegally tampering with a public drinking water system, the defendant threatened the safety and health of an entire community,” Lance Ehrig, Special Agent in Charge of EPA’s Criminal Investigation Division in Kansas, said in a statement. “EPA and its law enforcement partners are committed to upholding the laws designed to protect our drinking water systems from harm or threat of harm. Today’s indictment sends a clear message that individuals who intentionally violate these laws will be vigorously prosecuted.”

What’s even more bonkers than this guy’s actions, though, was that he was able to carry them out. But it’s also hardly the only instance of critical utility infrastructure facing a cybersecurity breaches. In February, a hacker broke into the computer system for a water utility in Florida and tried to poison people by upping the water’s sodium hydroxide content to toxic levels. It later came out that the system didn’t have basic network protections—not even a firewall or strong password security. In December, when cyber intruders hacked numerous government agencies and tech companies, SolarWinds software, they also put malware onto several electric and oil companies’ computer systems. A report released Monday also shows that Connecticut’s energy, natural gas, and water utilities have seen an uptick in phishing and malware threats since the covid-19 pandemic began in early 2020.


This comes on top of the physical issues with U.S. infrastructure, of which there are many. Water systems are already under threat from pollution, poorly maintained pipes, and aging infrastructure. Climate change will only exacerbate many of these problems. Travnichek hasn’t yet been convicted of anything, but regardless, let’s hope water utilities learn from this and install some protective measures. Because frankly, we don’t need any more risks to drinking water. 

Universities Across the Country Are Being Swept Up in a Large Data Fiasco

Illustration for article titled Universities Across the Country Are Being Swept Up in a Large Data Fiasco

Photo: Sean Gallup (Getty Images)

A number of prominent U.S. colleges have become the newest, unlucky recipients of a cybersecurity migraine currently affecting dozens of organizations all over the world.


You may have heard something about Accellion—the global cloud provider whose secure-file transfer product (called FTA) was beset by a hacking campaign back in December. If you haven’t heard about it, you can read a recent run-down of the whole trainwreck here. All you really need to know, though, is that a lot of organizations previously used Accellion’s FTA product to store and share data, it had big security flaws, and a pitiless hacker gang decided to exploit those flaws to steal data from dozens of organizations, including—apparently—schools.

Yes, about half a dozen universities recently announced that they had been swept up in the hack. Now, those schools also appear to have had some of their data leaked online by the hackers—in an apparent bid to get them to pay the criminals’ ransom.

As of Thursday, at least six different universities have allegedly had their data leaked to the dark web—the likes of which includes quite sensitive information. The victims are: Stanford University, the University of Maryland Baltimore, the University of Miami, the University of California Merced, the University of Colorado Boulder, and the Yeshiva University, a prominent private research university based in New York City.

On the hacker’s leak site, Gizmodo can confirm that data allegedly stolen from a number of the schools has been posted and is publicly visible. In some cases, it includes what appears to be student or employee names, social security numbers, phone numbers and addresses, and even a transcript, in one case.

UC Davis has been affected by the attacks, too. In a statement released to its community Wednesday, the California school admitted that Davis had suffered “a cybersecurity attack” and that data had been stolen, though it did not reveal that data had yet been leaked to the web. The school does not currently have a “page” on the hacker’s leak site, either.


Universities (and schools, in general) have had a pretty tough time with hackers since the beginning of the pandemic. Schools are natural targets for attacks, because they are giant warehouses of information (personal, academic, and financial), all of which can be stolen. Covid only made schools bigger targets, due to a number of different factors. In summary, pray for the poor college student who, on top of the sheer hell of having to learn via Zoom these days, must now worry about whether some dark web cretin is currently plotting to steal their identity. School should be a lot more fun than this.


Hackers Are Hiding Malware Inside Fake Call of Duty: Warzone Cheats to Target Gamers

Illustration for article titled Hackers Are Hiding Malware Inside Fake Call of Duty: Warzone Cheats to Target Gamers

Photo: Robert Reiners (Getty Images)

Look out, n00bs. Hackers are apparently deploying fake game “cheats” for Call of Duty: Warzone. They won’t help you merk your opponents, unfortunately. Instead, they will just inject malware onto your computer.


A recently disclosed report from game publisher Activision shows that discussion of such schemes was recently observed on several different dark web forums. Criminals discussed tricking unsuspecting gamers into downloading a dropper—a malicious program that can be customized to install other, more destructive forms of malware (such as, say, a RAT) onto a computer or device—by convincing them it was actually a free cheating program.

According to the report, this free “cheat” offers things like infinite ammunition “for all weapons,” “extra speed” and a “1hit1kill” feature. Truly good stuff! If only it were real, and not a pretext for stealing your financial information.

Most troublingly, Activision says that the “cheat” tool has been advertised multiple times on a popular cheating forum under the title “new COD hack.” (Gamers looking to flout the rules will typically go to such forums to find new ways to do so.) While the report doesn’t mention which forum they were posted on (that certainly would’ve been helpful), it does say that these offerings have popped up a number of times. They have also been seen advertised in YouTube videos, where instructions were provided on how gamers can run the “cheats” on their devices, and the report says that “comments [on the videos] seemingly indicate people had downloaded and attempted to use the tool.”

Part of the reason this attack could work so well is that game cheats typically require a user to disable key security features that would otherwise keep a malicious program out of their system. The hacker is basically getting the victim to do their own work for them.

“It is common practice when configuring a cheat program to run it the with the highest system privileges,” the report notes. “Guides for cheats will typically ask users to disable or uninstall antivirus software and host firewalls, disable kernel code signing, etc.”

With all this in mind, it might be advisable that gamers keep on the path of goodness and virtue—and just play by the rules for the time being.


Tesla: Now a National Security Threat to China

Elon Musk poses for photos with buyers during the Tesla China-made Model 3 Delivery Ceremony in Shanghai.

Elon Musk poses for photos with buyers during the Tesla China-made Model 3 Delivery Ceremony in Shanghai.
Photo: STR / AFP (Getty Images)

Members of the People’s Liberation Army desperate to drive to work with all the style and panache afforded by Elon Musk’s overhyped cars are apparently out of luck. Citing “national security” concerns, the Chinese government has reportedly banned the use of Tesla vehicles by state and military employees on certain government properties.


Per reports from the Wall Street Journal and Bloomberg, the People’s Republic of China is allegedly concerned that Tesla’s high-tech cars could be a source of data leaks or foreign spying. Of particular concern is the high number of internal sensors and cameras installed in Tesla vehicles—the likes of which could be used to funnel sensitive data “back to the U.S.,” government officials worry.

The order related to the ban was allegedly issued by the Chinese military and restricts government officials from using the vehicles at certain government and military properties, as well as from “driving into housing compounds for families of personnel working in sensitive industries and state agencies.” The ban follows on the heels of a “government security review” of Tesla by the government, WSJ reports, the likes of which apparently didn’t go too well.

The review raised concerns about data collected by the vehicles and Tesla—including vehicle location data and the contact lists of mobile phones that are synched with the car’s internal systems.

We recently covered how the modern day car is basically a treasure trove of personal data (the likes of which can be shared, sold or stolen), so China’s concerns are potentially not without merit.

On top of this, Tesla has had a handful of iffy security incidents over the years. In 2016, security researchers—in China, no less—demonstrated that they could remotely hack the company’s cars via its wifi; the hackers had the ability to pump the brakes, pop the trunk and turn the vehicle’s windshield wipers on and off. A recent episode in which a hacker was able to gain access to hundreds of the company’s internal security cameras via a third-party provider has also provoked concerns.


The ban is also indicative of the way in which the tech industry has become a domain of the political conflict between the U.S. and China. Under President Trump, the U.S. moved to aggressively crack down on any Chinese technology company it deemed a “national security” threat—effectively blacklisting dozens of companies and attempting to censure their access to U.S. audiences while also cutting them off from financial investment. That China would respond in kind seems about par for the course.