Russian Government Hackers Do Not Appear to Have Targeted Vermont Utility, Say People Close to Investigation
So the utility was hacked since an employee laptop has malware on it and the company infosecurity measures failed tot prevent it. That’s bad from the aspect of what other vulnerabilities might exist besides the vector this attack used. It’s bad from the sense of “what’s on that laptop?” - is this a CEO or manager with tons of sensitive data, is it an HR worker who downloaded the employee DB to work at home? Probably not,it’s probably nothing.
Regardless, the reporting sensationalizing this with implications that the power grid was in danger, or that it was Russian Hackers is all way out of line, so far out of line that even the world’s wildest infosecurity sensationalist, Glen Greenwald, felt the need to call it out in The Intercept.
As federal officials investigate suspicious Internet activity found last week on a Vermont utility computer, they are finding evidence that the incident is not linked to any Russian government effort to target or hack the utility, according to experts and officials close to the investigation.
An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.
The investigation by officials began Friday, when the Vermont utility reported its alert to federal authorities, some of whom told The Washington Post that code associated with the Russian hackers had been discovered within the system of an unnamed Vermont utility. On Friday evening, The Post published its report, and Burlington Electric released a statement identifying itself as the utility in question and saying the firm had “detected the malware” in a single laptop. The company said in its statement that the laptop was not connected to its grid systems.