The N.C. Department of Transportation is currently evaluating the security measures in place for its digital road signs after a group hacked at least five signs on Friday. The group changed the intended transportation-related messages on the signs to an advertisement for its Twitter account. As soon as NCDOT discovered the hackings, it immediately took down the erroneous messages and replaced them with the correct messages.
The hacked signs were located on:
I-40 and I-240 in Asheville;
U.S. 421 in Winston-Salem;
I-77 near the North Carolina/Virginia state line; and
Carolina Beach Road in New Hanover County.
“We’re taking this cyber event very seriously,” said NCDOT Chief Information Officer David Ulmer. “We’re not only working with the authorities to investigate this serious incident, but we’re also doing multiple security scans on our equipment and our IT infrastructure to make sure we close any further vulnerabilities.”
NCDOT has identified how the hackers got into its system, and now has crews across the state physically inspecting each sign in person to ensure its settings do not leave it exposed to hackers. They expect to complete this on-the-ground inspection tomorrow morning.
In addition, the department’s IT information security team is currently scanning the internet-related connections to the signs to confirm there are no further vulnerabilities in this area. The process will conclude later this weekend.
North Carolina was not the only state targeted by this group of hackers. They also changed the messages on signs in Wyoming. The Federal Bureau of Investigation has been notified and is now looking into the events.