back to article Malware attack that crippled Mumbai's power system came from China, claims infosec intel outfit Recorded Future

Security intelligence firm Recorded Future's Insikt Group has written a paper alleging China was behind attacks on India's electricity grid. In a blog post and white paper (which requires registration to access), the firm said it had seen a notable increase in targeted attacks on India from China state-sponsored groups. The …

  1. Version 1.0 Silver badge

    Internet or Insertonet?

    Looking around it seems that most power systems connected to the Internet have had malware inserted. SolarWinds was just a small demonstration that if you are connected to the Internet then you are vulnerable. It's no surprise, the Internet was designed to always work, security was not a priority when it was designed so hackers can keep hacking. Using the Internet is a bit like skiing downhill after a nice snowy day, most of the time it's great but occasionally you get buried.

  2. Andy Non Silver badge
    Unhappy

    Critical infrastructure

    As hacking attacks against critical infrastructure are becoming the norm between antagonistic countries and targets for terrorists in general, the only solution would be to ensure they are kept offline. While it might mean the removal of the convenience of control or monitoring from a distance, it's the only way to be safe. Similarly systems that must be online that are used for administration, email etc should not be on the same network as the infrastructure hardware. Maybe a pain the rear, but either that or expect your critical infrastructure to be hacked and trashed at some point, perhaps with catastrophic consequences.

    1. LoPath
      Mushroom

      Re: Critical infrastructure

      Very true, but nobody listens to those wacky IT guys.

    2. ICam

      Re: Critical infrastructure

      It would certainly make it harder to attack, although applying strict controls would still be necessary to stop physical deployments of attacks on that offline infrastructure as well.

    3. Kevin McMurtrie Silver badge

      Re: Critical infrastructure

      That's not that easy when you have well-funded espionage and low budget IT. An employee will "accidentally" put it back online with no security. You will never know if it's done from malicious intent or the incompetence of copying a malicious Stack Overflow answer.

    4. Anonymous Coward
      Anonymous Coward

      Re: Critical infrastructure

      I agree, it is best to keep terrorist offline. So lets cut the cables to go to the attacking country.

  3. iron Silver badge

    > Using a combination of proactive adversary infrastructure detections, domain analysis, and Recorded Future Network Traffic Analysis, we have determined that a subset of these AXIOMATICASYMPTOTE servers...

    That is grade A Star Trek technobabble!

  4. Throatwarbler Mangrove Silver badge
    Mushroom

    Christ, what assholes

    Isn't attacking civilian infrastructure a war crime? Setting aside the question of infrastructure security for the moment, where is the line in the sand that causes these "criminal" acts to be dubbed "terrorism" or "act of war"? Where is the human decency on the part of the attackers?

    Enough with the victim blaming, how about blaming the perpetrators?

    1. razorfishsl

      Re: Christ, what assholes

      yep... but so what?

      what are you going to do about it?

      nothing.......

      This is why "God" was invented... so that people could right the wrongs that were beyond their control or at least believe that they would get theirs in the after life.

      1. Throatwarbler Mangrove Silver badge
        Mushroom

        Re: Christ, what assholes

        "what are you going to do about it?"

        You want to get nuked? Because that's how you get nuked. Once civilian targets are on the table, escalation becomes inevitable. If India can't strike back in cyberspace, they strike back in meatspace, and if conventional weapons are inadequate, it turns out that other options are available.

        How about a simple solution: STOP BEING ASSHOLES.

    2. Claptrap314 Silver badge

      Re: Christ, what assholes

      "Human Decency" and "Successful Generals" don't have a great deal of overlap. Moreover, "Human Decency" and "Totalitarian Government" have 0 overlap. Finally, Chinese culture is very different from the West. I read a fascinating article about 25 years ago making the point that "human rights" as we know them simply do not exist as a part of that culture. Not that they have always been part of Western culture...

      Look up the history of "Just War" theory. In particular, what it took for it to gain traction. It's actually a significant achievement of the Roman Catholic church.

      1. Throatwarbler Mangrove Silver badge
        Unhappy

        Re: Christ, what assholes

        @Claptrap, I refuse to upvote your post, but you are probably more correct than I would care to admit.

  5. Anonymous Coward
    Anonymous Coward

    China is the bully in the region

    When it really wants to be the bully everywhere.

    1. julian.smith
      Big Brother

      Re: China is the bully in the region

      Unlike the USA which is the world bully

      There is a special prize if your country has USA bases

  6. man_iii
    Mushroom

    Indian grid run by govt

    Most of Indias powergrids are govt run entities. That means job reservations and least qualified people in dangerous high profile jobs. Most of the grid is physical and mechanical devices that are not modernized and unconnected to the internet. Mumbai and some other few States have privatised the grid and no longer employ ancient and unqualified techs. Hence these modern grids are truly vulnerable and on the internet. I never thought I would be supporting ancient tech and unqualified workers but looks to be better than getting fleeced by private corpos and Chinese haxxors

  7. Anonymous Coward
    Anonymous Coward

    No internet and big chain on the gate.

    A giant mess brewing there. Updating ancient ifrastructure in a poorly governed and corrupt country = trouble. It was only the outmoded ways keeping people safe.

    Probably easy to spot a chinaman mooching around the energy complex/hut. so years of relative safety.

    India needs to preserve and enhance its long winded and complex burocracy.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021