Speculate amongst yourselves as to why the theme of “Russia hacking [fill in the blank]” has gone high-order in the U.S. mainstream media. Russia is annoying in some respects (and is a legitimate security concern for the U.S.), but really: why Russia? Why now?
The theme has been developed with little attention to minor details like reasonableness and solid proof. Just a day or so ago, we were offered a narrative that Russia had sure enough hacked the U.S. election – only to find out that in reality, the FBI and DHS were pretty convinced Russia was behind the foreign hacking of the Democratic National Committee’s email system.
The DNC email system is not “the U.S. election.” (If it’s not clear, the DNC email system is “the DNC email system.”) We can provide additional explanation, if you need it, of why hacking this target is not hacking or attacking the U.S. 2016 election.
Will this presidential election be the most important in American history?
Now, if Russia was indeed behind this intrusion – which undoubtedly happened, although its relation to the exposure of DNC emails through WikiLeaks remains analytical conjecture – Russia sure hadn’t ought to be doing that. Shame on Russia. Seriously, it’s a problem that needs a response. It doesn’t need a silly, ill-considered, tit-for-tat response; but it needs a response. There are important concerns involved here. A lot for everybody – the government, the industry, Americans as customers of IT – to think about.
But the MSM reporting keeps brushing right past that to overhype the next instance of “Russia hacking something.” That’s what the Washington Post did with its latest report alleging that Russia had hacked the U.S. power grid through a utility company in Vermont.
Later clarifications indicated that the power grid wasn’t hacked at all. In fact, what apparently did happen doesn’t really qualify as hacking, although that could be considered a minor point. It looks like some code potentially associated with the phishing attacks on the DNC email system was found on a laptop used somewhere in the Vermont utility, although not to interface with the power grid. The laptop had no connection with the grid.
The code was found because DHS had alerted the operators of America’s “critical infrastructure” – which includes electric power utility companies – to look for that particular code on their computers. The Vermont company (Burlington Electric Department) did look, and found some code on one of their laptops.
So, good on Burlington Electric for following through on that so diligently. And again, assuming that Russia was behind the original intrusion into the DNC email system, and the same code was used by Russia to try to probe other targets, the concern about the specific intrusion events is real.
But those are some big assumptions, and there are reasons to doubt that we should take it on faith. One is the haste and sloppiness with which the “Russian hacking” theme is being pursued. We’re supposed to think Russian hacking affected the U.S. election, yet there is no evidence of that whatsoever. Now we’re supposed to imagine the Russians are actively attacking our power grid, yet the evidence offered in this case doesn’t hold up. What is the urgency about having us believe Russia is mounting specific attacks on us?
Another reason to be skeptical of the narrative is that some experts are coming forward with doubts about the assessment of Russian hacking reported by WaPo. The CEO of Dragos, a cyber-security company, tweeted that the Russians couldn’t be specifically fingered, based on the Vermont utility laptop, given that the “Indicators of Compromise” (IOCs) included commodity malware that can be easily purchased by anyone. (H/t Infowars)
1. No they did not penetrate the grid. 2. The IOCs contained commodity malware – can't attribute based off that alone. https://t.co/AMNMVzFpFW
— Robert M. Lee (@RobertMLee) December 31, 2016
Another cyber expert, John Hultquist, pointed out that the Russians had reportedly attacked companies whose systems play roles in the U.S. power grid sometime in 2014 or earlier, well before their operation came to light in early 2016, when it was concluded that they were behind a major attack on Ukraine’s power grid.
That Russian cyberwarfare group was called “Sandworm,” and its signature was a malware tool called BlackEnergy. Hultquist warned in a series of tweets on 31 December (@JohnHultquist) that while we shouldn’t be complacent, what was found on the laptop could have been latent code planted by an attack much earlier than the last 18 months.
No doubt about it, Russia is working to penetrate American systems and hold them at risk. Of course, everyone else on the naughty or semi-naughty list is too. And Russia and all those other nations are targeting everyone else, and each other, as well.
The threat is real. But that doesn’t mean we ought to believe every story being told us about every supposed episode of hacking. Rick Moran pointed out at PJ Media that WaPo, violating one of the most basic tenets of journalism, didn’t even get a comment from Burlington Electric before publishing the “Russia hacked the grid” story.
And that unseemly haste led to the Post having to revise its headline and content:
Compare the initial and current versions of the headline. pic.twitter.com/ejbE3A7eZ7
— Eric Geller (@ericgeller) December 31, 2016
The headlines are preserved here for posterity.
The point is not that nobody ain’t hacked nothin’. I don’t think anyone doubts there’s a whole lotta hackin’ goin’ on.
Rather, the concern is that a very pointed narrative is being woven around evidence that doesn’t support that narrative – and the narrative is being rushed into print as if someone’s life depends on it.
We are certainly entitled to be skeptical, and to refuse being hustled into precipitate hostility against Russia over allegations that keep collapsing under scrutiny. If Obama is planning on “counterattacking” Russia’s power grid, election systems, or anything else before he leaves office, I have to say he hasn’t made his case for going to guns, so to speak. I’m a-gin’ it.
