The Texas Department of Transportation was quick to respond, saying in a statement that the signs belonged to a private contractor who was investigating how they might have been hacked.
“TxDOT takes this matter very seriously,” a spokesman said in the statement.
The hacker, wherever he was, could face felony charges, the statement hinted.
For a while, the signs remained untouched.
“Gorilla deserved it,” the sign read.
On May 28, a 420-pound gorilla named Harambe was shot and killed at the Cincinnati Zoo after a 3-year-old boy fell into the animal’s enclosure. Amid the commotion, Harambe, a male western lowland gorilla on the endangered species list, became agitated, dragging the boy throughout the shallow water covered in the enclosure. Fearing for the young boy’s safety, zoo officials decided to shoot the animal dead.
For days, animal-rights activists decried the decision to use lethal force as inappropriate and cruel. Others, including witnesses, zoo officials and the boys’ parents, argued that the boy’s life was in danger.
Apparently the sign hacker agreed.
Ryan LaFontaine, a TxDOT spokesman, told NBC 5 he was concerned with the “boldness” of the hacker, because altering the signs must be done up close and in person — not remotely.
“You have to actually be there,” he said. “Power it up and get in there and break the password.”
That action, LaFontaine told the TV station, is a third-degree felony punishable with prison time.
A man in central Texas was arrested on a charge of criminal mischief after he admitted to hacking an electronic road sign last month and typing “Drive Crazy Yall,” the Austin American-Statesman reported. According to an affidavit obtained by the newspaper, Geoffrey Eltgroth, 26, “admitted to typing in a user name and password (which he guessed) for the sign and to deleting the message to warn traffic of upcoming construction and typing the different message because he believed it was humorous.”
An electronic road sign near the University of Texas at Austin was hacked in 2009 to read “Zombies Ahead.”
Though arguably entertaining, these benign acts could lead to more serious hack jobs, cybersecurity analyst Brian Krebs wrote on his blog in 2014:
“We see a great deal of hand-waving and public discussion about the possibility that foreign cyber attackers may one day use vulnerabilities in our critical infrastructure to cause widespread problems in the United States. But my bet is that if this ever happens in a way that causes death and/or significant destruction, it will not be the result of a carefully-planned and executed cyber warfare manifesto, but rather the work of some moderately skilled and bored cracker who discovered that he could do it.”
Krebs added that investigations into these hacks have shown that oftentimes, it’s not at all difficult for people to break in. The factory default passwords are never changed, he writes, or hackers use a “simple password cracker” to gain remote access.
In Texas, state officials are looking into the incidents.
“These signs were secured and turned off until someone broke into them to enter these messages,” a spokesman said in a statement. “Such actions endanger the safety of themselves and motorists, and the messages could also become a distraction to motorists driving on the highway.”