russ_watters said:
A reporter has an affirmative duty to the truth, but broader than that, recognition of one's own ignorance is the minimum intelligence requirement for learning. A reporter who doesn't even know enough to know they don't know anything about computers (and therefore should consult some people who do) is not competent to have a professional job of any kind. That's Dunning-Kruger territory. It's dangerous incompetence...er, well...yeah, that's what we are discussing.
The reporters knew they knew nothing in particular about hacking. For an expert opinion, they relied on the FBI/DHS. So, they did what you said they should. But you're not happy, so I guess you really meant they should get a second expert to check on their first expert. Is that enough experts? Does it stop anywhere? Or is it like the turtles that hold up the world: experts all the way down?
Are you referring to this?:
https://info.publicintelligence.net/DHS-FBI-GRIZZLY-STEPPE.pdf
That contains general guidance for recognizing and reporting threats. There isn't anything in there that could possibly lead to the WaPo story because it is not a report on the utility incident.
That's the statement. The criteria I mentioned is not in that statement, it was sent out in conjunction with it. It consists of all the computer code associated with Grizzly Steppe. The utilities they sent it to were to use it to screen their systems. And they did.
Here's a quote from a "DHS Official," from a Politico article:
"DHS regularly shares information with our private and public partners to help them defend their network and mitigate vulnerabilities. As part of these efforts, we shared technical information with critical infrastructure entities to aid them in identifying the malicious cyber activity known as Grizzly Steppe. When we become aware of a potential vulnerability, DHS offers our assistance and upon request, can provide technical analysis and support. Information shared with DHS as part of these efforts, including the identity of affected organizations, is confidential."
http://www.politico.com/story/2016/12/russian-hackers-electricity-grid-vermont-233085
The Utility's press release:
Friday, December 30, 2016
Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks. We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.
https://www.burlingtonelectric.com/news/3908/Burlington-Electric-Department-Statement-
In short, what tripped the alarm was Grizzly Steppe malware as defined by the FBI/DHS. That is: the Utility found code on a laptop that was classified by FBI/DHS as something from Grizzly Steppe. That alarm having been triggered, the Utility contacted the "federal officials." So, actually, everything "in there" (the joint report) lead to the WP story, since what was "in there" lead to the alarm being triggered, and the WP story was about the Russian hack which that triggered alarm was supposed to represent.
Now, having gotten here, to the point in the story where the alarm was triggered, I'll ask again, why shouldn't the Washington Post have relied on the expertise of the FBI/DHS, when the Vermont Utility, itself, was relying on them? There is actually, no particularly good reason for them to question their expertise unless they, themselves, are good enough at hacking to already know the law enforcement experts are not always so good. Why, now that you mention being aware of one's own ignorance, didn't the FBI/DHS call Greenwald or nsaspook and ask for some pointers? Shouldn't they be as alert to their own ignorance as you are requiring the WP to be? They're supposed to be saving lives. The WP is just a news outlet.
[assuming you're talking about the paper I linked] I'm not seeing how you get from point A to point B. Everyone gets phishing emails and viruses. I got a quality one today. I reported it to my IT department. This is normal practice. The starting point for investigating a potential breach. You can't get from there to the headline of the story. In particular, clearly the utility didn't think what you said they thought because they issued a statement an hour and a half after the article was published saying the title claim was wrong!
The initial, and soon corrected, original headline is not that important. (I, myself, did not see the story till after the first headline had been changed, and I was still alarmed by the hack attempt. I actually posted a thread here about it.)
This is the real screw-up here, the only one that matters:
there probably was no hack attempt! Greenwald and others say the code the FBI/DHS fingered, and which the Vermont Utility found, could have come from anywhere, and was not actually indicative of a deliberate Russian hack! Greenwald compared the code to a Kalashnikov rifle: yes, it's made in Russia, but the Russians sell them to people all over the world. Anyone could have bought a copy, planted it anywhere, and the Utility picked it up by sheer chance. If that's true, the whole thing from start to finish is a non-story.
So, what you don't seem to have understood so far, is that the whole chain of alarm and outrage was triggered by code that was exaggeratedly labeled by the FBI/DHS as the fingerprint of a deliberate Russian hack. See? And yet you want to take the WP behind the woodshed for buying into FBI/Homeland without questioning it, just like everyone upstream and downstream from them did. FBI/Homeland hasn't taken anything back, hasn't backpedaled, issued any corrections, nothing.
You think the whole blunder lies in the initial, and brief, erroneous claim the hack had succeeded. In fact, the outraged Senator and Governor knew it hadn't succeeded. They were outraged by the ATTEMPT, itself:
Senator Leahy:
State-sponsored Russian hacking is a serious threat, and the attempts to penetrate the electric grid through a Vermont utility are the latest example. My staff and I were briefed by Vermont State Police Colonel Matthew Birmingham this evening. This is beyond hackers having electronic joy rides – this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter. That is a direct threat to Vermont and we do not take it lightly.
Read it carefully: the senator obviously already knows the grid was not taken control of, he's outraged by the ATTEMPT to hack.
Vermont Gov. Peter Shumlin lashed out at the Russian government, saying in a statement, "Vermonters and all Americans should be both alarmed and outraged that one of the world's leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety."
Read it carefully: the Governor knows the grid wasn't taken control of. He's outraged that Putin "has been attempting" to hack it.
http://www.npr.org/sections/thetwo-...officials-say-russia-hacked-a-vermont-utility
I'm seeing criticism of both from Greenwald. But the connection you are making between them is your own and I don't agree with it. The most important faulty fact doesn't require any deep understanding of computers and viruses: the fact that the computer wasn't connected to the grid network. It doesn't matter whether the code was Russian or not, for that fact to be clear -- and clearly wrong in the WaPo report.
Completely wrong. The fact the laptop wasn't connected to the grid is neither here nor there since it might have become connected at any time. The Utility says: "We took immediate action to isolate the laptop." Why should they isolate it unless it could potentially have gotten connected to the grid either directly or through another computer?
What outraged everyone, as I demonstrated in the quotes above, was
the mere attempt to hack. Doesn't matter that there are no cookies in the jar: it's finding a hand in the cookie jar that pisses Uncle Sam off.
The WP story doesn't fall apart when we find out the computer wasn't currently connected to the grid, it falls apart because the code they found wasn't necessarily, or even probably, a Russian hack attempt! (Nsaspook outright sneered at the suggestion an authentic Russian hacker would use such outdated and obvious malware.) The Washington Post reported an ongoing situation, the discovery, containment, and investigation, of an apparent Russian hack attempt on a US Utility. It was passing on information that a whole bunch of government people thought was true, one of whom fed the story to them. Unfortunately, that whole bunch of people didn't think to question what the FBI/DHS thought should be considered a Russian Hack attempt, because it turns out there probably was no deliberate hack attempt. The computer probably picked up some random malware online (according to the non-government experts).
Ultimately, though, this is simply a "buck stops here" issue for me: the person who reports it owns it.
But you see, that's a completely arbitrary personal decision on your part.
I didn't say they are in the same category as fake news. In fact, I provided, before this started, an article highlighting the difference.
I see now you linked to a Snopes article. My bad: I completely missed it.
Unlikely, with the possible exception of the leak itself.
Again, my bad: I was thinking of Clinton being impeached for "lying to congress," which would seem to be an ethical violation. Checking now, I find it's actually the legal crime of "perjury." He was under oath.
