The Washington Post reported Friday that the U.S. power grid had been hacked by the same Russian actors accused of breaching the DNC – the only problem, the grid wasn’t hacked.
According to the report, malicious “code” associated with Grizzly Steppe, the name given to Russian hacking operations by the Obama administration, was found within the system of a utility company in Virginia.
“While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid,” the article states.
The code, which was not specifically identified by the Post, was released by the FBI and DHS in a Joint Analysis Report (JNC) Thursday regarding the “tools and infrastructure” of the accused Russian hackers. The report provided a way for network administrators to examine their systems for malicious activity and other Indicators of Compromise (IOCs).
As the news stirred fear among Americans across social media, members of the cybersecurity community immediately questioned the validity of the report.
Matt Tait, a former member of the GCHQ, the UK’s NSA equivalent, quickly noted that attribution, or the process of discovering “whodunnit,” would almost certainly not be accomplished in less than 24 hours.
The IOCs, while important in detecting possible hacks, will likely produce numerous false positives for the near future.
Robert M. Lee, CEO and founder of cybersecurity company Dragos, which specializes in threats facing critical infrastructure, also noted that the IOCs included “commodity malware,” or hacking tools that are widely available for purchase.
1. No they did not penetrate the grid. 2. The IOCs contained commodity malware – can't attribute based off that alone. https://t.co/AMNMVzFpFW
— Robert M. Lee (@RobertMLee) December 31, 2016
No evidence at this time connects the malware to Russia or any recent hacking campaigns.
Soon after publication of the Post’s story, it was revealed that the malware had only infected a utility company laptop that had no access whatsoever to the electrical grid.
As noted by Politico cybersecurity reporter Eric Geller, the Post quickly edited its headline upon learning that the incident was far less serious than initially reported.
Compare the initial and current versions of the headline. pic.twitter.com/ejbE3A7eZ7
— Eric Geller (@ericgeller) December 31, 2016
The mistake on behalf of the Post is not to suggest that nation states do not hack into one another’s critical infrastructure. Russia has successfully infiltrated the U.S. grid before, is likely inside now, and has attacked the power grids of other countries, such as the Ukraine, in the past.
The U.S. government likewise has gained access to foreign power grids. As part of the “Nitro Zeus” operation, the U.S. breached Iranian infrastructure and prepared to carry out cyber attacks during the early years of the Obama administration in the event that diplomatic efforts to reduce Iran’s nuclear program failed.
The Post’s false hacking story, which continues to be spread by countless media outlets, will likely fuel both fear and distrust as allegations of government hacking continue to captivate the public.
While the U.S. intelligence community leads the world in hacking capabilities, America remains one of the more vulnerable countries given its reliance on technology.
The U.S. government and private companies are working to harden the power grid by testing their own defenses against simulated attacks. Watch cybersecurity experts hired by a power company in the Midwest breach the grid below:
Written by Mikael Thalen