Washington Post Retracts Story About Russian Hackers Penetrating US Electricity Grid

Those anonymous U.S. officials who reported Russian hacking code had been found "within the system" of a Vermont power utility must've been surprised to learn the code was on a laptop that wasn't actually connected to the grid. The Washington Post has updated their original story, which now reports that "authorities" say there's no indication that Russian hackers have penetrated the U.S. electric grid.

The Post's newly-edited version now appears below (with their original and now-deleted text preseved inside brackets). A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials. While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the discovery underscores the vulnerabilities of the nation's electrical grid... [Was "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."]

American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The incursion [was "penetration"] may have been designed to disrupt the utility's operations or as a test by the Russians to see whether they could penetrate a portion of the grid... According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.
The Vermont utility does report that they'd "detected suspicious Internet traffic" on the laptop, but they believe subsequent news coverage got the story wrong. "It's unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country."

Meh

Here we go again. This reminds me of a boy, a boy who loved to cry wolf.

Re:Meh

[INT_QRK]

One should assume a posture of tentative disbelief about anything with potential political charge that one reads in the media pending sufficient corroboration from multiple sources over time.

Re:Meh

[unixisc]

So this would be the same people who endorse Obama/Kerry's treatment of our only Mid-Eastern ally Israel on their way out, but are miffed that Trump supporters are not being patriotic enough?

Re: Meh

Hey genius, if you didn't fucking notice (and you didn't), all they did was copy the Crowdstrike report. And guess what, Crowdstrike was paid by the DNC.

This is a very serious accusation

[Frank+Burly]

I will not believe this is true until Trump says it isn't a big deal.

Bullshit

One laptop not on the network had malware.

Fuck the washington post.

http://boingboing.net/2016/12/31/no-russia-didnt-hack-vermon.html

Re:Bullshit

[Velox_SwiftFox]

Exactly, bullshit. It sounds to me like an employee used his laptop to visit an infected website, or answered a general phishing mail.

Hardly an attack aimed at the grid, and volume cranked up to 11 by WP as a part of the general current panic to glorify Obama and what his administration has done, and undermine the incoming administration.

Or the WP feels it is simply unimportant to get proper attribution and any of the details right.

Re:Tit for tat

[beelsebob]

Nor does the USA.

1 laptop, not connected to the grid

[david.emery]

Journalists wonder why people don't trust them, and this story is a good example. Turns out the crap was found on one laptop in the company's possession, which was not connected to their power grid.

(And when will companies/CIOs stop buying computers that contain so many exploitable vulnerabilities? I guess the answer is "Not until there's financial and legal consequence for their failure.")

Re:1 laptop, not connected to the grid

[mattwarden]

I'm very happy to come to the comments section and find mostly mocking and people who looked beyond the headline. Would have been nice if the editors did that.

Here is the full takedown on The Intercept of this BS-vending from WaPo: https://theintercept.com/2016/...

Re:has to be asked

[Streetlight]

According to an earlier post the laptop that was allegedly infected was not connected to the electric company's grid control system. That conclusion answered my first question. Any vital utility system should absolutely never have it's control system of computers connected to the Internet. If somehow that's the case, those responsible need a very long prison sentence. There also needs to be other security measures to prevent folks having direct access to these control systems from sabotaging them.

Hey look! It's another MSM Russian Hacking Story!

[Nova+Express]

Security experts have been warning of possible foreign hacking for decades. But why this sudden spate of "Russia hacked X" stories now? Why not back when our Secretary of State was running an illegal, private, unsecured email server through which she transmitted classified information?

Simple: The Washington Post wanted Hillary to win the Presidential election, and reminding people how her action made it easier for Russian hackers to gain access to classified information wouldn't have helped her. But publishing it now helps support the false narrative that the Russians were behind the DNC leaks, not disgruntled Democratic Party staffers, and thus supposedly harms President-elect Donald Trump, whom the Washington Post and it's employees almost universally loath. That's the entire reason the story is being written and published now.

Further reading here and here.

What do you think the under/over is for MSM "Russian Hacking" stories between now and January 20?

Re:Tit for tat

[ScentCone]

So what you're saying is that you have no understanding of what morals and ethics actually are. No wonder you opt for sounding so petulant on the subject, in order to distract from your unwillingness to discuss the matter in real terms.

Your moral framework derives directly from your value system. If your value system is based on false and or mixed premises, your moral code will either be objectively evil or simply so internally hypocritical and contradictory that it cannot be used to shape a workable bundle of ethics. If you think that living in another country where the environment is different means that one's evaluation of whether or not it's OK to (for example) murder, rape, steal, enslave, lie, etc would be different, then your entire understanding of the matter is so under (or mal) informed, or you are so willing to be disingenuous in the interests of being able to sound like a condescending superior, that you really should excuse yourself from making such lectures. Especially when you decide to trot out words like "cowards" while making such a craven display of your own.

Re:Tit for tat

[dilvish_the_damned]

While the phishing attack may have originated in Russia, I find it disingenious to portray everything as state sponsored when the evidence is weak at best. To me its something akin to suggesting we need to retaliate against Australia every time Julian Assange takes a leak.

Re:OH NOES! IT'S THE RUSSIANS

[Frank+Burly]

Russia is still not an existential threat to anyone but her former client states. This isn't a problem that Romney's larger Navy would have solved (and I'm surprised that Russian nationals and domestic rightists are so offended by this throwaway zinger 4 years later). But in retrospect, Obama underestimated Russia's guile. Rather than do catastrophic harm to the United States, Russia (like Al Queda) has done minor harm that led the United States do major harm to itself (the Iraq war, Trump).

Re:Tit for tat

[king+neckbeard]

Our posture is fucking horrific. We support Israel even when they blatantly violate international law. We've long sided with Saudi Arabia, the world's largest state sponsor of terrorism. We overthrew Iraq, creating ISIS. We're largely responsible for arming a good chunk of the terrorists in the world. Yeah, Russia does shitty things, but our problems are big enough that our first concern should be fixing our own problems. Not understand that, along with the unbelievable hubris of the Clintonites, is why the Democrats got their asses kicked in this election, and why they've been getting their asses kicked for so long.

As it stands right now, the best thing that could happen for world peace is for the US to go down in flames. I would rather that not happen, but if we listen to people like you instead of behaving like adults, the rational choice for the world at large is to get rid of us.

Re:Too many lies already

[HornWumpus]

Internal propaganda for the Democrats. Trying to prevent cynicism from setting in, but only working for the very dumbest most indoctrinated of them.

Seriously this was one laptop with some malware, found by a routine virus scan. It's the Washington Post, no credibility left except with the poor snowflakes that need to be constantly fed a reassuring yet terrifying narrative.

The worst thing about these kinds of efforts, it leaves the Democrats with their army of chanting morons, but those with two working brain cells still fall away. It will serve as its own punishment.

No Grid Penetration

[Mr+D+from+63]

The headline is complete bullshit. Can the author not even read? The grid was not penetrated, hacked, or comprimised. No report says it was. This is totally a fabrication from the reporters.

"We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems."

Re: No Grid Penetration

[Entrope]

Your CNN link consistently describes the infection as affecting only a single laptop that was not connected to the systems that control the electric grid. Did CNN change the story since you linked to it?

Re:has to be asked

[HornWumpus]

Worked in the industry for a decade. Wrote simulation shells that did short term forecasts based on on system conditions, did data reductions etc (e.g. This unit IS going down for unscheduled maintenance, how much will it cost to shut it down RTF now vs after afternoon peak?) Went on to 'tech lead' for significant energy trading/risk management platform. Ran on many traders and grid operators desks...don't ask, won't tell. Did once see a bug because grand total on printable VAR only had room for 10 digits plus sign. Assigned to Brahmin coder, week later I fixed it myself, I digress.

What you say isn't really possible. What they typically do have is a secure network, which runs operations, staffed with lots of ex-military actual Engineering school grads. That network is being monitored by redundant data integrators which present integrated (by some time interval, usually hours/half hours or minutes, back when I was up to my nose in it) system data to a second less secure (but still as secure as any corporate) network where routine operations run. That server is usually locked down tight, read only from the less secure network; but that is only software. They also like to run diverse OSs, lots of 'big iron' and Unixes and home brewed binary data formats. These things were mostly architected before Windows was common, particularly on the secure side it's still loaded with 'legacy', likely to remain so until they have a complete staff turnover. Old Dilbert with neckbeard flipping a nickle at Wally and telling him to get a better computer, that's the dude.

Routine operations need access to internet based facilities. To schedule transmission line capacity, trade power, get closing prices from grid operators, weather forecasts and unit availability from neighbors (lots of VPNs). But that part of the operations could more or less crash and burn and it will only cost money (and extra CO2). Operations, more or less, ignores trading at the minute by minute level. Trading gives them trade schedules and operations will try their best. But if 'shit happens' they keep the lights on and let the accountants worry about reconciling to 'what should have happened'. Which is sometimes a bitch of a computational problem, fortunately most everybody involved are engineers and close enough is close enough. Pennies aren't statistically significant; try and explain that to an accountant. Don't recommend it, just say 'not a material difference' and get on with your life, I'm digressing again.

Re:OH NOES! IT'S THE RUSSIANS

[jedidiah]

Beyond the obvious fact that you are overlooking Russia's nuclear stockpile, your analysis of US-Russian Naval warfare seems delusional at best. A larger surface fleet was never the answer to the Russians that never focused on that to begin with. It's not our super carriers that matter as much as our ASW capacity.

Like many things... it's not how big it is but how you use it.

Furthermore, our current crop of Destroyers aren't a threat to anyone. Not even Cuba.

Re: Tit for tat

[hambone142]

"Treat the United States nicely or we'll bring democracy to your country"

Re: More slashdot fake news

[cshark]

Fact is Trump made a deal with Putin. Win me the election and will sanctions.

No, that's not a fact. It's pure conjecture.

Re: More slashdot fake news

[haruchai]

Fact is Trump made a deal with Putin. Win me the election and will sanctions.

No, that's not a fact. It's pure conjecture.

Don't we now live in a post-fact world? WSJ editor-in-chief Gerard Baker says that stories will *not* call Trump a liar as this is "too partisan" but will merely investigate his claims and post those stories separately for readers to make up their own minds.
However, the WSJ has had no qualms in labeling Edward Snowden a liar in several stories.

Re:Making molly

[Mr+D+from+63]

Hey Editor David, instead of covering up your ignorant original posting of this article by changing the headline with no explanation, how about just posting a new article. Now people are confused at comments below pointing out the erroneous headline which should have never been put here to begin with if you'd just tried a little to validate it.

Don't think like a hacker. Think like a spy.

[hey!]

If you were out to cripple the US electric grid, would you really start with an office computer in small municipal power company (fewer than 20000 customers) in the middle of nowhere?

Why not? You have to start somewhere, and the best place to start is often where people assume is not a good place to start. When Israeli and US intelligence decided to take down Iran's air-gapped uranium centrifuges, they started with the least likely entry point imaginable: they infected the whole damned world, hoping that eventually Stuxnet would get to a machine used to program the PLCs in Iran's centrifuge controllers. And it worked.

In comparison office machines in a minor utility are practically a surgical strike on US electricity infrastructure. Or possibly the start of one.

The path to success in attacking a hard target is full of dead ends. But that wouldn't deter a national intelligence agency. This was a case of sloppy reporting -- jumping to conclusions. But if the malicious code was put on an electric utility machine by Russian intelligence you have to assume that the grid is at least one of their ultimate targets. Intelligence agencies are willing to spend years infiltrating and undermining organizations if the payoff is large enough.

So while this was not the hair-on-fire situation it was portrayed as, it's not a "meh" situation either. This is something people should take seriously.

Government please save us

[frovingslosh]

When will the Government start shutting down Fake News sites like the Washington Post?

Moronic

[s.petry]

You're not. It's become so blatantly Republican/Russian (Republissian?) that I come to this site to see what the Trump-camp talking points are for any given situation.

Just like leftist media, you are attempting to slander people because you can't win the argument. Democrats ran a horrible candidate, much worse than the Republican. Russia did not make the Democratic party push Hillary into the mix, behave questionably (at best) even with their own party members, to prop her up as the candidate. The Democratic party did this all on their own, and it failed. Pick a better candidate, a better platform, and try again next election.

Republicans, even Trump, is not for Russia, and your conflation makes you just as bad as CNN or any other crap media outlet spreading BS because their "chosen" candidate lost. Republicans like America, and just like Democrats of a couple decades ago, push for Americanism. The ideology being pushed by Trump matches much of Kennedy and other Democrats and Republicans. Peace through Strength is not a Trump thing. Negotiating with countries we are not necessarily friendly with is also not a Trump thing (Look at President Obama for pity sake). Populism and Nationalism are centuries old ideologies.

Now, as to why so many people here are now "Republican", at least in leanings, has much to do with age. The older people get, the more they tend to be conservative in their political views. The Democratic candidate, and the media handling of her, probably accelerated countless people into the Republican camp. That, and the fear most Republicans have of posting in public has been largely diminshed.

It's really a shame that instead of having dialogue and being accountable, the Democratic party and media simply slander everyone who disagrees with them. You AC, are included in that shameful act.