The Washington Post has been caught reporting fake news about a Russian hack of our power grid. They were also caught trying to cover it up.
This past week, the Post ran a story with the headline “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say.” The story quickly spread, and the narrative that the Russians were trying to hack our power grid was born. The media pounced, because it portrayed Russia attempting an apocalyptic attack on America’s infrastructure.
The problem is, however, it wasn’t true.
The Department of Homeland Security confirmed late Saturday that Russian hackers did not breach the Vermont electrical grid, despite the Washington Post reporting Friday that they had done so.
After making their initial report Friday, the Post apparently forgot to contact the utility company in question — the Burlington Electric Department — to confirm whether or not Russian malware that infected one the company’s computers actually breached into the city’s power grid.
According to the utility company, it never did because the computer that was infected wasn’t connected to the power system at the time. In comments to Politico, the DHS confirmed this.
“We currently have no information that indicates that the power grid was penetrated in this cyber incident,” J. Todd Breasseale, DHS’s assistant secretary for public affairs, told Politico.
“The laptop was not connected to the affected organization’s grid systems,” Breasseale added. “In fact, the organization performed immediate action to isolate the laptop and alerted federal partner authorities.”
According to Forbes, the Post tried to cover it up, because they changed the article without acknowledging previous versions. In addition, they pretended for hours that they hadn’t reported a false story.
The original article was posted online on the Washington Post’s website at 7:55PM EST. Somewhere between 9:24PM and 10:06PM the Post updated the article to indicate that multiple computer systems at the utility had been breached (“computers” plural), but that further data was still being collected: “Officials said that it is unclear when the code entered the Vermont utility’s computers, and that an investigation will attempt to determine the timing and nature of the intrusion.” Several paragraphs of additional material were added between 8PM and 10PM, claiming and contextualizing the breach as part of a broader campaign of Russian hacking against the US, including the DNC and Podesta email breaches.
Despite the article ballooning from 8 to 18 paragraphs, the publication date of the article remained unchanged and no editorial note was appended, meaning that a reader being forwarded a link to the article would have no way of knowing the article they were seeing was in any way changed from the original version published 2 hours prior.
Only after numerous outlets called out the Post’s changes did the newspaper finally append an editorial note at the very bottom of the article more than half a day later saying “An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far.”
Yet, even this correction is not a true reflection of public facts as known. The utility indicated only that a laptop was found to contain malware that has previously been associated with Russian hackers. As many pointed out, the malware in question is actually available for purchase online, meaning anyone could have used it and its mere presence is not a guarantee of Russian government involvement.