Electric Bills ‘Hacked’: Hackers Manipulate the Energy Markets using IoT Botnets


Imagine you are in 2030 and wondering why the energy prices skyrocketed.

Here’s how it can happen. The Mirai botnet back in 2016 caused major website outages all across the United States exposing the vulnerability of the internet infrastructure to these malware-infected gadgets. Experts and researchers from the Georgia Institute of Technology think that botnets can target and disrupt the energy markets.

The experts used data released publicly from the California and New York markets between May 2018 and May 2019 to study the fluctuations in “real-time market” where sellers and buyers amend the mistakes in forecasting and unforeseen events such as a natural disaster as well as “day-ahead market” which forecasts the demand.

Researchers crunched the market data as well as used various hypothetical high-wattage IoT botnets to create models all leading to the conclusion that different types of potential attacks can considerably change energy prices. The ‘thing’ sounding alarms is that hackers can carry on with the attacks without being noticed

A Ph.D. candidate from the Georgia Institute of Technology, Tohid Shekari remarked that “our basic assumption is that we have access to a high-wattage IoT botnet”. Shekari researched along with his professor Raheem Beyah and fellow Ph.D. candidate, Celine Irvine.

Shekari further added that “in our scenarios, attacker one is a market player; he’s basically trying to maximize his own profit. Attacker two is a nation-state actor who can cause financial damage to market players as part of a trade war or cold war. The basic part of either attack is to look at price-load sensitivity. If we change demand by 1 percent, how much is the price going to change as a result of that? You want to optimize the attack to maximize the gain or damage.”

What happens is that an attacker can harness the power of the botnet to increase while the rest of the entities are betting it low. Another possible cause could be that demand will shoot up at a particular time and will be predicted with much certainty.

The experts, however, think that changes even if the demand is small would involve less than 50,000 infected devices to have an impactful attack. In contrast, several criminal IoT botnets are composed of millions of bots. Now what these bots can do is they can clandestinely conscript the devices into a high-wattage botnet which is barely noticeable.

According to the researchers, consumers might experience a 7 percent rise in their home electric bills which is quite low.

Experts suggest that firstly, a certain kind of real-time monitoring capable of detecting the malware infection should be introduced which can detect malicious activity early on. Secondly, the energy markets should be careful in terms of the type of data made available to the public. However, it cannot be deemed as a permanent solution but it still can act as a temporary barrier.

Beyah, confounder of the industrial-control security firm Fortiphyd Logic thinks that  “it’s an example of how the threat landscape changes in unexpected ways. Who would have thought that my washing machine or stationary bike could be the foundation of a completely new type of attack?”


Please enter your comment!
Please enter your name here