It took a few days to get there, but the Washington Post has finally made the circuitous voyage from a headline declaring “Russian operation hacked a Vermont utility, showing risk to U.S. electrical security, officials say” to finally arriving at “Russian government hackers do not appear to have targeted Vermont utility, say people close to investigation.”
One big thing you’ll notice about the second headline is that it’s not really a story in and of itself. Russia not hacking the US electric grid would not, on its own, be even a low level story in a newspaper, because every single day of history Russia has managed to not hack Vermont and not bring down the nation’s electrical grid.
Indeed, the only reason the second story exists at all is because the Washington Post released the first wildly irresponsible and obviously false story claiming Russia did something, and eventually decided that adding an “Editor’s Note” pointing out effectively that the story was false was simply insufficient.
What actually happened? On Friday, as our own coverage noted, Burlington Electric found a piece of malware on a single laptop not connected to any of their systems, and the malware matched the long litany of “related” malware that a recent government warning claimed was linked to the Russian military.
The government warning itself conceded that they usually don’t blame somebody for entire families of malware, but that it had become government policy to blame Russia this time, because of the “election hack” scandal.
Hysteria about Russian hackers hiding behind every consulate chef and the eagerness to make a story where one realistically didn’t exist transformed a single laptop getting a piece of malware, doubtless a daily occurrence at any major utility, to a scare piece about Russia working to bring the entire grid down around us.
Sure, it wasn’t true, but as the Washington Post headlines make clear, it makes for a more interesting sounding story than “Russia didn’t hack US power grid” would.