General Discussion
Related: Editorials & Other Articles, Issue Forums, Alliance Forums, Region ForumsThere was no Vermont electrical grid hack
Statement from Burlington Electric Department:
"Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks," said Mike Kanarick, spokesman for Burlington Electric Department. "We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organizations grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully."
http://www.burlingtonfreepress.com/story/news/local/vermont/2016/12/30/russia-hacked-us-grid-through-burlington-electric/96024326/
pkdu
(3,977 posts)and found it.
The fact that it isn't "connected to our organizations grid systems" depends on how you define "connected".
The fact that it was found on any device connected to the network should be of grave concern to all.
LaydeeBug
(10,291 posts)oberliner
(58,724 posts)The laptop was not connected to it.
LaydeeBug
(10,291 posts)oberliner
(58,724 posts)But the headline "Russian hackers penetrated U.S. electricity grid through a utility in Vermont" is not true - and that story (with that headline) is still going strong here on LBN.
sarah FAILIN
(2,857 posts)Doesn't mean it wasn't penetrated. It is a true headline.
oberliner
(58,724 posts)Malware was found at the utility in a computer that was not connected to the operation of the grid, Vermont Public Service Commissioner Christopher Recchia said.
http://www.burlingtonfreepress.com/story/news/local/vermont/2016/12/30/russia-hacked-us-grid-through-burlington-electric/96024326/
The original Washington Post headline said that they had "penetrated the electricity grid" - which is false.
sarah FAILIN
(2,857 posts)The fact that it had not interfaced with the main system is irrelevant. We were lucky to catch it, but it was compromised.
oberliner
(58,724 posts)That isn't true (and they have since changed the headline and updated the article).
sarah FAILIN
(2,857 posts)They hacked the laptop. IMO if it was owned by the utility it was part of the grid even if not currently connected. We just got lucky.
karynnj
(59,503 posts)grid.
I would assume that the company has many laptops and other computers used for many things. There would be absolutely NO reason to have a laptop that is doing billing, or financial reports etc connected to the grid itself -- if it were connected, that would be a very stupid configuration and would create a risk for absolutely no reason at all.
Here is an analog - None of the computers that many departments used at AT&T interfaced with the computers running the network. The network did create usage tapes that were the basis of all billing, analysis, design of the network etc. Had the many many laptops that AT&T and Bell Labs people used been infected, they would not have infected the completely separate computers controlling the network.
sarah FAILIN
(2,857 posts)As long as they had 1 hacked laptop in the facility, the potential was there. The fact that it had not happened yet is irrelevant.
karynnj
(59,503 posts)I think that the most informative, accurate piece of information here is the Burlington Electric statement. Any organization that finds malware on any laptop would isolate it and insure that it is removed.
Are you an IT expert?
sarah FAILIN
(2,857 posts)I believe the people that are it experts over someone that does not want to be known as the person whose carelessness allowed our electrical grid to be compromised. Our Director of National Intelligence testified last year that our grid had been infiltrated already. I believe he knows what he is talking about better than I.
lapucelle
(18,252 posts)The click bait online link title said that. Here's a link to the actual hard copy story with the actual headline.
http://thewashingtonpost.newspaperdirect.com/epaper/viewer.aspx#
oberliner
(58,724 posts)In fact, it is still in LBN here on DU with that headline.
pnwmom
(108,977 posts)Last edited Sat Dec 31, 2016, 07:03 AM - Edit history (2)
It shouldn't have been found in the laptop, period. If it hadn't been discovered in time they could have used that entry to hack the system.
pnwmom
(108,977 posts)JustAnotherGen
(31,816 posts)HoneyBadger
(2,297 posts)pnwmom
(108,977 posts)oberliner
(58,724 posts)Malware was found at the utility in a computer that was not connected to the operation of the grid
http://www.burlingtonfreepress.com/story/news/local/vermont/2016/12/30/russia-hacked-us-grid-through-burlington-electric/96024326/
pnwmom
(108,977 posts)So they're contradicting themselves.
And there's this:
https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html?hpid=hp_no-name_no-name%3Apage%2Fbreaking-news-bar&tid=a_breakingnews&utm_term=.52e06343445c
Officials said that it is unclear when the code entered the Vermont utilitys computer, and that an investigation will attempt to determine the timing and nature of the intrusion, as well as whether other utilities were similarly targeted.
oberliner
(58,724 posts)https://www.facebook.com/burlingtonelectric
pnwmom
(108,977 posts)Once they detected the malware, they took immediate action to isolate the laptop. That means it wasn't isolated before.
Also, the first sentence could be read, grammatically speaking, in two different ways.
It could mean, "We detected the malware . . . laptop that IS not connected to our organization's grid systems."
Or it could mean, "We detected the malware . . . laptop that WAS not connected."
Also, they acknowledged that they didn't know when or how the breach occurred. So the possibility is that the malware got on the laptop at a time when it WAS connected to the system.
https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html?hpid=hp_no-name_no-name%3Apage%2Fbreaking-news-bar&tid=a_breakingnews&utm_term=.52e06343445c
Officials said that it is unclear when the code entered the Vermont utilitys computer, and that an investigation will attempt to determine the timing and nature of the intrusion, as well as whether other utilities were similarly targeted.
JustAnotherGen
(31,816 posts)oberliner
(58,724 posts)The Washington Post article that you link to falsely claims that the hackers "penetrated the US electricity grid".
This is not true.
WaPo has since changed their headline and added updated information to the article.
In their original article, they did not even have a statement from Burlington Electric or any other officials in Vermont.
The statement from Burlington Electric explicitly says that this laptop was not connected to the grid.
bettyellen
(47,209 posts)We all know that once the malware gets on the organization they seek to add malware to more secure computer systems via email. It may have been interrupted at the first step, but a breech on some level occurred.
oberliner
(58,724 posts)That is the problem. The Washington Post did some crappy reporting here. They had a headline that was not true. If they had merely reported the facts (and solicited a statement from Burlington Electric), they could have had an accurate article that conveyed the seriousness of the situation without a blatantly false assertion that the grid itself had been hacked.
bettyellen
(47,209 posts)Misstep? I think it's false equivalence- just as the BS Tabbi just published about the Rissian hacks- that leads people to further distrust a fairly responsible source.
More of the perfect being the enemy of the good. Nothing is perfect. We need to grow up and realize that instead of assigning nefarious motivations to anyone who misspeaks in a small hair splitting way.
oberliner
(58,724 posts)I do not think this is "fake news" or anything of that nature. But I think it is important to point out that they screwed up in their initial story. It's not good for their credibility when they have a moment like this. Just take the time to get it right before running with something online - that's all I'm saying.
pnwmom
(108,977 posts)The word is implied without being stated -- for some reason.
It says this:
It does not say this:
We detected the malware in a single Burlington Electric Department laptop that was not connected to our organizations grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.
karynnj
(59,503 posts)One controlled electricity on the grid and was connected to the National Grid. The OTHER was a system that was used by the company for its accounting, financial reports, planning etc. There would be NO reason to connect this one to the other one as they do not need to communicate.
It is only your CONJECTURE that the affected laptop was ever connected to the National Grid system.
canetoad
(17,152 posts)Of the apparently conflicting statements. Seems pretty logical.
pnwmom
(108,977 posts)oberliner
(58,724 posts)And by isolating it, they prevent it from potentially affecting other computers on that same network.
karynnj
(59,503 posts)You do not want malware ANYWHERE.
karynnj
(59,503 posts)They specifically said it was not connected.
FarCenter
(19,429 posts)There is the actual electrical grid, which imports/produces electrical power and distributes it to customers. They are pretty small, with 16,000 residential customers and more than 3600 commercial customers.
There is the grid command and control system used to manage the electrical grid, and ideally its network is air-gapped from any other, or it is connected via a severely restrictive firewall.
Then there are the administrative systems for accounting, billing, customer records, etc. Again, these should be on their own networks, with multiple security zones separated by firewalls.
Lastly are the internet connected systems, such as the public web server, which should be on their own networks with firewalls to the internet. There may also be VPN systems to allow off-site workers to access the administrative systems.
What they are saying is that the laptop wasn't on the grid command and control system network.
karynnj
(59,503 posts)lapucelle
(18,252 posts)and I'm supposed to feel reassured because...
oberliner
(58,724 posts)But the fact remains that the original story had a very significant error - namely that the hackers had penetrated the grid (which the Washington Post stated as a fact).
lapucelle
(18,252 posts)The story was filed at 10:30 last night and appears in today's paper.
I think some people confused an online click bait link title with the actual Post headline. There is no update or correction noted, so I think the hard copy reflects what the Post actually said when it broke the story.
Glad to see that Vermont public officials (Governor Schumlin and Senator Leahy are quoted in the story) are taking the breach seriously.
http://thewashingtonpost.newspaperdirect.com/epaper/viewer.aspx#
oberliner
(58,724 posts)And the headline changed from:
Russian hackers penetrated U.S. electricity grid through a utility in Vermont
to
Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid
lapucelle
(18,252 posts)Journalism certainly isn't what it used to be. Best practices requires an acknowledgement of any changes or updates at the end of the story.
Even our newspapers of record will sell out accuracy for online hits. The demise of journalistic standards and ethics helped to elect Trump. The importance of a free press to a well functioning democracy is so vital that the people insisted on it in the first amendment. It's too bad that editors and publishers don't take their jobs as seriously as they should.
The hard copy headline, however, is less sensational, but I've only seen the E-Replica, not the actual hard copy newspaper.
At any rate, the story is troubling, especially in the light of a president elect and his operatives defending foreign agents while throwing the current administration and intelligence community under the bus. I wonder if we'll still be checking for this kind of malicious code three weeks from now.
HoneyBadger
(2,297 posts)it is best practice for all, has been for 20 years
oberliner
(58,724 posts)On all points!
B2G
(9,766 posts)It's actually more likely the owner of the laptop was surfing a site that downloaded it.
Malware is extremely common, you know?
lapucelle
(18,252 posts)Officials said that it is unclear when the code entered the Vermont utilitys computer, and that an investigation will attempt to determine the timing and nature of the intrusion, as well as whether other utilities were similarly targeted.
snip-------------
This week, officials from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence shared the Grizzly Steppe malware code with executives from 16 sectors nationwide, including the financial, utility and transportation industries, a senior administration official said. Vermont utility officials identified the code within their operations and reported it to federal officials Friday, the official said.
https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html?utm_term=.e84715f1bd40
lpbk2713
(42,755 posts)With the holiday weekend it will be at least Tuesday
before anyone gets to the depth of this story.
Lowe's and Home Depot will be busy.
radical noodle
(8,000 posts)Just thinking about having no electricity in January kind of gives people a chill. This may not have been a BFD this time, but it may show where they're going.
The Daily Caller is saying this is fake news, but major newspapers are taking it seriously.
Hortensis
(58,785 posts)that the WaPo is lying to them (as usual)... Oh, my people.
oberliner
(58,724 posts)Giving RW sites ammo that we don't need to give them.
Hortensis
(58,785 posts)even if something of a foul on WaPo's part. After all, there was a Russian attack (one of thousands past and present, readying for The Day) and a breach of the power company, just didn't get to the grid.
On Daily Caller's part, it's all, 100% betrayal of their readers, who really, really need to know what's happening, whether they want to or not.
Just checked--so far no other companies with the guts to admit, publicly anyway, that they've identified Grizzly in their systems. I've read that the same whomped-up anti-government sentiments we see in the typical pub are also in top management at many private utilities, literally keeping them from cooperating as needed to protect themselves.
DemocraticWing
(1,290 posts)Every day there's some new blaring headline about Russians in the bushes that doesn't hold up on further inspection. I thought the Cold War was over, but a lot of people are still living it in their head.
And disclaimer: Vladimir Putin is fucking evil and all y'all ignored him for years and laughed at people who said he was bad. Now he's some puppet master controlling our country and not a two bit evil dictator with a failing economy.
elmac
(4,642 posts)he's taking over Hollywood now!!!
leftofcool
(19,460 posts)Hortensis
(58,785 posts)according to the utility, but the grid was not breached because the computer hacked was not connected to the company's operating system.
I've searched, and no other entity, of the many thousands from 14 sectors notified this week, has admitted finding Grizzly Steppe yet, but we know it's out there. Grizzly aside, at any time vital systems in the U.S. are the target of roughly 1000 hacking attempts.
But at any time a major government, like Russia or China, could take down major portions, or all, of our electrical grid by cyber attack. We would retaliate in kind, but Russia's vast spaces of poor people are not nearly as dependent on interdependent electronics for survival as ours are.
Cyber attacks are not the only threat, and a study prepared for Congress reported that in worst case, where high-altitude-nuke-generated EMG took out our grid coast to coast, 90% of Americans would be dead at the end of a year.
These threats are real. I strongly, strongly recommend that all households have a couple months of food, water, and medicines on hand. The more people who do that, the stronger and more resilient our communities will be. Just build up stocks of regular stuff that'd be purchased and used anyway.
stevenleser
(32,886 posts)The story is pretty clear. Oberliner is responding to a click bait version of the headline, not the actual headline.
A computer at a utility company was intentionally and specifically infected with malware. Because that computer was not connected to the grid, the grid was not at risk. That doesn't make the attack any less ominous.
Vinca
(50,269 posts)It's always been a possibility and where I live it's a deadly possibility. It hit home a few months back when they hacked into a company located in my state that services the big sites like Amazon. Our Internet access was gone for a good 24 hours because we happened to use the same provider and that also meant we were out of business. It can happen and it probably will at some point.
JustAnotherGen
(31,816 posts)The company we keep.
B2G
(9,766 posts)It's far more likely the owner of the laptop visited a site that downloaded it to his computer.
In which case, we've all been "hacked" about a million times.
lapucelle
(18,252 posts)B2G
(9,766 posts)the user was surfing the web with it.
We don't know how locked down it was, what kind of anti spyware/malware protection it had, or really anything about it or its user.
lapucelle
(18,252 posts)I'm not sure why it's on anyone's agenda to downplay or dismiss this story. Governor Schumlin and Senator Leahy are taking it seriously. I'm sure that the people of Vermont are as well.
B2G
(9,766 posts)to assume something nefarious with so little information is jumping the gun a tad. This could simply be a case of a computer user using his work laptop to surf the net and got a piece of spyware downloaded in the process. It happens in companies everyday, but you don't read about it in the Washington Post.
That's all I'm saying.
lapucelle
(18,252 posts)NPR and the Washington Post picked up the story, and the wires followed. It's news.
http://digital.vpr.net/post/russian-malware-found-burlington-electric-computer#stream/0
http://www.npr.org/sections/thetwo-way/2016/12/30/507640499/u-s-officials-say-russia-hacked-a-vermont-utility
https://apnews.com/7b63fe3cd3b8413d8141234b7d0ee2c2/Vermont-utility-finds-malware-code-attributed-to-Russians
http://www.upi.com/Top_News/US/2016/12/31/Russian-malware-discovered-on-Vermont-electric-company-computer/5171483196953/?spt=hts&or=2
http://www.reuters.com/article/us-usa-russia-cyber-vermont-idUSKBN14K01H
B2G
(9,766 posts)One computer in Burlington Electric Department did have malware on it that they discovered, he said. It is not at all related to the utility grid operations. This is just like anyones administrative computer that may have gotten a particular malware associated with it. But I think Burlington Electric did the responsible thing and called homeland security as well as the FBI to notify them. They have isolated that laptop, theres no further compromise, and the utility grid was not in danger at any point.
That is my entire point.
lapucelle
(18,252 posts)associated by intelligence agencies with ongoing foreign hacks. I feel better now.
B2G
(9,766 posts)what specific malware program it was. All they are saying is it's associated with Grizzly Steppe.
Which could mean anything. How common is this piece of malware? How does it infiltrate computers?
No real detail to go on based on the articles.
lapucelle
(18,252 posts)In the meantime, I'll take my lead from President Obama and the Democrats at the helm of state government in Vermont.
B2G
(9,766 posts)Kingofalldems
(38,452 posts)B2G
(9,766 posts)Kingofalldems
(38,452 posts)You don't know how Trump and his allies have dismissed the Russian threat? Please.
B2G
(9,766 posts)I haven't heard any response to this incident.
Of course I'm baking for tonight and not glued to my computer, so if you can fill me in, that would be great. I haven't seen any specific reaction at this point.
Takket
(21,563 posts)But it didn't explode. This was a near miss at best.
DemocratSinceBirth
(99,710 posts)karynnj
(59,503 posts)clear. Both he and the state official have more expertise and are closer to what happened than a Washington Post journalist trying to be the first one out there with a big story.
KittyWampus
(55,894 posts)karynnj
(59,503 posts)isolated the one with malware AND REPORTED IT. REPORTED IT is the opposite of covering it up.
KittyWampus
(55,894 posts)LOL
karynnj
(59,503 posts)They are not the first company that found malware on a laptop ... nor will they be the last. What they did do was to check when the government issued the signature of the malware and when they found it, they reported it.
I assume that they will do more training - as all organizations should do to insure this is less likely in the future.
I did not see you expressing the same cynical sarcasm when the DNC got hacked or when HRC's campaign chair fell for the simplistest phishing exercise there is. It happens. I see no reason to cast aspersions on the company or the official who made a very clear statement of the facts as known at that point.
oberliner
(58,724 posts)Based on information provided by the Burlington newspaper's reporting.
tenderfoot
(8,426 posts)think
(11,641 posts)information being made public by the Burlington Electric Department.
Hopefully people will keep some perspective in following this Russian hacking investigation.
oberliner
(58,724 posts)If WaPo could've waited to get a statement from Burlington Electric before they ran their original story, there would not have been a problem. If it wasn't for their sloppiness and rush to get this out there, the focus would be on the hack itself, which is disturbing.
USALiberal
(10,877 posts)oberliner
(58,724 posts)Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation
https://www.washingtonpost.com/world/national-security/russian-government-hackers-do-not-appear-to-have-targeted-vermont-utility-say-people-close-to-investigation/2017/01/02/70c25956-d12c-11e6-945a-76f69a399dd5_story.html?utm_term=.0d6804bb6492
USALiberal
(10,877 posts)Editors Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.
https://www.washingtonpost.com/world/national-security/russian-hackers-penetrated-us-electricity-grid-through-a-utility-in-vermont/2016/12/30/8fc90cc4-ceec-11e6-b8a2-8c2a61b0436f_story.html?pushid=breaking-news_1483149501&tid=notifi_push_breaking-news&utm_term=.15e00e9f296a
oberliner
(58,724 posts)Glad that WaPo is finally taking responsibility for its mistake.