The Washington Post on Friday reported a genuinely alarming event: Russian hackers have penetrated the US power system through an electrical grid in Vermont. The Post headline conveyed the seriousness of the threat:
Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say
The first sentence of the article directly linked this cyber-attack to alleged Russian hacking of the email accounts of the DNC and John Podesta – what is now routinely referred to as “Russian hacking of our election” – by referencing the code name revealed on Wednesday by the Obama administration when it announced sanctions on Russian officials: “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.”
The Post article contained grave statements from Vermont officials of the type politicians love to issue after a terrorist attack to show they are tough and in control. The state’s Democratic Governor, Peter Shumlin, said:
Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety. This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.
Vermont Senator Patrick Leahy issued a statement warning: “This is beyond hackers having electronic joy rides – this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter. That is a direct threat to Vermont and we do not take it lightly.”
The article went on and on in that vein, with all the standard tactics used by the US media for such stories: quoting anonymous national security officials, reviewing past acts of Russian treachery, and drawing the scariest possible conclusions (“‘The question remains: Are they in other systems and what was the intent?’ a US official said”). ... The Post’s story also predictably and very rapidly infected other large media outlets. Reuters thus told its readers around the world: “A malware code associated with Russian hackers has reportedly been detected within the system of a Vermont electric utility.”
What's the problem here? It did not happen.
There was no “penetration of the US electricity grid.” The truth was undramatic and banal. Burlington Electric, after receiving a Homeland Security notice sent to all US utility companies about the malware code found in the DNC system, searched all their computers and found the code in a single laptop that was not connected to the electric grid.
Apparently, the Post did not even bother to contact the company before running its wildly sensationalistic claims, so they had to issue their own statement to the Burlington Free Press which debunked the Post’s central claim (emphasis in original): “We detected the malware in a single Burlington Electric Department laptop NOT connected to our organization’s grid systems.”
Fair use excerpt. Read the rest of the article here.