|  |  | 

India Top Headlines

China Appears to Warn India: Pushing Too Much, Lights Could Go Out | India News


WASHINGTON – Early last summer, Chinese and Indian troops engaged in a surprise border battle in the remote Galwan Valley, beating each other to death with stones and sticks.
Four months later and more than 1,500 miles away in Mumbai, India, trains were shut down and the stock market shut down when power went out in a city of 20 million people. Hospitals had to switch to emergency generators to keep fans running amid a coronavirus outbreak that was among the worst in India.
Now a new study gives weight to the idea that those two events may have been connected, as part of a broad Chinese cyber campaign against India’s power grid, scheduled to send a message that if India pushed too hard on its claims, the lights could go out. in all the country.
The study shows that as battles raged in the Himalayas, claiming at least two dozen lives, Chinese malware flowed into the control systems that manage electricity supply across India, along with a high-voltage transmission substation and a coal-fired power plant.
The malware stream was reconstructed by Recorded Future, a Somerville, Massachusetts company that studies Internet use by state actors. It found that most of the malware was never activated. And because Recorded Future was unable to enter India’s power systems, it was unable to examine the details of the code itself, which was placed in strategic power distribution systems across the country. While he has notified the Indian authorities, so far they have not reported what they have found.
Stuart Solomon, COO of Recorded Future, said the Chinese state-sponsored group, which the firm dubbed the Red Echo, “has been seen to consistently use advanced cyber intrusion techniques to quietly entrench itself in nearly a dozen critical nodes. in India. energy generation and transmission infrastructure ”.
The discovery raises the question of whether an Oct. 13 outage in Mumbai, one of the country’s busiest shopping malls, was intended to be a message from Beijing about what could happen if India pushed its border claims too hard.
News reports at the time cited Indian officials who said the cause was a Chinese-origin cyberattack on a nearby electricity charging management center. Authorities launched a formal investigation, which will be reported in the coming weeks. Since then, Indian officials have been silent on the Chinese code, whether it triggered the Mumbai blackout and the evidence provided by Recorded Future that many elements of the nation’s power grid were the target of a sophisticated hacking effort. China.
The Indians may still be looking for the code. But acknowledging their insertion, noted a former Indian diplomat, could complicate diplomacy in recent days between China’s Foreign Minister Wang Yi and his Indian counterpart Subrahmanyam Jaishankar in an effort to ease border tensions.
The researchers who wrote the Recorded Future study, to be published Monday, said that “the alleged link between the outage and the discovery of unspecified malware” on the system “remains unsubstantiated.” But they noted that “additional evidence suggested the coordinated targeting of India’s load dispatch centers,” balancing electricity demands in all regions of the country.
The discovery is the latest example of how visible malware placement on an adversary’s power grid or other critical infrastructure has become the newest form of aggression and deterrence – a warning that if things are taken too far, millions could suffer.
“I think China is making the signage” to indicate “that we can and have the ability to do it in times of crisis,” said retired Lt. Gen. DS Hooda, a cyber expert who oversaw India’s borders with Pakistan. and China. “It’s like sending a warning to India that this capacity exists with us.”
Both India and China maintain medium-sized nuclear arsenals, traditionally seen as the ultimate deterrent. But neither side believed the other would risk a nuclear exchange in response to bloody disputes over the Royal Line of Control, an ill-defined border demarcation where long-running disputes have turned into deadly conflicts by increasingly governments. nationalists.
Cyber ​​attacks provide them with another option, less devastating than a nuclear attack, but capable of giving a country a strategic and psychological advantage. Russia pioneered the use of this technique when it turned off the power twice in Ukraine several years ago.
And the United States has engaged in similar signaling. After the Department of Homeland Security publicly announced that the American power grid was littered with codes inserted by Russian hackers, the United States put a code on Russia’s grid in a warning to President Vladimir Putin.
Now, the Biden administration promises that in a few weeks it will respond to another intrusion, not yet calling it an attack, from Russia, one that penetrated at least nine government agencies and more than 100 corporations.
So far, the evidence suggests that the SolarWinds hack, named for the company that made the network management software that was hijacked to insert the code, was primarily to steal information. But it also created the capacity for much more destructive attacks, and among the companies that downloaded the Russian code were several American utilities. They maintain that the incursions were managed and that there was no risk to their operations.
Until recently, China had focused on information theft. But Beijing has been increasingly active in putting code into infrastructure systems, knowing that when discovered, fear of an attack can be as powerful a tool as an attack itself.
In the case of India, Recorded Future sent its findings to the Indian Computer Emergency Response Team, or CERT-In, a kind of investigative and early warning agency that most nations maintain to track threats. to critical infrastructure. On two occasions, the center acknowledged receipt of the information, but did not say anything about whether it also found the code on the power grid.
Repeated efforts by The New York Times to seek comment from the center and several of its officials over the past two weeks yielded no response.
The Chinese government, which did not respond to questions about the code on the Indian network, could argue that India initiated cyber-aggression. In India, a mosaic of state-backed hackers were caught using coronavirus-themed phishing emails to target Chinese organizations in Wuhan last February. A Chinese security company, 360 Security Technology, accused state-backed Indian hackers of targeting hospitals and medical research organizations with phishing emails, in a spy campaign.
Four months later, as tensions escalated between the two border countries, Chinese hackers unleashed a swarm of 40,300 hacking attempts on India’s technology and banking infrastructure in just five days. Some of the incursions were the so-called denial of service attacks that took these systems offline; others were phishing attacks, according to police in the Indian state of Maharashtra, home to Mumbai.
In December, security experts at the Cyber ​​Peace Foundation, an Indian nonprofit that tracks hacking efforts, reported a new wave of Chinese attacks, in which hackers sent phishing emails to Indians related to Indian holidays in October and November. Investigators linked the domain attacks registered in China’s Guangdong and Henan provinces to an organization called Fang Xiao Qing. The goal, the foundation said, was to obtain a beachhead on the Indian devices, possibly for future attacks.
“One of the intentions seems to be the projection of power,” said Vineet Kumar, president of the Cyber ​​Peace Foundation.
The foundation has also documented a rise in malware targeting India’s energy sector, from oil refineries to a nuclear power plant, since last year. Because it is impossible for the foundation or Recorded Future to examine the code, it is unclear if they are seeing the same attacks, but the timing is the same.
However, except for the Mumbai blackout, the attacks have not disrupted power supplies, authorities said.
And even there, officials have fallen silent after initially determining that the code was most likely Chinese. Yashasvi Yadav, a police officer in charge of Maharashtra’s cyber intelligence unit, said authorities found “suspicious activity” suggesting the intervention of a state actor.
But Yadav declined to elaborate, saying the full investigation report would be released in early March. Nitin Raut, a state government minister quoted in local reports in November who blamed sabotage for the blackout in Mumbai, did not respond to questions about the blackout.
Military experts in India have renewed calls for Prime Minister Narendra Modi’s government to replace Chinese-made hardware for India’s power sector and its critical rail system.
“The problem is that we have not yet been able to get rid of our dependency on foreign hardware and software,” said Hooda.
Indian government authorities have said that India’s information technology contracts, including with Chinese companies, are being reviewed. But the reality is that getting existing infrastructure up and running is costly and difficult.

Reference page