How hacked computer code allegedly helped a biker gang steal 150 Jeeps

In a cross-border auto heist that resembles a scrapped plot from the “Fast and the Furious” franchise, nine members of a Tijuana-based biker club have been charged with stealing 150 Jeep Wranglers using stolen computer code and key designs, the Justice Department announced earlier this week. You can also read "How AR and computer vision will impact our lives for the better"

Known as the Hooligans, the biker gang allegedly stole the Jeeps in the San Diego area over the past several years, selling the vehicles or stripping them for parts across the border in Mexico, U.S. Attorney Mark Conover said during a news conference recorded by the San Diego Union-Tribune. The value of the stolen Jeeps was $4.5 million.

According to the indictment, the Hooligans staked out vehicles days before the thefts to obtain their vehicle identification numbers. With these numbers in hand, the suspects were able to get details to create duplicate car keys, as well as the codes needed to program the keys, linking them to the Jeep Wranglers. The key designs and codes were stored in a proprietary database. But law enforcement officials don’t know how the Hooligans were able to access it.

In the course of the investigation, authorities said they learned that nearly 20 requests for duplicate keys were made by a Jeep dealership in Cabo San Lucas, Mexico.

Conover said the thefts took only minutes. After using the duplicate key to get inside the car, the Hooligan members used a handheld electronic device to pair the key with the car's computer to turn the engine on and drive off.

While Conover did not name the exact device used in the thefts, Kathleen Fisher, a Tufts University computer science professor and security researcher, said that such key programmers are relatively cheap, with some costing less than $100, and readily available online.

That auto companies or their partners maintain databases to store key and programming codes is not in itself unusual. After all, rightful car owners would need that information to create new keys if they were locked out, Fisher said. But in this case, it appears the security vulnerability may have been the integrity of the database. One way for criminals to extract stored information is to hack into a network that has access to it, she said. Another way is to get authorized users to obtain the information themselves and then pass it on, or to share active credentials with someone who shouldn't have them.

Experts say that widespread hacks of cars may soon become a reality. In an alarming demonstration captured by a widely read Wired article from 2015, researchers Charlie Miller and Chris Valasek showed that they could wirelessly hijack a 2014 Jeep Cherokee. The researchers could disengage the Jeep's brakes, cause the transmission to malfunction and, at lower speeds, kill the engine altogether.

Hacking tools are easily spread online, and pervasive software threats are costly to patch up. Car companies also face the challenge of justifying increased security costs to customers, Fisher said. A car's cybersecurity isn't the easiest thing to advertise, compared to say, horsepower or leg room. Outside of industry-wide pressure from regulators or insurers, individual companies may hesitate to spend more on security, despite the massive risks that hijacked and hacked cars pose. “We don’t do a very good job accounting for the cost of bad security," Fisher said.

You Don’t Have to Major in Computer Science to Do It as a Career

Basic economics suggests that if college students see booming demand for specific skills, a stampede to major in such lucrative fields should ensue. For years, tech companies, banks, and even traditional industrial companies have been hiring programmers, software developers, and computer scientists as fast as they can find them. Since 2010, there has been a 59 percent leap in jobs for software application developers—and a 15 percent jump in pay, to an average $102,300 last year—according to the U.S. Bureau of Labor Statistics. Accounts of tech engineers earning more than pro athletes keep making headlines.

So why aren’t more U.S. college students majoring in computer science?

U.S. colleges and universities graduated only 59,581 majors in computer and information sciences in 2015, the most recent year for which data is available, according to the National Center for Education Statistics. While that tally grew 7.8 percent from the year earlier, from employers’ reports it does not seem to be keeping up with demand.

Attempts to explain what looks like a chronic training deficit are plentiful. Theories touch on everything from worries that the computer-science curriculum is too hard to apprehension about gender bias in the field. But an extensive new study indicates that both students and employers are finding a way around the problem: making brisk use of less obvious career pathways that lead to software jobs anyway.

Percentage of Graduates Working as Software Developers by Undergraduate Major

5.6% Aerospace Engineers

8.1% Astronomy & Astrophysics

30.3% Computer Engineering

11.3% Electrical Engineering

6.1% Mathematics

8.2% Physics

The study, published in May by the Brookings Institution’s Hamilton Project, used U.S. Census Bureau data to track the career choices of 1.2 million college graduates, as observed from 2010 to 2013. Among its findings: many people working as computer scientists, software developers, and programmers used their college years not to major in computer programming or software development, but instead to major in traditional sciences or other types of engineering.

Among graduates with degrees in physics, math, statistics, or electrical engineering, as many as 20 percent now work in computing-based fields. At least 10 percent of people who majored in aerospace engineering, astronomy, biomedical engineering, or general engineering have made the same migration.

Even geography, nuclear engineering, and chemistry departments send 3 to 5 percent of their undergraduate majors into software development or similar fields, the Hamilton Project reports.

At Indiana University Bloomington, dozens of math and science majors have been winning software-sector jobs after graduation, reports Joseph Lovejoy, head of the school’s Walter Center for Career Achievement. Bioinformatics companies such as Cerner and Epic Systems have been keen to hire biology majors who picked up coding skills without majoring in computer science, he adds. General Motors has been recruiting math majors for jobs as software testers and software developers.

Math majors are in demand at Microsoft too. Dawn Klinghoffer, who tracks hiring trends for the giant software company, explains that fast-growing areas such as machine learning hinge on the ability to create and fine-tune highly sophisticated algorithms. That’s increased Microsoft’s willingness to consider candidates who learned programming on their own but have a deep mastery of complex math.

More broadly, Klinghoffer says, Microsoft has been “expanding the pool” in its recruiting to help build talent without constantly being caught up in bidding wars against other tech giants trying to hire the same computer-science majors from the same few elite schools. Widening the range of majors also helps create a workforce with more diverse perspectives, Klinghoffer says.

Among the people taking an unusual path is Luke Kanies, who majored in chemistry at Reed College. Unsure what he wanted to do after college, he managed a series of corporate data centers for about five years, before founding Puppet Labs, a software-management company that helps big companies keep hundreds of overlapping programs as up to date and compatible as possible.

Kanies portrays his unorthodox beginnings as an asset. At Puppet Labs, he and colleagues test software the same way chemists test their theoretical models. “You want to find out if your hypothesis can survive your 10 most dangerous experiments,” he says.