Car2Go Thieves Test Car-sharing Vulnerabilities
After suspending manual background checks to encourage fresh users in April, Daimler subsidiary Car2Go found itself with a problem in Chicago — its new customers were stealing cars by the gross.
On the April 15th, the ride-sharing service notice an uptick in usage that was well above the norm. However, as the day progressed, the company found that a lot of its higher-end vehicles weren’t coming back. Instead, they were convening on Chicago’s West Side. Two days later, the Chicago Police Department announced that it had been notified by Car2Go that some of the company’s vehicles may have been rented by deceptive or fraudulent means and was officially on the prowl for justice.
Since the company keeps digital tabs on rental vehicles at its offices using GPS, the thefts were doomed from the start. Rather than immediately chop the cars up, much of the criminal element seemed content to just have a newish Mercedes-Benz CLA or GLA (nobody wanted the Smarts) for personal use. Despite a handful of the rentals having been stripped of their doors, or worse, the majority of the stolen rides were reportedly found intact. Several of the suspects even posted videos of themselves online, bragging about “their” new Mercedes whist joyriding.
About 75 cars we stolen in total, some of which were already being rented out to the thieves’ neighbors. Police reported they had charged 21 individuals a couple days after the heist. Apparently, the suspects’ collective defense was that the cars actually belong to them… you can guess how well that worked.
“This was a unicorn incident for us as a company,” Car2Go spokeswoman Kendall Kelton told Bloomberg on Thursday. “We’ve never seen this type of fraudulent activity and this scale ever, ever.”
While the technological might of giant corporations (and satellites) ultimately made the thefts a failure, it does raise a lot of questions about connected fleet vehicles and cyber security. Car2Go said that roughly 20 people set up a glut of fake accounts in Chicago on April 13th utilizing stolen or bunk credit card information. From there, all the thieves had to do was book a car and drive it away.
Despite being larger and slightly more organized, these types of thefts are on the rise. Electric scooter firms have struggled endlessly with thefts and the situation has spilled over into short-term car rental services. Car2Go ended up reverted back to conducting manual checks on new customers and it’s easy to see why.
From Bloomberg:
When Enterprise Holdings Inc. stopped operating its car-sharing service in Chicago in 2017, it also cited high rates of fraud and vandalism. When ReachNow introduced its service in Brooklyn, N.Y., in 2016, so many vehicles began disappearing that it was difficult for paying members to find any. The company, which had used an automated approval process, suspended its service and switched to manually reviewing new applications, according to a former employee who asked not to be identified disclosing private operational decisions. ReachNow resumed service but stopped operating in Brooklyn permanently in 2018, a decision resulting in part from continued fraud.
For Car2Go, it hasn’t been unusual for customers to create legitimate accounts, check out high-end vehicles, then lease them to nonmembers for short periods at inflated prices, according to someone familiar with its fraud problems who wasn’t authorized to discuss them. This practice, a violation of Car2Go’s rules, has been an issue in Chicago since the company started operating there, the person says. In several cases, hackers with lists of email addresses and passwords have written scripts to locate car-sharing accounts using those credentials. Once they find the accounts, they sign out cars and disable their GPS trackers, causing them effectively to disappear.
[Images: Daimler]
A staunch consumer advocate tracking industry trends and regulation. Before joining TTAC, Matt spent a decade working for marketing and research firms based in NYC. Clients included several of the world’s largest automakers, global tire brands, and aftermarket part suppliers. Dissatisfied with the corporate world and resentful of having to wear suits everyday, he pivoted to writing about cars. Since then, that man has become an ardent supporter of the right-to-repair movement, been interviewed on the auto industry by national radio broadcasts, driven more rental cars than anyone ever should, participated in amateur rallying events, and received the requisite minimum training as sanctioned by the SCCA. Handy with a wrench, Matt grew up surrounded by Detroit auto workers and managed to get a pizza delivery job before he was legally eligible. He later found himself driving box trucks through Manhattan, guaranteeing future sympathy for actual truckers. He continues to conduct research pertaining to the automotive sector as an independent contractor and has since moved back to his native Michigan, closer to where the cars are born. A contrarian, Matt claims to prefer understeer — stating that front and all-wheel drive vehicles cater best to his driving style.
More by Matt Posky
Comments
Join the conversation
Im stunned nobody spent 1000$ on a old cargo container and just started parking cars in them to block the gps, then disable the gps on their own time. Some of the rentals were fake ID's .. this could have been way worse.
It surprises me how quickly a myth can be accepted by unthinking writers. Car2go is not part of the ‘sharing economy’ and is only one of many companies that have successfully implemented misleading marketing campaigns to position themselves as social and environmentally responsible organizations. Car2go is a car rental company owned by Daimler who manufacture both Mercedes and Smart cars. The rental model involves street parking and per minute billing which is 10x higher than traditional car rental companies.