According to a report today on KrebsonSecurity, the FBI apparently investigated hacks on smart grid meters in the Puerto Rico more than two years ago. In May of 2010, the FBI then warned other utilities that such frauds could continue to spread because of “the ease of intrusion and economic benefit to the hacker and the electric customer.”
In an unclassified report, the FBI estimates losses to a Puerto Rico utility at $400 million annually. The report states that “individuals are charging $300 to $1,000 to reprogram residential meters, and about $3,000 to reprogram commercial meters.” The report did not name the manufacturer of the devices.
The primary method of reprogramming occurs through an optical port. Using an infrared signal from a laptop, the criminal hackers can reprogram the meter without altering the device. The optical port is intended for field workers to perform maintenance on the meters.
Another method is even simpler: the use of magnets “suspends” the monitoring of electrical usage. The FBI suspects that customers are placing magnets on the meters at night to conceal the use of air conditioning.
Additionally, Brian Krebs reported today that Tom Liston and Don Weber, analysts with InGuardians Inc., pulled their power grid hacking presentation at this year’s Shmoocon because of concern from several vendors. Krebs quoted Liston as saying “utilities have become accustomed to deploying meters that can last 30 years before needing to be replaced, but that the advanced interactive components being built into modern smart meters requires a much more thoughtful and careful approach to security.”