Washington Post backtracks on frenzied reporting of Russian hack attack against power grid

Don’t panic.

Graham Cluley
Graham Cluley
@
@[email protected]
@gcluley

Washington Post backtracks on frenzied reporting of Russian hack attack against power grid

Can everyone puh-leeze calm down?

On December 30 2016, the Washington Post ran what sounded like a pretty serious story entitled “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say”.

Washington Post

Sign up to our free newsletter.
Security news, advice, and tips.

In the current climate of claims that Russian-backed hackers may have meddled with the US election by leaking hacked documents and emails from Hillary Clinton’s campaign team, a story like that is likely to get a lot of interest.

Shame then that it wasn’t true.

As Burlington Electric revealed in a public statement, the truth was that they detected suspicious activity on a single laptop computer which was not even connected to its grid systems.

Well, whoopee-do. Finding a malware alert on a laptop is hardly breaking news.

Smarting slightly in the light of reality and criticism from computer security experts, the Washington Post revised its story, giving it a new headline: “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say”.

Washington Post revised article

A few days have passed, and the Washington Post has published a new article on the ongoing investigation into the malware found on a single unconnected laptop.

This latest article doesn’t help fuel the dramatic scenario the Washington Post had earlier presented that the power grid is being targeted by the Kremlin’s finest hackers.

Washington Post

The headline? “Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation.”

Quite a turnaround there.

Read a little further, and you can see that it’s truly ridiculous that the Washington Post‘s original claims should ever have been taken so seriously (my emphasis):

An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.

Sheesh.

Let’s not be naive. I have no doubt that Russia is hacking American companies and organisations. But similarly I have no doubt that America is doing the same against companies and organisations in foreign nations, as are the Chinese, the Brits and countless others.

That’s just what countries do these days to gather intelligence on each other, and potentially cause disruption. It’s business as usual.

And alongside such state-sponsored hacking there are also a huge number of attacks perpetrated by organised criminal gangs, with little interest in politics but plenty of interest in stealing data, filling their pockets with cash, and commandeering computers to help them with their crimes.

We don’t know who might have infected the single laptop at Burlington Electric. But what we do know is that they were quite possibly not targeted, and that it’s a big mistake to jump to quick conclusions, or to present such incidents as being much serious than they really are.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

9 comments on “Washington Post backtracks on frenzied reporting of Russian hack attack against power grid”

  1. Phil Potts

    "Shame then that it wasn't true."

    Similar to the reaction of those who wished so much that the Duke lacrosse team had committed the crimes they were falsely accused of. As one mainstream editor lamented:

    "The narrative was right, but the facts were wrong".

    Oh, for objective journalism!

    1. Paul · in reply to Phil Potts

      That turn of phrase surprised me too, but I think I will give GC the benefit of the doubt – it's a common turn of phrase to lament the inaccuracies, and NOT to be taken that Graham wishes the hack WAS state sponsored by the Kremlin!

      1. graphicequaliser · in reply to Paul

        He could also mean that "it's a shame on them for reporting inaccuracies"

        1. Graham CluleyGraham Cluley · in reply to graphicequaliser
      2. Graham CluleyGraham Cluley · in reply to Paul

        Thanks Paul, and yes – you're correct, of course.

  2. Tom Smith

    Why is it, Paul, you'd be inclined to give "GC" the "benefit of the doubt? That "it's a shame" comment is likely revealing about Mr. Cluley's frame of reference. This is not the first time that he has "reported," often breathlessly, about this or that perceived misdeed of the US. When called out for his political – and perhaps cognitive – biases, he simply takes refuge in the words of his banner that he provides "security news, and opinions."

    Worth keeping this in mind when you review the postings in this blog. Much useful, but none so good that you can separate your analytical, objective brain from the embedded wishful thinking.

    1. Graham CluleyGraham Cluley · in reply to Tom Smith

      Don't worry Tom. I am prepared to have a pop at everyone if they prove themselves to be lacking when they should be setting a better example.

      For instance, this site has criticised both Donald Trump and Hillary Clinton for their weak grasp of computer security.

      The reporting in the Washington Post is often quite good, but in this case they dropped the ball – and I don't believe in protecting them from criticism on this occasion.

  3. Richard

    Who still uses Yahoo email?

  4. Etaoin Shrdlu

    Not actually a mistake from their point of view. I mean, clearly incorrect and a bit embarrassing, (if people notice), but a big boost in traffic and advancing their political agenda:

    "WashPost Is Richly Rewarded for False News About Russia"

    https://theintercept.com/2017/01/04/washpost-is-richly-rewarded-for-false-news-about-russia-threat-while-public-is-deceived/

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.