
Not necessarily ransomware...
...it could just be a long-forgotten Bug.
(sorry.)
Some of Volkswagen’s operations have screeched to a halt after some sort of cyber incident, according to German media reports. The event has halted large parts of the car manufacturer's IT and production systems at locations around the globe, according to daily business newspaper Handelsblatt. A VW spokesperson confirmed the …
"Dear Customers,
We have had a breach of our IT data systems and are handling the issue as quickly as possible.
In the meantime, our ability to lie to governments worldwide regarding the safety and operation of your VW or Audi vehicle may be impaired. Please accept our apologies whilst we continue to collect your personal data for future use.
Best,
Volkswagen, AG"
A few links from Mozilla's car survey:
It’s Official: Cars Are the Worst Product Category We Have Ever Reviewed for Privacy
What Data Does My Car Collect About Me and Where Does It Go?
Here's the deal: Privacy at Volkswagen doesn't look very good to us. VW earns all three of our privacy dings for how they use data, for how people can control their data, and for their track record at protecting the data they collect and we could not confirm them meet our Minimum Security Standards. Not good. Our privacy worries are even more concerning when you consider the vast ecosystem of things VW uses to collect your personal information -- from your car, to the Car-Net or We Connect connected services, to the myVW app users can use to interact with the car, to the personal information your VW dealer can collect on you, even during a test drive, to the additional information they can gather or buy on you from outside sources like data brokers, to the inferences they can draw about your when they combine all this data.
But the company that brought you dieselgate is by no means the worst of them...
When I was talking about the mess they made of the software in my Golf, and I hadn't even got as far as thinking about the privacy angle...I was thinking about the fact that it exhibited at least two bugs on every single trip (the entire dashboard spontaneously rebooting mid-journey, radio, etc. completely failing to work, display locking up....like I said, an absolute s**tshow
The rumours circulating in German IT forums are, that the networking gear licenses ran out and nobody bothered to renew them.
Rumour has it, that the person who switched from 5 or 10 year licensing for the network gear to annual left the company a few months back and nobody took over the responsibility for the licensing, so when the invoice turned up, nobody countersigned it, so accounting didn't pay, as it hadn't been signed off... The networking gear then stopped working, when the licenses expired...
When that is the case, big oops!
Like most stuff that is purchased now.
So much of the hardware now only provides the most basic of functionality, the rest is all software that needs to be licensed. More recently with the push for everything to be on a subscription that now means that all the funky stuff stops working when the license expires.
This is more a reflection on how IT is consumed.
While it wouldn't be the first subscription type service to cause issues, maybe this is the kick that hardware manufacturers need to understand why it's such a terrible model for anything other than their revenue streams...
Or maybe my beers just half full. Or maybe I forgot to renew the subscription for the other half.
The hardware companies already know this, why wouldn't they try and maximise profits especially when hardware cycles are getting longer and longer.
Its the purchasing dept who don't understand why its a bad idea that buy into these deals generally because it less capital outlay. Also purchasing dept also probably didn't take input from IT who would have know its a bad idea.
A lot is with the finance directors and if you go further, corporate reporting.
Capital expenditure is bad because you get peaks and troughs. Subscriptions is what all the pen-pushers and "the markets" want because it is nice an consistent.
This is for both the manufactures and the purchasers.
It has not been driven by just one side.
If this is true, this could also be deliberate on the part of accounting.
Car manufacturers never played nice with their suppliers. VW being one of the worst offenders, at least after they hired López in '93.
Post-Corona, getting bills paid on time has become an even bigger issue.
And the accounting department probably wouldn't know or care about the difference between a supplier of networking gear and a supplier of whatever.
Anonymous, because I work for a supplier... :-/
(P.S.: serves them right if it's true)
And something that happens more often that people admit.
In the previous place I worked we had a similar issue. For some reason a license for a critical piece of stuff was linked to a real person (I think there was some lunacy that it could not be a shared mailbox blah blah). That person left and because it was a 3 year agreement with 2 years to go, it was overlooked.
Now when it expires we don't get the reminder (the email address has gone). The automated PoS sending them cannot know that it has gone. Net result some software stopped working for the 2 weeks of arguing to get it re-licensed.
The vendor refused to relicense because they had someone at our organisation holding an (expired) license. The fact they could not be contacted appear to be an insignificant detail.