Can everyone puh-leeze calm down?
On December 30 2016, the Washington Post ran what sounded like a pretty serious story entitled “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say”.
In the current climate of claims that Russian-backed hackers may have meddled with the US election by leaking hacked documents and emails from Hillary Clinton’s campaign team, a story like that is likely to get a lot of interest.
Shame then that it wasn’t true.
As Burlington Electric revealed in a public statement, the truth was that they detected suspicious activity on a single laptop computer which was not even connected to its grid systems.
Well, whoopee-do. Finding a malware alert on a laptop is hardly breaking news.
A malware-infected laptop does not equal a cyber attack on the electric grid.
Just saying…
— Graham Cluley (@gcluley) December 31, 2016
Smarting slightly in the light of reality and criticism from computer security experts, the Washington Post revised its story, giving it a new headline: “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say”.
A few days have passed, and the Washington Post has published a new article on the ongoing investigation into the malware found on a single unconnected laptop.
This latest article doesn’t help fuel the dramatic scenario the Washington Post had earlier presented that the power grid is being targeted by the Kremlin’s finest hackers.
The headline? “Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation.”
Quite a turnaround there.
Read a little further, and you can see that it’s truly ridiculous that the Washington Post‘s original claims should ever have been taken so seriously (my emphasis):
An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.
Sheesh.
Let’s not be naive. I have no doubt that Russia is hacking American companies and organisations. But similarly I have no doubt that America is doing the same against companies and organisations in foreign nations, as are the Chinese, the Brits and countless others.
That’s just what countries do these days to gather intelligence on each other, and potentially cause disruption. It’s business as usual.
And alongside such state-sponsored hacking there are also a huge number of attacks perpetrated by organised criminal gangs, with little interest in politics but plenty of interest in stealing data, filling their pockets with cash, and commandeering computers to help them with their crimes.
We don’t know who might have infected the single laptop at Burlington Electric. But what we do know is that they were quite possibly not targeted, and that it’s a big mistake to jump to quick conclusions, or to present such incidents as being much serious than they really are.
"Shame then that it wasn't true."
Similar to the reaction of those who wished so much that the Duke lacrosse team had committed the crimes they were falsely accused of. As one mainstream editor lamented:
"The narrative was right, but the facts were wrong".
Oh, for objective journalism!
That turn of phrase surprised me too, but I think I will give GC the benefit of the doubt – it's a common turn of phrase to lament the inaccuracies, and NOT to be taken that Graham wishes the hack WAS state sponsored by the Kremlin!
He could also mean that "it's a shame on them for reporting inaccuracies"
Precisely.
Thanks Paul, and yes – you're correct, of course.
Why is it, Paul, you'd be inclined to give "GC" the "benefit of the doubt? That "it's a shame" comment is likely revealing about Mr. Cluley's frame of reference. This is not the first time that he has "reported," often breathlessly, about this or that perceived misdeed of the US. When called out for his political – and perhaps cognitive – biases, he simply takes refuge in the words of his banner that he provides "security news, and opinions."
Worth keeping this in mind when you review the postings in this blog. Much useful, but none so good that you can separate your analytical, objective brain from the embedded wishful thinking.
Don't worry Tom. I am prepared to have a pop at everyone if they prove themselves to be lacking when they should be setting a better example.
For instance, this site has criticised both Donald Trump and Hillary Clinton for their weak grasp of computer security.
The reporting in the Washington Post is often quite good, but in this case they dropped the ball – and I don't believe in protecting them from criticism on this occasion.
Who still uses Yahoo email?
Not actually a mistake from their point of view. I mean, clearly incorrect and a bit embarrassing, (if people notice), but a big boost in traffic and advancing their political agenda:
"WashPost Is Richly Rewarded for False News About Russia"
https://theintercept.com/2017/01/04/washpost-is-richly-rewarded-for-false-news-about-russia-threat-while-public-is-deceived/