Readers of the Washington Post received some alarming news yesterday when the paper published a story alleging that those pesky “Russian hackers” were up to their no good tricks again and had managed to “penetrate the U.S. electricity grid through a utility in Vermont.” The full headline read as follows:
The opening paragraph of WaPo’s story directly linked the “hack” of the Vermont utility to the same “Russian hacking operation dubbed Grizzly Steppe” that the Obama administration has blamed for the DNC and John Podesta email hacks. Vermont’s Governor, Peter Shumlin, told WaPo that “Americans should be both alarmed and outraged” by these actions perpetrated by “one of the world’s leading thugs, Vladimir Putin,” before seemingly calling for further retaliatory actions from the Obama administration.
Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety. This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.
Moreover, Vermont Senator Patrick Leahy took the rhetoric to a whole new level by asserting a diabolical Russian plot to shut down the U.S. electrical grid in the middle of winter…a move that would most certainly kill off half the state’s population in an instant.
Of course, it didn’t take long for the New York Times and ABC to latch on to the story since it fits their “2016 election hacking” narrative so perfectly.
Our Russian “friend” Putin attacked the U.S. power grid. https://t.co/iAneRgbuhF
— Brent Staples (@BrentNYT) December 31, 2016
NEW: “One of the world’s leading thugs, [Putin] has been attempting to hack our electric grid,” says VT Gov. Shumlin http://abcn.ws/2ihEeZu
Alas, there was just one minor problem, namely that the entire article was completely fabricated. Apparently the esteemed “journalists” of the Washington Post didn’t even bother to contact the Burlington Electric Department to confirm their bogus story…and why should they…it fit the “Russian hacking” narrative so perfectly therefore it must be true, right?
Well, apparently not. The quick spread of WaPo’s “fake news” story forced the Burlington Electric Department to issue a clarifying statement assuring worried residents that, indeed, their electricity grid had not been hacked, but rather a single “laptop not connected” to the grid had been found to have a malware virus.
Which forced the embarrassed Washington Post to quickly tone down their provocative headline…
…and supplement their original article with the following “Editor’s Note” admitting the entire premise of their original story was nothing more than “fake news.”
Editor’s Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.
Which drew quick reactions from twitter…
1) Not an infiltration of the power grid.
2) “Russian” malware can be purchased online by anyone.
3) See 1 & 2. https://twitter.com/Acosta/status/815041961572843520 …
Pretty amazing how badly the Post appears to have mangled this one. You didn’t call the Vermont utility regulator before publishing?
…and Glenn Greenwald of The Intercept, who blasted WaPo for their “irresponsible and sensationalist tabloid behavior.”
THIS MATTERS not only because one of the nation’s major newspaper once again published a wildly misleading, fear-mongering story about Russia. It matters even more because it reflects the deeply irrational and ever-spiraling fever that is being cultivated in U.S. political discourse and culture about the threat posed by Moscow.
The Post has many excellent reporters and smart editors. They have produced many great stories this year. But this kind of blatantly irresponsible and sensationalist tabloid behavior – which tracks what they did when promoting that grotesque PropOrNot blacklist of U.S. news outlets accused of being Kremlin tools – is a by-product of the Anything Goes mentality that now shapes mainstream discussion of Russia, Putin and the Grave Threat to All Things Decent in America that they pose.
Ironically, a few weeks ago we noted that The Washington Post was all too happy to promote an anonymous website that described Zerohedge as “‘dark gray’ propaganda, systematically deceiving its civilian audiences for foreign political gain” (see “Washington Post Names Drudge, Zero Hedge, & Ron Paul As Anti-Clinton ‘Sophisticated Russian Propaganda Tools’“), all while presenting exactly zero evidence to support their preposterous claim. Perhaps it’s time for WaPo to dedicate a bit more of its time to self-reflection.
I read that the WaPo just hired 40 (!) new reporters. I assume that means they will be yapping at Trump’s heels constantly and therefore that we will continue to see stories in the WaPo that are “fake news”. The WaPo used to be a great newspaper. No more.
Taken alone, this would be something to laugh off. But added in to all the other stuff, I sincerely fear that there’s something more nefarious taking place. Who knows what–false flag blamed on Russia? Some last ditch effort to keep Trump out of the WH? Or is it merely a distraction/cover for the filth that’s been exposed and is going to be exposed in the “hacked” emails?
The MSM news sources would benefit by having commentary that allowed allowed posters to point out “fake news” when their reporting was obviously such and give the reason(s) why it is “fake”.
The same way most alternative news sites do.
In fact, they used to do that in many of their publications, but the practice seems to have been banned and censored almost universally among them for the last several years.
Wonder why? They had more credibility to their reporting when they allowed it since anyone could look at criticism of the stories and judge for themselves the validity of both the story and the criticism of it.
I suppose times have changed, and I doubt they are going to change back anytime soon.
Good point. I’ve come to view news sites that do not allow commentary, or rebuttal, as an unreliable news source.
Fake News: Relentless, Predatory FOX
By Karl Denninger
Well now, it appears there is actually a story in here regarding malware tied to Russia:
BURLINGTON, Vt. – Malware code linked to Russian hackers and found on a Vermont electric utility’s computer is further evidence of “predatory” steps taken by that country against the U.S., a Vermont Democratic congressman said Saturday.
….
“This attack shows how rampant Russian hacking is. It’s systemic, relentless, predatory,” Rep. Peter Welch said in a statement. “They will hack everywhere, even Vermont, in pursuit of opportunities to disrupt our country.”
Welch said the breach also underscores that sanctions President Barack Obama took against Russia this week were warranted. Russia, which has denied hacking U.S. systems, has been accused of interference in the U.S. presidential election by hacking American political sites and email accounts.
In other news the person who used that laptop was known to prefer pornographic video of sex with goats (sarc).
First off, said laptop was apparently owned by said utility but, the utility claims at least, it was not in any way connected to any part of their network, especially the parts that actually control its operations. This leads one to wonder exactly what purpose said laptop had — perhaps it was part of a meter-reading system in a company vehicle, for example.
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, (Russian President) Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” the governor said in a statement.
Meh. There’s zero evidence to support that allegation. First, we don’t know how the malware got in there. The most-common means by which it “gets in there” is the installation of a program that someone thought would do something else — like, for example, play videos of people having sex with goats.
This is the dirty little secret when it comes to “rootkits” and other forms of persistent malware — it has to get into the machine somehow, and the “somehow” on modern computers requires that you give it permission to install.
Installation on most modern machines is inherently an act that requires elevated privileges to some degree. These privileges are (sadly) not usually very granular, so when you get the permission to do the installation if the installer has evil code in it that installer can put the evil code into the computer and protect it from being seen through normal means (and removed through normal means!) This frequently includes corrupting one or more of the system’s internal files so that absent a complete reload of the device in question it is virtually impossible to cleanly remove the evildoer’s work.
Yes, there occasionally are vulnerabilities discovered that allow “unsanctioned” installations of this sort. They’re called “privilege escalation” attacks and the really ugly part of them is not only how many of them are discovered but that the places they’re discovered are in pieces of code that execute with system privileges and thus can modify other, unrelated parts of the system and its software. Most, but not all, of these pieces of software should not be written to require that sort of privilege but software vendors do it because they’re lazy while government, commercial and individual users repeatedly give the vendors a pass instead of bending them over the table and destroying them.
Incidentally, this sort of malware is literally everywhere. It’s used by the people who “cryptolock” files and demand ransom, it is used by those who corrupt machines for the purpose of using them for “denial of service” attacks and as a means of relaying further data without being detected as the source and, sometimes, it is also used to directly target someone for data theft or corruption.
We don’t know which was the case here, but it’s a fairly good bet that this wasn’t exactly a “targeted” attack as if it was it was rather poorly-executed.
Let me remind you that there certainly have been targeted and effective attacks in recent memory allegedly traced to actual state actors. The OPM data heist is an example of a series of not only massive acts of stupidity inside our government it also illustrated active and intentional covering up of the breach once detected, including lying under oath — which is a crime. Yet the number of people prosecuted for said lying under oath and intentionally covering up said breach, which I remind you included fingerprints of millions of individuals along with detailed background check information related to virtually everyone who has held a security clearance in the last 20 years numbers zero.
There has also been no formal claim of “blame” laid on any foreign actor in this regard, although there certainly is more evidence pointing to who was responsible for that breach than either the DNC’s hack or this laptop incident in Vermont.
This, I remind you, is despite the fact that China claims to have arrested people involved in same.
Yeah.
Folks, we have a major security problem throughout government and private-sector systems ranging down to the mundane such as your car, TV and cellphone. We have agencies of our governmental units along with other critical private sector parties (like power companies) that intentionally and willfully ignore known protocols that are highly effective in preventing such attacks. Among these acts of willful and intentional ignorance include using public email provider accounts or “private” (and poorly constructed) servers (a.k.a. Hillary), allowing corporate and government machines to have installed on them software that has not been vetted, allowing the attachment of external devices without authorization and vetting (e.g. USB drives, etc), continuing to allow the of software that has known security exploits in the field and more. In the OPM case there were multiple critical breaches of security protocol any one of which would have likely been effective in preventing the attack from succeeding. Taken together they would have almost-certainly not only prevented the attack but detected the attempts.
Folks, this stuff really isn’t all that hard but it does mean that a certain amount of “convenience” has to be foregone.
That’s the real problem, you see. It’s convenient to not lock your front door but if you do that the odds of a robber stealing your television go way up because now he can just walk in and take it! Likewise, an email system that cannot have its storage accessed except via a VPN connection that requires a certificate to connect is extremely secure. It now is not a matter of simply having someone’s password now you have to steal a device and break into it, and if you do your access is only good until the person realizes the device was stolen and the key is revoked. If you configure a machine that is supposed to do a business or government-related thing (e.g. obtain usage data from electric meters and then transfer that to a central site for billing) so that no other connections than the authorized ones work then it becomes very hard to get the malware on the computer in the first place that would then be used to circumvent those controls. Of course if you do that then the meter reader can’t access Amazon, some news site or blog, or the gay sex with goats site using said business computer in the electric company vehicle.
Yeah.
In other words security when it comes to data access is a process, not a product. You have a bunch of companies running around these days claiming to provide “security solutions” that are in fact nothing more than vendors of software that can easily be put together for free, who package it up and call it a “solution.” It is not. These same firms then use break-ins as advertising; in other words they are very interested in seeing actual compromises happen because that “increases demand” for their products and services!
An example: Several years ago I raised hell about the so-called “advanced keyless entry” systems on automobiles, which by the way, are now the rule rather than the exception. It was blatantly obvious to me with only a few minutes of thought that a pair of no-licence-required radios and a relatively small amount of effort (an effort I could trivially make myself) would allow a thief to repeat the signals from your key and car to each other over distances that would make theft trivial. The key to making such thefts possible is the convenience factor of you not having to press a button on the keyfob — that is, the car senses the key is near it and acts without a positive action being taken on your part. These systems normally only work within a couple of feet of one another and use a “rolling” code that leads people to “think” they’re reasonably secure — but if I can pick up the signal from one and repeat to the other end and do likewise for the response then I can pretend you are sitting in or standing next to the car when you’re actually in the shopping mall! It now becomes not only trivial to steal the car there is exactly no evidence of how I did it after the fact.
The stupidity of such a design is that if you have to push a button then it goes from trivial to very hard to exploit because now I have to capture you actually using the keyfob and then figure out the encryption so I can determine what the next code is because as a thief I cannot cause the fob to emit the next code by myself. That’s hard. But if you don’t have to push a button then I can simply ask the key for the next code and send it as if the key was sitting next to the car, and……. your nice new car is GONE!
In short we took what was a reasonably-secure system and made it insanely insecure just for the pleasure of your “convenience” in not having to push a button to unlock the damn door! We took two-factor authentication to open the door (you must have the fob and you must perform the act of pushing the unlock button) and turned it into one-factor and then on top of that made the one factor something you both have and that can be queried without your direct knowledge.
I don’t — and won’t — own a vehicle equipped with such a “convenience” feature — and that’s why. And what did we see this year? A demonstration. Oops.
How many of the people reading this are stupid enough to have something like Alexa in their house? Or a smart TV that responds to voice commands?
Oh, you say, it only records when you say “Heh Alexa” first? How do you know that to be true, how do you know that the code in that device is secure and has neither a back door or a security problem that has allowed some malignant third party to turn the damn microphone on all the time?
You do know that the cops are testing the claim that Alexa (and Amazon) doesn’t have that data, right? Wanna bet on that?
What the hell is wrong with you?
The same thing that was and is wrong with the government, with the utility in Vermont and elsewhere — you wish to have so much convenience that you simply don’t give a good damn about the fact that you are leaving your front door unlocked and a big “steal my TV” sign in the window.
I’ve raised a ton of Hell about this over the years, going back to my days writing code for others as a wage slave.
It’s a fight that’s almost not worth writing about anymore — except to post great big “Told You So” signs when your car is stolen or your fingerprints (which you can’t change like a password, incidentally) are ripped off from the government.
And with that I leave this for the utility in Vermont:
The best way to figure out the fake news is to pay very close attention to the details as soon as something is reported and then to compare it as the story progresses to the meme stage. If they sense that it is effective to promote the narrative they will remove, delete or drop whatever details that are clearly provable as false in the initial report and ramp up the rhetorical aspects of the story.
In this story the ‘tells’ were that it was discovered to be not only of Russian origin but the exact same operation- “A code associated with the Russian hacking operation dubbed Grizzly Steppe…”
Get it? Grizzly? Like the Russian Bear. Steppe? Like the Russian Steppe. Se how clever those Ruskies are? Now the image is in your head. The same guys who tricked that perv Podesta into giving up his email password are now randomly targeting the Subaru-driving, patchouli-reeking, Birkenstock-wearing ex-Brooklynite hipsters in Vermont to screw with their meter readers.
They don’t really care if someone with above average intelligence picks up on it because A) there aren’t many of them left and B) they’ll just change the story to something else before you can respond to it in the comments sect…AAAAAAND IT’S GONE!
“They don’t really care if someone with above average intelligence picks up on it because A) there aren’t many of them left…”
I am stunned by the number of people who still get their news from the MSM and who buy it all hook line and sinker. We went and saw Rogue 1 the other evening. I was blown away by the quality of the CGI for characters like the admiral and the princess. I asked my wife if she realized the admiral guy was animated. She said no she did not. Isn’t that amazing? Isn’t it kind of scary? Can you imagine what they are capable of doing in this department that we are not even aware of?
Can you believe anything your eyes now see on a screen of any kind when you consider the level of propaganda the MSM spews and the power of animation they are capable of? I am almost to the point where if it is on TV I just consider it false.
I’m piping in to say that the latest terror attack at the night club, killing 36 people has been declared a FF. No surprise.
That’s the same thing you do when you evaluate a story as to its being an opinion piece or a report of factual occurrence.
One makes it clear what can be verified and where, the other leaves you wondering exactly what to verify and where you would do the verifying.
“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, (Russian President) Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” the governor said in a statement.
Should read: “Vermonters and all Americans should be both alarmed and outraged that idiots such as the governor of Vermont are in positions of leadership.
Testing everyone’s skills at detecting “fake news” how do you evaluate something like this article one way or the other?
http://www.infowars.com/trump-on-hacking-i-know-things-other-people-dont/
You don’t suppose the neocons, the left along with the WP would have an ulterior motive in accusing and attacking Russia, therefore making their conclusions suspect? Such as:
Putin ceaselessly making their boy Oboma look ridiculous
Russian refusal to be baited into a shooting war, potentially nuclear, with the West. To the disappointment of the war machine
Russian attempts to clean up after DCs nation building (destroying), further making Oboma look bad
Russias refusal to be brought into the DC fold, including but not limited to refusing to extoll every degeneracy imaginable
The desperate need for a scapegoat for the Democratic debacle of 2016, parallel with diverting attention from the sickening exposures of Wikileaks.
There’s more, but where do you stop.
Here’s some fake news from The Daily Caller,who I usually like.
What makes it fake is what it leaves out,whether by intent or laziness,and don’t kid yourselves,reporters are both lazy & often under deadline.
Those of you who remember this story will recall that the judge turned out to be a strong sympathizer of La Raza.But that would not prejudice him against Trump though,would it?
“Is the Chief Justice Taking A Shot at Trump In His Year end Report?”
http://dailycaller.com/2017/01/01/did-the-chief-justice-take-a-shot-at-trump-in-his-year-end-report/?utm_source=WhatCountsEmail&utm_medium=TheDC%20Morning&utm_campaign=TheDC%20Weekend
The red line did not work so gov using w post get public lathered up with Fake propaganda.I do not believe one word anymore.The gov has gotten away with murder with no consequences.They hope you trust them all the way to the Fema camps