Slashdot Mirror

← Back to Stories (view on slashdot.org)

Washington Post Retracts Story About Russian Hackers Penetrating US Electricity Grid (washingtonpost.com)

Posted by EditorDavid on from the power-play dept.

Those anonymous U.S. officials who reported Russian hacking code had been found "within the system" of a Vermont power utility must've been surprised to learn the code was on a laptop that wasn't actually connected to the grid. The Washington Post has updated their original story, which now reports that "authorities" say there's no indication that Russian hackers have penetrated the U.S. electric grid.

The Post's newly-edited version now appears below (with their original and now-deleted text preseved inside brackets). A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials. While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the discovery underscores the vulnerabilities of the nation's electrical grid... [Was "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."]

American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The incursion [was "penetration"] may have been designed to disrupt the utility's operations or as a test by the Russians to see whether they could penetrate a portion of the grid... According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.
The Vermont utility does report that they'd "detected suspicious Internet traffic" on the laptop, but they believe subsequent news coverage got the story wrong. "It's unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country."

90 of 574 comments (clear)

  1. Meh by Anonymous Coward · · Score: 5, Insightful

    Here we go again. This reminds me of a boy, a boy who loved to cry wolf.

    1. Re:Meh by unixisc · · Score: 3, Insightful

      Here we go again. This reminds me of a boy, a boy who loved to cry wolf.

      Precisely. After a year of troll articles about Trump, /. has now become Russia Watch. In addition to a meteorological site. Fuck BeauHD, MSMASH, EditorDavid and WhipSlash. I joined this the day after CmdrTaco left, but the articles used to be about tech stuff - be it OSs, computers, phones, et al

    2. Re:Meh by INT_QRK · · Score: 5, Insightful

      One should assume a posture of tentative disbelief about anything with potential political charge that one reads in the media pending sufficient corroboration from multiple sources over time.

    3. Re:Meh by unixisc · · Score: 4, Insightful

      So this would be the same people who endorse Obama/Kerry's treatment of our only Mid-Eastern ally Israel on their way out, but are miffed that Trump supporters are not being patriotic enough?

    4. Re:Meh by unixisc · · Score: 3, Insightful

      Not for not knowing how to use e-mails, but for maintaining her OFFICIAL WORK ON A PRIVATE SERVER, CRETIN!!!

    5. Re:Meh by Dutch+Gun · · Score: 3, Insightful

      Republicans like me have been here a long time. There just didn't used to be so many political stories here on Slashdot.

      --
      Irony: Agile development has too much intertia to be abandoned now.
    6. Re: Meh by Anonymous Coward · · Score: 5, Insightful

      Hey genius, if you didn't fucking notice (and you didn't), all they did was copy the Crowdstrike report. And guess what, Crowdstrike was paid by the DNC.

    7. Re: Meh by Dutch+Gun · · Score: 3, Interesting

      Do you trust all the three letter agencies when they tell us they need to plant backdoors in all our phones and computers to keep us safe?

      --
      Irony: Agile development has too much intertia to be abandoned now.
    8. Re:Meh by hambone142 · · Score: 2, Funny

      Which one are you?

      A Republican or a Russian operative?

    9. Re:Meh by Anonymous Coward · · Score: 3, Insightful

      We've been pulled into an alternate universe where the liberals are war mongering sociopaths who justify their actions with fake news while complaining about fake news.

      Please 2017 hurry up.

    10. Re: Meh by submergingmkt · · Score: 2, Informative

      Anyone who doubts Trump's long-standing connections w sketchy Russia\FSU types should read this: http://www.the-american-intere...

    11. Re: Meh by unixisc · · Score: 2

      Funny. I notice more of a semblance to Huffington Post or the Guardian - two favorites of enough posters here

    12. Re: Meh by HornWumpus · · Score: 2

      The low level people are absolutely keeping their mouths shut. We are hearing from political appointees, saying what they are instructed to say.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    13. Re: Meh by Fire_Wraith · · Score: 2

      Their oath isn't to the president - it's to uphold and defend the Constitution of the United States of America. The vast majority of the defense and intelligence community (because there's a huge overlap, and several of the 17 agencies are part of the military, plus many of those who aren't are chock full of veterans) also tend to be highly professional about doing their jobs regardless of who's in charge, particularly the rank and file analysts who do the actual work on this stuff.

    14. Re:Meh by ClickOnThis · · Score: 2

      Here we go again. This reminds me of a boy, a boy who loved to cry wolf.

      Considering the update, which negates the story, does this count as that "fake news" we've been hearing about?

      No, it doesn't.

      Fake news is a story that is presented as factual news (not satire) whose author knows it to be untrue, and who publishes it with the intent to deceive.

      It is not the same as a news item whose author pursues the truth in good faith, but gets it wrong and then later posts a correction. That is what WP did here.

      --
      If it weren't for deadlines, nothing would be late.
    15. Re:Meh by ClickOnThis · · Score: 2

      Here we go again. This reminds me of a boy, a boy who loved to cry wolf.

      The "boy who cried wolf" knew he was lying.

      The Washington Post made a mistake, and corrected it.

      Learn to recognize the difference.

      --
      If it weren't for deadlines, nothing would be late.
    16. Re:Meh by Mr+D+from+63 · · Score: 2

      They didn't make a mistake. They made up claims that the grid was penetrated when hey were clearly told it wasn't.

    17. Re:Meh by pipingguy · · Score: 2

      But it's sooo important to be the FIRST! to report on something for all that fame, glory and cash! Self-important, sensationalist morons, all of them.

      Hey did you hear that Mariah Carey's problem last night was that the monitors were broken and she couldn't sing because she couldn't read the lyrics?

    18. Re:Meh by ClickOnThis · · Score: 3, Interesting

      From the Burlington Electric website linked in TFS:

      Federal officials have indicated that this specific type of Internet traffic also has been observed elsewhere in the country and is not unique to Burlington Electric. It’s unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country.

      So, Burlington Electric itself is admitting mea culpa on this one.

      --
      If it weren't for deadlines, nothing would be late.
    19. Re:Meh by Jiro · · Score: 2

      It is not the same as a news item whose author pursues the truth in good faith

      The Washington Post did not post that in good faith. They posted it because Russian hackers have been used as an excuse to bash Trump, and the Washington Post's narrative is anti-Trump.

      Also, the phrase "reckless disregard for the truth" applies here. They aren't excused from having posted fake news just because they didn't care if it was true and didn't bother checking.

    20. Re:Meh by NoImNotNineVolt · · Score: 2

      our only Mid-Eastern ally Israel

      Is Saudi Arabia no longer part of the Middle East? Oman? UAE?

      --
      Chuuch. Preach. Tabernacle.
    21. Re:Meh by unixisc · · Score: 2

      None of the Arab countries are our allies - not Saudi Arabia, not Oman, not UAE, not Qatar, not Kuwait, none of them. Relations transcend mere government to government interactions

    22. Re:Meh by DougDot · · Score: 2

      Responsible journalists verify before publishing.

  2. This is a very serious accusation by Frank+Burly · · Score: 5, Funny

    I will not believe this is true until Trump says it isn't a big deal.

    1. Re:This is a very serious accusation by Tablizer · · Score: 2

      If it turns out to be a 400 pound Russian in his mom's basement, then both parties are right.

      --
      Table-ized A.I.
  3. Tit for tat by Anonymous Coward · · Score: 3, Insightful

    You can't use your NSA to break in, spy, and sabotage industries, utilities, and governments, around the world. If you conduct malicious and damaging operations like you have for decades, expect that the world will respond.

    1. Re:Tit for tat by Ryanrule · · Score: 3, Insightful

      russia does not represent the worlds interests, very far from in fact.

    2. Re:Tit for tat by beelsebob · · Score: 4, Insightful

      Nor does the USA.

    3. Re:Tit for tat by richardkettle4 · · Score: 2

      If you think that moral relativism is an insult, I would point out that it simply is the case. I have lived in many countries and guess what? Their morals are reflective of their needs, their history, their desires, their environment, their Gods etc. Perhaps you are thinking of ethics, for that is the hiding place of cowards. If you think you are right, you do not have morals, but ethics.

    4. Re: Tit for tat by Ichijo · · Score: 2

      The world is in a very precarious position if peace depends so much on a single country. Where's the redundancy that protects the world if something happens to the USA?

      --
      Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
    5. Re: Tit for tat by ScentCone · · Score: 3, Insightful

      Where's the redundancy that protects the world if something happens to the USA?

      Excellent question. Why won't other countries agree to shoulder anything at all like their own share of that load? Because Americans are far too generous that way, but do it anyway because not doing so means having to deal with the even more expensive consequences later. We can't totally wash our hands of that chore, no matter how lazy other countries are, because it will end up just like the last two world wars when we hoped to avoid that expensive and deadly work for too long as well, and still had to get involved.

      --
      Don't disappoint your bird dog. Go to the range.
    6. Re:Tit for tat by ScentCone · · Score: 4, Insightful

      So what you're saying is that you have no understanding of what morals and ethics actually are. No wonder you opt for sounding so petulant on the subject, in order to distract from your unwillingness to discuss the matter in real terms.

      Your moral framework derives directly from your value system. If your value system is based on false and or mixed premises, your moral code will either be objectively evil or simply so internally hypocritical and contradictory that it cannot be used to shape a workable bundle of ethics. If you think that living in another country where the environment is different means that one's evaluation of whether or not it's OK to (for example) murder, rape, steal, enslave, lie, etc would be different, then your entire understanding of the matter is so under (or mal) informed, or you are so willing to be disingenuous in the interests of being able to sound like a condescending superior, that you really should excuse yourself from making such lectures. Especially when you decide to trot out words like "cowards" while making such a craven display of your own.

      --
      Don't disappoint your bird dog. Go to the range.
    7. Re:Tit for tat by dilvish_the_damned · · Score: 4, Interesting

      While the phishing attack may have originated in Russia, I find it disingenious to portray everything as state sponsored when the evidence is weak at best. To me its something akin to suggesting we need to retaliate against Australia every time Julian Assange takes a leak.

      --
      I think you underestimate just how much I just dont care.
    8. Re:Tit for tat by king+neckbeard · · Score: 5, Insightful

      Our posture is fucking horrific. We support Israel even when they blatantly violate international law. We've long sided with Saudi Arabia, the world's largest state sponsor of terrorism. We overthrew Iraq, creating ISIS. We're largely responsible for arming a good chunk of the terrorists in the world. Yeah, Russia does shitty things, but our problems are big enough that our first concern should be fixing our own problems. Not understand that, along with the unbelievable hubris of the Clintonites, is why the Democrats got their asses kicked in this election, and why they've been getting their asses kicked for so long.

      As it stands right now, the best thing that could happen for world peace is for the US to go down in flames. I would rather that not happen, but if we listen to people like you instead of behaving like adults, the rational choice for the world at large is to get rid of us.

      --
      This is my signature. There are many like it, but this one is mine.
    9. Re:Tit for tat by blind+biker · · Score: 3, Insightful

      People who can't muster the vertebrae to correctly observe that the US's general posture in the world is wildly preferable to Russia's are the sort of people who, on display, just cost the Democrats another large chunk of political power. If the US stops what they traditionally do, countries like Russian and Iran invade other countries and take them over. If Russia stops what it's doing, cities like Aleppo aren't turned into rubble through indiscriminate bombing by a country that wishes it could resurrect some good old fashioned socialist tyranny, just like the sweet, sweet days of the USSR. If Iran stops what it's doing, thousands of people aren't routinely killed over hair-splitting religious differences by a retrograde medieval theocracy that pours cash into terrorist operations. Yeah, the US is exactly like those things.

      Actually, I would say it's Sunni Islam that is hell-bent on destroying any other religion, including "incompatible" versions of Islam. Whenever there is a suicide or otherwise bombing targeting civilians, whenever there is a church, a bar, or a mosque bombed or shot up, it's the work of a Sunni extremist, and practically never of a Shia Islamist. Personally I am a socialist atheist (much like Hitchens) so I don't have any horse in the race, but to me it's plainly clear that the US has been supporting Saudi Arabia quite aggressively, and the US' destabilizing actions in Syria, Yemen, Lybia and Iraq (resulting in the proliferation of Sunni movements like ISIS and various Al-Quaeda affiliates) must have been, at least partly, been directed by the powers in the Saudi kingdom. If not, then the US are dangerous suckers, and either way, the US' foreign policy does not make the world a better place. I don't like Russia's self-serving leadership, but I am glad there is a counter-force to the Wahabi-Sunni-US block.

      --
      "The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
    10. Re:Tit for tat by Highdude702 · · Score: 3, Insightful

      My question... DID EVERYBODY FORGET ABOUT THIS NEW TECHNOLOGY CALLED "PROXY" WHERE YOU CAN TUNNEL YOUR TRAFFIC THRU A LEGIT OR... GET THIS..HACKED DEVICES!!! yes that includes your refrigerator home camera system, hell even some home alarm systems are vulnurable. for being "nerds" and knowing how "technology" works you sure do forget obvious steps to hide your tracks.. and lets face it. USA hacker hacks kremlin pc, ssh tunnel traffic to it. hacks podesta "THE RUSSIANS DID IT!!" fucking morons

    11. Re:Tit for tat by bmo · · Score: 2

      I keep talking about this fact and all I seem to get is "so you know more than the CIA and FBI?"

      And it hurts my head so much and I need to find a place to do a primal scream.

      They're going to talk us into war and there is fuck-all anyone can do about it. Because people are so tech illiterate that they can be led by the nose right into the front lines.

      Because"the big E is the Internet!"

      FUCK.

      --
      BMO

    12. Re: Tit for tat by hambone142 · · Score: 4, Informative

      "Treat the United States nicely or we'll bring democracy to your country"

    13. Re: Tit for tat by hambone142 · · Score: 2

      They tried to reunite their country that the French separated. The "domino effect" was later proven to be 100% bullshit.

      Kennedy went in and made the problem worse supporting their puppet South Vietnam's Catholic "leader". Both parties contributed to the mess beyond that.

      Ironically, Nixon ended it but only because parents got tired of getting their sons sent to die in a war that would never be won.

    14. Re:Tit for tat by Shane_Optima · · Score: 2

      It is not spinelessness to live and breathe in the real world, where everyone has blood on their hands and virtually every single decision of any significant magnitude is of a "lesser evil" sort.

      * Increased Chinese and Russian dominance in the world is not preferable, and you'll find their direct oppression and foreign alliances are more cynical and destructive than anything we've recently done.

      * The continued propagation of Salafism and pan-Islamism in the Muslim world is not preferable to the status quo, including every single wrong and stupid thing we've done on this front.

      * The EU is nowhere near strong enough or stable enough to be a powerful world player without America at its back.

      None of that is apologia for America; it is merely the recognition that the improvement and maintenance of America, which is indeed a patriotic enterprise, is still the best hope for the world. Advocating for the downfall of America is advocating for a power vacuum that will be filled by something worse, and in ages past demonstrably was worse.

  4. Countermeasures by LTIfox · · Score: 3, Interesting

    Some organizations started to inject fake phishing emails into their communication systems. All employees who clicked get their heads bashed with a rock.

  5. Bullshit by Anonymous Coward · · Score: 5, Informative

    One laptop not on the network had malware.

    Fuck the washington post.

    http://boingboing.net/2016/12/31/no-russia-didnt-hack-vermon.html

    1. Re:Bullshit by Velox_SwiftFox · · Score: 4, Interesting

      Exactly, bullshit. It sounds to me like an employee used his laptop to visit an infected website, or answered a general phishing mail.

      Hardly an attack aimed at the grid, and volume cranked up to 11 by WP as a part of the general current panic to glorify Obama and what his administration has done, and undermine the incoming administration.

      Or the WP feels it is simply unimportant to get proper attribution and any of the details right.

    2. Re:Bullshit by Vegan+Cyclist · · Score: 2, Informative

      Err...you link to BoingBoing, who in turn links to Glenn Greenwald who himself is infamous for spinning wildly inaccurate stories. Greenwald asserts:

      What’s the problem here? It did not happen.

      There was no “penetration of the U.S. electricity grid.” The truth was undramatic and banal. Burlington Electric, after receiving a Homeland Security notice sent to all U.S. utility companies about the malware code found in the DNC system, searched all their computers and found the code in a single laptop that was not connected to the electric grid.

      Sadly, the premise of his claim may be true (there is a chance the code wasn't a deliberate attempt by Russia), but rather than simply state that, he makes his own unsubstantiated claim that "it did not happen". He does not know for certain that it wasn't a deliberate attempt from Russia.

      There's a lot of words in the Greenwald piece, but it all hinges on this press release from the power company (via the Burlington Free Press):

      Statement from Burlington Electric Department:

      "Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks," said Mike Kanarick, spokesman for Burlington Electric Department. "We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully."

      Greenwald conveniently excludes the press release (the foundation of his claims), because anyone reading it would realize he's being just as hysterical, and relies on dopes like the editor at BoingBoing to 'trust' that somehow Greenwald knows more.

      Shame on BoingBoing for being so lazy, and shame on the OP for not actually doing a little reading, and perpetuating the very same spin tactics. It took me all of 30 seconds to get to the bottom of this. The Washington Post also took it too far and sensationalized the story.

      The code was found on a laptop at the power station, and it's Russian in origin. It's uncertain if it's deliberate, and they're investigating that aspect of it now. That's the whole story as I can see it, and it doesn't seem like something to dismiss. It's definitely concerning, regardless of where the code came from. The laptop wasn't connected to the power station network, but depending on the malware, it might not have taken much (a USB stick copying some files to a network computer) to change that. So yes, let's keep investigating, and hopefully it was just some 'user viewing a bad website', but we can't say that right now either.

    3. Re:Bullshit by Xenographic · · Score: 2, Informative

      There's a ton of Russian malware/botnets out there. Same for Chinese, etc. The burden is on the person making the assertion this is the work of the Russian government, because the media is hard at work with flimsy, inaccurate stories like this which they end up retracting in part after the big headlines hit (see also: changes to the ODNI report...).

      Obama is up there sabotaging diplomacy efforts with Israel & Russia that will compromise our ability to take out Isis. Islamic radicals, incidentally, were the ones behind the assassination of that Russian diplomat.

      So ask yourself, why would you want to be on the same side as the Daesh & co.?

  6. 1 laptop, not connected to the grid by david.emery · · Score: 5, Informative

    Journalists wonder why people don't trust them, and this story is a good example. Turns out the crap was found on one laptop in the company's possession, which was not connected to their power grid.

    (And when will companies/CIOs stop buying computers that contain so many exploitable vulnerabilities? I guess the answer is "Not until there's financial and legal consequence for their failure.")

    1. Re:1 laptop, not connected to the grid by mattwarden · · Score: 5, Informative

      I'm very happy to come to the comments section and find mostly mocking and people who looked beyond the headline. Would have been nice if the editors did that.

      Here is the full takedown on The Intercept of this BS-vending from WaPo: https://theintercept.com/2016/...

    2. Re:1 laptop, not connected to the grid by david.emery · · Score: 3, Interesting

      There have been substantial penetrations of the US Power Grid, but this was -not- one of them. I remember hearing about vulnerabilities in the electrical grid and other SCADA critical infrastructure in the '90s. The one guy who talked about that worked for the EPRI, and ended up getting fired because he continually pointed out how the utilities were -ignoring- the problem.

      (Agree, mod parent up, good link!)

    3. Re:1 laptop, not connected to the grid by Imrik · · Score: 3, Insightful

      I don't think they're an arm of the government, they're just creating stories that will sell/get clicks. Clever government officials have figured out how to release information that will cause the story they want out to be the one written.

  7. has to be asked by jmccue · · Score: 2, Insightful

    Why is infrastructure on the public Internet ? It is not like the internet existed when most of the US electric grid was 'designed' and built. It worked quite well for 70 or so years without the internet. And I will say I have experienced more blackouts over the past 10 years than I did in total before 1990.

    1. Re:has to be asked by Streetlight · · Score: 4, Informative

      According to an earlier post the laptop that was allegedly infected was not connected to the electric company's grid control system. That conclusion answered my first question. Any vital utility system should absolutely never have it's control system of computers connected to the Internet. If somehow that's the case, those responsible need a very long prison sentence. There also needs to be other security measures to prevent folks having direct access to these control systems from sabotaging them.

      --
      In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
    2. Re:has to be asked by Freischutz · · Score: 3, Informative

      Why is infrastructure on the public Internet ? It is not like the internet existed when most of the US electric grid was 'designed' and built. It worked quite well for 70 or so years without the internet. And I will say I have experienced more blackouts over the past 10 years than I did in total before 1990.

      Infrastructure does not have to be on the internet to be hacked. The Iranians air-gapped the computers controlling their nuclear centrifuges and Stuxnet still managed to infect and damage them. The interesting thing is that Russian hackers have actually taken down an electricity grid, that of the Ukraine. The Ukrainians brought it back online relatively quickly by manual operation even though their computer control systems remained a mess. The irony of that incident was that the relatively primitive nature of the Ukrainian grid actually worked for the Ukrainians. It is doubtful that the higher tech grids in the west could be brought up that quickly after a major attack. Just because this incident turned out to be an attack of hysteria, I think we can learn from the Ukrainian experience that it pays to be vigilant and just because the US now has a Russophile president who is a paid up member of the Putin fan club does not mean that the Russians will stop probing for weaknesses in US infrastructure systems.

    3. Re:has to be asked by HornWumpus · · Score: 5, Informative

      Worked in the industry for a decade. Wrote simulation shells that did short term forecasts based on on system conditions, did data reductions etc (e.g. This unit IS going down for unscheduled maintenance, how much will it cost to shut it down RTF now vs after afternoon peak?) Went on to 'tech lead' for significant energy trading/risk management platform. Ran on many traders and grid operators desks...don't ask, won't tell. Did once see a bug because grand total on printable VAR only had room for 10 digits plus sign. Assigned to Brahmin coder, week later I fixed it myself, I digress.

      What you say isn't really possible. What they typically do have is a secure network, which runs operations, staffed with lots of ex-military actual Engineering school grads. That network is being monitored by redundant data integrators which present integrated (by some time interval, usually hours/half hours or minutes, back when I was up to my nose in it) system data to a second less secure (but still as secure as any corporate) network where routine operations run. That server is usually locked down tight, read only from the less secure network; but that is only software. They also like to run diverse OSs, lots of 'big iron' and Unixes and home brewed binary data formats. These things were mostly architected before Windows was common, particularly on the secure side it's still loaded with 'legacy', likely to remain so until they have a complete staff turnover. Old Dilbert with neckbeard flipping a nickle at Wally and telling him to get a better computer, that's the dude.

      Routine operations need access to internet based facilities. To schedule transmission line capacity, trade power, get closing prices from grid operators, weather forecasts and unit availability from neighbors (lots of VPNs). But that part of the operations could more or less crash and burn and it will only cost money (and extra CO2). Operations, more or less, ignores trading at the minute by minute level. Trading gives them trade schedules and operations will try their best. But if 'shit happens' they keep the lights on and let the accountants worry about reconciling to 'what should have happened'. Which is sometimes a bitch of a computational problem, fortunately most everybody involved are engineers and close enough is close enough. Pennies aren't statistically significant; try and explain that to an accountant. Don't recommend it, just say 'not a material difference' and get on with your life, I'm digressing again.

      --
      John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
    4. Re:has to be asked by dj245 · · Score: 2

      Not an expert here. Far from it, but it sounds like the electric generation and the grid control systems have the possibility for multiple sites of failure as well as multiple sites for intrusion by bad guys. This sounds like a recipe for disaster. Hopefully critical sites such as the defense department, local police departments, hospitals, etc., have standalone electric generators independent of the grid and web. Then again, a large enough cohort of spies and terrorists could disable those. Maybe we need a system of signal fires, flags, carrier pigeons to keep the grid up in an emergency. If the fuel supply or cooling water to power plants is shut down, why worry about the Internet controls.

      At the end of the day, every major electrical generation site has means for some sort of manual control. There are enough "blackstart" (electrical plants that can start up without any external power) units in place to restart the grid in the event of failure. Syncing a generating unit to the grid "by hand" is not that hard (I have done it). You watch your Synchroscope carefully and flip the switch at the right moment. Then you open the steam valves to your turbine and start "pushing" on the grid, if the grid is small enough that you can actually push the grid past 60.3Hz or so, there are local systems in place to close the steam valve slightly, and automatically.

      Much of the automation in place in the grid is mainly for convenience, stability during adverse events, and manpower reduction. You could have somebody physically at each major valve and switch with a radio and have them control the thing. I have done that too, it is a boring job but it is possible.

      There are enough varied systems out there that launching a wide-scale attack would take a lot of time to prepare, and somebody would likely notice. Smaller attacks are possible but not particularly worthwhile, you can probably cause a small utility some grief and money but it wouldn't accomplish much. Stuxtnet was a huge wakeup call to the industry and NERC has been ramming good IT practices downwards to utilities and equipment OEMs for the last 6 years. The protections in place aren't foolproof but nothing is. The industry is full of engineers and we generally weigh the likelihood of risk & cost to recover.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    5. Re:has to be asked by AHuxley · · Score: 2

      Re "Why is infrastructure on the public Internet ?"
      Generational share holders like their profit over maintenance. Owners like to show they can make profits. Reducing expert staff shows managerial skills.
      Removing staff who are in a union is great too.
      The US was happy to see costs in local staff go to profits and not keep staff working on secure separate networks.
      No expert local teams watching over their state or city or towns grid.
      A few lower cost engineers trusted by the state/feds could watch it all from a big set of networked computers. Lower staff costs, no unions. The networks could find a fault and contractors could be sent to fix or upgrade the grid. No paying staff wages for decades for a few events per year.
      This removed the need to have a huge on site workforce 24/7 watching equipment and systems, getting pensions and been in a union.
      The network used to track issues did not get designed to be facing the "internet" later so any concept of security is now totally lacking.
      Later efforts used the "internet" to remove even more staff and expend the work of fewer staff with skills over wider areas.
      That effort to save costs and use less staff connected some very old and complex networks to the internet. As other nations, users and interesting people move over the many different US internet connections they discover such networks.
      The US won't admit to their own lack of security or need to upgrade internet facing security so they have contractors and the press plant wild stories about "Russia".
      Nice cover for when things fail and very expensive teams have to fix complex issues. It was super smart "Russia" sounds better than a lack of design, doing maintenance or having enough on site staff.

      --
      Domestic spying is now "Benign Information Gathering"
  8. OH NOES! IT'S THE RUSSIANS by Anonymous Coward · · Score: 3, Insightful

    1980's are now calling to ask for their foreign policy back

    "Gov. Romney, I'm glad you recognize al-Qaeda is a threat, because a few months ago when you were asked what is the biggest geopolitical group facing America, you said Russia — not al-Qaeda. And the 1980's are now calling to ask for their foreign policy back — because the Cold War has been over for 20 years.

    So, which is it?

  9. Hey look! It's another MSM Russian Hacking Story! by Nova+Express · · Score: 4, Insightful

    Security experts have been warning of possible foreign hacking for decades. But why this sudden spate of "Russia hacked X" stories now? Why not back when our Secretary of State was running an illegal, private, unsecured email server through which she transmitted classified information?

    Simple: The Washington Post wanted Hillary to win the Presidential election, and reminding people how her action made it easier for Russian hackers to gain access to classified information wouldn't have helped her. But publishing it now helps support the false narrative that the Russians were behind the DNC leaks, not disgruntled Democratic Party staffers, and thus supposedly harms President-elect Donald Trump, whom the Washington Post and it's employees almost universally loath. That's the entire reason the story is being written and published now.

    Further reading here and here.

    What do you think the under/over is for MSM "Russian Hacking" stories between now and January 20?

    --
    Lawrence Person (lawrencepersonh@gmailh.com (remove all "h"s to mail)

    http://www.lawrenceperson.com/

  10. My company does that. I think it works by raymorris · · Score: 2

    I work for an information security company. All of us should really know better, and yet we do occasionally click the phish bait sent out by corporate security. After being caught once, we start being more careful - at least for six months to a year. I think it's a good idea. Corpsec doesn't need to really scold us or anything, just informing us "you clicked on a fake email" is enough to raise our awareness.

  11. Re:OH NOES! IT'S THE RUSSIANS by Frank+Burly · · Score: 5, Insightful

    Russia is still not an existential threat to anyone but her former client states. This isn't a problem that Romney's larger Navy would have solved (and I'm surprised that Russian nationals and domestic rightists are so offended by this throwaway zinger 4 years later). But in retrospect, Obama underestimated Russia's guile. Rather than do catastrophic harm to the United States, Russia (like Al Queda) has done minor harm that led the United States do major harm to itself (the Iraq war, Trump).

  12. Re:Too many lies already by HornWumpus · · Score: 4, Insightful

    Internal propaganda for the Democrats. Trying to prevent cynicism from setting in, but only working for the very dumbest most indoctrinated of them.

    Seriously this was one laptop with some malware, found by a routine virus scan. It's the Washington Post, no credibility left except with the poor snowflakes that need to be constantly fed a reassuring yet terrifying narrative.

    The worst thing about these kinds of efforts, it leaves the Democrats with their army of chanting morons, but those with two working brain cells still fall away. It will serve as its own punishment.

    --
    John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
  13. Evaluate the U.S. government? No, too many secrets by Futurepower(R) · · Score: 3, Insightful

    "... the US's general posture in the world is wildly preferable..."

    The U.S. government has many secret and semi-secret agencies. No one, literally no one, knows all of them, or which are badly managed. As we've seen, the secret and semi-secret U.S. government agencies often hire outside consulting companies that often have areas of sloppy management.

    The U.S. government is, by some measures, such as money spent, the most violent in the world.

    The U.S. government has killed, or caused the death of, an estimated 11,000,000 people since the end of the 2nd world war.

    War is extremely profitable for some corporations. See the book, House of Bush, House of Saud, by Craig Unger. Bush and Cheney started a war that was profitable for them.

    The U.S. has the largest percentage of its citizens in prison, of any country, in any century. The prison system is hugely profitable for prison corporations. Two of the many articles:

    ACLU: With only 5% of the world's population, the U.S. has 25% of the world's prison population.

    ThinkProgress: The United States Has The Largest Prison Population In The World -- And It's Growing.

  14. No Grid Penetration by Mr+D+from+63 · · Score: 5, Informative

    The headline is complete bullshit. Can the author not even read? The grid was not penetrated, hacked, or comprimised. No report says it was. This is totally a fabrication from the reporters.

    "We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems."

    1. Re:No Grid Penetration by colin_faber · · Score: 2, Insightful

      CNN ceased being a credible news organization after the wikileaks revolutions

    2. Re: No Grid Penetration by Entrope · · Score: 4, Insightful

      Your CNN link consistently describes the infection as affecting only a single laptop that was not connected to the systems that control the electric grid. Did CNN change the story since you linked to it?

  15. Re:Putin wants to rebuild the Soviet Union by PPH · · Score: 2

    In any event Trump thinks he's smart, but he's not

    Or perhaps he is. A great real estate developer and dealmaker who has managed to make bundles of money while leaving other investors with the losses from his failed ventures. If you are trying to close the deal on a shithole condo with leaky plumbing in a bad neighborhood, you don't insult prospective buyers. You butter them up by telling them how great they are.

    The jury is still out on Trump. But I wouldn't write him off yet.

    --
    Have gnu, will travel.
  16. Re:Now I'm mad. by admin7087 · · Score: 2

    Why so sarcastic? Just about every programmable system can be broken into, and it's not management who develop these systems but private companies. As long as companies aren't held accountable for their lax security, problems like this are never going to be fixed, no matter what 'management' wants or tries.

  17. Amazon's CEO owns the Washington Post. by Futurepower(R) · · Score: 2

    Amazon's Jeff Bezos Explains Why He Bought The Washington Post.

    In my opinion, a good indication of Jeff Bezos's management ability is any Amazon web page. Amazon web pages distract you from buying something by trying to sell other things.

  18. There's a shocker by DaMattster · · Score: 2

    No pun intended but this comes as no surprise because the software being developed was outsourced to India or H1B Indians whom just aren't good software engineers. This fiasco could have been avoided if these energy companies had employed the highly skilled and qualified people in the United States. I personally have been tasked with cleaning up garbage code full of memory leaks that was churned out by WiPro.

  19. Re:Evaluate the U.S. government? No, too many secr by epyT-R · · Score: 2

    Compared to how many deaths by the Russians? By the Germans? At this point, I don't think any country with any sort of history measured in centuries can claim the high ground on violent acts.

    Then you follow with non-sequitur alarmist speak. How are you different than Alex Jones again?

  20. Re:OH NOES! IT'S THE RUSSIANS by jedidiah · · Score: 4, Interesting

    Beyond the obvious fact that you are overlooking Russia's nuclear stockpile, your analysis of US-Russian Naval warfare seems delusional at best. A larger surface fleet was never the answer to the Russians that never focused on that to begin with. It's not our super carriers that matter as much as our ASW capacity.

    Like many things... it's not how big it is but how you use it.

    Furthermore, our current crop of Destroyers aren't a threat to anyone. Not even Cuba.

    --
    A Pirate and a Puritan look the same on a balance sheet.
  21. Re:Evaluate the U.S. government? No, too many secr by hambone142 · · Score: 3, Informative

    Watching the video "Why We Fight" explains a lot of this.

    Eisenhower warned us about the Military Industrial Complex.

    Now both parties are dependent upon war for a successful economy.

    Notice we're still in Afghanistan.

    Why?

  22. Re: More slashdot fake news by cshark · · Score: 4, Insightful

    Fact is Trump made a deal with Putin. Win me the election and will sanctions.

    No, that's not a fact. It's pure conjecture.

    --

    This signature has Super Cow Powers

  23. Re:Evaluate the U.S. government? No, too many secr by Shane_Optima · · Score: 2

    Now both parties are dependent upon war for a successful economy.

    Nonsense. Peacetime military spending has never been an issue for us.

    Notice we're still in Afghanistan.

    Because the Taliban were stronger than the "moderate" forces in Afghan society, and still are. We can't fix Afghanistan without resorting to draconian cultural imperialism (*real* cultural imperialism, not the SJW buzzword); we can only play for time and hope it somehow fixes itself.

    This is largely due to the influence of conservative Islam and Islamism, but there are also some complex intersecting issues with the war on drugs, warlordism and interactions with Pakistan, itself an extremely fucked-up country with fucked-up rulers whom we prop up because we don't want nukes to fall into the hands of people who would actually use them.

  24. Re: More slashdot fake news by haruchai · · Score: 4, Insightful

    Fact is Trump made a deal with Putin. Win me the election and will sanctions.

    No, that's not a fact. It's pure conjecture.

    Don't we now live in a post-fact world? WSJ editor-in-chief Gerard Baker says that stories will *not* call Trump a liar as this is "too partisan" but will merely investigate his claims and post those stories separately for readers to make up their own minds.
    However, the WSJ has had no qualms in labeling Edward Snowden a liar in several stories.

    --
    Pain is merely failure leaving the body
  25. Re: More slashdot fake news by ichthus · · Score: 2

    Oh yes, Somebody made deals with Putin, but you're thinking of the wrong guy.

    --
    sig: sauer
  26. Re:Making molly by Mr+D+from+63 · · Score: 4, Insightful

    Hey Editor David, instead of covering up your ignorant original posting of this article by changing the headline with no explanation, how about just posting a new article. Now people are confused at comments below pointing out the erroneous headline which should have never been put here to begin with if you'd just tried a little to validate it.

  27. Don't think like a hacker. Think like a spy. by hey! · · Score: 4, Insightful

    If you were out to cripple the US electric grid, would you really start with an office computer in small municipal power company (fewer than 20000 customers) in the middle of nowhere?

    Why not? You have to start somewhere, and the best place to start is often where people assume is not a good place to start. When Israeli and US intelligence decided to take down Iran's air-gapped uranium centrifuges, they started with the least likely entry point imaginable: they infected the whole damned world, hoping that eventually Stuxnet would get to a machine used to program the PLCs in Iran's centrifuge controllers. And it worked.

    In comparison office machines in a minor utility are practically a surgical strike on US electricity infrastructure. Or possibly the start of one.

    The path to success in attacking a hard target is full of dead ends. But that wouldn't deter a national intelligence agency. This was a case of sloppy reporting -- jumping to conclusions. But if the malicious code was put on an electric utility machine by Russian intelligence you have to assume that the grid is at least one of their ultimate targets. Intelligence agencies are willing to spend years infiltrating and undermining organizations if the payoff is large enough.

    So while this was not the hair-on-fire situation it was portrayed as, it's not a "meh" situation either. This is something people should take seriously.

    --
    Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
    1. Re:Don't think like a hacker. Think like a spy. by NoImNotNineVolt · · Score: 2

      But if the malicious code was put on an electric utility machine by Russian intelligence you have to assume that the grid is at least one of their ultimate targets.

      Sure, as long as you're consistent in your reasoning. So if the malicious code was put on Joe Sixpack's machine by Russian intelligence you have to assume that the general public is also one of their ultimate targets. And indeed, this being generic malware available for purchase, your reasoning really starts to look questionable.

      --
      Chuuch. Preach. Tabernacle.
  28. Re:More slashdot fake news by Dutch+Gun · · Score: 3, Interesting

    That's about the most lame "retraction" I've seen to a fake news story. The entire central premise has been destroyed, but 98% of the article remains unchanged. That's not a retraction. Also of note:

    Original Slashdot headline:

    Russian Hackers Penetrated The US Electricity Grid, Say Officials (washingtonpost.com)
    Posted by EditorDavid on Saturday December 31, 2016 @10:34AM from the power-play dept.

    blah, blah, fake story

    Conveniently, now Slashdot now doesn't have that lingering headline showing they fell for this idiocy as well. I thought I'd just post it for posterity here.

    --
    Irony: Agile development has too much intertia to be abandoned now.
  29. Israel isn't anybody's ally by rsilvergun · · Score: 2

    except Israel's. Not saying that's a reason to throw 'em under a bus, but it's also no reason to support their interests over anybody else's.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
  30. Government please save us by frovingslosh · · Score: 4, Insightful

    When will the Government start shutting down Fake News sites like the Washington Post?

    --
    I'm an American. I love this country and the freedoms that we used to have.
  31. Re:Evaluate the U.S. government? No, too many secr by drinkypoo · · Score: 2

    Our forces split the Shia, Kurd, and Sunni into separate militias and armed each of them. I won't use the word 'deliberately' because it's irrelevant. Whatever influence you think we're having in the world, you're wrong.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  32. How can Slashdot just repost a thread... by Bartles · · Score: 2

    ...with an altered headline and act like they never fucked up in the first place? Fake news reporting fake news.

  33. Re:More slashdot fake news by HanzoSpam · · Score: 2

    Given the intelligence of the typical Washington Pest reporter, this really shouldn't be a surprise:

    When I came home from my last TV hit, the kids, ages 4 and 5 months, were asleep. The house was quiet. I was still full of caffeine and do-gooder energy and decided to tidy up.

    Among the clutter on the coffee table, I found my 4-year-old’s Party Popper, a bright yellow gun that fired confetti. For some reason, I held the gun up to my eye and looked down the barrel, the way Yosemite Sam always does.

    It looked unloaded.

    Then, for some reason, I pulled the trigger.

    When I got to the ER, I had a swollen face, metal-foil confetti in my hair and a faint odor of gun smoke. Finally, the doctor could see me.

    “I shot myself in the eye with a glitter gun,” I said. I showed him the Party Popper, which I had brought with me, in case he wanted to send it off to the National Institute of Morons for further study.

    I got home from the hospital with a scratched cornea and a tube of eye ointment. The next day, with some of my dignity permanently lost, I got started on a bigger story.

    https://www.washingtonpost.com...

    --

    Progressivism: Parasites helping parasites to help themselves - to other people's stuff.
  34. Moronic by s.petry · · Score: 4, Insightful

    You're not. It's become so blatantly Republican/Russian (Republissian?) that I come to this site to see what the Trump-camp talking points are for any given situation.

    Just like leftist media, you are attempting to slander people because you can't win the argument. Democrats ran a horrible candidate, much worse than the Republican. Russia did not make the Democratic party push Hillary into the mix, behave questionably (at best) even with their own party members, to prop her up as the candidate. The Democratic party did this all on their own, and it failed. Pick a better candidate, a better platform, and try again next election.

    Republicans, even Trump, is not for Russia, and your conflation makes you just as bad as CNN or any other crap media outlet spreading BS because their "chosen" candidate lost. Republicans like America, and just like Democrats of a couple decades ago, push for Americanism. The ideology being pushed by Trump matches much of Kennedy and other Democrats and Republicans. Peace through Strength is not a Trump thing. Negotiating with countries we are not necessarily friendly with is also not a Trump thing (Look at President Obama for pity sake). Populism and Nationalism are centuries old ideologies.

    Now, as to why so many people here are now "Republican", at least in leanings, has much to do with age. The older people get, the more they tend to be conservative in their political views. The Democratic candidate, and the media handling of her, probably accelerated countless people into the Republican camp. That, and the fear most Republicans have of posting in public has been largely diminshed.

    It's really a shame that instead of having dialogue and being accountable, the Democratic party and media simply slander everyone who disagrees with them. You AC, are included in that shameful act.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

  35. Re:More slashdot fake news by tinkerton · · Score: 3, Funny

    You mean it should have been Russian Hackers Failed to Penetrate The US Electricity Grid, Say Officials? No retraction needed then and the scarefactor is still good.

  36. Re: More slashdot fake news by ganjadude · · Score: 3, Informative

    yeah that was a bad troll. i mean. we werent playing a game where popular vote matters, thats like saying the winning world series team lost too, because the losing team actually had more runs (or hits, or fans in the stands or any other irrelevant point that has nothing to do with the actual rules)

    --
    have you seen my sig? there are many others like it but none that are the same
  37. The Story was Corrected, NOT Retracted! by chicksdaddy · · Score: 2

    Did anyone bother to notice that this entire thread is based on an inaccurate assertion? The story was NOT retracted. It was CORRECTED - meaning that a piece of inaccurate information in the original story (about the laptop being connected to the ICS/SCADA system) was rewritten to clarify that the computer was not connected to that part of Burlington Electric's network. A retraction would mean WAPO removed the story from its website and disavowed its contents. No such thing happened. In fact, you can still read the story using the link provided in the Slashdot post - a sure sign that it HASN'T BEEN RETRACTED!!! Slashdot should probably RETRACT the incorrect story about the Washington Post's (non-existent) retraction.

  38. Re: More slashdot fake news by michael_wojcik · · Score: 2

    Fact is Trump made a deal with Putin. Win me the election and will sanctions.

    No, that's not a fact. It's pure conjecture.

    Don't we now live in a post-fact world? WSJ editor-in-chief Gerard Baker says that stories will *not* call Trump a liar as this is "too partisan" but will merely investigate his claims and post those stories separately for readers to make up their own minds.
    However, the WSJ has had no qualms in labeling Edward Snowden a liar in several stories.

    Sure. Who's surprised that the WSJ editorial team has double standards? Hardly shocking - in fact it's how newspapers everywhere have always operated. It's pretty much how language has always operated, particularly if you accept some of the less naively instrumental theories of language like Toulmin's or Davidson's.

    And I think Trump's a loathesome narcissist, bully, and con man.

    But as far as I'm aware, there's no compelling, or even mildly persuasive, evidence that he "made a deal with Putin" to "win ... the election". For that matter, I don't think Putin was capable of delivering the election, or that Trump needed his support. Trump won because he carried the states everyone expected him to carry; he won Florida[1]; and he won the "defector" states of Pennsylvania, West Virginia, Michigan[2], and Wisconsin.

    Why he won all those also seems pretty clear: populist demogoguery that appealed to antiestablishmentarianism, contrarianism, xenophobia, and general disconnection; a smaller but vocal cadre of middlebrow right-wingers who either believed his vague promises of business liberalization and social conservativism or anticipated that he'd delegate everything to right-winger lieutenants;[3] an even smaller bunch of Powers That Be who bet that he'd reward them;[4] some demographic factors; and gerrymandering, though that's an easy target that attracts more blame than it deserves (and blaming it doesn't do much good anyway).

    Is Trump's win good for Putin? Very likely yes, though to be honest Putin would likely have been pretty pleased with a Clinton win as well, since continuing the current tensions would have served to keep his popularity up. Putin's a deft strongman and the Kremlin is adaptable. Really, sowing FUD about the election is probably all Russia wanted, since it distracts from more important issues and rallies nationalism at home. And they got that - in spades.

    The OP's claim that Putin delivered the election to Trump just plays into Putin's hand. Focusing on things we do have evidence of would be much more productive.

    [1]The Florida results seem to me pretty likely to be an accurate reflection of the actual popular vote, at least in terms of the overall winner. It wasn't another 2000.

    [2]It's really not clear that he actually won Michigan, where the difference in the official count was well within the margin of error and the recount was halted early; but it makes no difference to the overall election. Trump still wins without Michigan's votes.

    [3]That bet appears to be pretty safe, judging from Trump's cabinet nominations and the abundant evidence that he doesn't care to do the day job, whatever his day job supposedly is at the moment. If it's not something splashy that feeds his narcissism, he's not interested.

    [4]Goldman Sachs executives, for example. Or the folks running Carrier, who just got a big reward from that tool Mike Pence for only eliminating many of the jobs at their Indiana facilities.

  39. Re:More slashdot fake news by Dutch+Gun · · Score: 3, Insightful

    Fine, we can call it what it really was, which was political propaganda. How else do you explain that a single laptop getting infected with malware gets elevated to the level of national news?

    And no, this wasn't a simple mistake. A simple mistake is getting a name or peripheral fact incorrect, and we can forgive that so long as corrections are made, because we're all human, and all make mistakes. Rather, the entire premise to the original story was shown to be false, but the story still remains in almost its entirety. Not a single call to Burlington Electric was made prior to publishing... the simplest, most basic fact checking you'd expect of a professional journalist or organization. Quite simply, this was journalistic malpractice. Only one of two possibilities seem likely - either the WaPo organization is simply incompetent and doesn't understand how to do proper journalism, or they rushed the story out because they had their eye on a political narrative they wanted to push, and facts be damned, this couldn't wait. This is not the first time they've been caught doing this either, when they promoted an absurd "fake news blacklist" with questionable sources a bit over a month ago.

    Even some thoughtful left-leaning journalists are having a hard time swallowing these latest reports about Russian hacking, as they're all too aware of how governments are perfectly willing to lie when it suits their purpose (on both sides, mind you). All I ask is that you look at these reports through the lens of a skeptic, and ask why these stories are getting pushed to the front of the newsfeed. And what has changed so that so many people are willing to believe our three letter agencies without question, when they've been caught in lie after lie after lie these past many years? Why the change in heart when it comes to these Russian hacking reports, and subsequent stories that seem to neatly dovetail into that line?

    --
    Irony: Agile development has too much intertia to be abandoned now.