Slashdot Mirror
Washington Post Retracts Story About Russian Hackers Penetrating US Electricity Grid (washingtonpost.com)
Those anonymous U.S. officials who reported Russian hacking code had been found "within the system" of a Vermont power utility must've been surprised to learn the code was on a laptop that wasn't actually connected to the grid. The Washington Post has updated their original story, which now reports that "authorities" say there's no indication that Russian hackers have penetrated the U.S. electric grid.
The Post's newly-edited version now appears below (with their original and now-deleted text preseved inside brackets). A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials. While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the discovery underscores the vulnerabilities of the nation's electrical grid... [Was "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."]
American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The incursion [was "penetration"] may have been designed to disrupt the utility's operations or as a test by the Russians to see whether they could penetrate a portion of the grid... According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.
The Vermont utility does report that they'd "detected suspicious Internet traffic" on the laptop, but they believe subsequent news coverage got the story wrong. "It's unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country."
The Post's newly-edited version now appears below (with their original and now-deleted text preseved inside brackets). A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials. While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the discovery underscores the vulnerabilities of the nation's electrical grid... [Was "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."]
American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The incursion [was "penetration"] may have been designed to disrupt the utility's operations or as a test by the Russians to see whether they could penetrate a portion of the grid... According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.
The Vermont utility does report that they'd "detected suspicious Internet traffic" on the laptop, but they believe subsequent news coverage got the story wrong. "It's unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country."
Here we go again. This reminds me of a boy, a boy who loved to cry wolf.
I will not believe this is true until Trump says it isn't a big deal.
You can't use your NSA to break in, spy, and sabotage industries, utilities, and governments, around the world. If you conduct malicious and damaging operations like you have for decades, expect that the world will respond.
Some organizations started to inject fake phishing emails into their communication systems. All employees who clicked get their heads bashed with a rock.
One laptop not on the network had malware.
Fuck the washington post.
http://boingboing.net/2016/12/31/no-russia-didnt-hack-vermon.html
Journalists wonder why people don't trust them, and this story is a good example. Turns out the crap was found on one laptop in the company's possession, which was not connected to their power grid.
(And when will companies/CIOs stop buying computers that contain so many exploitable vulnerabilities? I guess the answer is "Not until there's financial and legal consequence for their failure.")
1980's are now calling to ask for their foreign policy back
"Gov. Romney, I'm glad you recognize al-Qaeda is a threat, because a few months ago when you were asked what is the biggest geopolitical group facing America, you said Russia — not al-Qaeda. And the 1980's are now calling to ask for their foreign policy back — because the Cold War has been over for 20 years.
So, which is it?
According to an earlier post the laptop that was allegedly infected was not connected to the electric company's grid control system. That conclusion answered my first question. Any vital utility system should absolutely never have it's control system of computers connected to the Internet. If somehow that's the case, those responsible need a very long prison sentence. There also needs to be other security measures to prevent folks having direct access to these control systems from sabotaging them.
In a time of universal deceit, telling the truth is a revolutionary act. George Orwell
Security experts have been warning of possible foreign hacking for decades. But why this sudden spate of "Russia hacked X" stories now? Why not back when our Secretary of State was running an illegal, private, unsecured email server through which she transmitted classified information?
Simple: The Washington Post wanted Hillary to win the Presidential election, and reminding people how her action made it easier for Russian hackers to gain access to classified information wouldn't have helped her. But publishing it now helps support the false narrative that the Russians were behind the DNC leaks, not disgruntled Democratic Party staffers, and thus supposedly harms President-elect Donald Trump, whom the Washington Post and it's employees almost universally loath. That's the entire reason the story is being written and published now.
Further reading here and here.
What do you think the under/over is for MSM "Russian Hacking" stories between now and January 20?
Lawrence Person (lawrencepersonh@gmailh.com (remove all "h"s to mail)
http://www.lawrenceperson.com/
Why is infrastructure on the public Internet ? It is not like the internet existed when most of the US electric grid was 'designed' and built. It worked quite well for 70 or so years without the internet. And I will say I have experienced more blackouts over the past 10 years than I did in total before 1990.
Infrastructure does not have to be on the internet to be hacked. The Iranians air-gapped the computers controlling their nuclear centrifuges and Stuxnet still managed to infect and damage them. The interesting thing is that Russian hackers have actually taken down an electricity grid, that of the Ukraine. The Ukrainians brought it back online relatively quickly by manual operation even though their computer control systems remained a mess. The irony of that incident was that the relatively primitive nature of the Ukrainian grid actually worked for the Ukrainians. It is doubtful that the higher tech grids in the west could be brought up that quickly after a major attack. Just because this incident turned out to be an attack of hysteria, I think we can learn from the Ukrainian experience that it pays to be vigilant and just because the US now has a Russophile president who is a paid up member of the Putin fan club does not mean that the Russians will stop probing for weaknesses in US infrastructure systems.
Russia is still not an existential threat to anyone but her former client states. This isn't a problem that Romney's larger Navy would have solved (and I'm surprised that Russian nationals and domestic rightists are so offended by this throwaway zinger 4 years later). But in retrospect, Obama underestimated Russia's guile. Rather than do catastrophic harm to the United States, Russia (like Al Queda) has done minor harm that led the United States do major harm to itself (the Iraq war, Trump).
Internal propaganda for the Democrats. Trying to prevent cynicism from setting in, but only working for the very dumbest most indoctrinated of them.
Seriously this was one laptop with some malware, found by a routine virus scan. It's the Washington Post, no credibility left except with the poor snowflakes that need to be constantly fed a reassuring yet terrifying narrative.
The worst thing about these kinds of efforts, it leaves the Democrats with their army of chanting morons, but those with two working brain cells still fall away. It will serve as its own punishment.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
"... the US's general posture in the world is wildly preferable..."
The U.S. government has many secret and semi-secret agencies. No one, literally no one, knows all of them, or which are badly managed. As we've seen, the secret and semi-secret U.S. government agencies often hire outside consulting companies that often have areas of sloppy management.
The U.S. government is, by some measures, such as money spent, the most violent in the world.
The U.S. government has killed, or caused the death of, an estimated 11,000,000 people since the end of the 2nd world war.
War is extremely profitable for some corporations. See the book, House of Bush, House of Saud, by Craig Unger. Bush and Cheney started a war that was profitable for them.
The U.S. has the largest percentage of its citizens in prison, of any country, in any century. The prison system is hugely profitable for prison corporations. Two of the many articles:
ACLU: With only 5% of the world's population, the U.S. has 25% of the world's prison population.
ThinkProgress: The United States Has The Largest Prison Population In The World -- And It's Growing.
The headline is complete bullshit. Can the author not even read? The grid was not penetrated, hacked, or comprimised. No report says it was. This is totally a fabrication from the reporters.
"We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems."
Worked in the industry for a decade. Wrote simulation shells that did short term forecasts based on on system conditions, did data reductions etc (e.g. This unit IS going down for unscheduled maintenance, how much will it cost to shut it down RTF now vs after afternoon peak?) Went on to 'tech lead' for significant energy trading/risk management platform. Ran on many traders and grid operators desks...don't ask, won't tell. Did once see a bug because grand total on printable VAR only had room for 10 digits plus sign. Assigned to Brahmin coder, week later I fixed it myself, I digress.
What you say isn't really possible. What they typically do have is a secure network, which runs operations, staffed with lots of ex-military actual Engineering school grads. That network is being monitored by redundant data integrators which present integrated (by some time interval, usually hours/half hours or minutes, back when I was up to my nose in it) system data to a second less secure (but still as secure as any corporate) network where routine operations run. That server is usually locked down tight, read only from the less secure network; but that is only software. They also like to run diverse OSs, lots of 'big iron' and Unixes and home brewed binary data formats. These things were mostly architected before Windows was common, particularly on the secure side it's still loaded with 'legacy', likely to remain so until they have a complete staff turnover. Old Dilbert with neckbeard flipping a nickle at Wally and telling him to get a better computer, that's the dude.
Routine operations need access to internet based facilities. To schedule transmission line capacity, trade power, get closing prices from grid operators, weather forecasts and unit availability from neighbors (lots of VPNs). But that part of the operations could more or less crash and burn and it will only cost money (and extra CO2). Operations, more or less, ignores trading at the minute by minute level. Trading gives them trade schedules and operations will try their best. But if 'shit happens' they keep the lights on and let the accountants worry about reconciling to 'what should have happened'. Which is sometimes a bitch of a computational problem, fortunately most everybody involved are engineers and close enough is close enough. Pennies aren't statistically significant; try and explain that to an accountant. Don't recommend it, just say 'not a material difference' and get on with your life, I'm digressing again.
John McAfee 'It was like that time I hired that Bangkok prostitute; to do my taxes, while I fucked my accountant'
Beyond the obvious fact that you are overlooking Russia's nuclear stockpile, your analysis of US-Russian Naval warfare seems delusional at best. A larger surface fleet was never the answer to the Russians that never focused on that to begin with. It's not our super carriers that matter as much as our ASW capacity.
Like many things... it's not how big it is but how you use it.
Furthermore, our current crop of Destroyers aren't a threat to anyone. Not even Cuba.
A Pirate and a Puritan look the same on a balance sheet.
Watching the video "Why We Fight" explains a lot of this.
Eisenhower warned us about the Military Industrial Complex.
Now both parties are dependent upon war for a successful economy.
Notice we're still in Afghanistan.
Why?
Fact is Trump made a deal with Putin. Win me the election and will sanctions.
No, that's not a fact. It's pure conjecture.
This signature has Super Cow Powers
Fact is Trump made a deal with Putin. Win me the election and will sanctions.
No, that's not a fact. It's pure conjecture.
Don't we now live in a post-fact world? WSJ editor-in-chief Gerard Baker says that stories will *not* call Trump a liar as this is "too partisan" but will merely investigate his claims and post those stories separately for readers to make up their own minds.
However, the WSJ has had no qualms in labeling Edward Snowden a liar in several stories.
Pain is merely failure leaving the body
Hey Editor David, instead of covering up your ignorant original posting of this article by changing the headline with no explanation, how about just posting a new article. Now people are confused at comments below pointing out the erroneous headline which should have never been put here to begin with if you'd just tried a little to validate it.
If you were out to cripple the US electric grid, would you really start with an office computer in small municipal power company (fewer than 20000 customers) in the middle of nowhere?
Why not? You have to start somewhere, and the best place to start is often where people assume is not a good place to start. When Israeli and US intelligence decided to take down Iran's air-gapped uranium centrifuges, they started with the least likely entry point imaginable: they infected the whole damned world, hoping that eventually Stuxnet would get to a machine used to program the PLCs in Iran's centrifuge controllers. And it worked.
In comparison office machines in a minor utility are practically a surgical strike on US electricity infrastructure. Or possibly the start of one.
The path to success in attacking a hard target is full of dead ends. But that wouldn't deter a national intelligence agency. This was a case of sloppy reporting -- jumping to conclusions. But if the malicious code was put on an electric utility machine by Russian intelligence you have to assume that the grid is at least one of their ultimate targets. Intelligence agencies are willing to spend years infiltrating and undermining organizations if the payoff is large enough.
So while this was not the hair-on-fire situation it was portrayed as, it's not a "meh" situation either. This is something people should take seriously.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
That's about the most lame "retraction" I've seen to a fake news story. The entire central premise has been destroyed, but 98% of the article remains unchanged. That's not a retraction. Also of note:
Original Slashdot headline:
Russian Hackers Penetrated The US Electricity Grid, Say Officials (washingtonpost.com)
Posted by EditorDavid on Saturday December 31, 2016 @10:34AM from the power-play dept.
blah, blah, fake story
Conveniently, now Slashdot now doesn't have that lingering headline showing they fell for this idiocy as well. I thought I'd just post it for posterity here.
Irony: Agile development has too much intertia to be abandoned now.
When will the Government start shutting down Fake News sites like the Washington Post?
I'm an American. I love this country and the freedoms that we used to have.
You're not. It's become so blatantly Republican/Russian (Republissian?) that I come to this site to see what the Trump-camp talking points are for any given situation.
Just like leftist media, you are attempting to slander people because you can't win the argument. Democrats ran a horrible candidate, much worse than the Republican. Russia did not make the Democratic party push Hillary into the mix, behave questionably (at best) even with their own party members, to prop her up as the candidate. The Democratic party did this all on their own, and it failed. Pick a better candidate, a better platform, and try again next election.
Republicans, even Trump, is not for Russia, and your conflation makes you just as bad as CNN or any other crap media outlet spreading BS because their "chosen" candidate lost. Republicans like America, and just like Democrats of a couple decades ago, push for Americanism. The ideology being pushed by Trump matches much of Kennedy and other Democrats and Republicans. Peace through Strength is not a Trump thing. Negotiating with countries we are not necessarily friendly with is also not a Trump thing (Look at President Obama for pity sake). Populism and Nationalism are centuries old ideologies.
Now, as to why so many people here are now "Republican", at least in leanings, has much to do with age. The older people get, the more they tend to be conservative in their political views. The Democratic candidate, and the media handling of her, probably accelerated countless people into the Republican camp. That, and the fear most Republicans have of posting in public has been largely diminshed.
It's really a shame that instead of having dialogue and being accountable, the Democratic party and media simply slander everyone who disagrees with them. You AC, are included in that shameful act.
-The wise argue that there are few absolutes, the fool argues that there are no probabilities.
You mean it should have been Russian Hackers Failed to Penetrate The US Electricity Grid, Say Officials? No retraction needed then and the scarefactor is still good.
yeah that was a bad troll. i mean. we werent playing a game where popular vote matters, thats like saying the winning world series team lost too, because the losing team actually had more runs (or hits, or fans in the stands or any other irrelevant point that has nothing to do with the actual rules)
have you seen my sig? there are many others like it but none that are the same
Fine, we can call it what it really was, which was political propaganda. How else do you explain that a single laptop getting infected with malware gets elevated to the level of national news?
And no, this wasn't a simple mistake. A simple mistake is getting a name or peripheral fact incorrect, and we can forgive that so long as corrections are made, because we're all human, and all make mistakes. Rather, the entire premise to the original story was shown to be false, but the story still remains in almost its entirety. Not a single call to Burlington Electric was made prior to publishing... the simplest, most basic fact checking you'd expect of a professional journalist or organization. Quite simply, this was journalistic malpractice. Only one of two possibilities seem likely - either the WaPo organization is simply incompetent and doesn't understand how to do proper journalism, or they rushed the story out because they had their eye on a political narrative they wanted to push, and facts be damned, this couldn't wait. This is not the first time they've been caught doing this either, when they promoted an absurd "fake news blacklist" with questionable sources a bit over a month ago.
Even some thoughtful left-leaning journalists are having a hard time swallowing these latest reports about Russian hacking, as they're all too aware of how governments are perfectly willing to lie when it suits their purpose (on both sides, mind you). All I ask is that you look at these reports through the lens of a skeptic, and ask why these stories are getting pushed to the front of the newsfeed. And what has changed so that so many people are willing to believe our three letter agencies without question, when they've been caught in lie after lie after lie these past many years? Why the change in heart when it comes to these Russian hacking reports, and subsequent stories that seem to neatly dovetail into that line?
Irony: Agile development has too much intertia to be abandoned now.