A Nebraska woman discovered a trick that allowed her to get $27,000 worth of free gasoline

Nebraska State Police have hit a dead end while investigating the theft of fuel from the Pump and Pantry chain by an unnamed woman. She exploited a vulnerability in the automatic gas station’s software to obtain gasoline without paying for it. The identity of the fraudster has been established and she has been charged, but proving guilt will not be so easy, due to the fact that she prudently got rid of key evidence.

In November 2022, at the request of customers and gas station operators, a software update was released to make it easier to work with accumulated bonuses. However, an error crept into the code, which somehow the fraudster found out about. If the bonus card was scanned twice, a “demo mode” was activated and the gas station could dispense fuel without payment.

The investigation found that the female hacker exploited the vulnerability more than 510 times between November 2022 and June 2023. She stopped doing so exactly on the day a patch was released that fixed the vulnerability. In total, the woman received free fuel worth $27,000. She also transferred the card at least a dozen times to third parties so that they could also save on fuel.

It is known that in June 2023, the owner of the card parted with it, presumably selling it to pay off the loan for the car. However, the person who purchased the card and the vulnerability information passed away before police got to him. Accordingly, it will be problematic to verify information about the last transactions on the card.

Read also: Biden: This is an unusual election, and the stakes for America couldn’t be higher