- Washington Post writers Juliet Eilperin and Adam Entous publish a news story titled “Russian hackers penetrated U.S. electricity grid through a utility in Vermont“.
- This story is shared widely on social media, in part from social media promotion by Washington Post staff, and is quickly re-printed and re-published nationwide relying on the fear created by the headline.
- The headline is false and ultimately the entire story is shown to be false.
- The Washington Post silently rewrote the headline and added an “Editor’s note” at the bottom (later moved to the top). The Editor’s note itself left out critical information.
- The electric utility involved, Burlington Electric, issued a statement condemning the false and untrue statements made: “Media reports stating that Burlington Electric was hacked or that the electric grid was breached are false.”
- What actually occurred was a lap top connected to an IP address which is thought to be connected with malware but which is also used for other applications. The electric grid was not hacked. There was no evidence that this involved anyone from Russia. A statement from Burlington Electric states there was no malware on the laptop computer.
- Update: The Washington Post has effectively retracted the original story: “Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation“
- Update: Cnet tech news all but says the story was false or fake.
- Update: Snopes says the story is mostly false.
- Research shows most people only read the headline and viral stories on social media live on forever, even when wrong.
- Update: Part of the reason this story was readily accepted by the masses is likely the mistaken view that all communications is connected to the Internet. Utility grid systems do have security vulnerabilities (notably SCADA and PLCs) but utilities run their own private networks, independent of the Internet. That means separate fiber cables and private microwave links. This is also known as an “air gap” – there is not a physical connection between the grid networks and the public Internet.That does not mean they are immune from malware attacks. Notably the U.S. itself attacked systems in Iran by delivering the malware on a USB thumbdrive, which someone plugged into a computer on the secure side of the “air gap”.
This story works as social media propaganda, in part, because of the “What you see is all there is” problem – the reader fills in the missing gaps to make the narrative fit the reader’s world model. Since computer security is opaque to the typical person, many may believe that the utility grid can be readily hacked over the Internet.
- Update: The Washington Post intentionally spread this story on social media, gaining rapid shares to “go viral” and then tried to cover their tracks. Spreading stories on social media with emotionally intense headlines to encourage sharing was pioneered by fake news publishers.
- Update: The Washington Post failed again, days later, says Time magazine. The WaPo also failed two weeks earlier with their story naming fake news web sites based on a list provided by a shady and anonymous source; WaPo largely retracted the claims after being accused of defaming legitimate news sources. There seems to be a trend underway…
- Update: The US government intelligence agency report on alleged Russian hacking notes itself that it was based on news reports and social media posts for “key judgements”:
Here is my original post – which is no longer up to date as the whole thing was largely a hoax – I tried to clean this up but it is not worth my time to fix it.
The Washington Post’s note:
Editor’s Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.
A single notebook computer in an organization was found to have malware. The code involved is old malware, commonly and readily available. Malware on computers is extremely common.
Few people will see the correction that negates the thrust of the story. WaPo’s weak correction does not even note “The computer” was a single notebook computer infected with common malware. This is not national news.
UPDATE: Official statement from the Burlington Electric Department refutes the Washington Post’s fake news report:
“Federal officials have indicated that the specific type of Internet traffic, related to recent malicious cyber activity that was reported by us yesterday, also has been observed elsewhere in the country and is not unique to Burlington Electric. It’s unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country.
At Burlington Electric, where we take great pride in conveying timely and accurate information, we want our community to know that there is no indication that either our electric grid or customer information has been compromised. Media reports stating that Burlington Electric was hacked or that the electric grid was breached are false.”
Social media played a role in the spread of the WaPo’s inflammatory and false headline as this article was widely shared. The emotion laden and inflammatory headline creates fear – and fear is one of the most powerful tools used by propagandists.
Manufactured news is just one of the forms that propaganda takes. The Washington Post appears to have manufactured this news – and the uncorrected version is now quoted by United States Senators and others making statements about Russia hacking into the U.S. electric grid. This is a grand example of how propaganda messaging can have major influence, re-starting a cold war, if not leading to a hot war.
The WaPo’s fake reporting on this topic is no different than the yellow journalism practiced by news titans long ago and follows WaPo’s recent news report about fake news (a report that ended up being mostly retracted the next day – in other words, a fake news report). The Washington Post’s fake report led to an escalation of tensions between two superpower states and has, through social media sharing, turned an untrue assertion into a “fact” that will be hard to reverse. This is extremely dangerous behavior on the part of the Washington Post. (Certainly, the WaPo would dispute the label of yellow journalism, but their recent news coverage has suffered from similar bad reporting, furthering an anti-Russia hysteria based on unverified information and some illogical and un-skeptical jumps.)
My virtual servers receive hack attempts on a regular basis from sources in Russia, China, the U.S., Bulgaria and other countries. When hacking is widespread, hacks from most any country are common. I have about six layers of security measures in place and will soon add another layer.
Note – “Appeal to authority” – I do know a little about computing systems and networks. I have a BS in computer science and an M.S. in software engineering and have worked at many tech organizations, including Microsoft, where I worked on the Windows team.