The sysadmin-activist at the center of a bizarre legal battle over a smart meter network in Seattle, Washington, says he never expected a simple records request to turn into a lawsuit. Phil Mocek told The Register that when he asked Seattle City Light, a public power utility, to provide details on the designs and rollout of its smart power meter grid, he was simply hoping to find out what security safeguards the city and hardware providers Landis+Gyr and Sensus USA planned to use. “We all assume these meters simply monitor the amount of energy usage in the home,” Mocek explained. “But they monitor it in real time in ways that other meters did not.” The worry, Mocek said, is that the city may have been convinced by the suppliers to install a network with poor security protections or insecure protocols that could place citizens at risk of having their energy-use remotely spied on or their personal information stolen. To find out more about the meters that the city was planning to install and the security measures in place to protect those meters, Mocek filed a request for documents under the Washington Public Records Act (PRA) via the MuckRock investigations website. This, says Mocek, is where things started to get real odd. The free-software advocate said that after an email exchange with Seattle City Light officials, he obtained some of the records and uploaded them to the web – only to be told that the smart meter suppliers objected to the release of the information on the grounds that the unredacted documents would disclose their trade secrets and open the public to terrorist attacks on their infrastructure. Mocek was given a mix of unredacted and redacted documents by the city, the meter makers complained, whereas he should only have received and published files they had censored. Seattle officials said they were not skilled enough to know for sure which parts to redact, so left it to the suppliers to edit the files – yet, unredacted information managed to make its way into Mocek’s hands and onto the internet.
The City of Yuma is moving forward with a lawsuit seeking restitution for water it says was stolen by Diamond Brooks, recently filing a document in court to adjust figures due to inaccurate readings on the meter used in the investigation. According to an April 7 filing in Yuma County Superior Court by the City of Yuma Attorney’s Office, the water meter was found to have an approximate 341 percent calibration error and it was disclosing the information to all parties as was required by law. City of Yuma spokesperson Dave Nash said while the error in the meter’s calibration has caused the city to adjust its figures, what it doesn’t change is that Diamond Brooks had an unauthorized connection to a fire suppression line and took water without paying for it. In November 2010, Yuma police began an investigation into the business, located at 3025 S. Avenue 4E, after receiving reports that the company had been stealing water, which it would then process and sell back to the public. It was initially thought that approximately 76.5 million gallons, which equates to a loss of over $168,000, were stolen during the course of the investigation. Nash said that the City of Yuma actually caught the error. He said that the water meter had been placed into evidence in the federal criminal trial against Diamond Brooks owner Philip Clark and that the City was able to retrieve it and have it tested by an independent engineering laboratory. Nash explained that the fire suppression line leading into the Diamond Brooks facility had a lower flow rate than a residential water line, which the water meter had been calibrated for, so when one gallon of water passed through the unauthorized connection fire suppression line, the meter recorded approximately 3.27 gallons. After the calibration error was discovered and the error factor determined, Nash said the City adjusted its figures in the lawsuit accordingly. Based on the new figures, Diamond Brooks allegedly took about 23 million gallons of water through the unauthorized connection to the fire suppression line instead of the 76.5 million gallons originally recorded on the meter during the course of the investigation. Those 22.9 million gallons, Nash said, would amount to $47,343.00 in unpaid water usage. He also said that there is evidence that Diamond Brooks was taking water for 33 months, not just the 19 months that were monitored. Clark, the owner of Yuma’s Diamond Brooks Water Company, who recently entered into a plea agreement with federal prosecutors, is scheduled to be sentenced at 9:30 a.m. on May 12 in U.S. District Court in Phoenix. He had been charged with 18 counts of wire fraud, three counts of stolen property, five counts of money laundering, 12 counts of failure to pay taxes, eight counts of failure to file tax forms, and one count of making false statements. The charges stem from allegations that he failed to pay IRS taxes he collected from his employees, and did not file corporate and individual tax returns for several years. Clark, who remains out of custody while he awaits sentencing, could receive up to five years in prison or a fine of up to $10,000, or both. Probation is also available, and if he is sentenced to probation, the term can be for no more than five years. According to his admission statement contained in the plea agreement, Clark admitted that between Jan. 1, 2001, and Dec. 31, 2009, he failed to pay the IRS $297,234 that he collected from his employees for certain employment-related taxes. He also admits that on Sept. 30, 2011, he failed to pay the IRS more than $31,296 in taxes that had been withheld from employee paychecks.
OGDEN — Logan Sattelmair says she’s living her own version of the American dream. Sattelmair, 25, purchased her first home, on Van Buren Avenue in Ogden, last summer and is employed full-time with Ogden city’s Animal Services division. She says as a young, single homeowner, money can be tight. But she keeps a budget, works hard and is proud that she can provide for own needs. Nearly a year into taking the plunge, Sattelmair said a recent bill from Questar Gas threw a serious monkey wrench into her pattern, adding a small element of nightmare to the whole independent homeowner equation. On April 27, Sattelmair said she got a bill from Questar for $312. Sattelmair said her previous month’s gas bill for her two-bedroom home was $44. Throughout the winter months, her gas bills hovered around that number.
“When I saw that bill, I said, ’Holy crap, this is crazy,’” she said. “I instantly got up and turned the heat off. I had no idea what was going on. I thought maybe I had some kind of leak or something.”
After making a call to Questar, Sattlemair eventually found out her gas delivery system was working just fine. Her meter, on the other hand, was a different story.
“I was told by someone in customer service that they noticed my bill was lower than what the previous owner had been paying,” she said. “They said they sent someone over to check and the meter had been misreading my usage.”
Sattelmair was told she must backpay for the gas she used. Questar is allowing her to space the payment over six months, interest free, but she says even that will stretch her pocketbook thin.
“I am single, doing it all on my own,” she said. “This is going to be like having another $50 bill each month. I’m already living tight as it is.”
Questar spokesman Darren Shepherd said bad meter readings, while rare, can happen. He said the Utah natural gas tariff, which is regulated by the Utah Public Services Commission, allows Questar to make billing corrections regardless of the cause of error. (Details on the gas tariff can be found in a 142-page document available at Questar’s website.)
“It’s about paying for the gas you actually use,” Shepherd said, noting that sometimes billing errors occur on the opposite end of the spectrum and Questar overcharges customers, then must pay them back or credit their account.
For billing errors, Shepherd said customers are typically allowed to make payments without interest over a period equal to the time the account was misread.
Cyber threats come in various forms. A diverse threat actor landscape consisting of criminals, espionage actors, hacktivists, and more have demonstrated how successful they can be launching remote attacks. Gaining unauthorized access into networks, stealing sensitive intellectual property, financial, and personal identifiable information, and conducting defacements and denial-of-service attacks, are just some ways these hostile elements target organizations in both the public and private sectors. If enterprises want to understand how they can better invest in security defenses, build the necessary One class of actor that often gets overlooked is the insider threat, largely because they represent a hybrid type of actor that capitalizes on his physical access to conduct malfeasance, often leveraging some cyber aspect in the fulfillment of his goals. What is wrong with this picture? Insiders can both be witting and unwitting. The unwitting or careless insider is an individual with legitimate accesses but who through poor judgment commits a security infraction that results in potential consequences for his organization (e.g., think the insertion of a USB key into an organization’s network). The witting or malicious insider is an individual that makes the conscious decision to abuse his access in order to obtain sensitive and/or financial information for personal gain or purposeful malicious intent (e.g., an individual like Chelsea Manning or Edward Snowden fits this category). A third type of insider is the remote actor or masquerading insider who has compromised legitimate credentials in order to gain access as a trusted individual on an organization’s network. One thing that all of these three types have in common: once inside, perimeter security can do little to deter their actions.