Russian link to malware on Burlington Electric Department computer now in question

BURLINGTON — It’s unclear whether malware discovered on a Burlington Electric Department laptop, which wasn’t connected to the electric grid, originated with Russian operatives.

A VTDigger report last Friday said that Russian hackers penetrated the laptop. That assertion was based on information from a Friday BED statement, which said that the malware code discovered last week was “used in Grizzly Steppe, the name (the Department of Homeland Security) has applied to a Russian campaign linked to recent hacks.”

BED Director Neale Lunderville said in an interview that his company has received no further information from federal officials as to the malware’s source.

“The intelligence around this is not our job,” Lunderville said, “We take the information they give us and report back. The feds will determine where the threat came from and what, if anything, should be done.”

Neale Lunderville. File photo.

Neale Lunderville. File photo.

However, The Washington Post, which initially reported inaccurately that the hack penetrated the electric grid and that Russia was responsible, has since corrected its initial report and published two subsequent reports calling any Russian involvement into question.

The Post said it received bad information from anonymous authorities who leaked to them “without having all the facts and before law enforcement officials were able to investigate further.”

Moreover, it does not appear that BED was targeted with the malware. In a subsequent statement Saturday, BED said federal officials indicated that “the specific type of Internet traffic, related to recent malicious cyber activity that was reported by us (on Friday), also has been observed elsewhere in the country and is not unique to Burlington Electric.”

BED officials discovered the malware Friday morning after DHS and FBI officials issued a report to the electric industry asking them to conduct scans for evidence of the Russian hacking operation, which was reportedly responsible for the Democratic National Committee hack last year.

The code was flagged when a Burlington Electric employee checked their Yahoo.com email account. Experts told the Post that because millions of people visit Yahoo’s email servers daily, the fact that the traffic triggered an alert doesn’t indicate the BED was being targeted.

Sen. Patrick Leahy, D-Vt., who issued a fiery statement Saturday condemning Russian hackers for “trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” walked back his response in a new statement released Wednesday.

The two paragraph statement doesn’t mention Russia once, but says in part that, “I am grateful that the initial news report was inaccurate and that the affected laptop of a Vermont utility was not connected to the power grid. This does not change the fact that we face serious threats to our critical infrastructure, and I will continue to do everything I can to protect Vermont and the rest of the country from cyber threats.”

The Post reported concerns from government officials that the episode with Burlington Electric could have a chilling effect on utilities’ willingness to come forward when they detect suspicious internet activity.

“This is Exhibit A for why utilities might be cautious about sharing information with the federal government,” Lunderville said. Still, Burlington Electric will continue to report anything turned up in routine scans, he said.

“I’m certainly disappointed in one or two federal officials that decided to leak this, but let’s not throw the baby out with the bathwater,” Lunderville said.

A BED team responding to the public relations nightmare sparked by the Post story published Friday has worked nonstop ever since, Lunderville said.

He said his greatest concern was communicating to BED customers that their lights weren’t going to shut off and that their account information wasn’t compromised.

“I think within 24 hours most of our customers understood that the threat reported by the Washington Post was inaccurate,” Lunderville said.

Morgan True

Leave a Reply

11 Comments on "Russian link to malware on Burlington Electric Department computer now in question"

1000

Comment Policy

VTDigger.org requires that all commenters identify themselves by their authentic first and last names. Initials, pseudonyms or screen names are not permissible.

No personal harassment, abuse, or hate speech is permitted. Be succinct and to the point. If your comment is over 500 words, consider sending a commentary instead.

We personally review and moderate every comment that is posted here. This takes a lot of time; please consider donating to keep the conversation productive and informative.

The purpose of this policy is to encourage a civil discourse among readers who are willing to stand behind their identities and their comments. VTDigger has created a safe zone for readers who wish to engage in a thoughtful discussion on a range of subjects. We hope you join the conversation.

Privacy policy
Sort by:   newest | oldest | most voted
Randy Koch
19 days 46 minutes ago

The story is not “in question” as your headline says, it’s been completely repudiated by the incompetent WaPo. We’re going through another waterboarding of truth with Russia playing the role of Saddam. It’s completely distracted us from the fact that the Dems should be afraid of showing their faces in public after having put up a richly hated candidate like Hillary Clinton. The Russians didn’t saddle us with Trump, the Dems did.

Bob Zeliff
19 days 22 minutes ago

Your head line confuses me. As I understand it, Federal Authorities gave BED a list of possible malware to search for. BED did that and found they had an isolated computer infected.

Did the Federal Authorities identify their list of malware as of Russian origin or not.

Timothy Price
18 days 23 hours ago

Glenn Greenwald, calling the story a symptom of “Russia Hysteria,” points out that the presence of Russian-made malware isn’t necessarily evidence of a “Russian operation,” as the Post’s amended headline still claims. The software could have been placed by nearly anyone.

18 days 23 hours ago

Unlike the Washington Post, Burlington Electric apparently did a great job. Perhaps the commission Senator Leahy wants to investigate hacking (see Digger story https://vtdigger.org/2017/01/05/leahy-looks-form-commission-probe-alleged-russian-hacking/) should look into why “government sources” essentially yelled “fire” in a crowded theater by saying the electric grid had been hacked? Came on the same day Trump praised Putin for not expelling American diplomats. was it part of the unseemly tit-for-ta between Obama and Trump over Russian hacking (which Putin seems to be winning).

more at http://blog.tomevslin.com/2017/01/administration-leaks-inaccurate-report-of-us-electric-grid-hack.html

Rob Goodman
18 days 23 hours ago

Will VT Digger be issuing a retraction on their own story from last Friday? It still has a headline that reads “RUSSIANS PENETRATED BURLINGTON ELECTRIC DEPARTMENT COMPUTER” and suggests that the malware was a direct result of “Russian hacking.” Upset that it took almost a week for this to happen and that it did not come from the journalist who wrote the original story.

Bud Haas
18 days 21 hours ago

In the first Digger story, who were the “officials” that Digger (Mansfield) talked to at BED? Why were they characterized as “officials” ?

18 days 20 hours ago

It’s all FAKE NEWS that feeds the Liberal Narrative for Trump being illegitimately elected. The Liberal main stream media is still hurting because they were completely wrong about Hillary’s anointment. This fallacy is further pushed by the likes of Senator Leahy.

Pete Novick
18 days 16 hours ago
In the fall of 1972, two young reporters then working for a major east coast newspaper approached the paper’s managing editor and asked him to approve publishing a story. The editor saw the value of running the story, (aka it was credible, it was relevant and timely, and it was newsworthy, in the Lippmann sense of those terms), but the reporters were asking the paper to breach its most fundamental editorial requirement. The editor went to the newspaper’s owner. She listened, but made no commitment. The next morning, she asked for a private meeting with all three, and shortly thereafter,… Read more »
Ernie Hotchkiss
18 days 7 hours ago
Yes, and in the time since Watergate, the Washington Post is now owned by Jeff Bezos, the owner of Amazon. Bezos and Amazon signed a $600 million contract a few years ago with the CIA, at least twice what he paid for the Washington Post. And now the Post runs fake news stories about Russian government hacking of the electric grid, and bogus stories about malware. It reads like it came out of the same wing of the CIA’s Langely, VA headquarters that issued those bogus psyop stories about uranium yellowcake out of Niger, aluminum irrigation pipes billed as tubes… Read more »
Neil Johnson
18 days 13 hours ago
Meanwhile the EB5 scandal is far from fake and killing Vermont business. This is fake news, Leahy propaganda. Why do the banks get to throw in a little money and are gone? Why are the attorneys getting paid before everyone else? Why is there NO accountability, ZERO on the part of Vermont Government and employees in charge? I’m not suggesting or promoting to know what accountability would be fair, but NONE is completely absurd. Not even a statement of ignorance, ineptitude, something. Just keep looking at the Russians…….while your state is stolen. Just keep the citizenry divided while we steal… Read more »
Rich Lachapelle
18 days 13 hours ago

When, after 8 years of Obama, the “it’s Bush’s fault” argument no longer holds any credibility, then why not blame the Russians? The dems are just digging themselves a deeper hole every day as they demonstrate what pathetic sore losers they are.

wpDiscuz
Thanks for reporting an error with the story, "Russian link to malware on Burlington Electric Department computer no..."