Maserati Hacker's Extortion Gambit Stalls
An aging hacker with an interesting angle on electronic extortion and a taste for expensive European sports cars is awaiting trial for his crimes after getting busted for pulling off the semi-sophisticated scheme.
Bruce Mengler, 60, was arraigned in a San Diego federal court earlier this week after being indicted for computer intrusion and extortion for carrying out an enterprise through which he attempted to extort Italian supercar specialists Maserati after hacking into one of the company's customer databases.
Mengler, who is scheduled to appear in court again on Oct. 31, according to the San Diego Union-Tribune, took advantage of a promotional event through which the car maker, which is a subsidiary of Ferrari parent Fiat, was offering North American customers the opportunity to receive prizes for test driving their $100,000-plus vehicles.
Among the gifts offered for signing-up for the promotion online were gift certificates for Omaha Steaks.
After hacking into the database that contained the names of the people who participated in the event, Mengler contacted Maserati and threatened to expose the security breach publicly unless the company paid him off.
Personally, I would have merely requested free lease on a Montreal blue Quattroporte SportWagon with the F1-style paddle shifter (hey, I've got kids), but apparently Maserati decided to contact the authorities instead. Good idea, that.
Security experts noted that the incident points to the fact that many businesses, even those with seriously deep pockets, are failing to adequately secure their Web sites, leaving them exposed to potential breaches.
"If a hacker was able to gain access to customer information via the promotional Web site then there is a clear warning here to all companies that they need to properly secure their public Web sites," said Sophos chief researcher Graham Cluley in a blog posting on the case. "It's all very well asking for potential customers to enter their names and addresses in exchange for free steaks, but you'll be dealing with higher stakes (groan...) if your Web site is not properly defended."
Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.