Prank Offers Lesson about IT Security against Former Workers

March 18, 2010 ( – Whether a disgruntled employee or naïve prankster, the actions of a man fired from a Texas dealership offers employers a lesson on systems security against former workers.

According to the Associated Press, Omar Ramos-Lopez used a former colleague’s password to remotely disable ignitions and set off car horns of more than 100 vehicles sold at the dealership. Several car owners said they had to call tow trucks and were left stranded at work or home, the news report said.      

The Texas Auto Center dealership in Austin installs GPS devices that can prevent cars from starting. The system is used to repossess cars when buyers are overdue on payments, and the car horns can be activated when repo agents go to collect the vehicles and believe the owners are hiding them.      

According to the news report, starting in mid-February, dealership employees noticed unusual changes to their business records, such as customers’ names being changed to those of dead celebrities. Soon after, customers began calling the dealership saying their cars wouldn’t start or that their horns were blowing incessantly. The dealership began to think the cars had mechanical problems.      

Then, employees noticed someone had ordered $130,000 in equipment from the company that makes the GPS devices, and police were able to trace the activity to Ramos-Lopez’s computer. He is now in jail under a $3,000 bond.      

Sounds like a disgruntled employee, but Jeremy Norton, a controller at the dealership, said Ramos-Lopez didn’t seem unusually upset about getting fired. “I think he thought what he was doing was a harmless prank,” Norton said, according to the AP. “He didn’t see the ramifications of it.”