>I think the concern is that hacking an IOT platform would give you names, physical addresses, and household occupancy for all of their customers.
The problem is that even if you can amass such an IOT botnet, you still need people on the ground to conduct such burglaries, and that scales poorly. Even if you tried to operate on a SaaS model, you're going to find that your clients (ie. drug users who want their next fix) are fickle and are very eager to snitch on you to the police, making it very likely that your botnet gets dismantled. On the other hand running a DDoS or "residential proxy" botnet comes with none of these hassles.
The problem is that even if you can amass such an IOT botnet, you still need people on the ground to conduct such burglaries, and that scales poorly. Even if you tried to operate on a SaaS model, you're going to find that your clients (ie. drug users who want their next fix) are fickle and are very eager to snitch on you to the police, making it very likely that your botnet gets dismantled. On the other hand running a DDoS or "residential proxy" botnet comes with none of these hassles.