Don't Read Too Much Into the Vermont Hack Debacle
Don't Read Too Much Into the Vermont Hack Debacle
Kaveh Waddel
The Atlantic
On Friday evening, The Washington Post reported that hackers affiliated with the Russian government had penetrated the United States electric grid by attacking a utility company in Vermont. The story was originally illustrated with an image of the headquarters of a Russian spy agency, which it alleged was behind the intrusion. Then, on Monday, the Post published a new story walking back its allegation of Russian interference. Now, it says, the internet traffic that raised the red flag may in fact have been harmless.
This weekends misinformation about the Vermont case was the result of leaks from government officials to the Post based on an initial report from the company, Burlington Electric Department. After the FBI and the Department of Homeland Security published a document with details about Russian cyber-operations and instructions about how to report suspicious online activity to appropriate federal agencies, Burlington Electric performed a scan of its networks. It found suspicious internet traffic related to a single computer on the network, which was not connected to the electric grid system, the company said in a statement, and shared that information with the authorities. The company also said that government officials told them of similar traffic elsewhere in the country, indicating that Burlington Electric wasnt the specific target of a cyberattack.
Somewhere in the multi-step game of telephone between Burlington Electric, the federal government, and reporters at the Post, the relatively mundane details about the malicious activity on the companys network ballooned into a Russian assault on the U.S. electrical grid.
The real story here is the decline at WaPo. They had to retract this story, the
story that quoted PropOrNot, and of course the embarrassing Capehart episode where the pundit refused to retract a false story about
a photo of Bernie Sanders.