On Friday the Washington Post sparked a wave of fear when it ran the breathless headline “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say.” The lead sentence offered “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials” and continued “While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability.”
Yet, it turns out this narrative was false and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts.
The original article was posted online on the Washington Post’s website at 7:55PM EST. Using the Internet Archive’s Wayback Machine, we can see that sometime between 9:24PM and 10:06PM the Post updated the article to indicate that multiple computer systems at the utility had been breached (“computers” plural), but that further data was still being collected: “Officials said that it is unclear when the code entered the Vermont utility’s computers, and that an investigation will attempt to determine the timing and nature of the intrusion.” Several paragraphs of additional material were added between 8PM and 10PM, claiming and contextualizing the breach as part of a broader campaign of Russian hacking against the US, including the DNC and Podesta email breaches.
Despite the article ballooning from 8 to 18 paragraphs, the publication date of the article remained unchanged and no editorial note was appended, meaning that a reader being forwarded a link to the article would have no way of knowing the article they were seeing was in any way changed from the original version published 2 hours prior.
Yet, as the Post’s story ricocheted through the politically charged environment, other media outlets and technology experts began questioning the Post’s claims and the utility company itself finally issued a formal statement at 9:37PM EST, just an hour and a half after the Post’s publication, pushing back on the Post’s claims: “We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.”
From Russian hackers burrowed deep within the US electrical grid, ready to plunge the nation into darkness at the flip of a switch, an hour and a half later the story suddenly became that a single non-grid laptop had a piece of malware on it and that the laptop was not connected to the utility grid in any way.
However, it was not until almost a full hour after the utility’s official press release (at around 10:30PM EST) that the Post finally updated its article, changing the headline to the more muted “Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say” and changed the body of the article to note “Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems. The firm said it took immediate action to isolate the laptop and alert federal authorities.” Yet, other parts of the article, including a later sentence claiming that multiple computers at the utility had been breached, remained intact.
The following morning, nearly 11 hours after changing the headline and rewriting the article to indicate that the grid itself was never breached and the “hack” was only an isolated laptop with malware, the Post still had not appended any kind of editorial note to indicate that it had significantly changed the focus of the article.
This is significant, as one driving force of fake news is that as much of 60% of the links shared on social media are shared based on the title alone, with the sharer not actually reading the article itself. Thus, the title assigned to an article becomes the story itself and the Post’s incorrect title meant that the story that spread virally through the national echo chamber was that the Russians had hacked into the US power grid.
Only after numerous outlets called out the Post’s changes did the newspaper finally append an editorial note at the very bottom of the article more than half a day later saying “An earlier version of this story incorrectly said that Russian hackers had penetrated the U.S. electric grid. Authorities say there is no indication of that so far. The computer at Burlington Electric that was hacked was not attached to the grid.”
Yet, even this correction is not a true reflection of public facts as known. The utility indicated only that a laptop was found to contain malware that has previously been associated with Russian hackers. As many pointed out, the malware in question is actually available for purchase online, meaning anyone could have used it and its mere presence is not a guarantee of Russian government involvement. Moreover, a malware infection can come from many sources, including visiting malicious websites and thus the mere presence of malware on a laptop computer does not necessarily indicate that Russian government hackers launched a coordinated hacking campaign to penetrate that machine – the infection could have come from something as simple as an employee visiting an infected website on a work computer.
Moreover, just as with the Santa Claus and the dying child story, the Post story went viral and was widely reshared, leading to embarrassing situations like CNBC tweeting out the story and then having to go back and retract the story.
Particularly fascinating that the original Post story mentioned that there were only two major power utilities in Vermont and that Burlington Electric was one of them, meaning it would have been easy to call both companies for comment. However, while the article mentions contacting DHS for comment, there is no mention of any kind that the Post reached out to either of the two utilities for comment. Given that Burlington issued its formal statement denying the Post’s claims just an hour and a half later, this would suggest that had the Post reached out to the company it likely could have corrected its story prior to publication.
When I reached out to Kris Coratti, Vice President of Communications and Events for the Washington Post for comment, she responded that regarding the headline change, “Headlines aren’t written by story authors. When editors realized it overreached, as happens from time to time with headlines, it was corrected.” She also indicated that posting the editor’s note at the bottom of the article instead of the top was a mistake and indeed this was corrected shortly after my email to her inquiring about it.
Ms. Coratti’s response regarding the article headline is a fascinating reminder of just how many different people and processes combine to produce a single article in a newspaper – that contrary to popular belief, a reporter doesn’t sit down and write a story, choose a headline and then hit “Publish” and have the story go live on the newspaper website. Most newspapers, like the Washington Post, either employ dedicated headline writers or have their editors write the headlines for each piece and articles typically go through an elaborate review process designed to catch these sorts of issues prior to publication.
It is also interesting to note that the Post said it was an error for the editorial note to be buried at the very bottom of the page instead of at the top of the article, as was done for the Santa Claus story. This reflects the chaotic nature of newsrooms in which an editorial note is frequently added by an editor simply logging into a CMS portal and updating a live page, rather than a templated system which automatically places all editorial notes in the same place with the same style and formatting to ensure consistency.
Equally fascinating, neither Ms. Coratti nor Post Public Relations responded to any of my remaining queries regarding the article’s fact checking process. In particular, the Post did not respond when I asked how headlines are fact checked and if headline writers conduct any form of fact checking to ensure their summarized version is consistent with known facts. The Post also did not respond to a request for comment on why it took nearly half a day from the time the article was rewritten until an editorial note was finally appended acknowledging that the conclusions of the original article were false and that the article had been substantively rewritten to support a different conclusion, nor did the Post comment on why the editor’s note was originally placed at the bottom of the article and only moved after I inquired about its location.
Yet, perhaps most intriguing is that, as with the Santa Claus story, the Post did not respond to repeated requests for comment regarding how it conducts fact checking for its stories. This marks twice in a row that the Post has chosen not to respond in any fashion to my requests for more detail on its fact checking processes. Given the present atmosphere in which trust in media is in freefall and mainstream outlets like the Post are positioning themselves as the answer to “fake news” it certainly does not advance trust in the media when a newspaper will not even provide the most cursory of insight into how it checks its facts.
As with the Santa Claus story, the Post appears to have run this story without even attempting to perform the most basic of fact checks before publication. The original story noted that there were only two utilities in Vermont and yet the article states that the Post only attempted to contact DHS and does not mention any attempt to contact either of the utilities. Standard journalistic practice would have required that the Post mention that it attempted to reach either utility even if neither responded. The Post did not respond to a request for comment when I asked if it had attempted to reach either utility for comment prior to publication.