Security experts disappointed in DHS FBI Grizzly Steppe report sold as providing details connecting Russian government to release of embarrassing US political emails during election season. Report provided no evidence. If evidence exists but is deemed 'classified,' then it should be reviewed by an independent commission-Fortune, Morris

12/31/16, "Grizzly Misstep: Security Experts Call Russia Hacking Report “Poorly Done,” “Fatally Flawed”," Fortune.com, David Z. Morris

"On Thursday, the Department of Homeland Security and the FBI released a joint report about Russian cyberattacks, titled “Grizzly Steppe.” The report had been expected to lay out more details about intelligence agency’s claims that the Russian government was directly linked to hacks on the DNC and other organizations, but security experts have expressed broad disappointment with the report. 

Jeffrey Carr, author of Inside Cyber Warfare, wrote on Friday that the report “adds nothing to the call for evidence that the Russian government was responsible” for the campaign hacks. Robert Lee, a former Air Force cyberwarfare officer and cybersecurity fellow at New America, argues that the report is of limited use to security professionals, in part because of poor organization and lack of crucial details.

The report, Carr says, lists hacking groups previously suspected of Russian government ties, mostly identified by commercial security firms, “without providing any supporting evidence that such a connection exists.” 

That evidence may still remain classified, but Carr says that if so, it should be reviewed by an independent commission, because the White House targeting of Russia “is looking more and more like a domestic political operation run by the White House”.

Lee is much less skeptical of the White House, calling the accusations against the Russian government “a strong and accurate statement.” But he highlights extensive sloppy mistakes and limited practical data in the Grizzly Steppe report. A list of names used to identify hacking campaigns, such as APT28 and COZYBEAR, inexplicably mingles in the names of both malware tools and capabilities. Data intended to help network administrators block attacks is missing vital IP addresses and attack timelines.

Lee also says descriptions of the techniques of the groups profiled is “very generic,” and of little use for network defense. He concludes that Grizzly Steppe “seems like a very rushed report,” and speculates that any useful data was removed during the review and approval process.

The flaws of the Grizzly Steppe report could become grist for those skeptical of White House and security agencys' claims of Russian hacking—most notably, President Elect Donald Trump. He and his supporters largely see the accusations against Russia as an attempt by President Obama and Democratic allies to discredit the incoming President.

But political anxiety over the lack of evidence is simmering elsewhere, too. Writing on Friday, left-wing commentator Matt Taibbi described the Grizzly Steppe report as “long on jargon but short on specifics,” and part of a broader pattern of government overstatement with “an element of salesmanship.”"


........................................

Added:

1/1/17, "'Fake News' And How The Washington Post Rewrote Its Story On Russian Hacking Of The Power Grid," Forbes, Kaley Leetaru, Contributor 

"On Friday the Washington Post sparked a wave of fear when it ran the breathless headline “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say.” The lead sentence offered “A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials” and continued “While the Russians did not actively use the code to disrupt operations of the utility, according to officials who spoke on condition of anonymity in order to discuss a security matter, the penetration of the nation’s electrical grid is significant because it represents a potentially serious vulnerability.”

Yet, it turns out this narrative was false and as the chronology below will show, illustrates how effectively false and misleading news can ricochet through the global news echo chamber through the pages of top tier newspapers that fail to properly verify their facts.

The original article was posted online on the Washington Post's website at 7:55PM EST. Using the Internet Archive's Wayback Machine, we can see that sometime between 9:24PM and 10:06PM the Post updated the article to indicate that multiple computer systems at the utility had been breached ("computers" plural), but that further data was still being collected: “Officials said that it is unclear when the code entered the Vermont utility’s computers, and that an investigation will attempt to determine the timing and nature of the intrusion.” Several paragraphs of additional material were added between 8PM and 10PM, claiming and contextualizing the breach as part of a broader campaign of Russian hacking against the US, including the DNC and Podesta email breaches. 

Despite the article ballooning from 8 to 18 paragraphs, the publication date of the article remained unchanged and no editorial note was appended, meaning that a reader being forwarded a link to the article would have no way of knowing the article they were seeing was in any way changed from the original version published 2 hours prior.

Yet, as the Post’s story ricocheted through the politically charged environment, other media outlets and technology experts began questioning the Post’s claims and the utility company itself finally issued a formal statement at 9:37PM EST, just an hour and a half after the Post's publication, pushing back on the Post’s claims: “We detected the malware in a single Burlington Electric Department laptop not connected to our organization’s grid systems. We took immediate action to isolate the laptop and alerted federal officials of this finding.”"









..................