Dear Mr. Bentley (& Co.)
In a timely reminder that the Internet both giveth and taketh, security firm RSA this week warned that a highly organised group of cybercriminals are planning a massive banking trojan horse attack to fraudulently obtain customer funds. You can read about the plan here: RSA: Cybercriminals plot massive banking Trojan attack – ComputerworldUK.com. If this cyber-heist attempt is successful, it will prove to be not only a major inconvenience for customers, but an embarrassing security breach for the banks in question which will have had their vulnerabilities exposed in a real-life, production environment that directly impacts on customers. Coincidentally, the story is headed by a banner advert for systems giant IBM, stating, “By the end of this message, your servers, PCs and other end points could be compromised. It happens just that fast“.
Whilst this is without doubt a serious threat, it pales into insignificance when compared to what an equivalent attack on Smart Meters could do. As you may have seen, we recently published a report prepared by Dr. Isaac Jamieson highlighting some of our safety concerns regarding Smart Meter design flaws vis-a-vis weather extremes, including the fact that many Smart Meters are designed to “fail-to-off” when compromised. This, coupled with the fact that Smart Meters are networked, means that customer access to utility services at home can be remotely disconnected by anyone with the right technical knowledge. If such a scenario were to occur (presumably it is only a matter of time) we believe this would have far more profound consequences than any electronic bank heist could. After all, utility services provide the fundamental means for people to keep warm and fed, often in very harsh conditions and temperatures.
We are aware that you claim that British Gas Smart Meters are “safe and secure”; you mention this in many of your replies to the Notice of Non-Consent for Smart Meters Installation and you appear to be running advertising campaigns with similar messages. We believe differently, though. And we think we can prove it.
Our offer to British Gas (and to any other firms promoting, installing, maintaining and operating Smart Meters in the UK)
You will have seen from some of the points we raise in our Notice of Non-Consent that ‘Smart’ Meters can monitor household activity and occupancy in violation of our human rights, can record when devices in the home are operated, can have their wireless signals intercepted by unauthorised parties and can be remotely disconnected leading to loss of utility services. We also point out that the FBI has warned ‘Smart’ Meter hacking is real and is “likely to spread”.
Fortunately, the issue of “safety and security” is an exact science; either your Smart Meters are safe and secure or they are not. We believe we can spare you and your company the indecency of featuring in a story worse than the one above by proving that your ‘Smart’ Meters are neither “secure” nor “safe” before someone else does. To help us do this, we have received an offer of assistance from American Cyber Security firm, David Chalk, Inc. who would like to publicly attempt to launch a cyber attack on one of your Smart Meters.
Dr. Chalk’s challenge to you is this: “Bring forward a Smart Meter or any other technology which you think is secure and we will show you, on national TV, that it is penetrable. I guarantee you 100% that there is nothing out there that can withstand or survive a cyber attack.”
With this challenge, we are giving you the opportunity to prove publicly, once and for all, that your claims that Smart Meters are “safe and secure” have a basis in truth.
Given we are approaching the coldest time of the year, and that British Gas have already installed in excess of 400,000 ‘Smart’ Meters in customer homes, we believe time is of the essence in this matter.
Please let us know if you would like to accept our offer. You can respond to us publicly or by emailing info [at] StopSmartMeters [dot] org [dot] uk
Yours sincerely
Sir Veilmenot & the team at Stop Smart Meters! (UK)
Enc. RSA: Cybercriminals plot massive banking Trojan attack – ComputerworldUK.com
I wonder in the end whether pointing out design flaws will benefit us, the targets for the meters, or the industry who produce these products. Also, have you wondered whether ‘fail to off’ is really a design flaw? Think about it. Keep the campaign up and thank you!