The Washington PostDemocracy Dies in Darkness

Washington Post cites ‘discussions’ aimed at preventing recurrence of Vermont utility story

(Kirill Kudryavtev/Agence France-Presse via Getty Images)

On Friday night, “officials” appeared to have given The Washington Post a perfect scoop for a weekend that would bridge the years 2016 and 2017. “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, officials say,” read the OMG headline on the original story. Even on the sluggish first steps of a holiday weekend, the story hustled its way everywhere. Journalists tweeted it; other outlets pursued it; statements came flying out of officialdom.

It tumbled pretty quickly, too. Though the story didn’t identify the utility that had allegedly been hacked, Burlington Electric came forth with a statement that night noting that there was, in fact, no danger to the electricity grid:

Last night, U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks. We acted quickly to scan all computers in our system for the malware signature. We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding. Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems. We have briefed state officials and will support the investigation fully.

The threat level fell even further over the following days. Not only was the laptop not connected to the electricity grid, Burlington Electric may not have been targeted at all. In a Jan. 2 story correcting its erroneous initial report, The Post noted, “An employee at Burlington Electric Department was checking his Yahoo email account Friday and triggered an alert indicating that his computer had connected to a suspicious IP address associated by authorities with the Russian hacking operation that infiltrated the Democratic Party.” The whole thing could have been “benign,” the newspaper said.

The original story still features a headline loyal to what those officials originally told The Post: “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say,” reads the current headline on the flawed story. It also carries this editor’s note:

An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.

So there’s a duel going on at The Post’s website — between a more recent story that features correct information and a more dated one that oversells the hacking threat. The result is a clicky version of Russian roulette: If you choose the wrong version, you get the wrong news.

A number of critics have blasted The Post for its handling of the story, and this blog will forego a laborious reconstruction of the affair.

What stands out about the incident, however, is that the newspaper published its salacious story based on the accounts of the “officials,” though without input from the utility folks. Burlington Electric executive Neale Lunderville told Vermont Public Radio, “It could have easily been corrected, well first, had this federal official not leaked this information inaccurately, and second had the news outlet got in touch with us to confirm it or deny it, and we would have told them, ‘Not so. That’s not the case.’ And they could have printed a correct story the first time around.”

The Erik Wemple Blog today asked top Post officials for interviews on the screw-ups, though we didn’t get any sit-downs. Kris Coratti, a spokeswoman for the paper, issued this statement: “We have corrected the story, prominently displayed the correct information after further reporting, evaluated what transpired, and had the appropriate discussions internally to make sure something similar does not occur again.”

“Again” would be the third time, considering that The Post was forced to publish an editor’s note over a Thanksgiving-weekend story fingering Russia for assisting in the spread of fake news.

The missteps mar an otherwise spectacular run for The Post, which nailed exclusive after exclusive in the presidential campaign. With traffic surging and editorial ranks growing, The Post, you might suppose, would have the self-confidence to sit for an extensive interview about its occasional failings. Apparently not.