Title: (S1) SCENARIO 1: ATTACK ON AN RFID SYSTEM

The Transport Logistics Inc. is a logistic service provider. For tracking and tracing of goods they are using an RFID system. This is composed of fixed sensors in warehouses and mobile readers mainly used in lorries. The data stored in the mobile readers is imported into the central logistic system after the return of a lorry to a warehouse. Depending on the value of the goods and the preferences of their customers per-item-tagging or palette-tagging is carried out.  

On 15th of February 2008 a palette with a manipulated RFID tag was scanned in the morning when loading the palette at a customer. The reader reported an error (“data set longer then expected”), but stored the information of the RFID tag. The palette was brought to a warehouse at noon, unloaded and scanned again. Again, the reader in the warehouse reported an error, but submitted the data to the central database. Fifty minutes later the driver of the lorry transferred the data from the mobile reader to the central system. But the system was processing the data slower than expected. At that time the system administrators were informed, but were not able to access the database management system any more. The system simply did not react to their requests.

Later it turned out, that the manipulated data on the RFID tag was a program code that started being executed in the database. The code was copied again and again, first started overwriting existing data sets and then added data sets to the database, until no hard disk space on the database system was left. At that moment (1 pm) the database simply stopped working. The tag was identified the next day and removed from the palette by the police. 

The incident management team decided that all transportation activities should be carried out as planned, until no further route information for the lorry drivers was available. At the same time the problem management team started reinitialising the database and reloaded the content from the latest backup which was taken 16 hours ago. This took until 8 pm. At that time only a few lorries were on the road, most of them were already back in the warehouses. At 8 pm also the import of the new transportation requests into the systems started; two hours later the first lorries could have been on the road again, if the gap in the backup could have been closed. This started the next morning, when all the drivers returned to the warehouses and were reporting their tours manually or partly automated based on available reader data. Two hours later the system had recalculated the transportation routes and at 11:30 the first lorries left the warehouses after being loaded and scanned. 

In total the manipulated tag caused a complete downtime in logistic operations of almost 16 hours. The costs for the down time later were calculated with 1.4 Mio U.S. $.