- Washington Post writers Juliet Eilperin and Adam Entous publish a news story titled “Russian hackers penetrated U.S. electricity grid through a utility in Vermont“.
- This story is shared widely on social media, in part from social media promotion by Washington Post staff, and is quickly re-printed and re-published nationwide relying on the fear created by the headline.
- The headline is false and ultimately the entire story is shown to be false.
- The Washington Post silently rewrote the headline and added an “Editor’s note” at the bottom (later moved to the top). The Editor’s note itself left out critical information.
- The electric utility involved, Burlington Electric, issued a statement condemning the false and untrue statements made: “Media reports stating that Burlington Electric was hacked or that the electric grid was breached are false.”
- What actually occurred was a lap top connected to an IP address which is thought to be connected with malware but which is also used for other applications. The electric grid was not hacked. There was no evidence that this involved anyone from Russia. A statement from Burlington Electric states there was no malware on the laptop computer.
- Update: The Washington Post has effectively retracted the original story: “Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation“
- Update: Cnet tech news all but says the story was false or fake.
- Update: Snopes says the story is mostly false.
- Research shows most people only read the headline and viral stories on social media live on forever, even when wrong.
- Update: Part of the reason this story was readily accepted by the masses is likely the mistaken view that all communications is connected to the Internet. Utility grid systems do have security vulnerabilities (notably SCADA and PLCs) but utilities run their own private networks, independent of the Internet. That means separate fiber cables and private microwave links. This is also known as an “air gap” – there is not a physical connection between the grid networks and the public Internet.That does not mean they are immune from malware attacks. Notably the U.S. itself attacked systems in Iran by delivering the malware on a USB thumbdrive, which someone plugged into a computer on the secure side of the “air gap”.
This story works as social media propaganda, in part, because of the “What you see is all there is” problem – the reader fills in the missing gaps to make the narrative fit the reader’s world model. Since computer security is opaque to the typical person, many may believe that the utility grid can be readily hacked over the Internet.
- Update: The Washington Post intentionally spread this story on social media, gaining rapid shares to “go viral” and then tried to cover their tracks. Spreading stories on social media with emotionally intense headlines to encourage sharing was pioneered by fake news publishers.
- Update: The Washington Post failed again, days later, says Time magazine. The WaPo also failed two weeks earlier with their story naming fake news web sites based on a list provided by a shady and anonymous source; WaPo largely retracted the claims after being accused of defaming legitimate news sources. There seems to be a trend underway…
- Update: The US government intelligence agency report on alleged Russian hacking notes itself that it was based on news reports and social media posts for “key judgements”: