In another instance, hackers named a GasPot "H4CK3D by IDC-TEAM," the same message Iranian Dark Coders Team members use when they crack websites. To note, when the real gas station was hacked in February, its name was also switched from "DIESEL" to "WE_ARE_LEGION," which is commonly associated with hacker collective Anonymous. One GasPot in DC also suffered a DDoS attack for two days.

Gas monitoring systems or automated tank gauges (ATG) keep an eye on fuel levels, volume and temperature, among other stats. Many of them are easy to get into, because they're not protected by passwords. Companies are likely not keeping them heavily protected, since they can't really be manipulated to do something extremely destructive -- like blow up a gas station.

However, the Trend Micro researchers warn that ATG cyberattacks could still cause serious issues. Hackers can monitor one to find out when a facility is expecting the next fuel delivery or hold it hostage and ask for ransom. They can also fake fuel levels to induce overflow and put the lives of people in the area in danger. By the end of their experiment, Wilhoit and Hilt concluded that supervisory systems shouldn't be connected to the internet. "If they really need to be," their white paper reads, "their security should be so strong that access to them is extremely limited and private."

[Image credit: shutterstock]