"An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party.
Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians.
Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.
…
Initially, company officials publicly said they had detected code that had been linked by the Department of Homeland Security to Grizzly Steppe.
Over the weekend, the company issued a statement, saying only that it had “detected suspicious Internet traffic” on the computer in question."
Part of the maddening aspect of our “digital” insecurity is the fact that some have been screaming alarms for decades. Yet to this day, we continue to actSHOCKED!.. **SHOCKED!, ** I say, every time a new incident is reported. Then, the media moves on in a few days to the next bright and shiny object and we forget. Assuming all the while that this really technical and really hard problem will be addressed by the knowledgeable powers that be. Except that it never is. Over and over…and over again.
Could it be that there are too many corporate billions in profit at stake here (not just) in the “maintain the status quo” platitude of conveniences for business, (but also) the money to be made by perpetuating the latent notion of impending doom by security interests, to actually prompt Congress into taking meaningful action?
Remember the best advice ever for figuring out a bureaucracy, “never attribute to malice that which can be fully explained by incompetence”.
I doubt anyone is bribing congress to do nothing. The problem is that congress can’t figure out what to do and so they aren’t doing anything. Which is a good thing. Often they will act and make things worse. At least here they aren’t making it worse. So lets count our blessings.
thanks for continuing to track this story. It looks like much ado about nothing. The WP let this one through, but at least they followed up. We have that going for us I guess.
I would assume that the plant had multiple networks. I’d expect the actual networking for the plant operations to be physically and logically separate from the business side.
Do you know if the router for the operations side?
So - the big brouhaha repeated all over, not just WaPo, was “Russians Hacked US Electrical Grid” - right?
How many people saw that and how many people saw the quiet retraction four (five?) days after? How much do you want to bet a year from now we will hear the “Russians hacked US electrical grid” as a “fact”?
The article you cite says that it was Burlington Electric and federal sources that jumped to the conclusion that the malware was connected to Russia. The Post did initially report that the grid has been penetrated but corrected the article (but not the headline :mad:) after the utility issued its statement.
"In the past six weeks, the Washington Post published two blockbuster stories about the Russian threat that went viral: one on how Russia is behind a massive explosion of “fake news,” the other on how it invaded the U.S. electric grid. Both articles were fundamentally false. Each now bears a humiliating editor’s note grudgingly acknowledging that the core claims of the story were fiction: The first note was posted a full two weeks later to the top of the original article; the other was buried the following day at the bottom.
The second story on the electric grid turned out to be far worse than I realized when I wrote about it on Saturday, when it became clear that there was no “penetration of the U.S. electricity grid” as the Post had claimed. In addition to the editor’s note, the Russia-hacked-our-electric-grid story now has a full-scale retraction in the form of a separate article admitting that “the incident is not linked to any Russian government effort to target or hack the utility” and there may not even have been malware at all on this laptop."
…
Baron himself, editorial leader of the Post, is a perfect case study in this irresponsible tactic. It was Baron who went to Twitter on the evening of November 24 to announce the Post’s exposé of the enormous reach of Russia’s fake news operation, based on what he heralded as the findings of “independent researchers.” Baron’s tweet went all over the place; to date, it has been re-tweeted more than 3,000 times, including by many journalists with their own large followings.
…
What did Baron tell his followers about this editor’s note that gutted the key claims of the story he hyped? Nothing. Not a word. To date, he has been publicly silent about these revisions. Having spread the original claims to tens of thousands of people, if not more, he took no steps to ensure that any of them heard about the major walk back on the article’s most significant, inflammatory claims.
… That the story ends up being completely discredited matters little. The damage is done, and the benefits received. Fake News in the narrow sense of that term is certainly something worth worrying about. But whatever one wants to call this type of behavior from the Post, it is a much greater menace given how far the reach is of the institutions that engage in it."
Wellll… I don’t share your dismal perception of the entirety of the US bureaucracy over time. We have achieved some exceptional things on occasion. The recent and the new Congresses, the Presidency, and perhaps the SCOTUS being the exceptions, I hope our time is not over. Simply because the (any) Government is involved, does not automatically equate to disaster.
If not our Government, then who, do you suppose should represent us? Pillars of our community such as Wal-Mart, Merrill Lynch, Monsanto…The Montana Militiamen?
No, like you, I don’t perceive any outright bribery in Congress related to the topic at hand, but “campaign contributions” may go a long way in perpetuating their inactivity.
And on and on and on…
I have no particular axe to grind with the Washington Post as you seem to, but perhaps I should develop one.
The point is: From the get-go of this story, the info provided by the Post stated that suspect ISP logs were found on an employee’spersonal laptop… Not the Company network… We all (some of us) let our imaginations run away with this tidbit of info and arrived at a faulty conclusion. Perhaps the Post intentionally mislead us, perhaps not. However, who are we going to believe… Breitbart?
This all goes back to the (my) earlier reference of media manipulation of news for maximation of profit. It’s all a matter of degree.
And I agree with your point! I feel that Government is worthwhile and useful. Actually, the canard above is kind of hopeful. One is forced to believe the oppose about an individual that does irrational/stupid/negative things-people aren’t stupid, but can be corrupt. Bureaucracies are rarely corrupt, but certainly can be stupid. Government tries to have the best of both worlds and sometimes they succeed. Now isn’t one of those times (at least in the US)…
I wonder why we assume this is the WP’s fault. Perhaps their sources didn’t tell them it was a personal laptop, perhaps the source didn’t know. It certainly was a mistake, jumping to the conclusion that it was the deliberate fault of the WP seems like a jump. The key point here is that the WP corrected the story. All of us have learned, or should have by now, that the initial reporting of any event is ALWAYS wrong in some significant points. That has been proven thousands of times. No one should draw any conclusions about an event based on information reported during or immediately after the event.
Frankly, the world would be better off if everyone got their news from weekly or monthly publications and left the 24-hour news cycle in the dirt where it belongs. My life would be just fine if I learned about most events a week after they happened. I can’t do anything about most of these events anyway, it would be time well spent.
I disagree. That is NOT how fake news is made. Fake news is fabricated from the beginning, not as the result of a mistake. That is the definition of fake news.
What you are seeing here is a different problem. A serious problem certainly and one that has been around since news was invented. Errors are not effectively corrected. It happens at the Post, the WSJ, the Guardian, every news source. Some organizations have an organized method of fixing such things, some don’t. None work as well as they should. But it is NOT fake news. No one at the Post (I contend) deliberately made up a false, not just misleading but false, news story about this break-in. And when more facts became available, they fixed their story. That is what separates this story from fake news.
The story was huge and repeated everywhere. The retraction was small, and did not get nearly the attention that the original story got. From the article below:
“(That the Post ultimately corrects its false story does not distinguish it from classic Fake News sites, which also sometimes do the same.)”
"And while it’s true that all media outlets make mistakes, and that even the most careful journalism sometimes errs, those facts do not remotely mitigate the Post’s behavior here. In these cases, they did not make good faith mistakes after engaging in careful journalism. With both stories, they were reckless (at best) from the start, and the glaring deficiencies in the reporting were immediately self-evident (which is why both stories were widely attacked upon publication).
As this excellent timeline by Kalev Leetaru documents, the Post did not even bother to contact the utility companies in question — the most elementary step of journalistic responsibility — until after the story was published. Intelligence officials insisting on anonymity — so as to ensure no accountability — whispered to them that this happened, and despite how significant the consequences would be, they rushed to print it with no verification at all. This is not a case of good journalism producing inaccurate reporting; it is the case of a media outlet publishing a story that it knew would produce massive benefits and consequences without the slightest due diligence or care."
A different problem than ‘fake news’ but not necessarily a less serious one IMO. Outlets like the WP are still assumed and purported to be strictly credible by many well informed people, in contrast to made up stories from hole in wall internet outlets or foreign news services.
And while it’s not a question of wholly making up stories on purpose, it is IMO a serious question of whether a group think mentality right now in the ‘prestige press’ says whatever embarrasses Trump, such as playing up the ‘Russian threat’, must be good (something posters here frequently say should happen, that lying is OK if the target is the out of bounds Trump). Perhaps to the point their nominal methods of preventing and controlling mistakes goes by the wayside in practice.
That’s certainly happened with the major press in the distant past were we can less political about it (Spanish American War, Red Scares of the past etc).
A lot of serious people, not just posters here, were talking about the Vermont thing as if actual Russian govt hacking of the US grid, as opposed to malware on a personal laptop that might have been written in Russia but planted by who knows who, if anyone on that particular lap top (as opposed to randomly as the laptop user stumbled around the web, like lots of us pick up malware and viruses). I’m not saying WP reporters made it up, or exaggerated it wholly on purpose, neither of which I know for a fact. But the correlation to their reasonably presumed worldview (anti-Trump, which again many posters here would insist is the attitude all reasonable people should have) makes it unclear IMO that it should be viewed as a completely random mistake.
In theory everyone who reads a wrong story in a reputable outlet fully reverses the effect on their thinking of that story when they see the retraction/correction. Just as in theory wholly false stories from non-credible outlets are eventually discounted from reasonable people’s thinking. There’s a good deal of truth to both hopes IMO, but neither is 100% true.
A friend of mine who works for another utility in IT Operations spent 80 hours at work last week in a scramble. “Can’t say what.”
My friends from my old job reached out to let me know “you were right and this sucks, can’t say what.” (If I was right, its ISIS and not Russia, by the way - I might be more right in a general sense than a specific one though).
I find just the opposite. The fact that the WP published an updated and correct news story that told the truth is complete mitigation of the original error. As far as I know, my opinion on this matter is just as valid as the people in your references.
I see no justification in saying that the WP did not make good faith mistakes. What evidence exists for that statement? The WP published information that was wrong or at least incomplete. When that became apparent, they published the truth. Publishing the truth is the definition of good journalism.