WashPost Keeps Alive Russia-Grid Hacking Story Despite Spectacularly Falling Apart

January 2nd, 2017 2:27 PM

UPDATE, January 3: "WashPost on Russian Connection to Vermont Utility Hack: Never Mind" 

A serious case of miscues happened to the Washington Post after reporters Juliet Eilperin and Adam Entous posted a Friday story (now time-stamped as if it was Saturday) claiming in its headline that "Russian hackers penetrated U.S. electricity grid through a utility in Vermont."

The claim, according to the utility involved, is false. As a result, the paper, in an "Editor's Note," told readers that "The computer at Burlington Electric that was hacked was not attached to the grid." Once that was known, the story should have arguably been pulled, or perhaps left standing but with its contents entirely crossed out to shame those involved in creating it, all of whom should be facing some form of publicly visible discipline.

Instead, the paper appears to have done all it could — and, in my view, continues to do all it can — to create and maintain the false impressions created by the misleading news it originally published.

Kalev Leetaru at Forbes has chronicled in great detail how the story fell apart.

Readers should go there and read Leetaru's entire column to fully grasp the seriousness of the journalistic calamity plus the Post's stubborn and ongoing attempts to downplay it.

Here are excerpts from that Sunday afternoon column which capture only some of the Post's misleading and preservationist tactics. I will emphasize how the Post is continuing to convey false impressions (some of Leetaru's work presented here does not appear in the same order as originally published; bolds are mine throughout this post):

"Fake News" And How The Washington Post Rewrote Its Story On Russian Hacking Of The Power Grid

The (Post's) lead sentence offered “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials” and continued “While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability.”

Yet, it turns out this narrative was false and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts.

... sometime between 9:24PM and 10:06PM the Post updated the article to indicate that multiple computer systems at the utility had been breached ("computers" plural), but that further data was still being collected ...

... (but) the publication date of the article remained unchanged and no editorial note was appended, meaning that a reader being forwarded a link to the article would have no way of knowing the article they were seeing was in any way changed from the original version published 2 hours prior.

... the utility company itself finally issued a formal statement at 9:37PM EST, just an hour and a half after the Post's publication, pushing back on the Post’s claims: “We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.”

... (Thus,) the story suddenly became that a single non-grid laptop had a piece of malware on it and that the laptop was not connected to the utility grid in any way.

What remains at the Post is a pathetic attempt to give readers, especially those who read only the headline, the unproven impression that Russia is trying to attack an electrical grid which is now suddenly far more vulnerable than any of us thought:

Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say

Editor’s Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.

Before getting to the headline and Editor's Note, I should also point out that Post hasn't changed its article's URL, which still says that the grid was successfully penetrated:

https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html

Now let's separately address the headline and the Editor's Note.

The headline begins the obsession with Russia. Some form of "Russia" appears 25 times in the Post's report. But as Leetaru correctly observes:

The utility indicated only that a laptop was found to contain malware that has previously been associated with Russian hackers. As many pointed out, the malware in question is actually available for purchase online, meaning anyone could have used it and its mere presence is not a guarantee of Russian government involvement. Moreover, a malware infection can come from many sources, including visiting malicious websites and thus the mere presence of malware on a laptop computer does not necessarily indicate that Russian government hackers launched a coordinated hacking campaign to penetrate that machine - the infection could have come from something as simple as an employee visiting an infected website on a work computer.

Thus, the use of the malware does not automatically tag what occurred as a "Russian operation," let alone one associated with the dreaded "Grizzly Steppe," which was the subject of a conveniently timed Thursday "Joint Analysis Report" from the Department of Homeland Security and the FBI.

Yet the entire body of Post pair's report presupposes that a "Russian operation" is involved, without providing any evidence that it's anything more than hackers anywhere on earth working for anyone on earth or maybe even no one at all employing "malware that has previously been associated with Russian hackers." So all one can say, despite the Post's headline, is that "someone hacked an off-grid computer at a Vermont utility."

As to the rest of the headline, though such reasons may exist, the Post story does not provide any specific reason why the reader should believe that the successful penetration of an off-grid computer inside a utility poses significantly more danger to the grid that the successful penetration of a computer at, say, any individual's personal residence. What kind of hardware and other controls are in place to prevent a non-grid computer inside a utility from communicating with one that's on the grid?

The guess here is that they are ordinarily quite substantial. If that's so, there is little to no support — other than "officials say," where the "officials" involved can credibly be accused of having a desire to score political points — for the rest of the headline's contention of the off-grid hack "showing risk to U.S. electrical grid security."

In other words, the Post's headline is still fundamentally dishonest.

Leetaru emphasizes why that dishonesty has consequences (link is in original):

... one driving force of fake news is that as much of 60% of the links shared on social media are shared based on the title alone, with the sharer not actually reading the article itself.

Here's Leetaru's rendering of the back story relating to the Editor's Note:

Only after numerous outlets called out the Post’s changes did the newspaper finally append an editorial note at the very bottom of the article more than half a day later saying “An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.”

Yet, even this correction is not a true reflection of public facts as known (for reasons described above — Ed.).

Further pressure eventually caused the Post to decide to move the Editor's Note so that it now appears immediately after the story's headline.

The revised headline and Editor's Note, as shown above, remain completely unsatisfactory. The headline still misleads about Russia, and the story's content fails to demonstrate "risk to electrical grid security" beyond what has long been known. Additionally, the Editor's Note, as well as the first accompanying video at the story, still presuppose that the off-grid hack was part of a "Russian operation" without solid evidence.

This Post report, even after its revisions and the inclusion of its Editor's Note, can easily be seen by you (the readers) as an example of "fake news" and one that you'll want to keep in mind for the rest of 2017.

Cross-posted at BizzyBlog.com.