Motorcycle Gang Busted For Hacking and Stealing Over 150 Jeep Wranglers (bleepingcomputer.com) 83
An anonymous reader writes: "The FBI has arrested members of a motorcycle gang accused to have hacked and stolen over 150 Jeep Wranglers from Southern California, which they later crossed the border into Mexico to have stripped down for parts," reports Bleeping Computer. What stands apart is how the gang operated. This involved gang members getting the Jeep Wrangler VIN (Vehicle Identification Number), accessing a proprietary Jeep database, and getting two codes needed to create a duplicate replacement key. Gang members used one code to cut the key, while they used the second code while stealing the car, connecting a handheld programming computer to the car, and programming the replacement key's chip, synchronizing it to the car's dashboard. All of this took under 2 minutes and was also possible because Jeep Wranglers allow thieves to pop the hood from the outside of the car and disable the alarm even before using their non-authenticated replacement key. Officials say that all the database queries for the stolen VIN codes came from a Jeep dealer in Cabo San Lucas, Mexico. Court documents don't say if the dealer cooperated or gang members hacked its system. The motorcycle gang's name was Hooligans and the sub-unit that stole the Jeeps was named Dirty 30.
Hooligans (Score:1)
Re: (Score:1)
You'd think smart hackers would have enough brain power to find a better gang name.
Re:Hooligans (Score:5, Insightful)
Re:Hooligans (Score:4, Funny)
Or the gang has one member who sits in a dark apartment room surrounded by computer screens full of green text and who's in constant contact with them over a secret radio frequency.
Re: (Score:2)
That looks vaguely like "hacking" in Fallout...
Seems like every time the TV news needs a graphic for hacking they use the Fallout one... I find that hilarious and it makes me feel a bit smug all at the same time, win win!
Re: (Score:2)
Or they simply got an employee to do it for them. Dealers have access to the datab
Re: (Score:1)
A "couple decades ago" hackers chopped wood, or someone else's bugs. When "hacking" got conflated with "cracking" there were plenty of script kiddies already.
As for illiterate Hooligans manning weapons they don't understand, those have been around since cracking exists, be it of systems, or skulls (cf. Space Odyssey).
Re: (Score:1)
I bet you're the kind of guy that likes his email server to be called "hermes" or "isimud", instead of, you know, "mail".
Re: Hooligans (Score:2, Informative)
The name comes from a notorious Irish family.
It starts with... (Score:3)
There's your main problem right there.
Re:It starts with... (Score:4, Insightful)
There's your main problem right there.
If you look you will find that a lot of car hoods can be opened by inserting the right tool through the grill to access the locking mechanism. It's a lot like how a slim jim can get you in through the door.
Re:It starts with... (Score:5, Insightful)
Re:It starts with... (Score:4, Funny)
Re: (Score:1)
So basically, if your alarm goes off, that means all is fine. When it doesn't make any noise, that's when you should be worried.
Re: (Score:2)
Has a car alarm ever helped anyone? Most people seem to ignore them, and when you see criminals on CCTV they appear to just ignore the alarm and carry on looting the vehicle or driving it away.
Re: (Score:1)
Really? That is the main problem? Not the fact that you can generate a replacement key from VIN?
Re: (Score:2)
That can be done for any car - how do you think dealers make a new key when you misplace your original keys?
It may make sense to have that capability. But there's no reason for the whole database to be replicated anywhere outside of some secure vault within Jeep's corporate headquarters in Italy. Dealers should send authenticated individual queries to the central system as needed.
Re:It starts with... (Score:5, Insightful)
That can be done for any car - how do you think dealers make a new key when you misplace your original keys?
It may make sense to have that capability. But there's no reason for the whole database to be replicated anywhere outside of some secure vault within Jeep's corporate headquarters in Italy. Dealers should send authenticated individual queries to the central system as needed.
Since they could track it down to a specific dealer, it sounds like that is exactly how it works.
Re: (Score:2)
Do you know how long that would take in a global market place?
Your key breaks, you get towed to the dealer who then has to submit a request which will be returned in 4-5 days while your car isn't in your possession. To cut and program a key which takes 5 minutes.
You turned a 10 minute issue into 5 day wait.
To access the database you need the vin and access to a remote database. It isn't like every dealer has a full copy. They have log in to access it.
The real issue is that log in probably failed rubber ho
Low-tech solution (Score:4, Interesting)
How about a low-tech solution of blocking the visible-under-the-windshield VIN with a piece of paper? Is that legal? It seems like it would help reduce the problems, or at least make the thieves more inclined to move on to a different vehicle.
Re: (Score:3)
How about a low-tech solution of blocking the visible-under-the-windshield VIN with a piece of paper? Is that legal? It seems like it would help reduce the problems, or at least make the thieves more inclined to move on to a different vehicle.
In California it is illegal, but you can use the CA DMV website to look up the VIN if you have the license plate number, so covering the VIN would just add one more step for the crooks.
Re:Low-tech solution (Score:4, Informative)
On my car, the VIN is also etched into the corner of each of the glass pieces. Since you also need to regularly supply a VIN for registration, service, and even sometimes to take the car onto a private lot, the best thing would be for Chrysler to require something more private in order to get the codes for the key and the computer :/
Re: (Score:2)
It prevents them from being sold as legit replacements by crooked junk yards. You also get an insurance discount.
Re: (Score:2)
No genius. The marked parts need to be destroyed. The crooks will need to destroy ALL of the glass.Have a car shell with a good VIN? Steal the exact same model and color car then swap all the non numbered parts. The glass is a HUGE expense. The engines and most transmissions are also numbered.
Re: (Score:2)
True, but there's more glass then just the windshield. All those doors need to be taken apart. The rear glass as well. Silly high windows in the body behind the back doors? those need replaced too.
So lets say $1000 in glass. 2.5% of the value of the car, now lets get into labor.
Re: (Score:2)
Modern windshields on $40k cars are a lot more expensive than that. $40k cars have a bunch of sensors behind the mirror that have to mate up with the pattern on the windshield, and I believe you also have to do a special alignment process using a service tool when you change the windshield.
Sure, on some 15-year-old no-frills car, replacement windshields are $150.
Re: (Score:2)
No one is swapping VINs on $40K new cars. They are swapping stolen parts on 10+ year old Honda's and Toyota's. A crapped out Civic for $7K cash. For 5 days work and 2 guys. They could make $5k to $6k cash and doing 4 to 5 cars a month. That is where all new glass would hurt. These guys are not buying parts. They are stealing them. They steal cars to order not what ever is easiest to take.
Re: (Score:2)
Have you actually worked with vehicles much? It does not sound like it.
Prior to the advent of computers controlling all aspects of the car it was just easier to swap the VIN tags over to the stolen car, and to basically rough-up and then fix and paint over stamped-in VIN tags. Alternately, cut-out and re-weld a larger section of firewall and do a good job finishing and grinding so after it's painted it's clean looking.
It's a hell of a lot of work to swap all of the auto parts over from the stolen car to a
Re: (Score:2)
Absolutely have. Worked HS Summers in a body shop. The shop would buy totaled Ford Rangers and Mazda pickups. The parts interchange. Then we would assemble complete vehicles out of the parts for side money. The completed truck would then have a "salvage title". But before that a State Trooper would drop buy and inspect every piece of glass for any numbers. Also the engine, trans, rear end and cab VIN. All of the parts trucks had to have a title and clear VINs. Some times a new replacement VIN will be issued
Re: (Score:2)
The radio in the Jeep is programmed with the VIN. If you find a cheap replacement on Ebay, it won't work in your Jeep unless the seller gives you the VIN of the one it came out of.
Re: (Score:2)
Last time I looked into that, it was a gimmick that the dealerships use to try to justify tacking on another thousand dollars to the purchase price, and they, not the manufacturer, etches the glass.
Re: (Score:2)
Actually a number of parts on most cars are labelled with the VIN to limit the value of stealing the car and chopping it up for parts (though obviously there's still some money to be made, since that's what this gang was doing). This is where the term "numbers matching" comes from in the classic car community: when all of the serialized parts of the car match the original VIN, the car is "truer" to the original delivery. I simply gave the windows as an example of a part visible without too much suspicious e
Re: (Score:2)
When collectors talk numbers-matching they're generally referring to the motor and body, and frame if the car has a separate frame, and sometimes the transmission if the car's transmission was labeled as such.
In most cases that I know, which are Chrysler products, it's predominately motor and body. No one really cares about anything else.
Re: (Score:2)
lets will be facing more time then killing someone (Score:2)
lets will be facing more time then killing someone under the poor hacking laws.
Pro tip just take the deal to get a few a few GTA's on you rap sheet.
Re: (Score:2)
-1 Stupid.
This is a biker gang. Bikers are almost all white, except for the small number of all-black biker gangs. I've never seen a Hispanic person in a biker gang or on a motorcycle.
Nicknames that stick. (Score:2)
Dirty 30 was a lot cooler before he turned 55...
Re: (Score:2)
I think it's time. (Score:5, Insightful)
It's time that you should be able to program your car with your own codes because obviously dealerships cannot be trusted to secure them.
Re: (Score:2, Informative)
It's time that you should be able to program your car with your own codes because obviously dealerships cannot be trusted to secure them.
Nothing is stopping you from having the locks changed the day you buy it. Changing codes is normally harder, sometimes requiring changing out the computer.
Re: (Score:3)
It's time that you should be able to program your car with your own codes because obviously dealerships cannot be trusted to secure them.
Nothing is stopping you from having the locks changed the day you buy it. Changing codes is normally harder, sometimes requiring changing out the computer.
Uh yeah, nothing is stopping you, except for the fact that "locks" these days are in fact codes, because many cars aren't coming with physical keys anymore. They're configured with wireless keyfobs instead. Not even an ignition key. My cars have been that way for 10 years now.
Re: (Score:2)
Changing the physical key isn't going to keep people from stealing the car if they have the codes. You only use the physical key when the car's lost power (so you can open the door, and thus the hood, if it isn't a stupid Jeep), or more frequently if your keyfob's battery has died.
they were busted for being stupid (Score:2)
Re: (Score:2)
they had access to the key db of jeep(chrysler?).
and well, they had to have the range to drive all the way to mexico without phoning home.
Re: (Score:2)
Teslas have almost no market for used parts. Maintenance is always done by Tesla service centers. And Teslas are such a tiny portion of the market that even if this weren't the case, no one would want the parts because of the lack of market penetration; it's the same reason no one steals Rolls-Royces for parts.
It seems that the "Hooligans" are a lot smarter about basic economics than you are.
Finally, I applaud this biker gang: they're doing a real public service by removing those shitty Jeep Wranglers fro
Re: (Score:2)
I suspect you will find vehicle thefts are at record lows at the moment. In general stealing cars today is much harder than it was 30 years ago, or even 20 years ago. Here are the graphs for the UK, US and Canada to show it.
https://www.statista.com/stati... [statista.com]
https://www.statista.com/stati... [statista.com]
https://www.statista.com/stati... [statista.com]
Though there does appear in all three to be a slight uptick in the last few years. Basically car crime is still *A LOT* lower than it was in the past.
With even bigger CGI muscles! (Score:2)
The motorcycle gang's name was Hooligans and the sub-unit that stole the Jeeps was named Dirty 30.
Sounds like a great movie plot. F9 of the Furious, here we come!
The secret is... (Score:1)
Re: (Score:2)
I believe that the Wrangler were targeted because they are valuable in Mexico, not because they were particularly hackable.
Whatever the particular reason, I for one applaud the Hooligan biker gang for performing this valuable public service of removing Jeep Wranglers from US territory. I hope they'll improve their hacking skills to include all Chrysler models. It'd also be nice if they'd steal the last few remaining Pontiac Azteks and ship those to Mexico too (or better yet, some cooperative junkyard whe