In the current D.C. climate on Russia, all relevant journalistic incentives encourage and reward false news.
Fake News: This narrative was false and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts.
Kalev Leetaru writes: On Friday the Washington Post sparked a wave of fear when it ran the breathless headline “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say.” The lead sentence offered “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials” and continued “While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability.”
“From Russian hackers burrowed deep within the US electrical grid, ready to plunge the nation into darkness at the flip of a switch, an hour and a half later the story suddenly became that a single non-grid laptop had a piece of malware on it and that the laptop was not connected to the utility grid in any way.”
Yet, it turns out this narrative was false and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts.
“Only after numerous outlets called out the Post’s changes did the newspaper finally append an editorial note at the very bottom of the article more than half a day later saying ‘An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.’”
The original article was posted online on the Washington Post’s website at 7:55PM EST. Using the Internet Archive’s Wayback Machine, we can see that sometime between 9:24PM and 10:06PM the Post updated the article to indicate that multiple computer systems at the utility had been breached (“computers” plural), but that further data was still being collected: “Officials said that it is unclear when the code entered the Vermont utility’s computers, and that an investigation will attempt to determine the timing and nature of the intrusion.” Several paragraphs of additional material were added between 8PM and 10PM, claiming and contextualizing the breach as part of a broader campaign of Russian hacking against the US, including the DNC and Podesta email breaches.
“Just as with the Santa Claus and the dying child story, the Post story went viral and was widely reshared, leading to embarrassing situations like CNBC tweeting out the story and then having to go back and retract the story.”
Despite the article ballooning from 8 to 18 paragraphs, the publication date of the article remained unchanged and no editorial note was appended, meaning that a reader being forwarded a link to the article would have no way of knowing the article they were seeing was in any way changed from the original version published 2 hours prior.
Yet, as the Post’s story ricocheted through the politically charged environment, other media outlets and technology experts began questioning the Post’s claims and the utility company itself finally issued a formal statement at 9:37PM EST, just an hour and a half after the Post’s publication, pushing back on the Post’s claims: “We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.”
“Particularly fascinating that the original Post story mentioned that there were only two major power utilities in Vermont and that Burlington Electric was one of them, meaning it would have been easy to call both companies for comment.”
From Russian hackers burrowed deep within the US electrical grid, ready to plunge the nation into darkness at the flip of a switch, an hour and a half later the story suddenly became that a single non-grid laptop had a piece of malware on it and that the laptop was not connected to the utility grid in any way.
However, it was not until almost a full hour after the utility’s official press release (at around 10:30PM EST) that the Post finally updated its article, changing the headline to the more muted “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say” and changed the body of the article to note “Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities.” Yet, other parts of the article, including a later sentence claiming that multiple computers at the utility had been breached, remained intact.
“One driving force of fake news is that as much of 60% of the links shared on social media are shared based on the title alone, with the sharer not actually reading the article itself. Thus, the title assigned to an article becomes the story itself and the Post’s incorrect title meant that the story that spread virally through the national echo chamber was that the Russians had hacked into the US power grid.”
The following morning, nearly 11 hours after changing the headline and rewriting the article to indicate that the grid itself was never breached and the “hack” was only an isolated laptop with malware, the Post still had not appended any kind of editorial note to indicate that it had significantly changed the focus of the article.
This is significant, as one driving force of fake news is that as much of 60% of the links shared on social media are shared based on the title alone, with the sharer not actually reading the article itself. Thus, the title assigned to an article becomes the story itself and the Post’s incorrect title meant that the story that spread virally through the national echo chamber was that the Russians had hacked into the US power grid.
Only after numerous outlets called out the Post’s changes did the newspaper finally append an editorial note at the very bottom of the article more than half a day later saying “An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.”
Yet, even this correction is not a true reflection of public facts as known. The utility indicated only that a laptop was found to contain malware that has previously been associated with Russian hackers. Read the rest of this entry »
‘Be Afraid, America. Be Very Afraid’
Joseph Weiss writes:
…I’m talking about seizing control of industrial control systems. These ubiquitous hidden computers have gradually and quietly been put in charge of all manner of critical infrastructure—including nuclear power plants, the grid, water and gas pipelines, refineries, air traffic control, trains, factories, you name it.
[Also see – Cyberwar Ignites a New Arms Race]
Unlike the computers we use in our daily lives, these computers are largely invisible. They don’t have screens or keyboards. Most people aren’t aware that they exist. And yet they are embedded in low-level processes. They are everywhere because they create tremendous efficiencies and cost savings, and because they exist almost as an afterthought, they are often completely insecure. They often don’t run anti-virus software and by and large no one bothers to scan them to see if they might be infected with malicious software. And guess what? They often are connected to the Internet where a clever hacker half a world away can get access to them!
The threat is not hypothetical. There have been almost 750 control system cyber events (including both malicious and unintentional incidents). They’ve had a global impact. Industries have included power companies, pipelines, dams, planes, and trains. Why hasn’t the public heard about them? Most often because the victims didn’t realize it since they didn’t have the right forensics….(read more)
Source: The Daily Beast
WASHINGTON – Apple is known for keeping a pretty tight leash on apps, often blocking or refusing to sell programs it deems too offensive or too sexually suggestive.
The creator of an app that tracks published reports of American drone strikes around the world probably figured his program was in no danger of running afoul of Apple’s strict rules.
Source: CBS DC
China appears to have scored a major win here
Tom Rogan writes: ‘We have a lot of information about people, and that is something that our adversaries want.”
That’s how Donna Seymour, an Office of Personnel Management (OPM) official recently described the OPM hacking to a reporter for the Washington Post. As we found out yesterday, in April, Chinese hackers intruded OPM networks and potentially acquired the personal information of 4 million U.S. government employees.
“China has exceptionally capable, experienced, and wide-ranging cyber-hacking forces. These units are experts at both physical access and remote penetration of network-security systems.”
So how did this happen? Well, according to an OPM press release, the agency has been upgrading its network security over the past year. That said, yesterday’s press release also notes that it was only after the April hacking that OPM focused on “restricting remote access for network administrators…and deploying anti-malware software” against
programs that might “compromise the network.” In short, OPM hasn’t beenmoving fast enough to prevent hacking.
“In short, everything you would never want your enemy to know about you – from a counterintelligence viewpoint, this breach represents a true nightmare scenario.”
Regardless, it makes sense that China was involved in the intrusion. For a start, China has exceptionally capable, experienced, and wide-ranging cyber-hacking forces. These units are experts at both physical access and remote penetration of network-security systems.
Moreover, China has a penchant for attacking the OPM. In July last year, the New York Times reported on China’s hacking of OPM information on applicants for top-secret security clearances.
That the OPM didn’t urgently upgrade its security after that 2014 incident is inexcusable. We’ve paid the price in our damaged national security. Read the rest of this entry »
How Jennifer Lawrence’s Boobs Broke the Internet: Fake Links to Nude Celebs Overload New Zealand’s Telecommunications NetworkPosted: September 7, 2014
Malware trap Brings New Zealand’s Internet to its Knees
AFP – It is believed a handful of computer users clicked links on Friday evening believing they would take them to the illicit images, but instead they inadvertently installed malware triggering a crippling Internet attack.
“For obvious reasons, clicking on links to ‘naked celebrity’ photos, or opening email attachments would be a very bad idea right now, expect criminals to ride this bandwagon immediately.”
It took telecommunications giant Spark, the rebranded Telecom Corp., until Sunday to fully repair what it termed a “dynamic” cyber-attack that overloaded its system covering more than 600,000 customers.
“Our scanning brought to our attention some freshly-concocted schemes targeting those looking for the photos borne from the aforementioned leak.”
BRYANT JORDAN writes: Getting the military’s cyber forces to focus more on the most serious threats to U.S. national security means getting away from a whack-a-mole-like strategy now used to find and remove malware in the system, officials from Google and Lockheed told a crowd of soldiers Wednesday.
It’s a common problem, but one that should not happen, he said at the last panel session at the Association of the U.S. Army’s annual conference in Washington D.C.
“This notion that persistent malware can stay on your machine should not happen,” he said. “The technology is out there today to erase it, or not make it an attack factor. So I encourage you … to start looking at opportunities that fundamentally change how you probe cyber security. Do not do incremental. It will not get you where you need to be.”