Roving Periscope: Maha probes how China tried to switch off Mumbai in Oct 2020

Virendra Pandit 

New Delhi: After the Indian soldiers broke bones and crushed skulls of Chinese invaders in Eastern Ladakh in the high summer of 2020, Beijing tried to get even by launching a cyber-attack and cause a blackout in India’s financial capital, Mumbai, media reported on Monday.

Resolute Indian troops gave such a bloody nose to the People’s Liberation Army (PLA) in May 2020 that Beijing was forced to pipe down from the high Himalayas. After a dozen rounds of border talks with India, the PLA retreated to its ‘original’ posts along the Line of Actual Control (LAC) last month.

While the two armies stood in eyeball-to-eyeball confrontation on October 13, 2020, China allegedly launched a cyber-strike against India’s power grid, targeting Mumbai in a fresh warning message, media reported on Monday.

It was aimed at arm-twisting India: if New Delhi pressed its claims too hard, the lights could go out across the country.

That morning, large parts of Mumbai were hit by a major power outage, which officials said was due to a grid failure at Padgha-Kalwa line.

As power cut swept through the Mumbai Metropolitan Region, students were panicked when they failed to log onto the relevant websites to write their examinations. Many had to cancel their online classes or work-from-home, commutation, and court proceedings were disrupted.

Trains were shut down and the stock market closed as the power went out in a city of 20 million people. Hospitals had to switch to emergency generators to keep ventilators running amid a coronavirus outbreak that was among India’s worst.

Now, taking cognizance of the fresh media reports, Maharashtra Energy Minister Nitin Raut said his department’s cyber cell is probing the matter about a Chinese cyber-attack.

According to The New York Times, a new study shows that “as the battles raged in the Himalayas, taking at least two dozen lives, Chinese malware was flowing into the control systems that manage electric supply across India, along with a high-voltage transmission substation and a coal-fired power plant”.

The flow of malware was pieced together by Recorded Future, a Somerville, Massachusetts, company that studies the use of the internet by state actors. It found that most of the malware was never activated.

And because Recorded Future could not get inside India’s power systems, it could not examine the details of the code itself, which was placed in strategic power-distribution systems across the country. While it has notified Indian authorities, so far they are not reporting what they have found”, NYT said.

Stuart Solomon, Recorded Future’s chief operating officer, said that the Chinese state-sponsored group, which the firm named Red Echo, “has been seen to systematically utilize advanced cyber intrusion techniques to quietly gain a foothold in nearly a dozen critical nodes across the Indian power generation and transmission infrastructure.”

Reports at the time had quoted Indian officials as saying that the reason behind outage was a Chinese-origin cyber-attack on a nearby electricity load-management centre.

“I think the signalling was being done” by China to indicate “that we can and we have the capability to do this in times of a crisis,” said retired Lt. Gen. D.S. Hooda, a cyber expert who oversaw India’s borders with Pakistan and China. “It’s like sending a warning to India that this capability exists with us”.

As border tensions rose between the two countries, Chinese hackers unleashed a swarm of 40,300 hacking attempts on India’s technology and banking infrastructure in just five days. Some of the incursions were so-called denial-of-service attacks that knocked these systems offline; others were phishing attacks.

Yashasvi Yadav, a police official in charge of Maharashtra’s cyber-intelligence unit, said authorities found “suspicious activity” that suggested the intervention of a state actor.

Until recent years, China’s focus had been on information theft. But Beijing has been increasingly active in placing code into infrastructure systems, knowing that when it is discovered, the fear of an attack can be as powerful a tool as an attack itself.

Security experts at the Cyber Peace Foundation, an Indian non-profit that follows hacking efforts, reported a new wave of Chinese attacks, in which hackers sent phishing emails to Indians related to the Indian holidays in October and November 2020. Researchers tied the attacks to domains registered in China’s Guangdong and Henan Provinces, to an organization called Fang Xiao Qing. The aim, the foundation said, was to obtain a beachhead in Indians’ devices, possibly for future attacks.

“One of the intentions seems to be power projection,” said Vineet Kumar, the Foundation’s President.

The non-profit also documented a surge of malware directed at India’s power sector, from petroleum refineries to a nuclear power plant, since last year.

Except for the Mumbai blackout, however, the attacks did not disrupt the provision of energy, officials said.

Military experts in India have been urging the government to replace the Chinese-made hardware for India’s power sector and its critical rail system. The government authorities have said a review is underway of India’s information technology contracts, including with Chinese companies.