Doubt cast that Moscow tried to hack Vermont utility, Washington Post says
Federal officials probing suspicious code found on a Vermont utility laptop last week “are finding evidence that the incident is not linked to any Russian government effort to target or hack the utility, according to experts and officials close to the investigation,” The Washington Post reported late Monday night.
According to the Post, “An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party. Officials told the company that traffic with this particular address is found elsewhere in the country and is not unique to Burlington Electric, suggesting the company wasn’t being targeted by the Russians. Indeed, officials say it is possible that the traffic is benign, since this particular IP address is not always connected to malicious activity.”
The utility has said the laptop wasn’t connected to the electric grid.
The newspaper says U.S. officials “have found on the device a package of software tools commonly used by online criminals to deliver malware. The package, known as Neutrino, does not appear to be connected with Grizzly Steppe, which U.S. officials have identified as the Russian hacking operation. The FBI, which declined to comment, is continuing to investigate how the malware got onto the laptop.”
The Post notes the utility first said the code on the laptop had been connected by the Department of Homeland Security to Grizzly Steppe but backtracked over the weekend, saying only that it had “detected suspicious Internet traffic” on the device.
“The murkiness of the information underlines the difficulties faced by officials as they try to root out Grizzly Steppe and share with the public their findings on how the operation works,” the Post observes.
The word comes amid concerns that Russian cyberattacks have been more extensive than originally thought. Since the U.S released a report on election-related cyberattacks Thursday, a government official has said more cases have come to light, CBS News’ Justice and Homeland Security correspondent Jeff Pegues reports.
revelation about new cases of attempted or potentially successful cyber intrusions came just days after the Obama administration announced a series of actions in response to what the White House called “the Russian government’s aggressive harassment of U.S. officials and cyber operations aimed at the U.S. election.” In addition to sanctions announced on Thursday, 35 Russian diplomats have been expelled from the United States.
While President Obama and most congressional Republicans have denounced Russia for its alleged election interference, President-elect Donald Trump has been reluctant to do so, even after FBI Director James Comey and Director of National Intelligence James Clapper backed the CIA’s conclusion that Russia interfered. The CIA said in December it has high confidence that Russians tried to influence the election and that they favored Mr. Trump.
“I know a lot about hacking,” Mr. Trump said before his New Years Eve party at Mar-a-Lago Saturday night. “And hacking is a very hard thing to prove. So it could be somebody else. And also - I know things that other people don’t know - and so they cannot be sure of the situation.”
Mr. Trump promised new information on Tuesday or Wednesday. But Sean Spicer, the Trump transition’s spokesman, seemed to walk that back.
“Well it’s not a question of necessarily revealing, remember the president-elect is privy to a lot of classified information, intelligence reports, he gets briefed by his national security team on a daily basis,” Spicer said, speaking on CNN.
It is unclear, however, where Mr. Trump or his national security team are getting their intelligence reports. All U.S. intelligence agencies are in agreement that the Russian government with the blessing of Russian President Vladimir Putin orchestrated “aggressive” cyberattacks prior to and during the U.S. election.