SoylentNews is people
SoylentNews
Glenn Greenwald reports via The Intercept
The Washington Post on Friday [December 30] reported a genuinely alarming event: Russian hackers have penetrated the U.S. power system through an electrical grid in Vermont. The Post headline conveyed the seriousness of the threat:
[Russian hackers penetrated U.S. electricity grid through a utility in Vermont, officials say]The first sentence of the article directly linked this cyberattack to alleged Russian hacking of the email accounts of the DNC and John Podesta--what is now routinely referred to as "Russian hacking of our election"--by referencing the code name revealed on Wednesday by the Obama administration when it announced sanctions on Russian officials: "A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials."
The Post article contained grave statements from Vermont officials of the type politicians love to issue after a terrorist attack to show they are tough and in control.
[...] The article went on and on in that vein, with all the standard tactics used by the U.S. media for such stories: quoting anonymous national security officials, reviewing past acts of Russian treachery, and drawing the scariest possible conclusions ("'The question remains: Are they in other systems and what was the intent?' a U.S. official said").
The media reactions, as Alex Pfeiffer documents, were exactly what one would expect: hysterical, alarmist proclamations of Putin's menacing evil.
[...] The Post's story also predictably and very rapidly infected other large media outlets. Reuters thus told its readers around the world: "A malware code associated with Russian hackers has reportedly been detected within the system of a Vermont electric utility."
What's the problem here? It did not happen.
There was no "penetration of the U.S. electricity grid". The truth was undramatic and banal. Burlington Electric, after receiving a Homeland Security notice sent to all U.S. utility companies about the malware code found in the DNC system, searched all its computers and found the code in a single laptop that was not connected to the electric grid.
Apparently, the Post did not even bother to contact the company before running its wildly sensationalistic claims, so Burlington Electric had to issue its own statement to the Burlington Free Press, which debunked the Post's central claim (emphasis in original): "We detected the malware in a single Burlington Electric Department laptop not connected to our organization's grid systems."
(Score: 0) by Anonymous Coward on Monday January 02 2017, @10:47PM
That's what they said. So how did it get on the laptop, and was that laptop ever connected to an Intranet? It's still a high security risk. Then again... I was told by a govt worker that all he does at his cush govt job is "watch porn all day on the govt work computers".
(Score: 1, Informative) by Anonymous Coward on Monday January 02 2017, @11:11PM
You are 100% correct, this is still a dire threat. The US allegedly destroyed Iranian centrifuges by using side-channel communications between machines that were NOT networked together.
So tired of wannabe pundits on these sites coming in so self righteous to "explain it to the stupid masses" and just talking out their ass while downplaying legitimate concerns and issues.
(Score: 4, Interesting) by AthanasiusKircher on Monday January 02 2017, @11:29PM
You are 100% correct, this is still a dire threat.
How do you know? I'm being serious here -- if you have any sources, please cite them, because I'm very curious about this story. Aside from the WaPo story and the press release from the power company, there seem to be precious few more facts available anywhere.
So tired of wannabe pundits on these sites coming in so self righteous to "explain it to the stupid masses" and just talking out their ass while downplaying legitimate concerns and issues.
I hope my post above doesn't come across that way, because I am actually legitimately wondering what could cause senior Vermont officials to go on the record saying this situation was so dire. I haven't ruled out that there might be something going on here that isn't being reported publicly that makes this situation more clearly a deliberate "Russian hack" or a reason for serious concern.
I am, however, starting to doubt that that is the case, since we haven't had any further statements from government officials (to my knowledge) since the incident and the WaPo story. Instead, basically the WaPo is getting a lot of critical coverage for exaggerating the story. If there actually IS something serious here, why aren't any government officials or agencies stepping up and saying, "Hey -- the WaPo was wrong on the details, but there IS a legit concern here!"
(Score: 3, Insightful) by Ezber Bozmak on Tuesday January 03 2017, @12:18AM
FWIW here's my take:
(1) Malware targeting infrastructre is a threat in general. So much infrastructure is internet connected that even generic malware/ransomware type stuff is a serious problem that we should be putting a lot more work into mitigating. If it takes a couple of scare-mongering stories to get more resourced brought to bear on the problem, then that's really quite a small price to pay.
(2) If there were air-gap jumping malware involved that fact would be more than sufficient to indicate a state-sponsored attack because that's not the kind of low-hanging fruit regular criminals go after. I have yet to see anyone who would know for sure say anything about air-gap jumping malware here.
(3) I suspect it was just generic malware that a tech discovered during a sweep that was ordered in response to the DNC hacking fallout. When it was reported up the management chain the severity got magnified at each step because of holiday boredom and news hype of DNC hacking, etc. The less technically inclined the person in the chain, the more the threat was magnified. Nothing malicious or really even craven, just people being people doing a version of the "telephone game."
After it was reported in the press the original technical people at the bottom of the chain raised a fuss about the inaccuracies and the utility issued a more sober press release.
(Score: 0) by Anonymous Coward on Tuesday January 03 2017, @12:21AM
It's a serious security breach. Saying it was never connected to the grid is a bullshit copout to smooth things over. Whoever used that laptop should be fired.
(Score: 1) by toddestan on Tuesday January 03 2017, @02:42AM
Are you sure that the senior officials actually said any of that, or are their quotes simply fabricated like much of the rest of the story?
(Score: 0) by Anonymous Coward on Tuesday January 03 2017, @03:22AM
Do you see any of them threatening to sue for libel?
They said it on the record dude.
If you are so disconnected from reality that you can't even accept something as basic as that then you need to do some serious self-reflection.
(Score: 2) by VLM on Tuesday January 03 2017, @02:51PM
The US allegedly destroyed Iranian centrifuges by using
The problem with this is its almost perfectly analogous to the WWII dam busting raid the USA did where we tried to blow up a dam using some insane rotating skipping bombs that would bounce into the dam before exploding because we didn't have no laser guided GPS guided bombs and cruise missiles back then. And the analogy continues to endless scaremongering about the dam busting raid and "terrorists and Russians are gonna destroy all our dams someday and then I'll say I told you so" and "The only security threat the nation faces is dam busting raids" and stuff like that.
Yeah yeah we did something like a cross between rube goldberg machine and 007 hollywood computer science... one time. You get to do that exactly once per generation or so. Thats it. Not everything with a computer chip in it, not every single attack by "the bad guys of the week", once. One and out, then its done. Yeah it was cool, sure, key word being "was".
(Score: 0) by Anonymous Coward on Monday January 02 2017, @11:22PM
Now that Burlington Coat Factory is in the spotlight, perhaps we will get to learn about the porn habits of the drone who single handedly operated that laptop.