It tumbled pretty quickly, too. Though the story didn’t identify the utility that had allegedly been hacked, Burlington Electric came forth with a statement that night noting that there was, in fact, no danger to the electricity grid:
Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks. We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.
The threat level fell even further over the following days. Not only was the laptop not connected to the electricity grid, Burlington Electric may not have been targeted at all. In a Jan. 2 story correcting its erroneous initial report, The Post noted, “An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party.” The whole thing could have been “benign,” the newspaper said.
The original story still features a headline loyal to what those officials originally told The Post: “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say,” reads the current headline on the flawed story. It also carries this editor’s note:
An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.
So there’s a duel going on at The Post’s website — between a more recent story that features correct information and a more dated one that oversells the hacking threat. The result is a clicky version of Russian roulette: If you choose the wrong version, you get the wrong news.
What stands out about the incident, however, is that the newspaper published its salacious story based on the accounts of the “officials,” though without input from the utility folks. Burlington Electric executive Neale Lunderville told Vermont Public Radio, “It could have easily been corrected, well first, had this federal official not leaked this information inaccurately, and second had the news outlet got in touch with us to confirm it or deny it, and we would have told them, ‘Not so. That’s not the case.’ And they could have printed a correct story the first time around.”
The Erik Wemple Blog today asked top Post officials for interviews on the screw-ups, though we didn’t get any sit-downs. Kris Coratti, a spokeswoman for the paper, issued this statement: “We have corrected the story, prominently displayed the correct information after further reporting, evaluated what transpired, and had the appropriate discussions internally to make sure something similar does not occur again.”
“Again” would be the third time, considering that The Post was forced to publish an editor’s note over a Thanksgiving-weekend story fingering Russia for assisting in the spread of fake news.
The missteps mar an otherwise spectacular run for The Post, which nailed exclusive after exclusive in the presidential campaign. With traffic surging and editorial ranks growing, The Post, you might suppose, would have the self-confidence to sit for an extensive interview about its occasional failings. Apparently not.