From Consortium News
Seal of the U.S. Department of Homeland Security
(Image by Wikipedia (commons.wikimedia.org)) Permission Details DMCA
In the middle of a major domestic crisis over the U.S. charge that Russia had interfered with the U.S. election, the Department of Homeland Security (DHS) triggered a brief national media hysteria by creating and spreading a bogus story of Russian hacking into U.S. power infrastructure.
DHS had initiated the now-discredited tale of a hacked computer at the Burlington, Vermont Electricity Department by sending the utility's managers misleading and alarming information, then leaked a story they certainly knew to be false and continued to put out a misleading line to the media.
Even more shocking, however, DHS had previously circulated a similar bogus story of Russian hacking of a Springfield, Illinois water pump in November 2011.
The story of how DHS twice circulated false stories of Russian efforts to sabotage U.S. "critical infrastructure" is a cautionary tale of how senior leaders in a bureaucracy-on-the-make take advantage of every major political development to advance its own interests, with scant regard for the truth.
The DHS had carried out a major public campaign to focus on an alleged Russian threat to U.S. power infrastructure in early 2016. The campaign took advantage of a U.S. accusation of a Russian cyber-attack against the Ukrainian power infrastructure in December 2015 to promote one of the agency's major functions -- guarding against cyber-attacks on America's infrastructure.
Beginning in late March 2016, DHS and FBI conducted a series of 12 unclassified briefings for electric power infrastructure companies in eight cities titled, "Ukraine Cyber Attack: implications for U.S. stakeholders." The DHS declared publicly, "These events represent one of the first known physical impacts to critical infrastructure which resulted from cyber-attack."
That statement conveniently avoided mentioning that the first cases of such destruction of national infrastructure from cyber-attacks were not against the United States, but were inflicted on Iran by the Obama administration and Israel in 2009 and 2012.
Beginning in October 2016, the DHS emerged as one of the two most important players -- along with the CIA -- in the political drama over the alleged Russian effort to tilt the 2016 election toward Donald Trump. Then on Dec. 29, DHS and FBI distributed a "Joint Analysis Report" to U.S. power utilities across the country with what it claimed were "indicators" of a Russian intelligence effort to penetrate and compromise U.S. computer networks, including networks related to the presidential election, that it called "GRIZZLY STEPPE."
The report clearly conveyed to the utilities that the "tools and infrastructure" it said had been used by Russian intelligence agencies to affect the election were a direct threat to them as well. However, according to Robert M. Lee, the founder and CEO of the cyber-security company Dragos, who had developed one of the earliest U.S. government programs for defense against cyber-attacks on U.S. infrastructure systems, the report was certain to mislead the recipients.
"Anyone who uses it would think they were being impacted by Russian operations," said Lee. "We ran through the indicators in the report and found that a high percentage were false positives."
Lee and his staff found only two of a long list of malware files that could be linked to Russian hackers without more specific data about timing. Similarly a large proportion of IP addresses listed could be linked to "GRIZZLY STEPPE" only for certain specific dates, which were not provided.
The Intercept discovered, in fact, that 42 percent of the 876 IP addresses listed in the report as having been used by Russian hackers were exit nodes for the Tor Project, a system that allows bloggers, journalists and others -- including some military entities -- to keep their Internet communications private.
Lee said the DHS staff that worked on the technical information in the report is highly competent, but the document was rendered useless when officials classified and deleted some key parts of the report and added other material that shouldn't have been in it. He believes the DHS issued the report "for a political purpose," which was to "show that the DHS is protecting you."
Planting the Story, Keeping it Alive