China did not turn off the power in Mumbai
A "cyber-USS Maine"
The New York Times insinuated that a Chinese cyberattack shut off the power in Mumbai for 12 hours.
It’s true that a Chinese APT is going after Indian targets, including India’s electrical grid.It’s also true that an Indian minister kind-of-sort-of blamed the outage on a cyber attack.
But the outage wasn’t caused by a cyber attack. It was caused by human error.
According to Union Power Minister RK Singh:
We had sent a team and their conclusion was that there were some mistakes made by operators and those who handle state transmission system.
The New York Times has not issued a retraction—or even added a correction.
Implying—with its colossal megaphone—that China turned off the power in a major city is a big move. The Times should be more careful. Wars have started over less.
In other news…
Substack and Discord have a fun file upload vulnerability, discovered by Devin Gaffney.
Attackers breached Gab (think Nazi Twitter) and got private user data. It was a SQL injection attack, which means the Gab developers are amateurs, but slightly more skilled than the Parler developers, who had just stored private data publicly, unencrypted.
What do you make of China being the go-to cyber boogiemen? What percentage of that is valid fear, what percent is scapegoating? Seems to be a persistent theme lately. Also, separating "state" actors from "state-sponsored" actors, from "independent" orgs...is that a bit reductionist? I'm sure it gets more complicated...maybe a topic for future posts.