The growing use of telematics for both gathering truck performance data and for sending and receiving shipping documents also exposes trucking to a new form of crime called “e-hijacking.”
For example, it appears that 3.9-million Citigroup banking records stored on computer backup tapes were e-highjacked while being shipped by UPS from New York to an Experian credit bureau in Texas, according to Stephen Spoonamore, CEO of data security consulting firm Cybrinth. He said:
“These tapes were not lost - they were stolen,” Spoonamore said at a special trucking safety and security seminar hosted by law firm Patton Boggs LLP in Washington, DC. “Not only were they stolen, the theft occurred by altering the electronic manifest in transit so it would be delivered right to the thieves.” He added that UPS, Citigroup, and Experian spent four days blaming each other for losing the shipment before realizing it had actually been stolen.
Spoonamore, a veteran of the intelligence community, said in his analysis of this e-hijacking, upwards of 15 to 20 people needed to be involved to hack five different computer systems simultaneously to breach the electronic safeguards on the electronic manifest. The manifest was reset from “secure” to “standard” while in transit, so it could be delivered without the required three signatures, he said. Afterward the manifest was put back to “secure” and three signatures were uploaded into the system to appear as if proper procedures had been followed.
“What's important to remember here is that there is no such thing as ‘security’ in the data world: all data systems can and will be breached,” Spoonamore said. “What you can have, however, is data custody so you know at all times who has it, if they are supposed to have it, and what they are doing with it. Custody is what begets data security.”
Another case involved a fleet of 350 trucks shipping hazardous materials using telematics to download and track vehicle operating data in real-time including engine speed, hard braking events and other information.
Spoonamore said the data streams coming from those vehicles only used a basic level of encryption — codes broken by what he called an “enterprising” local law firm that proceeded to download four months of operating data on each truck, including the actual road speed of each truck over that period. The law firm then sued the trucking company for speeding violations, using the carrier's own telematics data as proof.
“[Telematics] can tell you at 2 a.m. precisely where your truck is — but do you know where your data is at that time? That's why you can't totally trust your computer anymore,” Spoonamore cautioned.