Morning Read: Post Walks Back Burlington Electric Hacking Story | Off Message

Morning Read: Post Walks Back Burlington Electric Hacking Story


The Washington Post on Monday night continued to walk back a story it published Friday alleging that Russian hackers had “penetrated” the U.S. electric grid through a Vermont utility, later identified as the Burlington Electric Department.

In an editor’s note appended to the story a day after publication, the Post retracted its most explosive assertion, which had been sourced to anonymous federal officials:

Editor’s Note: An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.
The original story continued to assert that malware discovered on a BED laptop last Friday was “associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration.” But in a follow-up story published Monday night, the Post called into question even that suggestion.

Federal officials, according to the latest story, “are finding evidence that the incident is not linked to any Russian government effort to target or hack the utility.” What had initially been flagged as “suspicious” activity may, in fact, have been “benign,” the Post reported:

U.S. officials are continuing to investigate the laptop. In the course of their investigation, though, they have found on the device a package of software tools commonly used by online criminals to deliver malware. The package, known as Neutrino, does not appear to be connected with Grizzly Steppe, which U.S. officials have identified as the Russian hacking operation. The FBI, which declined to comment, is continuing to investigate how the malware got onto the laptop.
Like its original story, the Post’s latest dispatch relies on anonymous sources in the federal government.

In a statement issued late Friday night, shortly after the original Post story appeared, BED spokesman Mike Kanarick disputed that the grid had been breached but confirmed that Russian-linked malware had been “detected” in a single company laptop. On Saturday, BED issued a second, blistering statement that appeared to target the Post and its sources:

It’s unfortunate that an official or officials improperly shared inaccurate information with one media outlet, leading to multiple inaccurate reports around the country.
Media reports stating that Burlington Electric was hacked or that the electric grid was breached are false.
The Post’s backtracking came after multiple media outlets criticized its reporting. In an exhaustive piece chronicling the paper’s real-time updating of the original story, Forbes contributor Kalev Leetaru called it an example of “how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts.”

That “global news echo chamber” can even draw in powerful political leaders. Within hours of the original story’s publication, Gov. Peter Shumlin, Sen. Patrick Leahy (D-Vt.) and Congressman Peter Welch (D-Vt.) all issued statements expressing outrage over the incident. Shumlin went so far in his remarks as to call Russian President Vladimir Putin “one of the world’s leading thugs.”

The entire incident might have been avoided had the Post reached BED before publishing its story. According to a second piece published Monday by Forbes, Leetaru asserted that the Post failed to contact BED until after publication. He cited Kanarick and a web archiving website as his sources for the claim, which the Post itself disputed.