Michael Hastings was a top American investigative journalist. His profile of General Stanley McCrystal in Rolling Stone magazine ended the career of one of America’s top soldiers.
The 2010 article documented the widespread contempt for civilian government officials by the general and his staff and ultimately resulted in McChrystal’s resignation as US forces and NATO head in Afghanistan.
Hastings wrote a further two books and became a vocal critic of the US Department of Justice probe into news reporters. He said the Obama Government was waging a war on freedom of the press.
His last story, “Why Democrats Love to Spy On Americans”, was published on June 7 last year. Ten days later, Hastings, 33, died in a fiery car crash in Hollywood. His two-door Mercedes-Benz left the road and hit a palm tree – only hours after he told friends he had received death threats and was “going off the radar” to work on a big story.
Hastings’ body was burned beyond recognition. The Los Angeles coroner identified the body by matching fingerprints with those the FBI had on file. Two days after the crash, LA police declared that there were no signs of foul play. The coroner’s report ruled the death of Hastings to be an accident.
But a witness to the crash told US media that the car seemed to be traveling at maximum speed and was spitting sparks and flames before it fishtailed and crashed into the tree. Within days of Hastings’ death a huge sign hung from the tree: “This was no accident”, it said.
Was his death the first “car cyberattack”, where a computer hacker took over the controls of his car? Conspiracy theorists think so – that shadowy government agencies somehow wirelessly tinkered with it. Former US national security official Richard Clarke said the crash was “consistent with a car cyberattack.”
But Hastings’ New York-based brother Jonathan said Michael was distressed. He said it appeared Michael was battling a manic attack, similar to one brought on by a drugs episode 15 years ago. Michael had written about the experience. “He crashed his car before anyone could do anything to help him,” said Jonathan.
But findings in the US and Britain have added weight to speculation that Hastings’ death mightn’t have been accidental. Researchers at the Motor Industry Research Association in Britain have taken control of a car’s electronic systems via the On Board Diagnostics (OBD) port, a socket that allows technicians at your local garage to plug in a laptop to check on faults.
The researchers could adjust the car’s speed between 30 and 80km/h by using a laptop computer to bypass the car’s controls. In the US, security engineers released a video of themselves sitting in the back of a Toyota Prius they had hacked, controlling the car while the driver sat helplessly at the wheel. The Prius had some of its instrument panel removed, making the attack obvious.
But the footage shows the car:
• crawling along as the digital speedo reads 199mph (322km/h)
• the fuel gauge switching from full to empty
• the steering wheel jerking left
• the seatbelt pretensioners pinning the driver to his seat.
They showed the video at a security conference. Simply by connecting the computer to the car’s diagnostic port, they had been able to control everything from acceleration and braking to steering and headlights. They also showed that they could reprogramme the car’s computers – known as electronic control units, or ECUs – to act later, when their laptop was no longer connected.
Researchers at universities in California and Washington wirelessly hijacked a Chevrolet Impala sedan. They used smartphones and laptops to:
• unlock doors and disable alarms
• start and stop the engine
• track journeys using the car’s GPS
• record conversations in the cabin
• programme the car to switch off its lights when it got above a certain speed.
They called it an “attack code”, which “could then erase any evidence of its existence on he device. Such an attack could complicate (or even prevent) a forensic examination of a crash scene.”
But critics said a hacker would first have to get to the diagnostic port. No, they wouldn’t, countered researchers, who:
• loaded their hacking software on to a CD and used the car’s music system to take control of the ECU
• hacked the car’s hands-free Bluetooth
• dialled in to the car’s telematics, which controls safety features and entertainment.
Getting into the telematics enabled them to send an audio file down a normal phone line to “enslave” the car. Once they had access to part of the car’s digital network, they were able to take over the entire vehicle.
The upshot is now that carmakers are continuing to load cars with every electronic communication device, hackers might be able to target more of a car’s functions.
Carmakers are using firewalls in a bid to block suspicious software. But law enforcement and security experts worldwide are taking the hacking findings seriously. They say an accident caused by a sophisticated hacker would leave no obvious signs.