You probably read or heard about last week’s Washington Post story about Russian hackers penetrating a Vermont utility and potentially gaining access to the American electrical grid.
You probably haven’t heard that the story has completely fallen apart. Forbes surveys the damage:
…it was not until almost a full hour after the utility’s official press release (at around 10:30PM EST) that the Post finally updated its article, changing the headline to the more muted “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say” and changed the body of the article to note “Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities.” Yet, other parts of the article, including a later sentence claiming that multiple computers at the utility had been breached, remained intact.
The following morning, nearly 11 hours after changing the headline and rewriting the article to indicate that the grid itself was never breached and the “hack” was only an isolated laptop with malware, the Post still had not appended any kind of editorial note to indicate that it had significantly changed the focus of the article.
This is significant, as one driving force of fake news is that as much of 60% of the links shared on social media are shared based on the title alone, with the sharer not actually reading the article itself. Thus, the title assigned to an article becomes the story itself and the Post’s incorrect title meant that the story that spread virally through the national echo chamber was that the Russians had hacked into the US power grid.
Only after numerous outlets called out the Post’s changes did the newspaper finally append an editorial note at the very bottom of the article more than half a day later saying “An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.”
Yet, even this correction is not a true reflection of public facts as known. The utility indicated only that a laptop was found to contain malware that has previously been associated with Russian hackers. As many pointed out, the malware in question is actually available for purchase online, meaning anyone could have used it and its mere presence is not a guarantee of Russian government involvement. Moreover, a malware infection can come from many sources, including visiting malicious websites and thus the mere presence of malware on a laptop computer does not necessarily indicate that Russian government hackers launched a coordinated hacking campaign to penetrate that machine – the infection could have come from something as simple as an employee visiting an infected website on a work computer.
After Trump’s shocking victory in the Presidential election, a narrative has quickly formed: Trump only won with Vladmir Putin’s assistance, and an increasingly assertive and expansionist Russia will soon have a patsy in the Oval Office who will turn a blind eye to Putin’s crimes and provocations.
There is certainly some truth to this – note how Trump (and, increasingly, his fellow Republicans) bend over backwards to absolve Russia of any involvement in anti-American cyber-espionage. The problem is, when the media is so committed to a narrative that it falls for dubious stories like this, it only hurts their own credibility. When they break a story about actual Russian wrongdoing, how many will dismiss it because they got the Vermont story so wrong?