FBI Says Smart Meter Hacks Are Likely To Spread

← Back to Stories (view on slashdot.org)

FBI Says Smart Meter Hacks Are Likely To Spread

Posted by Soulskill on Monday April 9, 2012 @05:50AM from the ignorance-is-bliss dept.

tsu doh nimh writes "A series of hacks perpetrated against so-called 'smart meter' installations over the past several years may have cost a single U.S. electric utility hundreds of millions of dollars annually, the FBI said in cyber intelligence bulletin first revealed today. The law enforcement agency said this is the first known report of criminals compromising the hi-tech meters, and that it expects this type of fraud to spread across the country as more utilities deploy smart grid technology."

39 of 189 comments (clear)

Min score:

Reason:

Sort:

So how come they are "smart" meters? by alexborges · 2012-04-09 05:55 · Score: 2

If the new frauds against the new meters are equivalent in size to the old frauds against old meters, but with the new meters they are at least more easily quantified, it still makes sense to deploy them. If the new frauds amount to lesser losses compared to the older frauds, then its still worth it.
If not, Id try and find out who is getting the kickback for this idiotic things.

--
NO SIG
1. Re:So how come they are "smart" meters? by cayenne8 · 2012-04-09 06:01 · Score: 3, Interesting
  
  I dunno...but the simple use a powerful magnet trick to cut the usage tracking down sounds fantastic to me!!
  Simple, just put the magnet on at night...take it off during the day when at work....
  I've been wanting to get some rare earth magnets to play with...hmm...now, maybe I have even more justification?
  {BAEG}
  
  --
  Light travels faster than sound. This is why some people appear bright until you hear them speak.........
2. Re:So how come they are "smart" meters? by Anonymous Coward · 2012-04-09 06:29 · Score: 2, Interesting
  
  They would like to find out when you are home and when you aren't home.
  They would like to characterize your usage so they can predict what kind of goodies you have,
  And I'm just talking about the power company and hordes of corporate marketing entities what would love to get this data. Imagine the boner it would give thieves and other criminals to have instant access to this information.
3. Re:So how come they are "smart" meters? by QuantumRiff · 2012-04-09 06:40 · Score: 3, Funny
  
  You're electric bill would be directly proportional to the number of quiet afternoons I had to listen to you music in my house :) Damn kids! you call that music?!!? Get off my lawn!
  
  --
  
  What are we going to do tonight Brain?
4. Re:So how come they are "smart" meters? by mhajicek · 2012-04-09 06:47 · Score: 3, Interesting
  
  The law enforcement agency said... that it expects this type of fraud to spread across the country...
  Especially now that the vulnerabilities have been announced.
5. Re:So how come they are "smart" meters? by mcavic · 2012-04-09 06:55 · Score: 2
  
  They can install one on my house when they hold a loaded, cocked gun to my head.
  No gun necessary. They can install one whenever they want, or they can cut your power.
6. Re:So how come they are "smart" meters? by LoRdTAW · 2012-04-09 07:24 · Score: 5, Interesting
  
  Smart meters do not use the old electro-mechanical method to measure power consumption. They are solid state and have no moving parts or coils that can be tampered with by a magnetic field.
  Little story:
  Back in high school I took electrical installation, basically you were taught to become an electrician for residential, commercial and industrial. We had an amazing teacher, a master electrician who told us how he cheated the meter to cut his bill down. Basically most older electric meters were "5-jaw" meaning that they had 5 contacts, two incoming hot legs from the street, one neutral and two outgoing hot legs to your panel box. If you cut the neutral leg the meter stopped spinning. So he "obtained" a forged matching utility seal (the numbered plastic thing that seals the meter to detect tampering) and ran two wires stealthily into the meter pan. Instead of the neutral leg of the meter going strait to the main neutral bus bar, it first went into his home to a timer switch hidden in a closet and back to the meter pans neutral bus bar. He said if you looked in the pan and didn't poke around, you would never see that the wires were diverted.
  So over the period of a few years he finally got it to the point where he would only pay 20-30 dollars a month in electricity because he lowered it very very slowly over time. If you suddenly half your electric bill the uitility's billing software would flag you and send an investigation team out who will pull your meter and take it to a lab for diagnosis and inspect your meter pan. Well he was sitting pretty paying next to nothing while running air conditioners and pool filters but one day the timer burnt out completely shutting the meter off. He didnt notice and said it could have been that way for well over a month. The utility came to his house on a day when he happened to be home and pulled the meter. The lights went out and he decided to look out the window and saw the utility truck in front of his house. He ran out and with some quick thinking started screaming at the utility workers "What the fuck are you doing! My wife was carrying laundry down the stairs and she fell. I think she broke her leg. Im calling 911, and im going to sue your asses!" before he could get back in the house the utility crew plugged the meter back in and ran. He then removed his modifications and covered his trail. The next day an inspector came and rang his bell informing him they had to remove the meter for inspection and that they were sorry for any problems the previous crew caused. Well they took his old mechanical meter and installed an electronic meter that had a clock and a light sensor (from his description). It was a "4-jaw" meter (no neutral) and could not be disabled without physically unplugging it. He never heard back from the utility as he covered his tracks and they couldn't prove he tampered with the meter since he replaced the seal with one of the same serial number. He never tried to tamper with the meter again.
  Goes to show you how easy it was to cheat the electric bill with a little skill, resources and patience.
7. Re:So how come they are "smart" meters? by LiMikeTnux · 2012-04-09 07:30 · Score: 3, Interesting
  
  Most analog meters I have seen (I do residential) are 4 blades. You can actually pull them out and flip them upside down, and they will run backwards!
  
  --
  yap
8. Re:So how come they are "smart" meters? by Firehed · 2012-04-09 08:00 · Score: 2
  
  You can perform that same hack with an extension cable.
  
  --
  How are sites slashdotted when nobody reads TFAs?
9. Re:So how come they are "smart" meters? by Anonymous Coward · 2012-04-09 08:55 · Score: 4, Insightful
  
  Smart meters have other advantages you just don't hear often about. The reason you don't hear about them is because it invades your privacy.
  With smart meters, they can tell people when you're home, likely which holidays you observe, if you watch TV, if you work at night or day, so on and so. They sell your demographic information.
  Likewise, police and other officials are now working with utility companies to determine if you are growing pot, running a business out of your garage, so on and so.
  The fact they hope to reduce their billing costs associated with meters is their primary goal but the field is ripe for secondary profit avenues.
  If you are against smart meters you are against industry invading your privacy and are therefore evil.
10. Re:So how come they are "smart" meters? by gmanterry · 2012-04-09 09:33 · Score: 4, Informative
  
  I'm retired from two different electrical utilities. I can tell you that one of the things that was checked on old analog meters was the wear on the contact legs. It doesn't take many repetitions of flipping the meter in it's socket to wear off the plating on the copper legs. It's pretty obvious.
  
  --
  Since when is "public safety" the root password to the Constitution?
11. Re:So how come they are "smart" meters? by Grizzley9 · 2012-04-09 09:48 · Score: 3, Insightful
  
  Goes to show you how easy it was to cheat the electric bill with a little skill, resources and patience and lack of ethics.
  
  Fixed that for you.
12. Re:So how come they are "smart" meters? by Darinbob · 2012-04-09 12:17 · Score: 2
  
  Doesn't work on newer meters and is mostly likely to set off tamper alarms in the back office.
  The magnet trick actually works on the older analog meters quite well, and probably works better on them than newer meters.
No fraud checking? by dj245 · 2012-04-09 06:05 · Score: 4, Interesting

Besides the fact that you don't need to mess with dangerous line-voltages, this is no different than normal meter fraud. I can't imagine anything other than incompetence being the reason this was not found. A utility buys electricity, or makes it, and the amount they put on the grid is a known quantity and easily measured. If the amount that they are billing for is less than that, something is wrong. You can do the numbers on a per-line or a per-substation basis, possibly even more granular than that. All the major HV lines and substations have their own meters which report back to HQ. A single person stealing electricity is somewhat hard to catch, but if substantial amounts of people got away with this for an extended period of time, someone was not doing their job.

--
Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
1. Re:No fraud checking? by Sarten-X · 2012-04-09 06:20 · Score: 5, Funny
  
  You can do the numbers on a per-line or a per-substation basis, possibly even more granular than that.
  That's brilliant! To get specific enough information for legal recourse, we'll need maximum granularity, which means tracking the usage for each customer! We can put their meter right on their house for convenience!
  
  --
  You do not have a moral or legal right to do absolutely anything you want.
2. Re:No fraud checking? by arth1 · 2012-04-09 06:30 · Score: 5, Informative
  
  A utility buys electricity, or makes it, and the amount they put on the grid is a known quantity and easily measured. If the amount that they are billing for is less than that, something is wrong.
  Yes, like Ohm's law and Joule's law. Any electrical cable and transformer converts electricity into heat, so what the users pull out can never equal what is put on the grid.
  Electricity is also not a resource like water, where if you don't pump it out one second, you can pump it out the next second. Use it or lose it. Converted to DC, it can be stored in capacitors or batteries, but at a very high cost.
3. Re:No fraud checking? by icebike · 2012-04-09 06:30 · Score: 5, Interesting
  
  Besides the fact that you don't need to mess with dangerous line-voltages, this is no different than normal meter fraud. I can't imagine anything other than incompetence being the reason this was not found. A utility buys electricity, or makes it, and the amount they put on the grid is a known quantity and easily measured. If the amount that they are billing for is less than that, something is wrong. You can do the numbers on a per-line or a per-substation basis, possibly even more granular than that. All the major HV lines and substations have their own meters which report back to HQ. A single person stealing electricity is somewhat hard to catch, but if substantial amounts of people got away with this for an extended period of time, someone was not doing their job.
  But take your average mid size city, and the substations cover huge areas. HV feeders typically feed entire neighborhoods and step down to lower voltage on the neighborhood feed without any such meter. Line loss is variable, not a constant you can be assured of over time. Your mom's current frugality binge can make a significant difference in usage month to month.
  So how do you find the 6 houses out of 100 that reduce their consumption by some amount less than the average variance? Especially if they ratchet it down slowly in the high use season?
  And even if you statistically isolate a few suspects, how do you prove it? About the only way to do so is to put another meter upstream of each suspect house. Expensive, and not at all stealthy, so the suspect can drop the hack.
  A power company in an area I lived in, where power was still distributed with overhead wires, would put the meter at the top of the off-property pole as a way of advertising people they had caught tampering with meters. The entire neighborhood knew what that meant. They could still read them remotely, so it didn't involve any additional work load on their staff once installed.
  
  --
  Sig Battery depleted. Reverting to safe mode.
4. Re:No fraud checking? by slimjim8094 · 2012-04-09 07:34 · Score: 4, Interesting
  
  They do tend to have meters per transformer ("pole pig"), which is pretty granular, as well as at other points in the distribution network. They use them to diagnose flaws in the system, but they're also used for finding fraud.
  
  --
  I have developed a truly marvelous proof of this comment, which this signature is too narrow to contain.
5. Re:No fraud checking? by icebike · 2012-04-09 08:23 · Score: 2
  
  People smart enough to know about the hacks are usually smart enough not to run their bill down to zero.
  People see their historical usage on every Electric bill, its not like they are unaware records are being kept.
  Thieves just run down their usage over time by 25% of their prior usage, which is consistent with what you can accomplish by being frugal
  (or going on vacation). Public awareness of shortages can drive electrical usage for an entire city down by 25%.
  Dumb people might go for "the big hack", but these are the only ones that get caught, because simple computer programs running
  against billing data make them so obvious.
  Without meter-by-meter inspection, you can't tell if loss of household income (layoff) caused increased frugality or if they tampered
  with the meter, as long as they keep from pushing usage down by less than 25% or so.
  If you Read TFA, you will find that detection is very difficult, and these were with users that had hacked their meter in a very obvious way,
  such that the"altered meter typically reduces a customer’s bill by 50 percent to 75 percent". If you can't easily spot 50% reduction, you
  would have no chance of spotting a 25% reduction.
  
  --
  Sig Battery depleted. Reverting to safe mode.
6. Re:No fraud checking? by TheLandyman · 2012-04-09 13:07 · Score: 2
  
  . Many utilities do not really know when they've got a real power outage or not. l.
  Mine does. I helped design the system that figures it out automatically from our smart meters. When the power drops a good number (although not all due to network topology) of "Power Down' messages come back to us before the meter fully discharges. we run this through the 'old school' system that figures out, based on known network design and those reporting loss of power, the scope of the outage as quick as possible.
7. Re:No fraud checking? by arth1 · 2012-04-10 01:08 · Score: 2
  
  So here's my question: how come just installing the battery packs has never come up as an easy "green" solution? Some battery packs, a timer, and a AC/DC converter and you could just fill the batteries at night and bleed off of them in the daytime. If and when the batteries run low, the connection to the grid can go hot again. It wouldn't be as good as solar panels (for the environment, anyway) but it'd be better than being connected to the grid all the time and way cheaper in the long run I imagine.
  I'm the wrong kind of engineer, but as far as I can tell, the difference between day and night prices isn't big enough. A typical lead accumulator battery will have around 60-75% efficiency, and an AC/DC converter around 70-90%, and you have to use it twice.
  So you land at around 30-60% total efficiency.
  So to get 10 kwH out of them at day, you have to buy 17-33 kwH at night. Then factor in the costs of buying/maintaining/replacing the batteries.
  Is the price difference that big?
  You can, probably, take advantage of some of the heat loss to warm up a basement during winter, but it still doesn't seem like a winning tactic.
  It's a win for solar panels because the electricity you get from them is already DC, so there's one conversion less compared to selling it back to the grid.
Re:Lowest bidders by SgtChaireBourne · 2012-04-09 06:07 · Score: 2, Informative

It's not just a lowest bidder problem. The meters are designed to be tampered with. The designs were known to be defective before they were rolled out and they were deployed anyway. What is happening now is just an inevitable result of bad engineering. It's too bad that our experiences with M$ products have, for the general public, made bad engineering acceptable.

--
Beta is broken and the link to classic doesn't work. Stop wasting our time or there won't be anybody left here.
If it will "cost companies more"... by whovian · 2012-04-09 06:10 · Score: 2

...it will likely cost consumers more, i.e, the cost will be passed on to the consumer. I am completely unsurprised to hear of this.

--
To-do List: Receive telemarketing call during a tornado warning. Check.
Business model by Dunbal · 2012-04-09 06:13 · Score: 4, Insightful

So the power company says "I know, let's make a bunch of money by using smart meters. That way we can fire all the people we used to send out to go read meters, and we can maximize our profits by having variable billing throughout the day."
"Oh, and let's make sure to contract these meters out to the lowest bidder because after all, people are morons and if they don't realize that we're shafting them by getting them to pay more for their electricity, certainly they will never be smart enough to figure out our meters"
"Oh shit, our meters can be hacked! These guys are CRIMINALS help help government HELP come save us!". That way we don't have to invest in more secure meters, or go back to the old meters. No, we can continue with minimal staff, continue with crappy hackable meters, and stick the cost of our broken business model to the government, the court system, and of course the prison system. Why should we have to share any of these unforseen costs from a business model we forgot to think through properly? Maximum profit is our GOD GIVEN RIGHT.

--
Seven puppies were harmed during the making of this post.
1. Re:Business model by Beardo+the+Bearded · 2012-04-09 06:20 · Score: 2
  
  My power company is run by the government.
  BC Hydro. They just started rolling out these smart meters. They're pointless. If they'd gone with something like a Schneider Ion then they could figure out how to reduce energy consumption in the home. As it is, they can't even get billing and metering to talk to each other.
  And there's been a recall already.
  
  --
  
  ---
  ECHELON is a government program to find words like bomb, jihad, plutonium, assassinate, and anarchy.
2. Re:Business model by Anonymous Coward · 2012-04-09 06:45 · Score: 2, Funny
  
  When I hear "BC Hydro", I don't think of electricity.
3. Re:Business model by tomhath · 2012-04-09 06:55 · Score: 3, Informative
  
  The primary purpose is to provide an incentive for customers to shift energy use to non-peak hours. By doing that the peak load is reduced, which is a big cost saver for the utilities (less total generation and transmission capacity required).
4. Re:Business model by CanHasDIY · 2012-04-09 07:12 · Score: 2
  
  The primary purpose is to provide an incentive for customers to shift energy use to non-peak hours. By doing that the peak load is reduced, which is a big cost saver for the utilities (less total generation and transmission capacity required).
  Well, easy enough then; it's not as if most people's schedules are determined by outlying factors or anything... /sarc
  
  That's some serious mental gymnastics they must do if they honestly believe such nonsense. How am I or anyone else supposed to "shift energy use to non-peak hours" when our working schedules are determined by our employers? Surely the people running these utilities (who, consequently, tend to work 8-5 jobs as well) aren't so dumb as to think that's a viable strategy, are they?
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
5. Re:Business model by CanHasDIY · 2012-04-09 07:57 · Score: 2
  
  May I introduce you to the concept of a timer? Something that might turn your hot water heater or your clothes dryer on at night?
  Words of someone who has never awakened in a house set ablaze by a dryer fire.
  
  It would not be difficult to design newer clothes dryers and dishwashers to go on at night when the power is cheaper. One could even cobble up an aftermarket gizmo to do that. Obviously won't work for everything in the house, but even a 10% reduction in peak load is a considerable savings to a power company.
  Since when is it my responsibility, as the customer, to spend my money and time making devices that save the power company money?
  
  For somebody with "Do It Yourself' in your nic, you seem kinda stuck.
  Or, I'm not sucker. DIY is for my benefit, not that of the utility company.
  
  --
  An enigma, wrapped in a riddle, shrouded in bacon and cheese
6. Re:Business model by lgw · 2012-04-09 08:22 · Score: 2
  
  In man places, the dryer and water heater are gas-powered, and and so don't really come into the picture. A (reasonably modern) water heater uses very little power "at idle", and most of its power bringing the tank back up to temp right after you use hot water, so there's very little savings in turning off the heater on a timer. If you actually care about the small amount of power your water heater uses, switch to (reasonably modern) flash heaters.
  The main thing with the dryer is not to run it during peak AC load time - you don't need to wait till you're asleep.
  In the South, putting your AC on a timer (or just manually adjusting it before leaving fo work) is all that really matters.
  
  --
  Socialism: a lie told by totalitarians and believed by fools.
Obviously. by Reverand+Dave · 2012-04-09 06:20 · Score: 4, Insightful

The problems started when we deregulated this industry. The smart meter debacle is just another symptom of a system that is rotten to the core. Where I live, power rates were heavily affected by the Enron fueled energy crisis and the rates have scarcely dropped since they were artificially driven up. Year after year the power company has been asking for $0.20 rate hikes because they know they can talk the PUC into giving them at least half of what they want. All the while claiming to be losing money while the parent company of the utility is making record profits.

If the Utilities were regulated then they might have to spend a little more on the secure tech instead of the cheapest crap available. They would have a more vested interest in it since their single motivating factor is to provide service instead of to make as much money as possible.

--
I got here through a series of tubes
The "other" hacking? by Anonymous Coward · 2012-04-09 06:22 · Score: 5, Interesting

What about thieves who regularly intercept wireless signals from the meters to determine occupancy patterns, then come back and break in when no one's home?
Do these meters have end-to-end encryption? Inquiring minds want to know.
captcha: quality
1. Re:The "other" hacking? by jessehager · 2012-04-09 07:36 · Score: 3, Informative
  
  Saw this gizmo earlier today: http://www.gridinsight.com/
  Since anyone can buy a receiver to read their own meters, I'm going to say "probably not."
2. Re:The "other" hacking? by onkelonkel · 2012-04-09 07:59 · Score: 2
  
  Holy cow! I am aghast with shock and alarm! I will panic soonest!
  
  Around here thieves will look to see if any cars are in the driveway, and then ring the doorbell to see if anybody is home.
  
  --
  None of them can see the clouds; The polished wings don't care.
3. Re:The "other" hacking? by lordmage · 2012-04-09 08:30 · Score: 2
  
  That is SOOO ancient. Around here they have these heat detecting scanners that the thieves use to detect any body heat inside before they then use the nifty "Super Steel Toed boots 2000" to break in.
  
  --
  I can program myself out of a Hello World Contest!!
+1 to FA for covert Dilbert quote by khendron · 2012-04-09 06:34 · Score: 2

"...paradigm shifting without a clutch"
I always liked that quote. Too bad the FA article felt the need to [edit] it.

--
Life is like a web application. Sometime you need cookies just to get by.
Re:Lowest bidders by ColdWetDog · 2012-04-09 07:27 · Score: 2

Well they make some of them across the street from where I work, outside Chicago, Illinois.
OMG! The Chinese have invaded Chicago!
Maybe they can straighten out the politics there.

--
Faster! Faster! Faster would be better!
Public already percives these as unreliable by linebackn · 2012-04-09 07:59 · Score: 2

Where I live, these smart meters are already viewed as unreliable by the general public. The local news has reported numerous stories about how people's water bills suddenly went up after these new "smart" meters were installed.
The thing is, there is no way for the general public to verify how accurate or reliable these meters are.
Ideally these should be extremely simple, easily auditable, devices. But I can imagine the specs for something like this growing until it can send e-mail... using a database... and object orientation... and XML... on the web... in Microsoft .NET... now with HTML 5... and so on.
Bullshit by Anonymous Coward · 2012-04-09 10:11 · Score: 3, Informative

On a 200 amp feed the common leg has to be at least 2/0 copper or 4/0 aluminum. That shit is about as thick as a human thumb, requires a radius of several inches to make any kind of turn, and you're suggesting that he "stealthily" diverted it from the meter (one thumb-sized wire) and then routed it back into the meter with a second thumb-sized wire. Not a chance that this happened unless this "master electrician" created a severe fire and electrical hazard by using severely undersized wire.
Never mind the fact this this scenario seems to indicate that a common day-timer was placed serially into a 200 amp circuit, which is just utter bullshit all by itself.
Nice story though.