The Washington Post has walked back a story claiming Russian malware was found in the systems of a Vermont utility. The paper earlier linked it to the same operation US officials say was used to interfere with the 2016 presidential election, and flagged it as a potentially larger threat to the nation’s power grid.
To some in the security community, it’s just the latest example of people rushing to judgment when it comes to Russia’s hacking operations.
The Obama Administration has fueled the fire, releasing what it called proof of election hacking and expelling Russian diplomats in retaliation. Security experts who’ve analyzed the reports are more than a little skeptical.
They say the government’s analysis of election hacking is more theory than proof. And, they say, the media has seriously overhyped the power grid story.
Hacking the power grid
It’s not that security experts don’t see risks to the US power grid. They’ve been analyzing the vulnerabilities and warning of danger for years. But stories making the rounds in such major publications as The Washington Post and Wall Street Journal show a serious lack of perspective and understanding, they say.
The initial Washington Post story, for example, reported that Russian code associated with the hacking operation Grizzly Steppe was detected in the system of Vermont utility Burlington Electric. From the article:
While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid. And it raises fears in the US government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.
Lawrence M Walsh, CEO and chief analyst at New York-based business strategy firm the 2112 Group, said that before people panic over the discovery of Grizzly Steppe malware in the Vermont power grid, a few things must be taken into account:
- The malware in question is quite common.
- The US has known about power grid vulnerabilities for more than a decade.
- The US has its fingers on the lights switches in Russia, China, Iran and Mozambique. In other words, nations hacking nations is an old story in which the US is a chief protagonist.
“Don’t get all worked up over this and the many sensational news reports to come as they make more such discoveries,” Walsh says. “The puppet masters are just showing you what’s behind the curtain; this is the current world order of which we’re largely and blissfully ignorant.”
Election hacking
The Obama administration last week issued what it called a sweeping report detailing Russian efforts to interfere with the US presidential election and ordered new sanctions that included the expulsion of 35 Russians. The belief is that Russia sought to interfere with the election in favor of a Trump victory.
As part of the announcement, the Department of Homeland Security (DHS) and Federal Bureau of Investigation (FBI) released a document with technical details on the tools and infrastructure used by the Russian civilian and military intelligence Services (RIS) to compromise and exploit networks and endpoints associated with the election. This is the document in which the US refers to the activity as Grizzly Steppe.
Dave Kennedy, CEO and founder at TrustedSec, an information security consultancy based near Cleveland, Ohio, said the documentation falls short on cold, hard evidence. The material is devoid of proof that Russia hacked the election. It merely points to the hacking of the Democratic National Committee (DNC), along with unsuccessful attempts to hack the Republican National Committee (RNC).
“There’s no evidence regarding the DNC leak causing any disruptions to voter opinion or changing votes,” Kennedy says. “The hacks did reveal that the DNC threw the election to Hillary and gave Bernie zero chance to win.”
Dan Goodin says the White House failed to make its case in an Ars Technica article. He writes:
Sadly, the JAR, as the Joint Analysis Report is called, does little to end the debate. Instead of providing smoking guns that the Russian government was behind specific hacks, it largely restates previous private-sector claims without providing any support for their validity. Even worse, it provides an effective bait and switch by promising newly declassified intelligence into Russian hackers’ “tradecraft and techniques” and instead delivering generic methods carried out by just about all state-sponsored hacking groups.
Careful who you poke
Experts are also quick to point out that American outrage over what happened is more than a little hypocritical.
“We hack countries all the time – all day, every day,” Kennedy says. “I’m not saying we shouldn’t retaliate, as we should with any incursion. I am saying that doing so publicly like this is dangerous. They also didn’t hack a government entity, they hacked political party emails – mind you, with a 1990s-style cred harvesting attack.”
Kennedy says the US must be careful who it pokes and how, and that evidence must be more ironclad.
“I’m all for showing signs of strength,” he said. “I’m not cool with landing us possibly into another cold war or worse.”
Mike
I’m confused. Is this a fake news story?
At this rate I’m going to get all my news from the neighbor’s cat. It’s unintelligible but less likely to mislead.
Bill Brenner
It’s not fake news. In fact, the goal of the article is to not only throw cold water on the hype and FUD out there, but to combat fake news with real analysis from security practitioners who spend every day in the trenches. I don’t blame you for seeking out the neighbor’s cat, but we’ll keep working to give you content you can trust.
mkkddd
Try RT. You might be surprised to discover that some do enjoy a good, old-fashioned sense of purpose and journalistic integrity. Very much like we used to in the West before we ‘won’ the cold war, came to consider ourselves the rightful winners and got complacent, intellectually lazy, fat, arrogant, deluded and self-servingly self-righteous. In short, the shoe’s on the other foot now: it’s the Russians who have made good use of the past couple of decades to grown into an adult nation. The West could still catch up, but it looks like China’s going to get there first. I think it must be something to do with karma, or something like that. If I were a fruitcake religious nut, I’d say, ‘God sees everything (and administers divine justice fittingly)’; but I’m not, so I just think ‘What goes round comes round.’ If you give fruitcake religious nuts money and weapons, you’re going to get your ass kicked (like in Vietnam and Syria, to name but a minute representative sample).
Industrial PC
Of course there is no truth in this story. The US have one of the best IT security systems in the world and I dont think something quite as big and the presidential election could have been hacked.
Tom Bishop
Enjoyed this article, Bill – it provides a lucid view to cut through the agitated rhetoric from both sides.
Matt
I find it curious that at the same time as the DNC email hack there was an attack on GOP email servers. An attack that failed. Are we looking at state sponsored super-hackers or yet another organization wholly ignorant of basic security measures? Spoiler alert: It’s the latter.
Anonymous
What indicated to you there was an “attack that failed” against the GOP? There’s no tangible evidence of that, only that Wikileaks did not receive or otherwise did not publish any emails from GOP accounts.
O.S.
Why are we making an assumption that all the information leading to the claims by the Obama administration have actually been made public? Quite possibly there might be more information that is not shared as it might provide insight into the cyber capabilities of the US that led to these accusations.
greggs
I’m with you Mike. I’m not sure who to believe anymore. Many of us have lost trust in the media, government and the experts to give unbiased and correct information. I would guess that many details of these incidents are highly classified. So “experts” on both sides are likely stating their opinion without having all the facts. My opinion: I may never know the whole story from our ‘sources’ but I certainly don’t trust the Russian government about anything and you won’t find me defending them at all. Fine if we are not sure it was really them but let’s not be heaping praise on them as innocent bystanders. We shouldn’t even be deflecting criticism of them. Chance are they had something to do with it… or at the very least, wish they did.
Anonymous
Why is this article considered more believable than the information coming out of Washington? Why is there a broken link to more information about the author?
Kate Bevan
Hi – thanks for flagging up the broken link; we’re looking at it now.
Henry Barth
With all the speculation about who or what ‘hacked’ and disclosed DNC emails to the public, it is worth noting that no one from the President on down has said the contents of any emails were false or misleading.
Anonymous
Would you expect them to lie about the content of emails that were stolen off private servers? I’m pretty sure all of us wouldn’t expect our private emails to be shared, so it wouldn’t be surprising to find out that private emails could have shocking content, especially if those emails involved IDK, an active campaign for the most important and powerful job in the world. Just because they were leaked doesn’t mean that anyone who wrote them was “hiding” anything that wasn’t honestly expected to be hidden. Let’s see what was revealed: A) DNC leadership didn’t want to support the independent candidate who wanted to leverage the party’s infrastructure to discredit the party’s best chance of electing a 3rd term Democratic President in what was likely already to be a contentious election…. OR B) Members of a Presidential Candidate’s inner circle carefully analyzed the impact of their candidate’s positions and statements on the electorate and worried that she may draw attention to past transgressions or weaknesses. Or are we taking about the fake news stories surrounding leaked emails indicating that discussion between campaign chairman and friends of having “pizza party” with children was somehow code for child abuse?
Simon
I’m sure the russian security services have their NSA equivalent. I doubt they’ll be clumsier or any less efficient than their American counterparts. It’s a little insulting to suggest they are as incompetent as to leave flashing neon sign equivalents. And it looks fairly likely the Democrat emails were leaked rather than hacked.
mkkddd
Yes, that’s right: they were leaked, NOT hacked. Find a credible source, e.g. RT, and read up on it. There’s no doubt here; it’s just spoilt brat bullies trying to buttress their delusion and make themselves feel better about losing, quickly, before being consigned to one of history’s most vile rubbish bins.
tommy
I’m sure a russian news website is very trust worthy on possible russian hacking
M Rogue
Regarding the administration’s report, they’re limited in what they can make public. There seems to be a mass assumption that the conclusions of 17 US intelligence agencies are purely the result of after-the-fact cyber forensics. While this plays into it, there is likely significant HUMINT and SIGINT in play here as well as other cyber intelligence which is highly classified. The public cannot and will not know the whole truth. Unless you have the clearance and access to all the pieces of this puzzle, a proper determination as to what happened cannot be made, and it’s disingenuous or naive to suggest otherwise. The Ars article was disappointing to me because it didn’t take note of that. In the meantime, I’ll defer to the overwhelming consensus among those with clearances.
Regarding the malware discovered at the utility site, it certainly warrants serious investigation, as would any such scenario, but you are correct in that the media (and public) have handled it poorly.
mkkddd
You don’t think ‘the overwhelming consensus among those with clearances’ has anything to do with the positions they hold? Few things are more difficult, or frustrating, than trying to help someone understand something which they’re paid a salary to not understand.
M Rogue
I’m not quite sure how to parse the last sentence of your reply. No, I don’t think it has anything to do with the positions they hold, especially when such a broad array of people who work for often competing intelligence organizations are all in agreement. I see elsewhere here that you’ve tried to talk up RT which is a known Russian propaganda news outlet. Your motivations seem very clear.
mkkddd
So, that would mean that all of those seventeen expert agencies who unanimously support the outgoing administration’s claim that they didn’t really get a sporting chance at winning the presidential election because the Russians ruined it are more interested in an unbiased and accurate representation, contributing to a mundane and unsensational report, of what happened than they are in ensuring their paymasters don’t consider them disloyal? Hmmm, on balance, I’m sure you’ll understand why I find it difficult to avoid parsing scepticism out of that.
My motivations may SEEM clear to you, but that doesn’t mean they actually are.
Let me explain it like this, with a metaphor: when a couple is in the midst of an acrimonious divorce, you may take and listen to either side, but if you don’t listen to both you don’t know what’s going on. If you believe the propaganda element of RT is any more exaggerated than that of the New York Times or Washington Post (or Guardian or Telegraph) you don’t know what’s going on. Behaviour is a great indicator. No administration has ever done as much to make it as difficult as possible for it’s successor as the current outgoing US one. This might indicate that they are really just a bunch of poor losers – bullies and spoilt brats.
This is the core of the problem: narcissism. Obama wasn’t kidding when he stated he genuinely believes the US is exceptional and may do things other can’t. He really genuinely believes that. This is narcissism and it is very dangerous. It mustn’t be allowed to pass unchallenged, as it has since the collapse of the Soviet Union.
Whatever Russia has done, we should all be VERY grateful to them if they did actually play any significant role in preventing the perpetuation of that mindset among the powerful, and I believe the probably did; they most likely leaked the documents to Wikileaks(, thank god). If they needed to encourage a bit of hacking to do so, so be it. Had that awful woman come to power there’s a good chance those of us living anywhere near NATO’s ‘front lines’ might suffer the fate of Syria, Lybia, Egypt, Tunisia in recent years. Despite the multitude of wars the US has inspired and supported, Russia is far more familiar with war than America. They were frightened of the Obama/Clinton gang precisely because they know what will come of it, and it is not good (for anyone, except manufacturers of armaments).
What I can’t understand is how relatively intelligent people can manage to avoid understanding this. They must have some pretty special, even exceptional, salaries. Parse this: ‘Few things are more difficult, or frustrating, than trying to help someone understand something which they’re paid a salary to not understand.’ If you really need help working it out go to RT, for example, to fill in some of the gaps.
If I may, I’d suggest you start with Joe Biden and the Ukraine. I’d like you to understand that because the world is a little bit safer for every one person who does. Like the Russians, my motivation is to make the world a safer place. No-one is safe with greedy fruitcake narcissists, who lack the self-perception to even hide their delusional beliefs, in positions of power and influence in Washington. We should all be very grateful to the Russians for saving us from the awful political trainwreck that US politics has become, even if we do get exceptional salaries and live far from anywhere where we might get hurt.
Anonymous
I read up until “Like the Russians, my motivation is to make the world a safer place.” Let me guess, you are an objective American citizen who just happens to be spreading pro-Russian propaganda. It’s definitely a safer place when Russia is the dominant force in Europe, and their power goes unchecked, right?
Debbie Griffith
I have too many memories of all the Russian/communist attempts to undermine this country. Putin does not give me any reason to believe Russia’s motives are fotherwise. The fact that Trump thinks Putin is a great example of a leader scares the $)(*%$ out of me.
mkkddd
That’s just because you’re ignorant (and old) – nothing to get scared about. (Unless you have your fingers on the buttons of Weapons of Mass Destruction.) Remember those: weapons of mass destruction? They’re pretty much the same as Russian hacking. Fortunately, the US President-elect seems to have recognised that.
Chuck
I would have never expected to see an article like this on Naked Security. I mean really! Maybe on WorldNetDaily or some other right wing hit job publication, but not Naked Security.
Magyver
Exactly what are you trying to imply? Since you liken Sophos’ reporting to a “right wing hit job publication” it appears you don’t trust anything short of official left wing propaganda.
Sad. Since you limit your reading to official “state sponsored news” you’ve never realized that the UK prints the truth that the White House suppresses for political reasons.
Sophos has an impeccable reputation and as an American journalist I have trusted it for years. You also have missed the fact that Sophos is a world recognized authority on computer security.
Keep up the good work Sophos.
Joe
Well said and well written. Falsely claiming the Russian hacks as well as expelling the Russian diplomats was, the now previous administration’s, last slap in America’s face. Good riddance to both the past administration as well as lame stream news. You’ve both been damaged beyond repair.