Who Needs Repo Men?
March 18, 2010 4:01 PM   Subscribe

Honk if you've missed a payment A disgruntled former car dealership employee was arrested in Austin for bricking 100+ cars using a dealer-installed debt collection black box. Made by Pay Technologies, the system allows the dealer to disable a car’s ignition system, or trigger the horn to begin honking, as a reminder that a payment is due.
posted by letitrain (61 comments total) 5 users marked this as a favorite
 
People may think this type of system is a new idea, but it was actually introduced in 1984.
posted by FishBike at 4:08 PM on March 18, 2010 [1 favorite]


As an I.T. Security professional, I'm sort of obligated to feel some kind of outrage about the misuse of electronic systems that occurred here, but I'm really, REALLY having trouble mustering up even the tiniest bit of give-a-shit for the dealership in this case.
posted by deadmessenger at 4:15 PM on March 18, 2010 [7 favorites]


The phrase "wireless pager network" did indeed make me question what the heck the writer was on about. I mean, pagers? Srsrly?
posted by GuyZero at 4:15 PM on March 18, 2010


I must admit I thought the hack was pretty amusing...though I might have found it less so if one of those cars had been mine (or my neighbor's).
posted by Greg_Ace at 4:16 PM on March 18, 2010


“Omar was pretty good with computers,” says Garcia.

But not smart enough to mask his IP address.
posted by KokuRyu at 4:19 PM on March 18, 2010 [5 favorites]


As an I.T. Security professional, I'm sort of obligated to feel some kind of outrage about the misuse of electronic systems that occurred here, but I'm really, REALLY having trouble mustering up even the tiniest bit of give-a-shit for the dealership in this case.

Well, you could must up some give-a-shit for the customers, some of whom missed work because they were locked out of their cars.
posted by spikeleemajortomdickandharryconnickjrmints at 4:23 PM on March 18, 2010 [5 favorites]


“Omar was pretty good with computers,” says Garcia.

But not smart enough to mask his IP address.


At least he has positive comments from his former boss for his resume.
posted by filthy light thief at 4:25 PM on March 18, 2010 [7 favorites]


It's 2010 and people still don't have enough sense to launch attacks from library computers?
posted by octothorpe at 4:26 PM on March 18, 2010 [16 favorites]


The troubles stopped five days later, when Texas Auto Center reset the Webtech Plus passwords for all its employee accounts, says Garcia.

Five days?! Anytime a reasonable password policy is questioned because it is a pain in the ass, this should be example number one. Also I bet the password he remembered was easy to remember and this all could have been averted through some simple, strong passwords.
posted by geoff. at 4:32 PM on March 18, 2010 [1 favorite]


Even if they suddenly start doing a lot better with their password management (and that's a hard problem, so I sympathize), there would seem to be other ways this could be abused. For instance, presumably the dealer has to pay the supplier for these devices, so what happens if those invoices are overdue? What stops them from disabling cars that have the not-paid-for devices in them?

It's also another step towards getting people more used to the idea of products that can be made to stop working pretty much at the whim of the manufacturer, dealer, and so on. I don't think that's something we ought to get used to, so for that reason I don't like this system.
posted by FishBike at 4:33 PM on March 18, 2010 [6 favorites]


I mean, pagers? Srsrly?
Why not? Pager networks are probably a lot better adapted to sending infrequent messages to a small fraction of a large number of devices than cell networks are. And I bet pager-network airtime is really cheap these days.
posted by hattifattener at 4:36 PM on March 18, 2010


The dealer deserves to be bricked inside a black box.
posted by Faint of Butt at 4:43 PM on March 18, 2010


I'm really, REALLY having trouble mustering up even the tiniest bit of give-a-shit for the dealership in this case.

Maybe not the dealership, but the car owners and their neighbors. It would have been funnier if he could have done it to every car on the lot.
posted by Horace Rumpole at 4:43 PM on March 18, 2010


I mean, pagers? Srsrly?

I'm a doctor, a fireman, and a drug dealer. I keep mine in a bandolier.
posted by Inspector.Gadget at 4:48 PM on March 18, 2010 [7 favorites]


I just saw this mentioned on Bruce Schneier's blog

The problem with security systems is, if they're not secure, now you just have two security systems.

And any time you put in a system designed to control people, whether its disabling their cars, or spying on your emails, you're creating a system that might let bad guys control those systems too.
posted by delmoi at 4:51 PM on March 18, 2010 [2 favorites]


Well, you could must up some give-a-shit for the customers, some of whom missed work because they were locked out of their cars.

You mean a free day off with a good excuse? I'm sure they were annoyed, but it's not the end of the world. Next time don't buy from a company that will shut down your car remotely.
posted by delmoi at 4:54 PM on March 18, 2010


Next time don't buy from a company that will shut down your car remotely.

Is this really fair? Some people get into some difficult credit situations through no fault of their own, which limit their options significantly.
posted by Hicksu at 4:57 PM on March 18, 2010 [2 favorites]


Are these cars for lease or for sale? For lease, I can understand the security measure. Are the customers aware of this measure?

How long before banks/lenders install a system that will lock them out of their home if they miss a mortgage payment?
posted by asfuller at 4:59 PM on March 18, 2010


Well, you could must up some give-a-shit for the customers, some of whom missed work because they were locked out of their cars.

I do, actually. My point (that sacrificed clarity for snark, apparently) was simply to illustrate that the dealership wasn't the victim here.
posted by deadmessenger at 5:00 PM on March 18, 2010 [1 favorite]


For the poor bastards that have to resort to going to Texas Auto Center to get their vehicles, a free day off is not necessarily a good thing.
posted by lobstah at 5:01 PM on March 18, 2010 [5 favorites]



How long before banks/lenders install a system that will lock them out of their home if they miss a mortgage payment?

I think they call that a court system (backed up by a law enforcement system - it does more than lock you out, it shoots you if you try to stop them).
posted by el io at 5:09 PM on March 18, 2010 [1 favorite]


Anyone remember those OnStar commercials where Batman had it in the Batmobile? Yeah, imagine this joker working for OnStar.

Also, delmoi, I'm guessing that the kind of people who buy cars from outfits like this are the kind of people who can't afford to go elsewhere, and often can't afford to take a day off of work. If you're willing to go to that much hassle to save money on repo men, then you're probably selling to people who are likely to default.
posted by Halloween Jack at 5:15 PM on March 18, 2010 [1 favorite]


I'm a doctor, a fireman, and a drug dealer.

I'm a winner! Olé! Olé! Olé! Olé! Top of the world! I'm on top of the world!
posted by Talez at 5:21 PM on March 18, 2010


Between this and all the health care and other bank/lending hurf durf nonsense linked on the blue lately I just want to say what. the. fuck. America?!?

Could we just give hardworking people a fucking break already? Does the corporate world really have to keep fucking everybody over so hard that we can't see straight? Do our elected leaders really have to keep letting this insane shit go on? Why can't we just do a better fucking job of taking care of each other?

Why can't people who need to go to work just get to work without having to go to a loan shark to get a piece of shit car that could be disabled? Why can't people who are sick just get effective, affordable health care? Why can't we pay a decent fucking wage to working people so they don't have to get payday loans? Why can't the richest motherfuckers just take a little bit less, downgrade from the G550 to the G350, and let the rest of us sustain the economy? Why can't our government punish the greedy, fucked up idiots running the economy so hard that they're afraid to even say the word tranche?

GRAR!!!!
posted by jeoc at 5:38 PM on March 18, 2010 [60 favorites]


/derail

sorry

posted by jeoc at 5:39 PM on March 18, 2010


Is okay by me jeoc. You said it so the rest of us didn't have to.
posted by JHarris at 5:43 PM on March 18, 2010 [3 favorites]


Awesome, jeoc.
posted by nevercalm at 5:46 PM on March 18, 2010 [1 favorite]


It's 2010 and people still don't have enough sense to launch attacks from library computers?

Sounds reasonable, but some libraries require ID's or library cards to use them.

Also, the dealership should have used better passwords.
posted by ZeusHumms at 6:19 PM on March 18, 2010


I live in Austin, bought a car from these jokers, and the rumor around here is that Mr. Ramos-Lopez had an accomplice helping him, said accomplish is still with the dealership, and a second wave of this car horn epidemic is about to commence. Of course, I think it's a bunch of hogwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHHHHHHHHHH....
posted by mreleganza at 6:20 PM on March 18, 2010


You mean a free day off with a good excuse?

You ever work for an hourly wage for a boss that doesn't really give a shit why you can't get to work, in an at-will employment state? This would mean no pay for the day, and maybe you can keep your job if you're lucky.
posted by rollbiz at 6:22 PM on March 18, 2010 [10 favorites]


You ever work for an hourly wage for a boss that doesn't really give a shit why you can't get to work, in an at-will employment state? This would mean no pay for the day, and maybe you can keep your job if you're lucky.

Yeah, exactly. One response might be to get a lawyer and sue for damages, except the target market for these things probably can't afford to do that either. The paperwork for their financing probably includes all sorts of clauses disclaiming any liability for this sort of occurrence, too.
posted by FishBike at 6:28 PM on March 18, 2010


There is a dealer in the area that uses a similar system. Every 30 days you make a payment and receive a PIN code you punch in a little box in the car to make it go. No PIN, no go. I always wondered what happened if the box glitched at the wrong time. Now I know.

(Also, I wonder what happens when your payments are over. Do you have to pay to have the system removed? Or does it stay in there, leading to future problems?)
posted by Samizdata at 6:34 PM on March 18, 2010


Also, I wonder what happens when your payments are over. Do you have to pay to have the system removed? Or does it stay in there, leading to future problems?

The news page on that Payteck site says once you've made all the payments, you go back to the dealer for a free removal of the device. The top article on that page is not particularly flattering about this whole business, so it's kind of weird seeing the company feature it on their own site like this.
posted by FishBike at 6:40 PM on March 18, 2010


One response might be to get a lawyer and sue for damages, except the target market for these things probably can't afford to do that either.

Right. The most heinous purchase policies are generally reserved for the people have the least time or money to fight them.
posted by rollbiz at 6:50 PM on March 18, 2010 [1 favorite]


I was pretty shocked to learn that low-end car sales places put GPS tracking units in the cars to make repo easier. Apparently their business model is to make $500-1000 on the down payment, keep a tight leash on the payments, and repo immediately when the large proportion of people stop paying. Then repeat with the same car. Pretty lucrative if you can be confident in getting the car back.

(In that case, they get the GPS unit back from the cars they don't repo by giving the people a free oil change or tune-up.)
posted by smackfu at 8:11 PM on March 18, 2010 [1 favorite]


>>You ever work for an hourly wage for a boss that doesn't really give a shit why you can't get to work, in an at-will employment state? This would mean no pay for the day, and maybe you can keep your job if you're lucky.

Yeah, exactly. One response might be to get a lawyer and sue for damages, except the target market for these things probably can't afford to do that either.
[...]

Please review the boldface portion of the quote. "At-will" employment is legal code for saying they can fire you for anything at all. All kinds of things like that have been cropping up lately, as the Right in this country (that being the U.S.) continues to become bolder.
posted by JHarris at 8:13 PM on March 18, 2010


Every 30 days you make a payment and receive a PIN code you punch in a little box in the car to make it go.

That system is probably more secure, in the sense that it can't be triggered remotely — it probably doesn't even have a wireless 'phone home' ability. (I suspect it's much cheaper this way.) The worst someone could do would be to mess with the backend system that generates the PINs so that a bunch of customers get bad codes that month. Which would suck, but if they're reasonably smart and stagger the payment / disabling dates across the month, they'd probably catch on before a large number of their customers could be affected.

Probably a better system all around, but not as seamless for the user.

Also, for the people snarking: if your credit is so bad that you have to get a car with an ignition interlock in it that disables the car for nonpayment, you're probably not going to get a car any other way. I mean, nobody gets a car with that sort of thing in it, if they have any other option at all. (I believe the proper economic term for this is an "inferior good.") So if a company offering something like this didn't exist, they'd probably just be S.O.L. in terms of owning a car, because nobody else is going to trust them. (Perhaps they might be able to get one on really ridiculous, punitive interest rates or payment terms, where the car's eventual disappearance is basically taken for granted, but I don't think that's really an improvement.)
posted by Kadin2048 at 8:16 PM on March 18, 2010 [4 favorites]


Please review the boldface portion of the quote.

I did in fact see that portion. I was referring to potential lawsuits against the company that allowed an ex-employee to disable people's vehicles, not a wrongful termination suit, but I see that I could have been more specific about that in my comment.
posted by FishBike at 8:21 PM on March 18, 2010


I'm sure they have great crypto and all but OnStar seems like such a gigantic glistening honeypot. I would be shocked if no one was hammering away at it. I'd be just as shocked if they don't eventually get somewhere with it.
posted by dirtdirt at 9:16 PM on March 18, 2010 [3 favorites]


And the only one's hurt were the customers who had to rely on this scuzbag dealership. The car salesman didn't get hurt at all.
posted by Some1 at 9:40 PM on March 18, 2010


Lucas Electrics was actually ahead of its time...
posted by Skeptic at 2:29 AM on March 19, 2010


Also, why the hell are neighbors dragged into this by having to listen to car horns go off for who knows how many hours?
posted by etaoin at 4:01 AM on March 19, 2010


Anybody know, are dealers required by law to tell you if they've installed Pay Technologies hardware? Just curious...
posted by LakesideOrion at 5:26 AM on March 19, 2010


Anybody know, are dealers required by law to tell you if they've installed Pay Technologies hardware? Just curious...

It might be kind of a moot point. For the units that require entering a code to start the car, it certainly is--it seems it would be impossible to be unaware of that type. From their site, I gather it's also standard procedure to get the customer to sign an agreement that they won't bypass the device, so that would probably tip people off to the presence of something that might otherwise not be noticeable. Assuming they read what they are signing, of course, which most people do not seem to.

I am interested to know how easily bypassed these things actually are. Modern cars often have a whole bunch of security features built in to make it more difficult to steal them, like high-security ignition keys that communicate with the engine computer. The computer refuses to fire up the engine (though it'll usually crank, just won't start) unless the right code from the key has been presented.

If they've integrated the devices with that type of security such that the computer won't start the engine if the device is removed, it would be hard to bypass. But if the device just interrupts the starter circuit then it might be trivially easy. Inquiring minds want to know... and might google this later.
posted by FishBike at 5:38 AM on March 19, 2010


Anytime a reasonable password policy is questioned because it is a pain in the ass, this should be example number one. Also I bet the password he remembered was easy to remember and this all could have been averted through some simple, strong passwords.

A password policy that requires passwords so complex that a normal user can't remember them is a bug, not a feature.
posted by one more dead town's last parade at 9:03 AM on March 19, 2010


Anyone remember those OnStar commercials where Batman had it in the Batmobile? Yeah, imagine this joker working for OnStar.

Batman: "Unlock the car!"

Joker: "Sorry Batbaby, I'm not gonna do that!"

Batman: "Curse you Joker! I have to get to the store!"

Joker: "Ok. let me give you a hand"

*door unlocks, Batman reaches for the handle, but a mechanical joker hand pops up and relocks the door before he can open in*

Batman: "Joker, I'm going to find you, and I'm going to..."

*batmobile horn starts honking cutting him off*

Joker: "I'm sorry, what were you saying?"

*Batman breaks through window, open car manually, gets in, prepares to start car*

*click*

*there is a long pause, while Batman stares at the key*

Joker: "...yeah, I can do the ignition as well."

*devolves into maniacal laughter, cut to Batman grimacing.*
posted by quin at 9:09 AM on March 19, 2010


GuyZero: I mean, pagers? Srsrly?
I sometimes do some work for a company that sells software related to pagers. It's a really small company these days.

The pager network is a little like Usenet now; obsolete in many ways, but still active and operational, still the best choice for certain kinds of communication. It's still widely used by fire departments, law enforcement, etc. Compared to the alternatives (like anything connected to cell phones) it tends to be very reliable, especially in disaster situations, when the cell phone network often dies and/or gets overloaded immediately.
posted by Western Infidels at 9:10 AM on March 19, 2010


A password policy that requires passwords so complex that a normal user can't remember them is a bug, not a feature.

There have been some articles about how it may soon be the end of the line for password-based security because of this. As computers get faster, the password complexity required to defend against certain classes of brute-force attacks1 is so high that people can't remember the passwords.

Even in situations where that isn't technically necessary to assure security, minimum audit standards may apply. If things keep going as they have been, we're going to have to go to 32-character passwords that contain at least one each of upper case, lower case, numbers, symbols, greek letters, and Klingon characters, just to keep the auditors happy.

I've seen more and more advice lately to just write the password down, which is not all that awful as long as you keep the written paper somewhere fairly secure. Like not on a yellow sticky note attached to your monitor. It used to be forbidden, but it's all about relative risk. What's more likely, that someone will steal your wallet, read your password, and return your wallet without you noticing, or guessing an obvious password over the Internet?

1: Specifically, the class of attacks where you have something like a copy of a security accounts database with encrypted or hashed passwords already in it, so you can make an unlimited number of password guesses as quickly as your hardware can run. If you can always ensure that any password guessing attempts are subject to rate limits and/or locking out the account after a certain number of wrong attempts, then passwords do not need to be nearly as complicated. This is difficult to ensure but is still an assumption used in many cases when setting minimum password complexity policies.
posted by FishBike at 9:43 AM on March 19, 2010


There are always going to be crappy deals in the world for people who need them. I heard a scary statistic on NPR the other day. People going to Pay Day loan places were weighing the difference between paying late payment fees on credit cards, and the insane interest on the loan and were still coming out ahead with the Pay Day lender. That's just crazy.

Debt, any way you look at it is terrible.

I'm beginning to think that the only way to live is debt free. Paying in cash is the real free market. But that would mean a complete and total paradigm shift in consumer spending. Instead of buying something based upon my perceived ability to pay, I would be limited to what I actually had money on hand for.

Think about education. If instead of taking out hefty educational loans, people attended school where they could pay as they went, (junior or community college, state schools...) people could actually afford to work in places they want to work, rather than being forced into jobs that will help them sustain their debt load.

What about housing? If you buy a house with cash, you won't get trapped in a house you can't afford. If it does turn out to be more expensive than you thought, you can sell it and get money back and go back to renting until you can get into a better house.

I am working like crazy to live debt free. The peace of mind is well worth having to wait until I have the cash to buy something.
posted by Ruthless Bunny at 9:50 AM on March 19, 2010 [2 favorites]


This horn honking ... is it intermittent, or is it continuous? I.e., *honk* *honk* *honk* *honk* *honk*, or *honnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnk*?

Because I think I may have just understood something about an incident involving an irresponsible ex-roommate's shiny new SUV.

posted by eritain at 10:51 AM on March 19, 2010


I'm totally guessing, but the horn-honking should be intermittent because I don't think the horn mechanism is designed to stand up to continuous duty. I base this only on having seen car horns catch fire due to a stuck horn switch.
posted by FishBike at 10:56 AM on March 19, 2010


Ruthless, this is a total tangent, but it works both ways: that conservatism will protect you, but it will also limit you (as you mentioned with education). Wealthy people, all other things being equal, usually get there by accepting and using a certain amount of risk / leverage.

The kind of leverage I'm talking about has nothing to do with payday loans or maxed-out credit cards - I'm talking about people that are reasonably financially secure. Being debt free is an excellent goal, but given the choice between that and being able to go to a good school, live in a good area, etc - I'll take the debt.

Now if I could just find the code to my Rent-A-Center house...
posted by letitrain at 10:56 AM on March 19, 2010


I base this only on having seen car horns catch fire due to a stuck horn switch.

Oh man, you just gave me the best idea for a "prank".

"Well officer, I don't know what caused the car fire, it could have originated from the horn getting too hot, or the fact that it was blasting continuously for nearly 15 minutes in this residential area and people were clearly getting angry about it. Either way, I don't think that the gasoline that was poured over the top of the car did anything to help prevent this..."
posted by quin at 11:08 AM on March 19, 2010


“What stops them from disabling cars that have the not-paid-for devices in them?”

You’re missing the point, there’s money to be exploi… er… people can be ‘helped’ to own a car. (“Proponents say the systems let financers extend credit to consumers who might otherwise be ineligible for an auto loan.”)

“Does the corporate world really have to keep fucking everybody over so hard that we can't see straight?”
As opposed to what?

If we had decent public transportation systems people wouldn’t need cars to get to work.
The big problem with this is it looks like it’s nice for a person who doesn’t have the upfront money for a decent car, and it more or less is in a number of ways. But if you’re an employer, it’s your productivity being gouged so some other guy can make a buck through a hole in the infrastructure.
Some folks have an interest in maintaining those holes. Most don’t. The problem is it looks like business, but it's just exploitation.
posted by Smedleyman at 12:05 PM on March 19, 2010 [1 favorite]


Isn't there a Philip K. Dick story with doorknobs that need to be paid? To get into your bathroom, you have to put some change in a meter. And they talked.
posted by Barry B. Palindromer at 1:05 PM on March 19, 2010


Isn't there a Philip K. Dick story with doorknobs that need to be paid?

Yes. I want to say that's in Ubik, but it might be a different one.
posted by Lentrohamsanin at 1:34 PM on March 19, 2010


I'm in Austin and every time I hear a random car alarm go off these days, I wonder who has the car from this dealership.
posted by immlass at 10:25 AM on March 20, 2010


The door refused to open. It said, "Five cents, please."

He searched his pockets. No more coins; nothing. "I'll pay you tomorrow," he told the door. Again he tried the knob. Again it remained locked tight. "What I pay you," he informed it, "is in the nature of a gratuity; I don't have to pay you."

"I think otherwise," the door said. "Look in the purchase contract you signed when you bought this conapt."

In his desk drawer he found the contract; since signing it he had found it necessary to refer to the document many times. Sure enough; payment to his door for opening and shutting constituted a mandatory fee. Not a tip.

"You'll discover I'm right," the door said. It sounded smug.

From the drawer beside the sink Joe Chip got a stainless steel knife; with it he began systematically to unscrew the bolt assembly of his apt's money-gulping door.

"I'll sue you," the door said as the first screw fell out.

Joe Chip said, "I've never been sued by a door, but I guess I can live through it."
-- Ubik, PKD
posted by rlk at 2:02 PM on March 20, 2010


To get into your bathroom, you have to put some change in a meter.

It used to be extremely common in some parts of the UK to have gas meters that you put coins into. I guess they are getting rid of them (I assume because they must be a maintenance nightmare compared to modern telemetry meters) but I have family who tell stories about running out of hot water and having to stick a coin in the meter because someone had forgotten to do it.

For whatever reason they never caught on in the US, at least not that I've ever heard of. I've always wondered if this was due to perceived lack of tolerance on the part of consumers for them, or if it was lack of trust on the part of gas companies to let their meter-readers handle bags of cash.
posted by Kadin2048 at 8:38 PM on March 20, 2010


SRP, a local utility, now offers pre-paid metering. Pretty much the same thing as putting coins in a slot. Buy the minutes from a kiosk, put the card in the slot to make the power turn on. Put coins in a box by your steering wheel to make your car go.
posted by Barry B. Palindromer at 8:56 PM on March 20, 2010


It used to be extremely common in some parts of the UK to have gas meters that you put coins into. I guess they are getting rid of them (I assume because they must be a maintenance nightmare compared to modern telemetry meters) but I have family who tell stories about running out of hot water and having to stick a coin in the meter because someone had forgotten to do it.

In council houses and flats rented out to students you often still have prepaid meters, although they work with cards that you have to charge up at corner shops these days.
posted by atrazine at 2:24 AM on March 21, 2010


« Older Hirokazu Tanaka meets Hirokazu Tanaka (repeat 10x)   |   JavaScript: The good and bad parts Newer »


This thread has been archived and is closed to new comments