Energy

Russian link to malware on Burlington Electric Department computer now in question

BURLINGTON — It’s unclear whether malware discovered on a Burlington Electric Department laptop, which wasn’t connected to the electric grid, originated with Russian operatives.

A VTDigger report last Friday said that Russian hackers penetrated the laptop. That assertion was based on information from a Friday BED statement, which said that the malware code discovered last week was “used in Grizzly Steppe, the name (the Department of Homeland Security) has applied to a Russian campaign linked to recent hacks.”

BED Director Neale Lunderville said in an interview that his company has received no further information from federal officials as to the malware’s source.

“The intelligence around this is not our job,” Lunderville said, “We take the information they give us and report back. The feds will determine where the threat came from and what, if anything, should be done.”

Neale Lunderville. File photo.
Neale Lunderville. File photo.

However, The Washington Post, which initially reported inaccurately that the hack penetrated the electric grid and that Russia was responsible, has since corrected its initial report and published two subsequent reports calling any Russian involvement into question.

The Post said it received bad information from anonymous authorities who leaked to them “without having all the facts and before law enforcement officials were able to investigate further.”

Moreover, it does not appear that BED was targeted with the malware. In a subsequent statement Saturday, BED said federal officials indicated that “the specific type of Internet traffic, related to recent malicious cyber activity that was reported by us (on Friday), also has been observed elsewhere in the country and is not unique to Burlington Electric.”

BED officials discovered the malware Friday morning after DHS and FBI officials issued a report to the electric industry asking them to conduct scans for evidence of the Russian hacking operation, which was reportedly responsible for the Democratic National Committee hack last year.

The code was flagged when a Burlington Electric employee checked their Yahoo.com email account. Experts told the Post that because millions of people visit Yahoo’s email servers daily, the fact that the traffic triggered an alert doesn’t indicate the BED was being targeted.

Sen. Patrick Leahy, D-Vt., who issued a fiery statement Saturday condemning Russian hackers for “trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” walked back his response in a new statement released Wednesday.

The two paragraph statement doesn’t mention Russia once, but says in part that, “I am grateful that the initial news report was inaccurate and that the affected laptop of a Vermont utility was not connected to the power grid. This does not change the fact that we face serious threats to our critical infrastructure, and I will continue to do everything I can to protect Vermont and the rest of the country from cyber threats.”

The Post reported concerns from government officials that the episode with Burlington Electric could have a chilling effect on utilities’ willingness to come forward when they detect suspicious internet activity.

“This is Exhibit A for why utilities might be cautious about sharing information with the federal government,” Lunderville said. Still, Burlington Electric will continue to report anything turned up in routine scans, he said.

“I’m certainly disappointed in one or two federal officials that decided to leak this, but let’s not throw the baby out with the bathwater,” Lunderville said.

A BED team responding to the public relations nightmare sparked by the Post story published Friday has worked nonstop ever since, Lunderville said.

He said his greatest concern was communicating to BED customers that their lights weren’t going to shut off and that their account information wasn’t compromised.

“I think within 24 hours most of our customers understood that the threat reported by the Washington Post was inaccurate,” Lunderville said.

If you read us, please support us.

Comment Policy

VTDigger.org requires that all commenters identify themselves by their authentic first and last names. Initials, pseudonyms or screen names are not permissible.

No personal harrassment, abuse, or hate speech is permitted. Comments should be 1000 characters or fewer.

We moderate every comment. Please go to our FAQ for the full policy.

Morgan True

Recent Stories

Thanks for reporting an error with the story, "Russian link to malware on Burlington Electric Department computer no..."
  • Randy Koch

    The story is not “in question” as your headline says, it’s been completely repudiated by the incompetent WaPo. We’re going through another waterboarding of truth with Russia playing the role of Saddam. It’s completely distracted us from the fact that the Dems should be afraid of showing their faces in public after having put up a richly hated candidate like Hillary Clinton. The Russians didn’t saddle us with Trump, the Dems did.

  • Bob Zeliff

    Your head line confuses me. As I understand it, Federal Authorities gave BED a list of possible malware to search for. BED did that and found they had an isolated computer infected.

    Did the Federal Authorities identify their list of malware as of Russian origin or not.

    • Timothy Price

      Glenn Greenwald, calling the story a symptom of “Russia Hysteria,” points out that the presence of Russian-made malware isn’t necessarily evidence of a “Russian operation,” as the Post’s amended headline still claims. The software could have been placed by nearly anyone.

  • Unlike the Washington Post, Burlington Electric apparently did a great job. Perhaps the commission Senator Leahy wants to investigate hacking (see Digger story https://vtdigger.org/2017/01/05/leahy-looks-form-commission-probe-alleged-russian-hacking/) should look into why “government sources” essentially yelled “fire” in a crowded theater by saying the electric grid had been hacked? Came on the same day Trump praised Putin for not expelling American diplomats. was it part of the unseemly tit-for-ta between Obama and Trump over Russian hacking (which Putin seems to be winning).

    more at http://blog.tomevslin.com/2017/01/administration-leaks-inaccurate-report-of-us-electric-grid-hack.html

  • Rob Goodman

    Will VT Digger be issuing a retraction on their own story from last Friday? It still has a headline that reads “RUSSIANS PENETRATED BURLINGTON ELECTRIC DEPARTMENT COMPUTER” and suggests that the malware was a direct result of “Russian hacking.” Upset that it took almost a week for this to happen and that it did not come from the journalist who wrote the original story.

  • Bud Haas

    In the first Digger story, who were the “officials” that Digger (Mansfield) talked to at BED? Why were they characterized as “officials” ?

  • It’s all FAKE NEWS that feeds the Liberal Narrative for Trump being illegitimately elected. The Liberal main stream media is still hurting because they were completely wrong about Hillary’s anointment. This fallacy is further pushed by the likes of Senator Leahy.

  • Pete Novick

    In the fall of 1972, two young reporters then working for a major east coast newspaper approached the paper’s managing editor and asked him to approve publishing a story.

    The editor saw the value of running the story, (aka it was credible, it was relevant and timely, and it was newsworthy, in the Lippmann sense of those terms), but the reporters were asking the paper to breach its most fundamental editorial requirement.

    The editor went to the newspaper’s owner. She listened, but made no commitment.

    The next morning, she asked for a private meeting with all three, and shortly thereafter, she approved the breach of the paper’s editorial rules, and the rest, as they say, is history.

    My, my, how far the Washington Post has fallen.

    • Ernie Hotchkiss

      Yes, and in the time since Watergate, the Washington Post is now owned by Jeff Bezos, the owner of Amazon. Bezos and Amazon signed a $600 million contract a few years ago with the CIA, at least twice what he paid for the Washington Post. And now the Post runs fake news stories about Russian government hacking of the electric grid, and bogus stories about malware. It reads like it came out of the same wing of the CIA’s Langely, VA headquarters that issued those bogus psyop stories about uranium yellowcake out of Niger, aluminum irrigation pipes billed as tubes for nuclear fuel rods, and all the rest of the fake news that sold the Iraq War.

      If a newspaper owner in any other country were taking $600 million in payments from that country’s spy service, the US media would question whether that paper was truly a form of free press, or just a propaganda tool of the government.

      More here:
      https://www.thenation.com/article/amazon-washington-post-and-600-million-cia-contract/

  • Neil Johnson

    Meanwhile the EB5 scandal is far from fake and killing Vermont business. This is fake news, Leahy propaganda. Why do the banks get to throw in a little money and are gone? Why are the attorneys getting paid before everyone else? Why is there NO accountability, ZERO on the part of Vermont Government and employees in charge? I’m not suggesting or promoting to know what accountability would be fair, but NONE is completely absurd. Not even a statement of ignorance, ineptitude, something. Just keep looking at the Russians…….while your state is stolen. Just keep the citizenry divided while we steal your money and souls

  • Rich Lachapelle

    When, after 8 years of Obama, the “it’s Bush’s fault” argument no longer holds any credibility, then why not blame the Russians? The dems are just digging themselves a deeper hole every day as they demonstrate what pathetic sore losers they are.