Charging Desert Caused By Black Hat Attacks - Are CPO’s Beefing Up Security?

The last couple of days has been quite an adventure for most CPOs in the country. Many of them, in some way or form, have come under threat from cyber criminals who seek to mess up the charging stations operations and to gain access to its highly valuable users data.

It all started several days back with the R00TK1T threat to gain access to Malaysia's EV charging network. From the images shared, it would appear to be the TNB and Go-2-U charging network, based on the charging map icon and names on the charging locations shown.

These claims were somewhat verified as a user, Ronnie Soon, took to the Malaysian Electric Vehicle Owners Club (MYEVOC) Facebook page. He pointed out that the TNBX Chargers running on the GO To-U system were down, resulting in him not being able to use that particular charger.

GO To-U however took to their social media denying R00TK1T‘s claims that their back-end system was hacked and all the EV chargers on its platform were accessible and operational. A quick check on their app showed not much abnormality with exception to a few EV chargers down for maintenance.

However, this first “incident” would seem to be just the tip of the iceberg as Go To-U does not have a large number of chargers that could make a relative impact to most EV users.  The mass outage that happened yesterday which involved Gentari, ChargEV, JomCharge and DC Handal did hit that spot despite the matter being resolved in a relatively short time.

From our insider sources, we learned the tri-party network was hacked by an unidentifiable party who somehow has not taken claim to the act, unlike R00TK1T. The hack was identified as a base Level 4 Distributed Denial-of-Service (DDoS) hack which aimed at their portal.

To those who are in the dark, DDoS Attack is where hackers flood a server with internet traffic to prevent users from accessing connected online services and sites. In this case a few IP was compromised leading to the nationwide downtime yesterday.

However, on the bright side, we learned that no user data and payment tokens were compromised and the entire ordeal only lasted a few hours; thanks to the preparedness of the CPO in handling such matters.

We are sure many users might be worried of such attacks and if they would be vulnerable, to this we say fret not as such attacks are a norm in this digital era and what matters most is the measures taken to safeguard user data and to minimise downtime.

However having said that, we would like to point out again that this could have just been the tip of the iceberg as once you are on the radar of the hcackers. We are pretty sure they would look into other means to intensify future hacks to even a Level 7 DDoS Attack targeting or more.

Hence the question arises, are ALL CPOs in Malaysia (or globally even) prepared for a full on onslaught of hacks in the near future? What are the measures being taken to safeguard their sites, user data and payment token?