Meter Meltdown Remains A Mystery
Speculation Growing Of A Planned Attack
No one knows nuthin’.
Perhaps, more accurately, most everyone is afraid to talk.
It’s been nearly a week since Chicago’s “Massive Meter Meltdown” last Wednesday. Yet, the cause is still shrouded in mystery.
Chicago Parking Meter, LLC, was supposed to issue a press release explaining the snafu this past Friday morning. But this official explanation, according to CPM spokesperson Avis LaVelle, has been delayed.
While Mayor Daley, tried to explain, using his brand of high tech jargon, that the cause was “a computer glitch,” Chicago Parking Meters, LLC has yet to offer a cogent explanation for the mishap.
This delay of an official explanation, combined with a lack of explicit and plausible reasons for the malfunction, and a growing public anger toward the parking meter lease deal and the new lessees, has lead to increased speculation the breakdown was the result of an intentional attack.
We attempted to get to the bottom of things by contacting Cale Parking Systems USA, Inc., the manufacturer of all those new multi-space Pay & Display units being installed by LAZ Parking around the city.
You know, the ones where over 250 of them freaked out downtown last Wednesday, taking 15 maintenance guys all day to fix, while hundreds of drivers were in a state of panic, fearful of being ticketed even though they tried to pay for their parking.
Yeah, those machines.
Specifically, the unit in question is Cale’s MP 104 Compact. The MP 104 was originally rolled out in 2002, and going by it’s technical information, and by it’s volume of sales, seems like a reliable, high end machine. At $9000 a pop, they’d better be.
Cale Parking Systems USA is a privately held company, based out of Clearwater, FL and was established in 2003 here in the U.S., and is part of a larger company called the Cale Group that has been making parking related products since 1955. The company claims to have installed over 50,000 of these multi-space units in 35 countries.
CPM hopes to install a total of 3000 of Cale’s MP 104 to replace 30,000 traditional single head parking meters by years end.
Interesting enough, Cale’, despite having a multi-million dollar contract to provide 3000 of these machines to LAZ Parking, still are looking to hire a Program Manager to handle their big Chicago account, at least according to the job posting they currently have running on the Career Builder website.
So what happened here in Chicago this past Wednesday?
We tried to find out. But everyone is pretty tight lipped.
When we called Cale’s Help Desk. They referred us to a PR hack at Morgan Stanley in New York. Dead end.
When we called Cale’s Florida headquarters, and asked for President George Levey, the friendly receptionist said he was out of town.
It turns out he was in Chicago, to be exact, according to James Vetter, VP of Customer Support and Technologies for Cale, who also couldn’t comment on this city’s pay box trouble.
When we did reach Mr. Levey Thursday afternoon, he was on the ground in Chicago to personally deal with the massive failure of approximately 250 of the 556 machines his company manufactured–a number disturbingly close to half of all the units citywide.
But he wouldn’t comment either, and referred us to CPM’s Chicago office, who then referred us to CPM spokesperson Avis LaVelle.
While we were waiting for Ms. LaVelle to get back to us with a press release from CPM on the matter, we looked further into this topic and spoke to some tech people outside the CPM/LAZ/Cale alliance of silence to see if they had any theories on why this massive system-wide failure occurred.
From our research, it seems like Cale’s machines, along with a few other manufacturers, make up a category of machines called “Smart” parking meters, which, despite their name, are considered inherently vulnerable to attack by some tech people.
In fact, at one of the largest hacker conventions in the world, an entire panel discussion is being devoted to the subject. “Smart” Parking Meter Implementations, Globalism, and You, will take place during DEFCON 17, held in Las Vegas every year in late July.
One of the speakers on this upcoming panel discussion, is Joe Grand, the President of Grand Idea Studio a “product research, development, and licensing firm” according to his website. Grand is an electrical engineer and inventor, who has been heavily involved in the hacker community on the hardware end of hacking according to his bio.
But Grand is on the fence on the question of whether it was a premeditated attack or a software issue.
“It might just be a firmware problem and they just don’t know what it is,” said Grand, trying to weigh both sides. “But then again, it’s definitely possible it was an attack, especially considering the social unrest in Chicago (anger with the lease deal and increased rates). With machines utilizing GPRS, anytime the system is connected to a network, the game is changed…lots of people know how (to infiltrate a secured network).”
“On the other hand, it is a new implementation (the recently installed pay boxes), it is a complicated system and something can always going go wrong,” Grand elaborated.
But one former Dept. of Revenue employee and federally convicted hacker, is also not convinced the problem was an innocent “computer glitch”.
“I think it’s possible (it was a hacker attack) but the tendency leans more toward orchestrated vandalism,” says “Mr. Gauge,” who makes his living in high tech. “The overall symptoms of what happened was an attack to bring down the machines by means of electronic interference.”
Mr. Gauge says, based on the tight geographical area where these pay boxes were located in the Loop, gives further evidence to his theory.
“It seems like someone basically targeted an area over an evening or overnight, and were able to bring down the pay stations,” explained Mr. Gauge.
In addition, Mr. Gauge doesn’t believe it was a system or network failure as each of the units had to be reset manually by the 15 maintenance people that spent the day resetting the 250 or so Pay & Display units.
“They couldn’t reset them remotely,” said Mr. Gauge. “It’s my understanding while these units can communicate cellularly, they are not connected (hardwired) in a network. This was either, A-a firmware failure or B-an organized attack.”
Another local tech, who declined to be identified publicly, also thought this incident might have been sabotage, but had a different theory on the mode of attack.
“Sounds like the Achilles’ heel of the downtown Pay & Display machines is that they’re wireless,” said the source. “Since Morgan Stanley/LAZ is not a government entity, they have access to the same frequencies you & I have access to. My guess is that someone interfered with their 802.11n network downtown, so the machines had no clue what to do. Or better yet, a disgruntled somebody decided to reprogram the boxes because they knew the encryption keys and/or passwords.”
But CPM spokesperson, Avis LaVelle, does not agree with these theories saying, “Because of the way the boxes were made operational again (opening the units up, adjusting the paper and closing them again), there does not seem to be the feeling the use of electronic interference activity or something like that, occurred.”
Ms. LaVelle said CPM hopes to issue an official statement no later than Tuesday explaining exactly why the massive failure occurred.