Can everyone puh-leeze calm down?
On December 30 2016, the Washington Post ran what sounded like a pretty serious story entitled “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say”.
In the current climate of claims that Russian-backed hackers may have meddled with the US election by leaking hacked documents and emails from Hillary Clinton’s campaign team, a story like that is likely to get a lot of interest.
Shame then that it wasn’t true.
As Burlington Electric revealed in a public statement, the truth was that they detected suspicious activity on a single laptop computer which was not even connected to its grid systems.
Well, whoopee-do. Finding a malware alert on a laptop is hardly breaking news.
A malware-infected laptop does not equal a cyber attack on the electric grid.
— Graham Cluley (@gcluley) December 31, 2016
Smarting slightly in the light of reality and criticism from computer security experts, the Washington Post revised its story, giving it a new headline: “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say”.
A few days have passed, and the Washington Post has published a new article on the ongoing investigation into the malware found on a single unconnected laptop.
This latest article doesn’t help fuel the dramatic scenario the Washington Post had earlier presented that the power grid is being targeted by the Kremlin’s finest hackers.
The headline? “Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation.”
Quite a turnaround there.
Read a little further, and you can see that it’s truly ridiculous that the Washington Post’s original claims should ever have been taken so seriously (my emphasis):
An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.
Let’s not be naive. I have no doubt that Russia is hacking American companies and organisations. But similarly I have no doubt that America is doing the same against companies and organisations in foreign nations, as are the Chinese, the Brits and countless others.
That’s just what countries do these days to gather intelligence on each other, and potentially cause disruption. It’s business as usual.
And alongside such state-sponsored hacking there are also a huge number of attacks perpetrated by organised criminal gangs, with little interest in politics but plenty of interest in stealing data, filling their pockets with cash, and commandeering computers to help them with their crimes.
We don’t know who might have infected the single laptop at Burlington Electric. But what we do know is that they were quite possibly not targeted, and that it’s a big mistake to jump to quick conclusions, or to present such incidents as being much serious than they really are.