Smart Meter Hacks Cost Hundreds of Millions Annually, FBI Says
An unnamed electrical utility in Puerto Rico may have lost hundreds of millions of dollars each year since 2009, thanks to crafty hacking of "smart" home electrical meters.
In a May 2010 FBI cybersecurity bulletin obtained by security blogger Brian Krebs, the law enforcement agency reported that it believed former employees of the utility and the electric-meter manufacturer were tampering with the meters in exchange for cash.
In his KrebsonSecurity blog, Krebs said that, according to the FBI's confidential sources, the hackers used several methods to hack the smart meters, including "using an optical converter device — such as infrared light — connected to a laptop that allows the smart meter to communicate with the computer."
After infiltrating the meters, the crooks modified the settings for recording power consumption.
"Smart" electric meters communicate with switching stations at the power company, allowing the company to control electrical demand during periods of high consumption. They can also be pre-programmed to vary consumption, such as turning off the heat when no one's home.
Hackers also tampered with the smart meters by placing magnets on them, which caused the meters to stop measuring usage. All of the methods detailed in the FBI bulletin would require the perpetrator to have physical access to the meter.
"Each method causes the smart meter to report less than the actual amount of electricity used," the bulletin read, according to Krebs. "The altered meter typically reduces a customer's bill by 50 percent to 75 percent. Because the meter continues to report electricity usage, it appears be operating normally. Since the meter is read remotely, detection of the fraud is very difficult. A spot check of meters conducted by the utility found that approximately 10 percent of meters had been altered."
The FBI said the losses incurred by the Puerto Rican electric utility could reach $400 million annually. The FBI did not name the utility, but Krebs said the only company based in Puerto Rico "with anywhere near that volume of business is the publicly-owned Puerto Rican Electric Power Authority (PREPA)."
PREPA did not immediately return a request for comment from SecurityNewsDaily.
Smart-meter technology is designed to streamline the monitoring-and-controlling process for power companies and to bolster energy efficiency. But it and other efforts to modernize critical infrastructure companies are causes of great concern in the security community due to the potential damage that could arise if an unauthorized party were to hijack the infrastructure controls.