Washington Post Retracts Story About Russian Hackers Penetrating US Electricity Grid

Those anonymous U.S. officials who reported Russian hacking code had been found "within the system" of a Vermont power utility must've been surprised to learn the code was on a laptop that wasn't actually connected to the grid. The Washington Post has updated their original story, which now reports that "authorities" say there's no indication that Russian hackers have penetrated the U.S. electric grid.

The Post's newly-edited version now appears below (with their original and now-deleted text preseved inside brackets). A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials. While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the discovery underscores the vulnerabilities of the nation's electrical grid... [Was "the penetration of the nation's electrical grid is significant because it represents a potentially serious vulnerability."]

American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The incursion [was "penetration"] may have been designed to disrupt the utility's operations or as a test by the Russians to see whether they could penetrate a portion of the grid... According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.
The Vermont utility does report that they'd "detected suspicious Internet traffic" on the laptop, but they believe subsequent news coverage got the story wrong. "It's unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country."

Meh

[Anonymous Coward]

Here we go again. This reminds me of a boy, a boy who loved to cry wolf.

Re:

[unixisc]

Here we go again. This reminds me of a boy, a boy who loved to cry wolf.

Precisely. After a year of troll articles about Trump, /. has now become Russia Watch. In addition to a meteorological site. Fuck BeauHD, MSMASH, EditorDavid and WhipSlash. I joined this the day after CmdrTaco left, but the articles used to be about tech stuff - be it OSs, computers, phones, et al

Re:Meh

[Dutch Gun]

Republicans like me have been here a long time. There just didn't used to be so many political stories here on Slashdot.

Re:

[hambone142]

Which one are you?

A Republican or a Russian operative?

Re:

[Anonymous Coward]

We've been pulled into an alternate universe where the liberals are war mongering sociopaths who justify their actions with fake news while complaining about fake news.

Please 2017 hurry up.

Re:Meh

[unixisc]

So this would be the same people who endorse Obama/Kerry's treatment of our only Mid-Eastern ally Israel on their way out, but are miffed that Trump supporters are not being patriotic enough?

Israel isn't anybody's ally

[rsilvergun]

except Israel's. Not saying that's a reason to throw 'em under a bus, but it's also no reason to support their interests over anybody else's.

Re:

[NoImNotNineVolt]

our only Mid-Eastern ally Israel

Is Saudi Arabia no longer part of the Middle East? Oman? UAE?

Re:

[unixisc]

None of the Arab countries are our allies - not Saudi Arabia, not Oman, not UAE, not Qatar, not Kuwait, none of them. Relations transcend mere government to government interactions

Moronic

[s.petry]

You're not. It's become so blatantly Republican/Russian (Republissian?) that I come to this site to see what the Trump-camp talking points are for any given situation.

Just like leftist media, you are attempting to slander people because you can't win the argument. Democrats ran a horrible candidate, much worse than the Republican. Russia did not make the Democratic party push Hillary into the mix, behave questionably (at best) even with their own party members, to prop her up as the candidate. The Democratic party did this all on their own, and it failed. Pick a better candidate, a better platform, and try again next election.

Republicans, even Trump, is not for Russia, and your conflation makes you just as bad as CNN or any other crap media outlet spreading BS because their "chosen" candidate lost. Republicans like America, and just like Democrats of a couple decades ago, push for Americanism. The ideology being pushed by Trump matches much of Kennedy and other Democrats and Republicans. Peace through Strength is not a Trump thing. Negotiating with countries we are not necessarily friendly with is also not a Trump thing (Look at President Obama for pity sake). Populism and Nationalism are centuries old ideologies.

Now, as to why so many people here are now "Republican", at least in leanings, has much to do with age. The older people get, the more they tend to be conservative in their political views. The Democratic candidate, and the media handling of her, probably accelerated countless people into the Republican camp. That, and the fear most Republicans have of posting in public has been largely diminshed.

It's really a shame that instead of having dialogue and being accountable, the Democratic party and media simply slander everyone who disagrees with them. You AC, are included in that shameful act.

Re:

[unixisc]

Funny. I notice more of a semblance to Huffington Post or the Guardian - two favorites of enough posters here

Re: Meh

[Anonymous Coward]

Hey genius, if you didn't fucking notice (and you didn't), all they did was copy the Crowdstrike report. And guess what, Crowdstrike was paid by the DNC.

Re: Meh

[Dutch Gun]

Do you trust all the three letter agencies when they tell us they need to plant backdoors in all our phones and computers to keep us safe?

Re:

[Fire_Wraith]

Their oath isn't to the president - it's to uphold and defend the Constitution of the United States of America. The vast majority of the defense and intelligence community (because there's a huge overlap, and several of the 17 agencies are part of the military, plus many of those who aren't are chock full of veterans) also tend to be highly professional about doing their jobs regardless of who's in charge, particularly the rank and file analysts who do the actual work on this stuff.

Re:

[HornWumpus]

The low level people are absolutely keeping their mouths shut. We are hearing from political appointees, saying what they are instructed to say.

Re:Meh

[INT_QRK]

One should assume a posture of tentative disbelief about anything with potential political charge that one reads in the media pending sufficient corroboration from multiple sources over time.

Re:

[pipingguy]

But it's sooo important to be the FIRST! to report on something for all that fame, glory and cash! Self-important, sensationalist morons, all of them.

Hey did you hear that Mariah Carey's problem last night was that the monitors were broken and she couldn't sing because she couldn't read the lyrics?

Re:

[ClickOnThis]

Here we go again. This reminds me of a boy, a boy who loved to cry wolf.

The "boy who cried wolf" knew he was lying.

The Washington Post made a mistake, and corrected it.

Learn to recognize the difference.

Re:

[Mr D from 63]

They didn't make a mistake. They made up claims that the grid was penetrated when hey were clearly told it wasn't.

Re:Meh

[ClickOnThis]

From the Burlington Electric website linked in TFS:

Federal officials have indicated that this specific type of Internet traffic also has been observed elsewhere in the country and is not unique to Burlington Electric. It’s unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country.

So, Burlington Electric itself is admitting mea culpa on this one.

Re:

[DougDot]

Responsible journalists verify before publishing.

Government please save us

[frovingslosh]

When will the Government start shutting down Fake News sites like the Washington Post?

Re:

[unixisc]

Not for not knowing how to use e-mails, but for maintaining her OFFICIAL WORK ON A PRIVATE SERVER, CRETIN!!!

Re: More slashdot fake news

[cshark]

Fact is Trump made a deal with Putin. Win me the election and will sanctions.

No, that's not a fact. It's pure conjecture.

Re: More slashdot fake news

[haruchai]

Fact is Trump made a deal with Putin. Win me the election and will sanctions.

No, that's not a fact. It's pure conjecture.

Don't we now live in a post-fact world? WSJ editor-in-chief Gerard Baker says that stories will *not* call Trump a liar as this is "too partisan" but will merely investigate his claims and post those stories separately for readers to make up their own minds.
However, the WSJ has had no qualms in labeling Edward Snowden a liar in several stories.

Re:

[ichthus]

Oh yes, Somebody made deals with Putin [snopes.com], but you're thinking of the wrong guy.

Re:More slashdot fake news

[Dutch Gun]

That's about the most lame "retraction" I've seen to a fake news story. The entire central premise has been destroyed, but 98% of the article remains unchanged. That's not a retraction. Also of note:

Original Slashdot headline:

Russian Hackers Penetrated The US Electricity Grid, Say Officials (washingtonpost.com)
Posted by EditorDavid on Saturday December 31, 2016 @10:34AM from the power-play dept.

blah, blah, fake story

Conveniently, now Slashdot now doesn't have that lingering headline showing they fell for this idiocy as well. I thought I'd just post it for posterity here.

Re:

[HanzoSpam]

Given the intelligence of the typical Washington Pest reporter, this really shouldn't be a surprise:

When I came home from my last TV hit, the kids, ages 4 and 5 months, were asleep. The house was quiet. I was still full of caffeine and do-gooder energy and decided to tidy up.

Among the clutter on the coffee table, I found my 4-year-old’s Party Popper, a bright yellow gun that fired confetti. For some reason, I held the gun up to my eye and looked down the barrel, the way Yosemite Sam always does.

It loo

Re:More slashdot fake news

[tinkerton]

You mean it should have been Russian Hackers Failed to Penetrate The US Electricity Grid, Say Officials? No retraction needed then and the scarefactor is still good.

Re:More slashdot fake news

[Dutch Gun]

Fine, we can call it what it really was, which was political propaganda. How else do you explain that a single laptop getting infected with malware gets elevated to the level of national news?

And no, this wasn't a simple mistake. A simple mistake is getting a name or peripheral fact incorrect, and we can forgive that so long as corrections are made, because we're all human, and all make mistakes. Rather, the entire premise to the original story was shown to be false, but the story still remains in almost its entirety. Not a single call to Burlington Electric was made prior to publishing... the simplest, most basic fact checking you'd expect of a professional journalist or organization. Quite simply, this was journalistic malpractice. Only one of two possibilities seem likely - either the WaPo organization is simply incompetent and doesn't understand how to do proper journalism, or they rushed the story out because they had their eye on a political narrative they wanted to push, and facts be damned, this couldn't wait. This is not the first time they've been caught doing this either, when they promoted an absurd "fake news blacklist" with questionable sources [rollingstone.com] a bit over a month ago.

Even some thoughtful left-leaning journalists are having a hard time swallowing these latest reports about Russian hacking [rollingstone.com], as they're all too aware of how governments are perfectly willing to lie when it suits their purpose (on both sides, mind you). All I ask is that you look at these reports through the lens of a skeptic, and ask why these stories are getting pushed to the front of the newsfeed. And what has changed so that so many people are willing to believe our three letter agencies without question, when they've been caught in lie after lie after lie these past many years? Why the change in heart when it comes to these Russian hacking reports, and subsequent stories that seem to neatly dovetail into that line?

Re: More slashdot fake news

[ganjadude]

yeah that was a bad troll. i mean. we werent playing a game where popular vote matters, thats like saying the winning world series team lost too, because the losing team actually had more runs (or hits, or fans in the stands or any other irrelevant point that has nothing to do with the actual rules)

Re:

[ClickOnThis]

Here we go again. This reminds me of a boy, a boy who loved to cry wolf.

Considering the update, which negates the story, does this count as that "fake news" we've been hearing about?

No, it doesn't.

Fake news is a story that is presented as factual news (not satire) whose author knows it to be untrue, and who publishes it with the intent to deceive.

It is not the same as a news item whose author pursues the truth in good faith, but gets it wrong and then later posts a correction. That is what WP did here.

Re:

[Jiro]

It is not the same as a news item whose author pursues the truth in good faith

The Washington Post did not post that in good faith. They posted it because Russian hackers have been used as an excuse to bash Trump, and the Washington Post's narrative is anti-Trump.

Also, the phrase "reckless disregard for the truth" applies here. They aren't excused from having posted fake news just because they didn't care if it was true and didn't bother checking.

Re:Making molly

[Mr D from 63]

Hey Editor David, instead of covering up your ignorant original posting of this article by changing the headline with no explanation, how about just posting a new article. Now people are confused at comments below pointing out the erroneous headline which should have never been put here to begin with if you'd just tried a little to validate it.

Don't think like a hacker. Think like a spy.

[hey!]

If you were out to cripple the US electric grid, would you really start with an office computer in small municipal power company (fewer than 20000 customers) in the middle of nowhere?

Why not? You have to start somewhere, and the best place to start is often where people assume is not a good place to start. When Israeli and US intelligence decided to take down Iran's air-gapped uranium centrifuges, they started with the least likely entry point imaginable: they infected the whole damned world, hoping that eventually Stuxnet would get to a machine used to program the PLCs in Iran's centrifuge controllers. And it worked.

In comparison office machines in a minor utility are practically a surgical strike on US electricity infrastructure. Or possibly the start of one.

The path to success in attacking a hard target is full of dead ends. But that wouldn't deter a national intelligence agency. This was a case of sloppy reporting -- jumping to conclusions. But if the malicious code was put on an electric utility machine by Russian intelligence you have to assume that the grid is at least one of their ultimate targets. Intelligence agencies are willing to spend years infiltrating and undermining organizations if the payoff is large enough.

So while this was not the hair-on-fire situation it was portrayed as, it's not a "meh" situation either. This is something people should take seriously.

Re:

[NoImNotNineVolt]

But if the malicious code was put on an electric utility machine by Russian intelligence you have to assume that the grid is at least one of their ultimate targets.

Sure, as long as you're consistent in your reasoning. So if the malicious code was put on Joe Sixpack's machine by Russian intelligence you have to assume that the general public is also one of their ultimate targets. And indeed, this being generic malware available for purchase, your reasoning really starts to look questionable.

This is a very serious accusation

[Frank Burly]

I will not believe this is true until Trump says it isn't a big deal.

OH NOES! IT'S THE RUSSIANS

[Anonymous Coward]

1980's are now calling to ask for their foreign policy back [talkingpointsmemo.com]

"Gov. Romney, I'm glad you recognize al-Qaeda is a threat, because a few months ago when you were asked what is the biggest geopolitical group facing America, you said Russia — not al-Qaeda. And the 1980's are now calling to ask for their foreign policy back — because the Cold War has been over for 20 years.

So, which is it?

Re:OH NOES! IT'S THE RUSSIANS

[Frank Burly]

Russia is still not an existential threat to anyone but her former client states. This isn't a problem that Romney's larger Navy would have solved (and I'm surprised that Russian nationals and domestic rightists are so offended by this throwaway zinger 4 years later). But in retrospect, Obama underestimated Russia's guile. Rather than do catastrophic harm to the United States, Russia (like Al Queda) has done minor harm that led the United States do major harm to itself (the Iraq war, Trump).

Re:OH NOES! IT'S THE RUSSIANS

[jedidiah]

Beyond the obvious fact that you are overlooking Russia's nuclear stockpile, your analysis of US-Russian Naval warfare seems delusional at best. A larger surface fleet was never the answer to the Russians that never focused on that to begin with. It's not our super carriers that matter as much as our ASW capacity.

Like many things... it's not how big it is but how you use it.

Furthermore, our current crop of Destroyers aren't a threat to anyone. Not even Cuba.

Tit for tat

[Anonymous Coward]

You can't use your NSA to break in, spy, and sabotage industries, utilities, and governments, around the world. If you conduct malicious and damaging operations like you have for decades, expect that the world will respond.

Re:Tit for tat

[Ryanrule]

russia does not represent the worlds interests, very far from in fact.

Re:Tit for tat

[beelsebob]

Nor does the USA.

Re:

[richard kettle]

If you think that moral relativism is an insult, I would point out that it simply is the case. I have lived in many countries and guess what? Their morals are reflective of their needs, their history, their desires, their environment, their Gods etc. Perhaps you are thinking of ethics, for that is the hiding place of cowards. If you think you are right, you do not have morals, but ethics.

Re:Tit for tat

[ScentCone]

So what you're saying is that you have no understanding of what morals and ethics actually are. No wonder you opt for sounding so petulant on the subject, in order to distract from your unwillingness to discuss the matter in real terms.

Your moral framework derives directly from your value system. If your value system is based on false and or mixed premises, your moral code will either be objectively evil or simply so internally hypocritical and contradictory that it cannot be used to shape a workable bundle of ethics. If you think that living in another country where the environment is different means that one's evaluation of whether or not it's OK to (for example) murder, rape, steal, enslave, lie, etc would be different, then your entire understanding of the matter is so under (or mal) informed, or you are so willing to be disingenuous in the interests of being able to sound like a condescending superior, that you really should excuse yourself from making such lectures. Especially when you decide to trot out words like "cowards" while making such a craven display of your own.

Re: Tit for tat

[Ichijo]

The world is in a very precarious position if peace depends so much on a single country. Where's the redundancy that protects the world if something happens to the USA?

Re: Tit for tat

[ScentCone]

Where's the redundancy that protects the world if something happens to the USA?

Excellent question. Why won't other countries agree to shoulder anything at all like their own share of that load? Because Americans are far too generous that way, but do it anyway because not doing so means having to deal with the even more expensive consequences later. We can't totally wash our hands of that chore, no matter how lazy other countries are, because it will end up just like the last two world wars when we hoped to avoid that expensive and deadly work for too long as well, and still had to get involved.

Re:

[hambone142]

They tried to reunite their country that the French separated. The "domino effect" was later proven to be 100% bullshit.

Kennedy went in and made the problem worse supporting their puppet South Vietnam's Catholic "leader". Both parties contributed to the mess beyond that.

Ironically, Nixon ended it but only because parents got tired of getting their sons sent to die in a war that would never be won.

Re: Tit for tat

[hambone142]

"Treat the United States nicely or we'll bring democracy to your country"

Re:Tit for tat

[king neckbeard]

Our posture is fucking horrific. We support Israel even when they blatantly violate international law. We've long sided with Saudi Arabia, the world's largest state sponsor of terrorism. We overthrew Iraq, creating ISIS. We're largely responsible for arming a good chunk of the terrorists in the world. Yeah, Russia does shitty things, but our problems are big enough that our first concern should be fixing our own problems. Not understand that, along with the unbelievable hubris of the Clintonites, is why the Democrats got their asses kicked in this election, and why they've been getting their asses kicked for so long.

As it stands right now, the best thing that could happen for world peace is for the US to go down in flames. I would rather that not happen, but if we listen to people like you instead of behaving like adults, the rational choice for the world at large is to get rid of us.

Evaluate the U.S. government? No, too many secrets

[Futurepower(R)]

"... the US's general posture in the world is wildly preferable..."

The U.S. government has many secret and semi-secret agencies. No one, literally no one, knows all of them, or which are badly managed. As we've seen, the secret and semi-secret U.S. government agencies often hire outside consulting companies that often have areas of sloppy management.

The U.S. government is, by some measures, such as money spent, the most violent in the world.

The U.S. government has killed, or caused the death of, an estimated 11,000,000 people since the end of the 2nd world war.

War is extremely profitable for some corporations. See the book, House of Bush, House of Saud [amazon.com], by Craig Unger. Bush and Cheney started a war that was profitable for them.

The U.S. has the largest percentage of its citizens in prison, of any country, in any century. The prison system is hugely profitable for prison corporations. Two of the many articles:

ACLU: With only 5% of the world's population, the U.S. has 25% of the world's prison population [aclu.org].

ThinkProgress: The United States Has The Largest Prison Population In The World -- And It's Growing [thinkprogress.org].

Re:

[epyT-R]

Compared to how many deaths by the Russians? By the Germans? At this point, I don't think any country with any sort of history measured in centuries can claim the high ground on violent acts.

Then you follow with non-sequitur alarmist speak. How are you different than Alex Jones again?

Re:Evaluate the U.S. government? No, too many secr

[hambone142]

Watching the video "Why We Fight" explains a lot of this.

Eisenhower warned us about the Military Industrial Complex.

Now both parties are dependent upon war for a successful economy.

Notice we're still in Afghanistan.

Why?

Re:

[Shane_Optima]

Now both parties are dependent upon war for a successful economy.

Nonsense. Peacetime military spending has never been an issue for us.

Notice we're still in Afghanistan.

Because the Taliban were stronger than the "moderate" forces in Afghan society, and still are. We can't fix Afghanistan without resorting to draconian cultural imperialism (*real* cultural imperialism, not the SJW buzzword); we can only play for time and hope it somehow fixes itself.

This is largely due to the influence of conservative Islam and Islamism, but there are also some complex intersecting issues with the war on drugs, warlordi

Re:

[drinkypoo]

Our forces split the Shia, Kurd, and Sunni into separate militias and armed each of them. I won't use the word 'deliberately' because it's irrelevant. Whatever influence you think we're having in the world, you're wrong.

Re:

[rubycodez]

the USA has invaded a country that didn't attack it and was no threat to it, causing the death of hundreds of thousands of innocents and caused the creation of ISIS/ISIL with its ham fisted stupidity.

Tthat country was friend of the USA, and so the USA gave it's leader Saddam money and dual use tech to make bioweapons that killed tens of thosands.

Elsewhere in the world,t he CIA of the USA destabilized another country, and so certain ethnic Russians in an area of that country voted to rejoin Russia.

Who is the

Re:

[Shane_Optima]

It is not spinelessness to live and breathe in the real world, where everyone has blood on their hands and virtually every single decision of any significant magnitude is of a "lesser evil" sort.

* Increased Chinese and Russian dominance in the world is not preferable, and you'll find their direct oppression and foreign alliances are more cynical and destructive than anything we've recently done.

* The continued propagation of Salafism and pan-Islamism in the Muslim world is not preferable to the status

Re:Tit for tat

[blind biker]

People who can't muster the vertebrae to correctly observe that the US's general posture in the world is wildly preferable to Russia's are the sort of people who, on display, just cost the Democrats another large chunk of political power. If the US stops what they traditionally do, countries like Russian and Iran invade other countries and take them over. If Russia stops what it's doing, cities like Aleppo aren't turned into rubble through indiscriminate bombing by a country that wishes it could resurrect some good old fashioned socialist tyranny, just like the sweet, sweet days of the USSR. If Iran stops what it's doing, thousands of people aren't routinely killed over hair-splitting religious differences by a retrograde medieval theocracy that pours cash into terrorist operations. Yeah, the US is exactly like those things.

Actually, I would say it's Sunni Islam that is hell-bent on destroying any other religion, including "incompatible" versions of Islam. Whenever there is a suicide or otherwise bombing targeting civilians, whenever there is a church, a bar, or a mosque bombed or shot up, it's the work of a Sunni extremist, and practically never of a Shia Islamist. Personally I am a socialist atheist (much like Hitchens) so I don't have any horse in the race, but to me it's plainly clear that the US has been supporting Saudi Arabia quite aggressively, and the US' destabilizing actions in Syria, Yemen, Lybia and Iraq (resulting in the proliferation of Sunni movements like ISIS and various Al-Quaeda affiliates) must have been, at least partly, been directed by the powers in the Saudi kingdom. If not, then the US are dangerous suckers, and either way, the US' foreign policy does not make the world a better place. I don't like Russia's self-serving leadership, but I am glad there is a counter-force to the Wahabi-Sunni-US block.

Re:

[HornWumpus]

Ours, sowing chaos so the sunnis/shia kick the fight out of each other is _clearly_ the least evil path. They deserve each other, being two sides of the same religion. Just as the Catholics deserved the Protestants, and vice versa, in their days of open war.

GOTO fail

[raymorris]

if (usa.spies)
usa.get_leverage();
china.spies = true;
russia.spies = true;

For non-programmers, Russia, and especially China, will do this regardless of whether the US does it. In theory, it could be reduced by treating an electronic attack the same as a physical attack; China isn't going to bomb the USA. However in practice it's very difficult to know whether a cyber attack is state-sponsored or not. An attack by Russian

Re:Tit for tat

[dilvish_the_damned]

While the phishing attack may have originated in Russia, I find it disingenious to portray everything as state sponsored when the evidence is weak at best. To me its something akin to suggesting we need to retaliate against Australia every time Julian Assange takes a leak.

Re:

[Highdude702]

My question... DID EVERYBODY FORGET ABOUT THIS NEW TECHNOLOGY CALLED "PROXY" WHERE YOU CAN TUNNEL YOUR TRAFFIC THRU A LEGIT OR... GET THIS..HACKED DEVICES!!! yes that includes your refrigerator home camera system, hell even some home alarm systems are vulnurable. for being "nerds" and knowing how "technology" works you sure do forget obvious steps to hide your tracks.. and lets face it. USA hacker hacks kremlin pc, ssh tunnel traffic to it. hacks podesta "THE RUSSIANS DID IT!!" fucking morons

Re:

[bmo]

I keep talking about this fact and all I seem to get is "so you know more than the CIA and FBI?"

And it hurts my head so much and I need to find a place to do a primal scream.

They're going to talk us into war and there is fuck-all anyone can do about it. Because people are so tech illiterate that they can be led by the nose right into the front lines.

Because"the big E is the Internet!"

FUCK.

--
BMO

Countermeasures

[LTIfox]

Some organizations started to inject fake phishing emails into their communication systems. All employees who clicked get their heads bashed with a rock.

My company does that. I think it works

[raymorris]

I work for an information security company. All of us should really know better, and yet we do occasionally click the phish bait sent out by corporate security. After being caught once, we start being more careful - at least for six months to a year. I think it's a good idea. Corpsec doesn't need to really scold us or anything, just informing us "you clicked on a fake email" is enough to raise our awareness.

Bullshit

[Anonymous Coward]

One laptop not on the network had malware.

Fuck the washington post.

http://boingboing.net/2016/12/31/no-russia-didnt-hack-vermon.html

Re:Bullshit

[Velox_SwiftFox]

Exactly, bullshit. It sounds to me like an employee used his laptop to visit an infected website, or answered a general phishing mail.

Hardly an attack aimed at the grid, and volume cranked up to 11 by WP as a part of the general current panic to glorify Obama and what his administration has done, and undermine the incoming administration.

Or the WP feels it is simply unimportant to get proper attribution and any of the details right.

Re:

[Vegan Cyclist]

Err...you link to BoingBoing, who in turn links to Glenn Greenwald who himself is infamous for spinning wildly inaccurate stories. Greenwald asserts:

What’s the problem here? It did not happen.

There was no “penetration of the U.S. electricity grid.” The truth was undramatic and banal. Burlington Electric, after receiving a Homeland Security notice sent to all U.S. utility companies about the malware code found in the DNC system, searched all their computers and found the code in a single laptop that was not connected to the electric grid.

Sadly, the premise of his claim may be true (there is a chance the code wasn't a deliberate attempt by Russia), but rather than simply state that, he makes his own unsubstantiated claim that "it did not happen". He does not know for certain that it wasn't a deliberate attempt from Russia.

There's a lot of words in the Greenwald piece, but it all hinges on this p

Re:

[Xenographic]

There's a ton of Russian malware/botnets out there. Same for Chinese, etc. The burden is on the person making the assertion this is the work of the Russian government, because the media is hard at work with flimsy, inaccurate stories like this which they end up retracting in part after the big headlines hit (see also: changes to the ODNI report...).

Obama is up there sabotaging diplomacy efforts with Israel & Russia that will compromise our ability to take out Isis. Islamic radicals, incidentally, we

Re:

[pipingguy]

BoingBoing making sense and not following the prog party line? WTF is going on - FakeNews again?

1 laptop, not connected to the grid

[david.emery]

Journalists wonder why people don't trust them, and this story is a good example. Turns out the crap was found on one laptop in the company's possession, which was not connected to their power grid.

(And when will companies/CIOs stop buying computers that contain so many exploitable vulnerabilities? I guess the answer is "Not until there's financial and legal consequence for their failure.")

Re:1 laptop, not connected to the grid

[mattwarden]

I'm very happy to come to the comments section and find mostly mocking and people who looked beyond the headline. Would have been nice if the editors did that.

Here is the full takedown on The Intercept of this BS-vending from WaPo: https://theintercept.com/2016/... [theintercept.com]

Re:

[SpankiMonki]

No mod points today so I'll just say thanks for that link. Good read.

Re:1 laptop, not connected to the grid

[david.emery]

There have been substantial penetrations of the US Power Grid, but this was -not- one of them. I remember hearing about vulnerabilities in the electrical grid and other SCADA critical infrastructure in the '90s. The one guy who talked about that worked for the EPRI, and ended up getting fired because he continually pointed out how the utilities were -ignoring- the problem.

(Agree, mod parent up, good link!)

Re:

[Vegan Cyclist]

You need to look beyond *this* headline as well, it's Glenn Greenwald for crying out loud. Please see my post in the thread above.

Re:1 laptop, not connected to the grid

[Imrik]

I don't think they're an arm of the government, they're just creating stories that will sell/get clicks. Clever government officials have figured out how to release information that will cause the story they want out to be the one written.

has to be asked

[jmccue]

Why is infrastructure on the public Internet ? It is not like the internet existed when most of the US electric grid was 'designed' and built. It worked quite well for 70 or so years without the internet. And I will say I have experienced more blackouts over the past 10 years than I did in total before 1990.

Re:has to be asked

[Streetlight]

According to an earlier post the laptop that was allegedly infected was not connected to the electric company's grid control system. That conclusion answered my first question. Any vital utility system should absolutely never have it's control system of computers connected to the Internet. If somehow that's the case, those responsible need a very long prison sentence. There also needs to be other security measures to prevent folks having direct access to these control systems from sabotaging them.

Re:has to be asked

[HornWumpus]

Worked in the industry for a decade. Wrote simulation shells that did short term forecasts based on on system conditions, did data reductions etc (e.g. This unit IS going down for unscheduled maintenance, how much will it cost to shut it down RTF now vs after afternoon peak?) Went on to 'tech lead' for significant energy trading/risk management platform. Ran on many traders and grid operators desks...don't ask, won't tell. Did once see a bug because grand total on printable VAR only had room for 10 digits plus sign. Assigned to Brahmin coder, week later I fixed it myself, I digress.

What you say isn't really possible. What they typically do have is a secure network, which runs operations, staffed with lots of ex-military actual Engineering school grads. That network is being monitored by redundant data integrators which present integrated (by some time interval, usually hours/half hours or minutes, back when I was up to my nose in it) system data to a second less secure (but still as secure as any corporate) network where routine operations run. That server is usually locked down tight, read only from the less secure network; but that is only software. They also like to run diverse OSs, lots of 'big iron' and Unixes and home brewed binary data formats. These things were mostly architected before Windows was common, particularly on the secure side it's still loaded with 'legacy', likely to remain so until they have a complete staff turnover. Old Dilbert with neckbeard flipping a nickle at Wally and telling him to get a better computer, that's the dude.

Routine operations need access to internet based facilities. To schedule transmission line capacity, trade power, get closing prices from grid operators, weather forecasts and unit availability from neighbors (lots of VPNs). But that part of the operations could more or less crash and burn and it will only cost money (and extra CO2). Operations, more or less, ignores trading at the minute by minute level. Trading gives them trade schedules and operations will try their best. But if 'shit happens' they keep the lights on and let the accountants worry about reconciling to 'what should have happened'. Which is sometimes a bitch of a computational problem, fortunately most everybody involved are engineers and close enough is close enough. Pennies aren't statistically significant; try and explain that to an accountant. Don't recommend it, just say 'not a material difference' and get on with your life, I'm digressing again.

Re:

[dj245]

Not an expert here. Far from it, but it sounds like the electric generation and the grid control systems have the possibility for multiple sites of failure as well as multiple sites for intrusion by bad guys. This sounds like a recipe for disaster. Hopefully critical sites such as the defense department, local police departments, hospitals, etc., have standalone electric generators independent of the grid and web. Then again, a large enough cohort of spies and terrorists could disable those. Maybe we need a system of signal fires, flags, carrier pigeons to keep the grid up in an emergency. If the fuel supply or cooling water to power plants is shut down, why worry about the Internet controls.

At the end of the day, every major electrical generation site has means for some sort of manual control. There are enough "blackstart" (electrical plants that can start up without any external power) units in place to restart the grid in the event of failure. Syncing a generating unit to the grid "by hand" is not that hard (I have done it). You watch your Synchroscope [wikipedia.org] carefully and flip the switch at the right moment. Then you open the steam valves to your turbine and start "pushing" on the grid, if the

Re:has to be asked

[Freischutz]

Why is infrastructure on the public Internet ? It is not like the internet existed when most of the US electric grid was 'designed' and built. It worked quite well for 70 or so years without the internet. And I will say I have experienced more blackouts over the past 10 years than I did in total before 1990.

Infrastructure does not have to be on the internet to be hacked. The Iranians air-gapped the computers controlling their nuclear centrifuges and Stuxnet still managed to infect and damage them. The interesting thing is that Russian hackers have actually taken down an electricity grid, that of the Ukraine. The Ukrainians brought it back online relatively quickly by manual operation even though their computer control systems remained a mess. The irony of that incident was that the relatively primitive nature of the Ukrainian grid actually worked for the Ukrainians. It is doubtful that the higher tech grids in the west could be brought up that quickly after a major attack. Just because this incident turned out to be an attack of hysteria, I think we can learn from the Ukrainian experience that it pays to be vigilant and just because the US now has a Russophile president who is a paid up member of the Putin fan club does not mean that the Russians will stop probing for weaknesses in US infrastructure systems.

Re:

[AHuxley]

Re "Why is infrastructure on the public Internet ?"
Generational share holders like their profit over maintenance. Owners like to show they can make profits. Reducing expert staff shows managerial skills.
Removing staff who are in a union is great too.
The US was happy to see costs in local staff go to profits and not keep staff working on secure separate networks.
No expert local teams watching over their state or city or towns grid.
A few lower cost engineers trusted by the state/feds could watch it all

Now I'm mad.

[hey!]

Somebody should have warned us that something like this was possible.

I mean, clearly if it had been known this was even a possibility, management would have taken effective action to prevent it.

Because people are rational beings who make logical decisions. I learned that in Economics class and if that's not true then the very principles our society is founded upon would be nothing more than wishful thinking.

Coul it be

[Max_W]

I receive almost daily scam emails asking me to click on a link. Sometimes it is as if from FedEx, sometimes as if from a bank, etc. Could it be stopped too?

Hey look! It's another MSM Russian Hacking Story!

[Nova Express]

Security experts have been warning of possible foreign hacking for decades. But why this sudden spate of "Russia hacked X" stories now? Why not back when our Secretary of State was running an illegal, private, unsecured email server through which she transmitted classified information [politifact.com]?

Simple: The Washington Post wanted Hillary to win the Presidential election, and reminding people how her action made it easier for Russian hackers to gain access to classified information wouldn't have helped her. But publishing it now helps support the false narrative [theintercept.com] that the Russians were behind the DNC leaks, not disgruntled Democratic Party staffers [washingtontimes.com], and thus supposedly harms President-elect Donald Trump, whom the Washington Post and it's employees almost universally loath. That's the entire reason the story is being written and published now.

Further reading here [battleswarmblog.com] and here [battleswarmblog.com].

What do you think the under/over is for MSM "Russian Hacking" stories between now and January 20?

NSA has failed us again

[Nyder]

NSA has failed us again. Instead protecting America, they are wasting their and our time by mass collecting data on citizens. Instead of making sure exploits are fixed to keep our systems secure, they hold onto them so they can use them against us and other countries.

If am I to believe this Russian hacking our systems like the Government is pushing, then the blame goes straight on the NSA and those who backed them.

Amateur-level security will do that...

[gweihir]

Apparently, the operators of the US power grid are using cheaper-than-possible security, i.e. they were basically asking for it. Stupid.

Putin wants to rebuild the Soviet Union

[Rick Schumann]

Trump thinks Putin is his buddy. Either that or his entire family are a bunch of Russian sleeper agents. In any event Trump thinks he's smart, but he's not -- Putin would love nothing more than to either have the U.S. in his back pocket, or destroy it -- either way he gets his wish, the resurrection of the Soviet Union and everything that implies. Putin, at best, is going to use Trump and his gullibility/greed/lust for power/whatever it is that goes through the head under that bad wig of his, and America is

Re:

[PPH]

In any event Trump thinks he's smart, but he's not

Or perhaps he is. A great real estate developer and dealmaker who has managed to make bundles of money while leaving other investors with the losses from his failed ventures. If you are trying to close the deal on a shithole condo with leaky plumbing in a bad neighborhood, you don't insult prospective buyers. You butter them up by telling them how great they are.

The jury is still out on Trump. But I wouldn't write him off yet.

Pigpen? Dai Jones? Morse?

[Hognoxious]

A code? I suppose we should be grateful there weren't several.

In Soviet Russia...

[LynnwoodRooster]

Electricity grid penentrates you!

There's a shocker

[DaMattster]

No pun intended but this comes as no surprise because the software being developed was outsourced to India or H1B Indians whom just aren't good software engineers. This fiasco could have been avoided if these energy companies had employed the highly skilled and qualified people in the United States. I personally have been tasked with cleaning up garbage code full of memory leaks that was churned out by WiPro.

How can Slashdot just repost a thread...

[Bartles]

...with an altered headline and act like they never fucked up in the first place? Fake news reporting fake news.

The Story was Corrected, NOT Retracted!

[chicksdaddy]

Did anyone bother to notice that this entire thread is based on an inaccurate assertion? The story was NOT retracted. It was CORRECTED - meaning that a piece of inaccurate information in the original story (about the laptop being connected to the ICS/SCADA system) was rewritten to clarify that the computer was not connected to that part of Burlington Electric's network. A retraction would mean WAPO removed the story from its website and disavowed its contents. No such thing happened. In fact, you can still read the story using the link provided in the Slashdot post - a sure sign that it HASN'T BEEN RETRACTED!!! Slashdot should probably RETRACT the incorrect story about the Washington Post's (non-existent) retraction.

Re:Too many lies already

[HornWumpus]

Internal propaganda for the Democrats. Trying to prevent cynicism from setting in, but only working for the very dumbest most indoctrinated of them.

Seriously this was one laptop with some malware, found by a routine virus scan. It's the Washington Post, no credibility left except with the poor snowflakes that need to be constantly fed a reassuring yet terrifying narrative.

The worst thing about these kinds of efforts, it leaves the Democrats with their army of chanting morons, but those with two working brain cells still fall away. It will serve as its own punishment.

Re:

[PPH]

That didn't work for Iran's centrifuges.

No Grid Penetration

[Mr D from 63]

The headline is complete bullshit. Can the author not even read? The grid was not penetrated, hacked, or comprimised. No report says it was. This is totally a fabrication from the reporters.

"We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems."

Re:

[colin_faber]

CNN ceased being a credible news organization after the wikileaks revolutions

Re: No Grid Penetration

[Entrope]

Your CNN link consistently describes the infection as affecting only a single laptop that was not connected to the systems that control the electric grid. Did CNN change the story since you linked to it?

Amazon's CEO owns the Washington Post.

[Futurepower(R)]

Amazon's Jeff Bezos Explains Why He Bought The Washington Post [nytimes.com].

In my opinion, a good indication of Jeff Bezos's management ability is any Amazon web page. Amazon web pages distract you from buying something by trying to sell other things.