Washington Post Falsely Claims Russia Hacked Vermont Utility, Because OMG RUSSIANS!

from the show-your-math dept

When a mainstream press that isn't always good at what it does meets technology it doesn't understand, the end result is often frustrating, if not comedic. Hacking is certainly no exception, given it's a realm where perpetrators are difficult to identify, hard proof is often impossible to come by, and hackers worth their salt either leave false footprints -- or no footprints at all. Throw in a press that's incapable of identifying and avoiding its own nationalism, and often all-too-gullible to intelligence industry influence, and you've got a fairly solid recipe for dysfunction when it comes to hacking-related news coverage.

Some of the resulting coverage has been highly entertaining -- such as CNN using a screen shot from the popular game Fallout 4 in a story about hacking and hoping nobody would notice. Other examples have been decidedly more troubling, such as the Washington Post's epic face plant over the holiday break.

Last Saturday the Post ran a story claiming that Russia was responsible for the hacking of Burlington Electric, a Vermont utility. According to the original Washington Post story, government sources claimed that code "associated with the Russian hacking operation dubbed Grizzly Steppe" was detected at the utility. The story was stuffed to the gills with all manner of pearl-clutching and outrage among politicians convinced Putin was actively trying to bring down the grid:

“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Shumlin said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling."

Unsurprisingly, the story quickly gained traction in the media, with numerous reports pouring gasoline on the idea that Russia has escalated its cyber offensives to include targeting sensitive American infrastructure. Many broadly speculated that other utilities had been compromised and that we were at the brink of war.And while it's true that the power grid is vulnerable to hackers (increasingly so courtesy of the internet-of-not-so-smart things), it turns out that Putin had nothing to do with the particular "attack" on the Vermont utility. In fact, in a follow up story and corrections made to the original report, the Post ultimately had to acknowledge that the malware in question was only found on one laptop, had nothing to do with the Russian government, and was never actually in contact with the grid itself:

"An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity."

That's obviously a pretty far cry from the hysteria bouncing around the news wires as the new year arrived. Thanks, again, to news outlets that are all too eager to take the breathless claims of a few anonymous officials as gospel without doing the heavy lifting required to first ensure the information is useful, or accurate. As it turns out, the Post hadn't even bothered to contact Burlington Electric, which was forced to issue its own statement to the Burlington Free Press clarifying what happened, and making it clear the laptop was never in contact with any electrical system.

All told, Burlington Electric had simply received a notification from Homeland Security sent to all utilities warning them to keep an eye out for particular malware. The company only found the malware and laptop in question after doing a scan off all of the company's systems. And as it turns out, the "Russian malware" in question could have simply been made by a Russian and purchased by anybody. Needless to say, the Washington Post then spent the lion's share of the next few days editing the story, changing the headline repeatedly, and walking back the story's claims.

But most of the stories regurgitating the Post's original claims were never updated or corrected.

Reporting on hacking isn't easy. Disinformation is everywhere, and many outlets continue to illustrate they're easily manipulated, thanks to a nationalism bias they're somehow still unaware of. But the Washington Post simply failed to do even the basics, inflaming notable tensions between two giant countries because it couldn't bother to pick up the phone. Yes, Russia hacks us (and uses propaganda against us and other countries) constantly. The United States does the same. Proof of either is often impossible to come by, but that still doesn't mean it's not required before jumping to conclusions.

As tensions rise facts matter more than ever, and sloppy reporting only fuels those quite intentionally looking to take these often-dangerous and idiotic cyber-offensive policies to an entirely new level.

Filed Under: electrical grid, hacking, journalism, russia, russians, technology, vermont
Companies: burlington electric, washington post