Many won't know this unless they went to a car dealership today.

As a part-time contractor I facilitate vehicle surrenders (car buy-backs) when a manufacturer agrees to buy back a car under the lemon law or out of their good nature.

Today I went to a Nissan dealer and the few people still there in service and the showroom were sitting around on their phones, with no customers anywhere, including the service waiting area. Reason, the technology platform that handles pretty much all the dealerhip operations was hacked and shut down. It's reportedly back up. It didn't affect the buyback.

CDK Global cyberattack impacts thousands of US car dealerships

Yep, day two of twiddling my thumbs


Definitely not back up. They say the number is 15,000 dealers

We are so smart that we are now too dumb to do anything without a computer.

We will totally collapse once somebody figures out how to shut a good portion of them down all at the same time.

And this is just an inconvenient financial hardship.

When they hit hospital systems, as they have recently, it creates real danger.

As it will when they hit things like electric grids, telephone systems, emergency dispatch centers, etc.

Our local school district got a terse abrupt message 2 weeks ago that school was out for the summer effective immediately, 2 full days early. The reason given was "HVAC issues".

Nope, even before the end of that day we found out it was a cyberattack and most likely a DOS type one meaning they were all locked out of everything.

There are two prominent dealers management systems out there, CDK and Reynolds and Reynolds.
The CDK users were hit.

As I’ve been out of the dealership world for seven years I get bits and pieces from some FB dealer personnel groups and from friends still in the business. I don’t know how true but supposedly there has been a ransom demand made.

quote:

Our local school district got a terse abrupt message 2 weeks ago that school was out for the summer effective immediately, 2 full days early. The reason given was "HVAC issues".

Nope, even before the end of that day we found out it was a cyberattack and most likely a DOS type one meaning they were all locked out of everything.

Not our district, but another neighboring district was out for almost a week for the same thing.

Students no longer have text books, but instead use laptops. Couldn't use those. Couldn't take attendance. Couldn't even open the doors which were apparently all computer controlled.

Thankfully, so much of these critical software platforms are safe & secure 'in the cloud'!

All you need is an internet connection...

Pissed-off customer with computer skills?

Our 911 Dispatch center was hit early last year -

Computer Aided Dispatch system that was on its own supposedly “secure” network got hacked and ransomed. Was down for several months.


Sooooo glad I was no longer there at that time.

quote:

Originally posted by V-Tail:
Pissed-off customer with computer skills?

Likely ransom attack from some third world country. Neighbors former employer was hit two weeks ago, 14 servers taken ransom, $1million each, they are/were completely shut down.

BTW, the OP link is for the first hit, they were hit again today..

Link - Second Attack/Breach

Car dealership SaaS platform CDK Global suffered an additional breach Wednesday night as it was starting to restore systems shut down in an previous cyberattack.

CDK Global is a software-as-a-service platform that provides a full suite of applications to handle a car dealership's operation, including sales, back office, financing, inventory, and service and support.

CDK became aware that they were breached Tuesday night, causing them to shut down their data centers, IT systems, and login systems.

The attack led to a massive outage as car dealerships could not conduct their normal operations, including servicing or selling vehicles.

Last night, the company had begun to restore services, bringing their Unifi modern login service back online, though other systems were still being restored.

quote:

Originally posted by V-Tail:
Pissed-off customer with computer skills?

No, most likely software engineers and developers with the attitude and mindset of “that can’t happen” here.

I quit working at one dealership after eighteen and a half years. Basically everything stemmed back to a DMS change three years before I left. The dealer made the decision to change, one of the factors was the monthly charges were 5k less than Reynolds and Reynolds. Of course the company probably lost more than that in net profit and time lost from my satellite location alone.

Anytime the DMS did a update it was an adventure to find out what was newly screwed up. Things like losing the ability to do automatic stock orders, price updates not done, one month ALL my parts prices were wiped out (took several days of manually pricing parts and service orders) losing all records of part number changes and despite three years of service tickets NEVER got my inventory in the dealer parts locator thereby killing most of my dealer to dealer sales.

I opened so many trouble tickets that the DMS complained to our comptroller that I was “trying to find problems” even though each time I called in it was after I showed my manager the problem in detail and only after that did I call in.

Final blow was when “mysteriously” one half of my department’s sales never got credited to it, instead going to the main store’s parts department. This resulted in about one half of me and my assistant’s commission checks getting halved. And the company comptroller ignoring the problem.

One of the first questions I asked during the interview process while job hunting was “Are you on R&R and is this company planning on any DMS changes in the future?

quote:

Basically everything stemmed back to a DMS change three years before I left. The dealer made the decision to change, one of the factors was the monthly charges were 5k less than Reynolds and Reynolds.

My Neighbor sold ADP's dealer services for years, haven't heard the R&R name in a while, the fees these companies charge dealers are insane, you have a GM store, need to connect to GM - $$$$$, oh you want credit scores with sales $$$$$, oh an we own your data, you don't, so no exporting data.

Those DMS companies held/hold dealers captive..

Outsourcing your programming to other countries. What could go wrong. Bet this is just the beginning

That same dealership several years prior to the story I related did another DMS change from R&R to a patch together system that mainly was sold to powersports and lawn care equipment, again to save money.

This was prior to the satellite location and the associated franchises (truck sales, parts and service) being opened.

I was on vacation and the parts manager called me at home with a tearse “Can you come in right away? We have a situation!”

The situation was that the DMS crashed, wiped out two weeks of parts sales records and while we collected the money for finalized service and parts invoices and was credited to our department the physical counts were now off, probably about 100k was not relieved from the physical inventory and any service work in process the parts on the orders were not charged against the repair order or removed from inventory.

So for the next four days I was set up in an office and my only job was to refill parts and adjust inventory as necessary. They even brought lunch in for me. No phone calls, no contact with anybody in or out of the dealership, just posting and correcting.

Shortly after we went back to R&R until that fateful day in ‘06……

About 10 days ago Spectrum/Charter internet and TV were out for ~6 hours. I went to two different stores during this period and one was virtually paralyzed, only able to even ring up my items after a long delay, then still another delay opening the cash drawer to make change, while the other was functional but only taking cash. It was a good thing I had some cash on me, as I usually use credit/debit cards, which also didn't work. I have also had a bank check deposit delayed (different incident). The internet is a wonderful thing, but not to be depended on for everyday life.

Again I’ve been out of the business for awhile but at least in the GM world you have several outside entities able to access the dealership’s DMS. All potential portals. This is just from the parts end of it that I know of.

All back door portals to hack the system.

quote:

Originally posted by nhracecraft:
Thankfully, so much of these critical software platforms are safe & secure 'in the cloud'!

All you need is an internet connection...

Yet if it was private line, instead via Ethernet Private Line (EPL), SONET rings, I could go on, you wouldn’t run this risk. The “Cloud” is just a marketing term. 20 years it was called “hosted” but hey cloud sounds better I really wish I could talk about work, where I work, what I do, and the things I see, but I cannot. Fuck the cloud.

quote:

Originally posted by a1abdj:
We are so smart that we are now too dumb to do anything without a computer.

We will totally collapse once somebody figures out how to shut a good portion of them down all at the same time.

The earth's magnetic field is greatly weakening as part of the process of flipping north to south. Which makes any solar storm much more impactful to our electrical and electronic systems.

The amazing northern lights about 6 weeks ago were the most intense and furthest south as have been seen in a very long time. Yet the solar storm that caused it was orders of magnitude weaker than storms which caused minor northern lights in past decades.

The Carrington Event in 1859 was much stronger than that recent storm, but with a robust magnetic field to protect us. The only electrical equipment was telegraph. Stuff arced and caught fire in that one.

A Carrington level solar event today will wipe out the electrical grid and destroy most electronic devices. Repairing the grid will take decades.

Foreign hackers will cease to be a problem.

Last dealership I worked at got hacked at least twice I know of during my last year there.

The hackers got into employee information and began filing fraudulent unemployment claims. Until the state contacted the company they had no inkling of a hack. So much for the IT “professionals” they had on staff, all they were good for was to point the finger and play the blame game on someone besides their “team”.