and found it.

The fact that it isn't "connected to our organizations grid systems" depends on how you define "connected".

The fact that it was found on any device connected to the network should be of grave concern to all.

The laptop was not connected to it.

But the headline "Russian hackers penetrated U.S. electricity grid through a utility in Vermont" is not true - and that story (with that headline) is still going strong here on LBN.

Doesn't mean it wasn't penetrated. It is a true headline.

Malware was found at the utility in a computer that was not connected to the operation of the grid, Vermont Public Service Commissioner Christopher Recchia said.

http://www.burlingtonfreepress.com/story/news/local/vermont/2016/12/30/russia-hacked-us-grid-through-burlington-electric/96024326/
The original Washington Post headline said that they had "penetrated the electricity grid" - which is false.

The fact that it had not interfaced with the main system is irrelevant. We were lucky to catch it, but it was compromised.

That isn't true (and they have since changed the headline and updated the article).

They hacked the laptop. IMO if it was owned by the utility it was part of the grid even if not currently connected. We just got lucky.

grid.

I would assume that the company has many laptops and other computers used for many things. There would be absolutely NO reason to have a laptop that is doing billing, or financial reports etc connected to the grid itself -- if it were connected, that would be a very stupid configuration and would create a risk for absolutely no reason at all.

Here is an analog - None of the computers that many departments used at AT&T interfaced with the computers running the network. The network did create usage tapes that were the basis of all billing, analysis, design of the network etc. Had the many many laptops that AT&T and Bell Labs people used been infected, they would not have infected the completely separate computers controlling the network.

As long as they had 1 hacked laptop in the facility, the potential was there. The fact that it had not happened yet is irrelevant.

I think that the most informative, accurate piece of information here is the Burlington Electric statement. Any organization that finds malware on any laptop would isolate it and insure that it is removed.

Are you an IT expert?

I believe the people that are it experts over someone that does not want to be known as the person whose carelessness allowed our electrical grid to be compromised. Our Director of National Intelligence testified last year that our grid had been infiltrated already. I believe he knows what he is talking about better than I.

The click bait online link title said that. Here's a link to the actual hard copy story with the actual headline.

http://thewashingtonpost.newspaperdirect.com/epaper/viewer.aspx#

In fact, it is still in LBN here on DU with that headline.

Last edited Sat Dec 31, 2016, 07:03 AM - Edit history (2)

It shouldn't have been found in the laptop, period. If it hadn't been discovered in time they could have used that entry to hack the system.

Malware was found at the utility in a computer that was not connected to the operation of the grid

http://www.burlingtonfreepress.com/story/news/local/vermont/2016/12/30/russia-hacked-us-grid-through-burlington-electric/96024326/

So they're contradicting themselves.

And there's this:

https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html?hpid=hp_no-name_no-name%3Apage%2Fbreaking-news-bar&tid=a_breakingnews&utm_term=.52e06343445c

Officials said that it is unclear when the code entered the Vermont utility’s computer, and that an investigation will attempt to determine the timing and nature of the intrusion, as well as whether other utilities were similarly targeted.

The Washington Post article that you link to falsely claims that the hackers "penetrated the US electricity grid".

This is not true.

WaPo has since changed their headline and added updated information to the article.

In their original article, they did not even have a statement from Burlington Electric or any other officials in Vermont.

The statement from Burlington Electric explicitly says that this laptop was not connected to the grid.

We all know that once the malware gets on the organization they seek to add malware to more secure computer systems via email. It may have been interrupted at the first step, but a breech on some level occurred.

That is the problem. The Washington Post did some crappy reporting here. They had a headline that was not true. If they had merely reported the facts (and solicited a statement from Burlington Electric), they could have had an accurate article that conveyed the seriousness of the situation without a blatantly false assertion that the grid itself had been hacked.

Misstep? I think it's false equivalence- just as the BS Tabbi just published about the Rissian hacks- that leads people to further distrust a fairly responsible source.
More of the perfect being the enemy of the good. Nothing is perfect. We need to grow up and realize that instead of assigning nefarious motivations to anyone who misspeaks in a small hair splitting way.

I do not think this is "fake news" or anything of that nature. But I think it is important to point out that they screwed up in their initial story. It's not good for their credibility when they have a moment like this. Just take the time to get it right before running with something online - that's all I'm saying.

The word is implied without being stated -- for some reason.

It says this:

One controlled electricity on the grid and was connected to the National Grid. The OTHER was a system that was used by the company for its accounting, financial reports, planning etc. There would be NO reason to connect this one to the other one as they do not need to communicate.

It is only your CONJECTURE that the affected laptop was ever connected to the National Grid system.

Of the apparently conflicting statements. Seems pretty logical.

And by isolating it, they prevent it from potentially affecting other computers on that same network.

You do not want malware ANYWHERE.

They specifically said it was not connected.

There is the actual electrical grid, which imports/produces electrical power and distributes it to customers. They are pretty small, with 16,000 residential customers and more than 3600 commercial customers.

There is the grid command and control system used to manage the electrical grid, and ideally its network is air-gapped from any other, or it is connected via a severely restrictive firewall.

Then there are the administrative systems for accounting, billing, customer records, etc. Again, these should be on their own networks, with multiple security zones separated by firewalls.

Lastly are the internet connected systems, such as the public web server, which should be on their own networks with firewalls to the internet. There may also be VPN systems to allow off-site workers to access the administrative systems.

What they are saying is that the laptop wasn't on the grid command and control system network.

and I'm supposed to feel reassured because...

But the fact remains that the original story had a very significant error - namely that the hackers had penetrated the grid (which the Washington Post stated as a fact).

The story was filed at 10:30 last night and appears in today's paper.

I think some people confused an online click bait link title with the actual Post headline. There is no update or correction noted, so I think the hard copy reflects what the Post actually said when it broke the story.

Glad to see that Vermont public officials (Governor Schumlin and Senator Leahy are quoted in the story) are taking the breach seriously.

http://thewashingtonpost.newspaperdirect.com/epaper/viewer.aspx#

And the headline changed from:

Russian hackers penetrated U.S. electricity grid through a utility in Vermont

to

Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid

Journalism certainly isn't what it used to be. Best practices requires an acknowledgement of any changes or updates at the end of the story.

Even our newspapers of record will sell out accuracy for online hits. The demise of journalistic standards and ethics helped to elect Trump. The importance of a free press to a well functioning democracy is so vital that the people insisted on it in the first amendment. It's too bad that editors and publishers don't take their jobs as seriously as they should.

The hard copy headline, however, is less sensational, but I've only seen the E-Replica, not the actual hard copy newspaper.

At any rate, the story is troubling, especially in the light of a president elect and his operatives defending foreign agents while throwing the current administration and intelligence community under the bus. I wonder if we'll still be checking for this kind of malicious code three weeks from now.

it is best practice for all, has been for 20 years

On all points!

It's actually more likely the owner of the laptop was surfing a site that downloaded it.

Malware is extremely common, you know?

Officials said that it is unclear when the code entered the Vermont utility’s computer, and that an investigation will attempt to determine the timing and nature of the intrusion, as well as whether other utilities were similarly targeted.

snip-------------

This week, officials from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence shared the Grizzly Steppe malware code with executives from 16 sectors nationwide, including the financial, utility and transportation industries, a senior administration official said. Vermont utility officials identified the code within their operations and reported it to federal officials Friday, the official said.

https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html?utm_term=.e84715f1bd40

Just thinking about having no electricity in January kind of gives people a chill. This may not have been a BFD this time, but it may show where they're going.

The Daily Caller is saying this is fake news, but major newspapers are taking it seriously.

that the WaPo is lying to them (as usual)... Oh, my people.

Giving RW sites ammo that we don't need to give them.

even if something of a foul on WaPo's part. After all, there was a Russian attack (one of thousands past and present, readying for The Day) and a breach of the power company, just didn't get to the grid.

On Daily Caller's part, it's all, 100% betrayal of their readers, who really, really need to know what's happening, whether they want to or not.

Just checked--so far no other companies with the guts to admit, publicly anyway, that they've identified Grizzly in their systems. I've read that the same whomped-up anti-government sentiments we see in the typical pub are also in top management at many private utilities, literally keeping them from cooperating as needed to protect themselves.

Every day there's some new blaring headline about Russians in the bushes that doesn't hold up on further inspection. I thought the Cold War was over, but a lot of people are still living it in their head.

And disclaimer: Vladimir Putin is fucking evil and all y'all ignored him for years and laughed at people who said he was bad. Now he's some puppet master controlling our country and not a two bit evil dictator with a failing economy.

he's taking over Hollywood now!!!

according to the utility, but the grid was not breached because the computer hacked was not connected to the company's operating system.

I've searched, and no other entity, of the many thousands from 14 sectors notified this week, has admitted finding Grizzly Steppe yet, but we know it's out there. Grizzly aside, at any time vital systems in the U.S. are the target of roughly 1000 hacking attempts.

But at any time a major government, like Russia or China, could take down major portions, or all, of our electrical grid by cyber attack. We would retaliate in kind, but Russia's vast spaces of poor people are not nearly as dependent on interdependent electronics for survival as ours are.

Cyber attacks are not the only threat, and a study prepared for Congress reported that in worst case, where high-altitude-nuke-generated EMG took out our grid coast to coast, 90% of Americans would be dead at the end of a year.

These threats are real. I strongly, strongly recommend that all households have a couple months of food, water, and medicines on hand. The more people who do that, the stronger and more resilient our communities will be. Just build up stocks of regular stuff that'd be purchased and used anyway.

The story is pretty clear. Oberliner is responding to a click bait version of the headline, not the actual headline.

A computer at a utility company was intentionally and specifically infected with malware. Because that computer was not connected to the grid, the grid was not at risk. That doesn't make the attack any less ominous.

It's always been a possibility and where I live it's a deadly possibility. It hit home a few months back when they hacked into a company located in my state that services the big sites like Amazon. Our Internet access was gone for a good 24 hours because we happened to use the same provider and that also meant we were out of business. It can happen and it probably will at some point.

The company we keep.

It's far more likely the owner of the laptop visited a site that downloaded it to his computer.

In which case, we've all been "hacked" about a million times.

the user was surfing the web with it.

We don't know how locked down it was, what kind of anti spyware/malware protection it had, or really anything about it or its user.

I'm not sure why it's on anyone's agenda to downplay or dismiss this story. Governor Schumlin and Senator Leahy are taking it seriously. I'm sure that the people of Vermont are as well.

to assume something nefarious with so little information is jumping the gun a tad. This could simply be a case of a computer user using his work laptop to surf the net and got a piece of spyware downloaded in the process. It happens in companies everyday, but you don't read about it in the Washington Post.

That's all I'm saying.

NPR and the Washington Post picked up the story, and the wires followed. It's news.

http://digital.vpr.net/post/russian-malware-found-burlington-electric-computer#stream/0

http://www.npr.org/sections/thetwo-way/2016/12/30/507640499/u-s-officials-say-russia-hacked-a-vermont-utility

https://apnews.com/7b63fe3cd3b8413d8141234b7d0ee2c2/Vermont-utility-finds-malware-code-attributed-to-Russians

http://www.upi.com/Top_News/US/2016/12/31/Russian-malware-discovered-on-Vermont-electric-company-computer/5171483196953/?spt=hts&or=2

http://www.reuters.com/article/us-usa-russia-cyber-vermont-idUSKBN14K01H

“One computer in Burlington Electric Department did have malware on it that they discovered,” he said. “It is not at all related to the utility grid operations. This is just like anyone’s administrative computer that may have gotten a particular malware associated with it. But I think Burlington Electric did the responsible thing and called homeland security as well as the FBI to notify them. They have isolated that laptop, there’s no further compromise, and the utility grid was not in danger at any point.”


That is my entire point.

associated by intelligence agencies with ongoing foreign hacks. I feel better now.

what specific malware program it was. All they are saying is it's associated with Grizzly Steppe.

Which could mean anything. How common is this piece of malware? How does it infiltrate computers?

No real detail to go on based on the articles.

In the meantime, I'll take my lead from President Obama and the Democrats at the helm of state government in Vermont.

You don't know how Trump and his allies have dismissed the Russian threat? Please.

I haven't heard any response to this incident.

Of course I'm baking for tonight and not glued to my computer, so if you can fill me in, that would be great. I haven't seen any specific reaction at this point.

But it didn't explode. This was a near miss at best.

clear. Both he and the state official have more expertise and are closer to what happened than a Washington Post journalist trying to be the first one out there with a big story.

isolated the one with malware AND REPORTED IT. REPORTED IT is the opposite of covering it up.

LOL

They are not the first company that found malware on a laptop ... nor will they be the last. What they did do was to check when the government issued the signature of the malware and when they found it, they reported it.

I assume that they will do more training - as all organizations should do to insure this is less likely in the future.

I did not see you expressing the same cynical sarcasm when the DNC got hacked or when HRC's campaign chair fell for the simplistest phishing exercise there is. It happens. I see no reason to cast aspersions on the company or the official who made a very clear statement of the facts as known at that point.

Based on information provided by the Burlington newspaper's reporting.

information being made public by the Burlington Electric Department.

Hopefully people will keep some perspective in following this Russian hacking investigation.

If WaPo could've waited to get a statement from Burlington Electric before they ran their original story, there would not have been a problem. If it wasn't for their sloppiness and rush to get this out there, the focus would be on the hack itself, which is disturbing.

Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation

https://www.washingtonpost.com/world/national-security/russian-government-hackers-do-not-appear-to-have-targeted-vermont-utility-say-people-close-to-investigation/2017/01/02/70c25956-d12c-11e6-945a-76f69a399dd5_story.html?utm_term=.0d6804bb6492

Editor’s Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.

https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html?pushid=breaking-news_1483149501&tid=notifi_push_breaking-news&utm_term=.15e00e9f296a

Glad that WaPo is finally taking responsibility for its mistake.