A Security Researcher’s Attempt to Prank the DMV Backfired in a Spectacularly Expensive Way
A security researcher known as Droogie took to the DEF CON hacking and security conference stage last weekend to regale the audience with his story of getting bested by the very bureaucratic system he was trying to exploit.
As Gizmodo reports, it all started when Droogie decided to register his car with a vanity license plate that read “NULL,” a word that computer programs use to designate something that has no value. He thought that the Automated License Plate Reader (ALPR) systems might misinterpret his license plate as an entry with no value and fail to catalog his car’s data.
ALPR systems are built into surveillance cameras on police vehicles, streetlights, highway overpasses, and elsewhere, collecting license plate numbers along with the time, date, and location. The cameras don’t just catalog your car’s data if you’re speeding or doing something otherwise suspicious—they'll capture license plate data whenever it comes into view. It’s not exactly clear when and why the systems keep track of your whereabouts, let alone who’s watching and how they’re using the information, so Droogie’s scheme was more about protecting personal privacy, rather than trying to dodge tickets.
His hypothesis proved partially correct: The systems didn’t properly process his “NULL” license plate, but the outcome was basically the opposite of what he was hoping for. First, upon trying to renew his tags, the DMV website informed him that his license number was invalid. Then he was hit with a barrage of parking tickets that totaled more than $12,000, because a processing center had used “NULL” for all parking misdemeanors committed by unidentified vehicles, and the system mistakenly attributed them all to Droogie’s car. According to Mashable, he told his DEF CON audience, “I was like … 'I’m gonna be invisible.' Instead, I got all the tickets.”
After Droogie contacted the DMV and the Los Angeles Police Department, they helped erase the fines from his account and advised him to change his plates so it doesn’t happen again, since there are no plans to alter the processing system that was assigning him the tickets in the first place. He refused, insisting he "didn’t do anything wrong." As of his DEF CON presentation, Droogie has received another $6000 in misattributed tickets.
[h/t Gizmodo]