Washington Post Retracts Story About Russian Hackers Penetrating US Electricity Grid

Those anonymous U.S. officials who reported Russian hacking code had been found "within the system" of a Vermont power utility must've been surprised to learn the code was on a laptop that wasn't actually connected to the grid. The Washington Post has updated their original story, which now reports that "authorities" say there's no indication that Russian hackers have penetrated the U.S. electric grid.

The Post's newly-edited version now appears below (with their original and now-deleted text preseved inside brackets). A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials. While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the discovery underscores the vulnerabilities of the nation's electrical grid... [Was "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."]

American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The incursion [was "penetration"] may have been designed to disrupt the utility's operations or as a test by the Russians to see whether they could penetrate a portion of the grid... According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.
The Vermont utility does report that they'd "detected suspicious Internet traffic" on the laptop, but they believe subsequent news coverage got the story wrong. "It's unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country."

Bullshit

One laptop not on the network had malware.

Fuck the washington post.

http://boingboing.net/2016/12/31/no-russia-didnt-hack-vermon.html

Re:Bullshit

[Vegan+Cyclist]

Err...you link to BoingBoing, who in turn links to Glenn Greenwald who himself is infamous for spinning wildly inaccurate stories. Greenwald asserts:

What’s the problem here? It did not happen.

There was no “penetration of the U.S. electricity grid.” The truth was undramatic and banal. Burlington Electric, after receiving a Homeland Security notice sent to all U.S. utility companies about the malware code found in the DNC system, searched all their computers and found the code in a single laptop that was not connected to the electric grid.

Sadly, the premise of his claim may be true (there is a chance the code wasn't a deliberate attempt by Russia), but rather than simply state that, he makes his own unsubstantiated claim that "it did not happen". He does not know for certain that it wasn't a deliberate attempt from Russia.

There's a lot of words in the Greenwald piece, but it all hinges on this press release from the power company (via the Burlington Free Press):

Statement from Burlington Electric Department:

"Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks," said Mike Kanarick, spokesman for Burlington Electric Department. "We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully."

Greenwald conveniently excludes the press release (the foundation of his claims), because anyone reading it would realize he's being just as hysterical, and relies on dopes like the editor at BoingBoing to 'trust' that somehow Greenwald knows more.

Shame on BoingBoing for being so lazy, and shame on the OP for not actually doing a little reading, and perpetuating the very same spin tactics. It took me all of 30 seconds to get to the bottom of this. The Washington Post also took it too far and sensationalized the story.

The code was found on a laptop at the power station, and it's Russian in origin. It's uncertain if it's deliberate, and they're investigating that aspect of it now. That's the whole story as I can see it, and it doesn't seem like something to dismiss. It's definitely concerning, regardless of where the code came from. The laptop wasn't connected to the power station network, but depending on the malware, it might not have taken much (a USB stick copying some files to a network computer) to change that. So yes, let's keep investigating, and hopefully it was just some 'user viewing a bad website', but we can't say that right now either.

Re:Bullshit

[Xenographic]

There's a ton of Russian malware/botnets out there. Same for Chinese, etc. The burden is on the person making the assertion this is the work of the Russian government, because the media is hard at work with flimsy, inaccurate stories like this which they end up retracting in part after the big headlines hit (see also: changes to the ODNI report...).

Obama is up there sabotaging diplomacy efforts with Israel & Russia that will compromise our ability to take out Isis. Islamic radicals, incidentally, were the ones behind the assassination of that Russian diplomat.

So ask yourself, why would you want to be on the same side as the Daesh & co.?

1 laptop, not connected to the grid

[david.emery]

Journalists wonder why people don't trust them, and this story is a good example. Turns out the crap was found on one laptop in the company's possession, which was not connected to their power grid.

(And when will companies/CIOs stop buying computers that contain so many exploitable vulnerabilities? I guess the answer is "Not until there's financial and legal consequence for their failure.")

Re:1 laptop, not connected to the grid

[mattwarden]

I'm very happy to come to the comments section and find mostly mocking and people who looked beyond the headline. Would have been nice if the editors did that.

Here is the full takedown on The Intercept of this BS-vending from WaPo: https://theintercept.com/2016/...

Re:has to be asked

[Streetlight]

According to an earlier post the laptop that was allegedly infected was not connected to the electric company's grid control system. That conclusion answered my first question. Any vital utility system should absolutely never have it's control system of computers connected to the Internet. If somehow that's the case, those responsible need a very long prison sentence. There also needs to be other security measures to prevent folks having direct access to these control systems from sabotaging them.

Re:has to be asked

[Freischutz]

Why is infrastructure on the public Internet ? It is not like the internet existed when most of the US electric grid was 'designed' and built. It worked quite well for 70 or so years without the internet. And I will say I have experienced more blackouts over the past 10 years than I did in total before 1990.

Infrastructure does not have to be on the internet to be hacked. The Iranians air-gapped the computers controlling their nuclear centrifuges and Stuxnet still managed to infect and damage them. The interesting thing is that Russian hackers have actually taken down an electricity grid, that of the Ukraine. The Ukrainians brought it back online relatively quickly by manual operation even though their computer control systems remained a mess. The irony of that incident was that the relatively primitive nature of the Ukrainian grid actually worked for the Ukrainians. It is doubtful that the higher tech grids in the west could be brought up that quickly after a major attack. Just because this incident turned out to be an attack of hysteria, I think we can learn from the Ukrainian experience that it pays to be vigilant and just because the US now has a Russophile president who is a paid up member of the Putin fan club does not mean that the Russians will stop probing for weaknesses in US infrastructure systems.

No Grid Penetration

[Mr+D+from+63]

The headline is complete bullshit. Can the author not even read? The grid was not penetrated, hacked, or comprimised. No report says it was. This is totally a fabrication from the reporters.

"We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems."

Re:has to be asked

[HornWumpus]

Worked in the industry for a decade. Wrote simulation shells that did short term forecasts based on on system conditions, did data reductions etc (e.g. This unit IS going down for unscheduled maintenance, how much will it cost to shut it down RTF now vs after afternoon peak?) Went on to 'tech lead' for significant energy trading/risk management platform. Ran on many traders and grid operators desks...don't ask, won't tell. Did once see a bug because grand total on printable VAR only had room for 10 digits plus sign. Assigned to Brahmin coder, week later I fixed it myself, I digress.

What you say isn't really possible. What they typically do have is a secure network, which runs operations, staffed with lots of ex-military actual Engineering school grads. That network is being monitored by redundant data integrators which present integrated (by some time interval, usually hours/half hours or minutes, back when I was up to my nose in it) system data to a second less secure (but still as secure as any corporate) network where routine operations run. That server is usually locked down tight, read only from the less secure network; but that is only software. They also like to run diverse OSs, lots of 'big iron' and Unixes and home brewed binary data formats. These things were mostly architected before Windows was common, particularly on the secure side it's still loaded with 'legacy', likely to remain so until they have a complete staff turnover. Old Dilbert with neckbeard flipping a nickle at Wally and telling him to get a better computer, that's the dude.

Routine operations need access to internet based facilities. To schedule transmission line capacity, trade power, get closing prices from grid operators, weather forecasts and unit availability from neighbors (lots of VPNs). But that part of the operations could more or less crash and burn and it will only cost money (and extra CO2). Operations, more or less, ignores trading at the minute by minute level. Trading gives them trade schedules and operations will try their best. But if 'shit happens' they keep the lights on and let the accountants worry about reconciling to 'what should have happened'. Which is sometimes a bitch of a computational problem, fortunately most everybody involved are engineers and close enough is close enough. Pennies aren't statistically significant; try and explain that to an accountant. Don't recommend it, just say 'not a material difference' and get on with your life, I'm digressing again.

Re:Tit for tat

[ScentCone]

the USA has invaded a country that didn't attack it and was no threat to it

What, Afghanistan? That country was taken over by the Taliban, which in turn fed, sheltered, and harbored an organization that deliberately set out to kill thousands of Americans and did. The entity running Afghanistan then refused to turn the leaders of that terrorist organization over for prosecution - even as that group promised ever more killings across the world. You're complaining that multiple countries, including the US, after extensive diplomatic attempts through the Taliban's so-called government, only to see that Taliban was not only sheltering AQ, but approved of their mission and gave them material support ... that we sent in forces to end that threat? Your definition of "didn't attack" and "no threat" would sound pretty juvenile and absurd to someone whose family member was killed in those attacks you think didn't happen.

I am curious - what do you think will happen when you lie like that? Are you like those holocaust denier who actually think someone will believe them when they say it never happened? Do you understand how childish you sound when you stamp your feet and pretend that AQ and the Taliban didn't kill thousands of people? So that you understand: everyone knows they did. YOU know they did. So when you lie about it, it really does make people wonder what's wrong with you, that you think someone will believe you. Perhaps you should talk to a doctor or other counselor so you can get some help with this compulsion of yours.

Re: Meh

[submergingmkt]

Anyone who doubts Trump's long-standing connections w sketchy Russia\FSU types should read this: http://www.the-american-intere...

Re: Tit for tat

[hambone142]

"Treat the United States nicely or we'll bring democracy to your country"

Re:Evaluate the U.S. government? No, too many secr

[hambone142]

Watching the video "Why We Fight" explains a lot of this.

Eisenhower warned us about the Military Industrial Complex.

Now both parties are dependent upon war for a successful economy.

Notice we're still in Afghanistan.

Why?

Re:Tit for tat

[ScentCone]

Oh, you mean Iraq, which we and a large group of other countries invaded as part of pushing Saddam Hussein back out of his attempt to annex Kuwait? That Iraq? Or are you referring to Iraq, a few years after Saddam's invasion of a neighboring country, when he'd utterly failed to adhere to a single promise he made in order preserve his rule as his forces retreated from that invasion? Are you thinking of the invasion that happened when Saddam did everything he could to block weapons inspectors? They guy who was so busy slaughtering entire villages with WMDs that we had to enforce no fly zones ... and his forces never stopped shooting at the aircraft enforcing those zones? Are you thinking of the Iraq that was stealing UN funds meant to feed his people, and using that stolen international fund to continue to re-build his military, buy more of the long range missiles he promised he'd never have again, funnel cash to terrorists, and otherwise enrich himself and his cronies?

Doesn't matter which of the hundreds of violations he committed non-stop from the minute his forces were pushed out of Kuwait. The one that matters was his continual targeting of US aircraft. Non-stop. Never stopped.

I know, I know - you think it would have been better to let him continue to use his WMDs to slaughter thousands of ethnic and religious minorities and to lob SCUDs over his border into Israel, etc. No need to worry about stuff like that. It's just a little squabble in the Middle East, right?

Re:Israel isn't anybody's ally

[Tablizer]

Sorry, Israel is a land thief, just like Russia. Their mommies should spank them both. All the excuses for the settlements are just plain dumb. Givvitup.

Re: More slashdot fake news

[ganjadude]

yeah that was a bad troll. i mean. we werent playing a game where popular vote matters, thats like saying the winning world series team lost too, because the losing team actually had more runs (or hits, or fans in the stands or any other irrelevant point that has nothing to do with the actual rules)