China did not turn off the power in Mumbai
China did not turn off the power in Mumbai
A "cyber-USS Maine"
The New York Times insinuated that a Chinese cyberattack shut off the power in Mumbai for 12 hours.
It’s true that a Chinese APT is going after Indian targets, including India’s electrical grid.
It’s also true that an Indian minister kind-of-sort-of blamed the outage on a cyber attack.But the outage wasn’t caused by a cyber attack. It was caused by human error.
According to Union Power Minister RK Singh:
We had sent a team and their conclusion was that there were some mistakes made by operators and those who handle state transmission system.
The New York Times has not issued a retraction—or even added a correction.
Implying—with its colossal megaphone—that China turned off the power in a major city is a big move. The Times should be more careful. Wars have started over less.
In other news…
Substack and Discord have a fun file upload vulnerability, discovered by Devin Gaffney.
Attackers breached Gab (think Nazi Twitter) and got private user data. It was a SQL injection attack, which means the Gab developers are amateurs, but slightly more skilled than the Parler developers, who had just stored private data publicly, unencrypted.
https://go.recordedfuture.com/hubfs/reports/cta-2021-0228.pdf
https://au.finance.yahoo.com/news/mumbai-power-outage-could-cyber-163116612.html
https://www.news18.com/news/india/no-sabotage-behind-mumbai-power-outage-chinese-hacking-attempt-in-nov-last-yr-power-minister-3488093.html
What do you make of China being the go-to cyber boogiemen? What percentage of that is valid fear, what percent is scapegoating? Seems to be a persistent theme lately. Also, separating "state" actors from "state-sponsored" actors, from "independent" orgs...is that a bit reductionist? I'm sure it gets more complicated...maybe a topic for future posts.