Russian 'grid attack' turns out to be a damp squib
One laptop does not a blackout make
Updated Russian hackers have not penetrated America's electricity grid, in spite of an end-of-year media flurry saying they did.
The story was triggered because an anonymous source told the Washington Post miscreants had infiltrated the grid, when in fact – as the story was later amended to read – one Burlington Electric Department laptop was infected with Russian-attributed malware.
Burlington Electric flat-out denied that its control systems were compromised. Rather, the company says in a home page statement, a single laptop was infected with malware “used in Grizzly Steppe”, and that machine was not connected to its grid systems.
The infection was discovered in a scan after the Department of Homeland Security (DHS) distributed the signatures it associates with Grizzly Steppe, the operation that caused the late-December sensation in the outgoing Obama administration and led to 35 Russian spies getting their marching orders from the USA.
Burlington Electric Department says someone in the company gave the Washington Post the incorrect information which led to the sensational but withdrawn claim that Russians hacked the Vermont grid.
+Comment: Schadenfreude is all too easy at times like this, but the Washington Post's dilemma is faced by any journalist offered an infosec scoop.
Last week, when the Obama administration expelled the Russian spies over interfering with the 2016 election process, it provided much more supporting documentation than is usually the case.
Even so, there were plenty of infosec people and national security experts critical that more information should have been provided. Take this, for example, from respected King's College London professor of war studies Thomas Rid:
The USIC erred on the side of caution today and did *not* release the best evidence they have—spelling out this limitation would have helped— Thomas Rid (@RidT) December 29, 2016
Mostly, accusations of hacks are accompanied by little or no supporting evidence of any kind. Even technical journalists are expected to work in an information vacuum, and all journalists, technical or generalist, are surrounded by a fog of vendor/consultant/analyst exaggeration.
However, the speed with which Burlington Electric posted its rebuttal suggests it already knew the extent of the attack – so the Washington Post had the chance to verify.
There is one more point to make. While the USA has a well-integrated electricity grid – the final steps to complete its interconnection were taken in 2010 – Burlington Electric isn't even remotely “the US grid”. It's a local generation and distribution utility with fewer than 20,000 customers. A hacker – even a Russian hacker – would have a long way to travel from Vermont to the interconnects that constitute the national grid. ®
Updated to add
Even the idea that it was the work of Grizzly Steppe has been ditched in the latest from the Washington Post. The laptop had Nuetrino malware, and the rest of the scare in Burlington Electric seems to have occurred because one of the DHS's list of "suspect" IP addresses matched a connection from an employee checking Yahoo! mail, raising an alert.
As Kurt Vonnegut might have put it: no damn cat, no damn cradle.