Eric Bellman is an award winning tech editor in The Wall Street Journal’s San Francisco bureau, managing a team of tech savvy journalists. He has spent more than 15 years in Asia through the Journal‘s bureaus in Manila, Mumbai, Jakarta and New Delhi. Most recently, he was deputy bureau chief for South Asia.

Rajesh Roy Rajesh Roy is a reporter for The Wall Street Journal, covering diplomacy, defense, business, technology and political stories from India. Based out of the Journal‘s South Asia bureau in New Delhi, he brings over two decades of experience in reporting on the country’s biggest stories. They write:

“Indian officials are investigating whether cyberattacks from China could have been behind a blackout in Mumbai last year.

State officials in Maharashtra, of which Mumbai is the capital, said Monday that an initial investigation by its cyber department found evidence that China could have been behind a power outage that left millions without power in October.

It was the worst blackout in decades in India’s financial capital, stopping  trains and prompting hospitals to switch to diesel powered generators. The megacity has long prided itself on being one of the few cities in India with uninterrupted power supply even as most of the country struggles with regular blackouts.

Anil Deshmukh, home minister of the state, said officials were investigating a possible connection between the blackout and a surge in cyberattacks on the servers of the state power utilities. He wouldn’t single out China, but said investigators had found evidence of more than a dozen Trojan horse attacks as well as suspicious data transfers into the servers of state power companies.

“There were attempts to login to our servers from foreign land,” said Mr. Deshmukh. “We will investigate further.”

Another state official said 8GB of unaccounted for data slipped into power company servers from China and four other countries between June and October. The official cited thousands of attempts by blacklisted IP addresses to access the servers.

State-sponsored hackers increasingly target critical infrastructure such as power grids instead of specific institutions, said Amit Dubey, a cybersecurity expert at Root64 Foundation, which conducts cybercrime investigations.

“Anything and everything is dependent on power,” Mr. Dubey said. Targeting power supply, he said, can “take down hundreds of plants or day-to-day services like trains.”

Mr. Dubey said many countries such as China, Russia and Iran are deploying state-sponsored hackers to target the power grids of other nations. Russian hackers succeeded in turning off the power in many parts of Ukraine’s capital a few years ago, he said, and have also attacked critical infrastructure in the U.S. in recent years.

India’s announcement came after U.S. cybersecurity firm Recorded Future on Sunday published a report outlining what it said were attacks from close to a China-linked group it identified as RedEcho. It cited a surge in attacks targeting India’s power infrastructure.

The report said the attacks could have been a reaction to the jump in border tension between the two countries. During a military skirmish in June, India said 20 Indian soldiers were killed and China said four Chinese soldiers were killed when soldiers fought with rocks, batons and clubs wrapped in barbed wire.

In response to the Recorded Future report, which was earlier reported by the New York Times, China said it doesn’t support cyberattacks.

“It is highly irresponsible to accuse a particular party when there is no sufficient evidence around,” Wang Wenbin, spokesman for China’s Ministry of Foreign Affairs said in a briefing Monday. “China is firmly opposed to such irresponsible and ill-intentioned practice.

Recorded Future said it couldn’t directly connect the attacks to the Mumbai blackout because it doesn’t have access to any hardware that might have been infected.

India’s Ministry of Power said it has dealt with the threats outlined in the Recorded Future report by strengthening its firewall, blocking IP addresses and using antivirus software to scan and clean its systems software.

“There is no impact on any of the functionalities” of the government company that manages the national power grid, the ministry said.

Last June, Maharashtra’s cyber department collated information regarding possible Chinese cyber intrusion and large-scale phishing attacks in India with focus on infrastructure, information and banking sectors. At least 40,300 such cyberattacks were attempted in a span of five days in June, most of which could be traced to Chengdu area of China, a senior official said at the time.”

——————————————————-

Jim Salter is a correspondent for the Associated Press based in St. Louis. He writes: “Thousands of information technology workers contracting with U.S. companies have for years secretly sent millions of dollars of their wages to North Korea for use in its ballistic missile program, FBI and Department of Justice officials said.

The Justice Department said Wednesday that IT workers dispatched and contracted by North Korea to work remotely with companies in St. Louis and elsewhere in the U.S. have been using false identities to get the jobs. The money they earned was funneled to the North Korean weapons program, FBI leaders said at a news conference in St. Louis. Federal authorities announced the seizure of $1.5 million and 17 domain names as part of the investigation, which is ongoing.

Jay Greenberg, special agent in charge of the St. Louis FBI office, said any company that hired freelance IT workers ‘more than likely’ hired someone participating in the scheme. ‘This scheme is so prevalent that companies must be vigilant to verify whom they’re hiring,’ Greenberg said in a news release. ‘At a minimum, the FBI recommends that employers take additional proactive steps with remote IT workers to make it harder for bad actors to hide their identities.’

Officials didn’t say which companies unknowingly hired North Korean workers or say when the practice began.

Court documents allege that the government of North Korea dispatched thousands of skilled IT workers to live primarily in China and Russia with the goal of deceiving businesses from the U.S. and elsewhere into hiring them as freelance remote employees.

The IT workers generated millions of dollars a year in their wages to benefit North Korea’s weapons programs. In some instances, the North Korean workers also infiltrated computer networks and stole information from the companies that hired them, the Justice Department said. They also maintained access for future hacking and extortion schemes, the agency said.

Greenberg said the workers used various techniques to make it look like they were working in the U.S., including paying Americans to use their home Wi-Fi connections.

Tensions on the Korean Peninsula are high as North Korea has test-fired more than 100 missiles since the start of 2022 and the U.S. has expanded its military exercises with its Asian allies, in tit-for-tat responses.

In September, North Korean leader Kim Jong Un called for an exponential increase in production of nuclear weapons and for his country to play a larger role in a coalition of nations confronting the United States in a ‘new Cold War,’ state media said.

In February, United Nations experts said that North Korean hackers working for the government stole record-breaking virtual assets last year estimated to be worth between $630 million and more than $1 billion. The panel of experts said in a report that the hackers used increasingly sophisticated techniques to gain access to digital networks involved in cyber-finance, and to steal information that could be useful in North Korea’s nuclear and ballistic missile programs from governments, individuals and companies.”

——————————————————

Claire Thornton is a freelance journalist and Breaking News Reporter for USA Today. Washington, D.C. She writes: “Federal authorities are investigating a computer hack of a Pennsylvania utility provider that is believed to have been targeted by an Iranian-linked cyber group looking to disrupt Israeli-made technology in the U.S.

The Iranian group ‘Cyber Av3ngers’ hacked into water authority infrastructure in Aliquippa, PA, a city about 18 miles northwest of Pittsburgh, local authorities confirmed. The group took partial control of a system that regulates water pressure – and one that includes technology manufactured in Israel, according to water authority board chairman Matthew Mottes.

‘This is very direct. It’s using the internet as a weapon,’ said Max Kilger, a cybersecurity professor at the University of Texas at San Antonio who has closely followed the news surrounding the Pennsylvania case. The water pressure system, which uses a Unitronics computing device, was quickly disabled after an alarm notified workers of the threat, and crews were able to maintain water pressure along the line, according to Mottes.

Across the country, the federal government is investigating a handful of other facilities hacked by the Iranian group, two people who were granted anonymity to discuss details that had not yet been made public told Politico.

In Pennsylvania, hackers who took control of the Aliquippa water pressure system announced they were targeting technology made in Israel, Politico reported. Photos from the site of the cyberattack published by Politico show hackers displayed an on-screen message saying, ‘Every equipment ‘Made in Israel’ is Cyber Av3ngers legal target,’ referring to Unitronics, an Israeli supplier of control and valve systems.

The attack in Pennsylvania thankfully did not impact ‘more critical components’ that determine the amount of chemicals added to the water supply, Kilger said. ‘There’s that much more potential for harm. So this should be a wake-up call,’ he said, adding that the pump system computing device was ‘low-hanging fruit.’

‘Attacks on our critical infrastructure like water are unacceptable,’ U.S. Rep. Chris Deluzio said after the incident, urging bipartisan support for ‘shoring up America’s defenses’ against cyber criminals.

The cyber-criminal group Cyber Av3ngers has targeted several water utility facilities in Israel, including most recently following the outbreak of the Israel-Hamas war. Now, it appears the group’s most recent round of cyberattacks is targeting Israeli water infrastructure technology at U.S. facilities, Kilger said.

‘They’ve been around for a while, but these are sort of their recent attacks,’ Kilger said, adding that group is probably ‘trying to find other water systems that have equipment coming from Unitronics.’

The group is able to locate facilities in the U.S. that use Unitronics computing devices by hunting for and identifying online data that’s specific to that brand, Kilger said.

In an online forum on the Unitronics website, at least two users reported similar incidents involving Unitronics technology, with one user posting a photo of an on-screen message matching the one found at the Pennsylvania facility.

In the case of Cyber Av3ngers, the group is clearly motivated by the Israel-Hamas war, Kilger said. The Iranian government, which the group is believed to be tied to, has long sided with Hamas in conflicts involving Israel, acting in opposition to the U.S.

More broadly, Kilger said cyber criminals’ motivations fall into six different areas: Money. Ego. Entertainment. Political cause. Entrance to a social group. Status.

‘This one is very definitely cause,’ Kilger said, referring to the group’s message that it intends to target equipment made in Israel.

Around the world, critical infrastructure is an ‘obvious’ target for all hackers who want to disrupt and negatively impact physical processes people depend on, said Charles Henderson, IBM’s global head of security threat research.

‘Criminals first, then nation-states start asking, ‘What can I do that has a real-world impact, that has the most dramatic effect?’’ he said.

In 2021, the Colonial Pipeline was believed to have been the victim of criminal hackers, causing fuel-related panic along the East Coast, which is served by the pipeline. This week, authorities in Morgantown, West Virginia, responded to concerns about the security of their water systems, saying they do not use the same technology targeted in Aliquippa, located about 90 miles north.

In Texas, forensic investigators are looking into a Tuesday attack against North Texas Municipal Water District. Ransomware group Daixin Team claimed responsibility for the attack, the Dallas Morning News reported. Water service wasn’t disrupted for the district’s more than 2 million customers, the outlet said.

Consumers in the U.S. shouldn’t be overly concerned, Henderson said, because ‘there are a lot of people in the world who work very diligently’ in the realm of cybersecurity and are constantly strengthening defenses.”

—————————————————

Walter Russel Mead is the James Clarke Chace Professor of Foreign Affairs and Humanities at Bard College and taught American foreign policy at Yale University. He was also the editor-at-large of The American Interest magazine. Mead is a columnist for The Wall Street Journal, a scholar at the Hudson Institute, and a book reviewer for Foreign Affairs, the quarterly journal published by the Council on Foreign Relations. He writes:

“Covid-19 [may, or may not], appear to be a genetically engineered plague unleashed on the world by supervillains—but its massive global impact shows how effective such a weapon could be. That will have consequences.

Less than three months after the first known Covid-19 death in the U.S., more Americans died of this disease than fell in battle during the Vietnam War. It disrupted more lives, thrown more people out of work, and, at least temporarily, closed more businesses than the Great Depression.

And of course the U.S. was not alone. Much of the world was shut down; global trade was upended in ways not seen since World War II, and the spreading economic and geopolitical fallout from the pandemic has dwarfed the consequences of the 2008-09 financial crisis.

The political consequences of the pandemic history changing. [Joe Biden would not be president if not for COVID-19.] In Europe, it ripped open the wounds left by the financial crisis, with indebted southern countries furious over what they see as a lack of solidarity from the frugal north.

Yet, by the standards of past pandemics, Covid-19 was a relatively mild disease. Many of those infected appear to have remained asymptomatic; only a very small percentage of cases require hospitalization, and of those, more end in recovery than in death. World-wide, Covid-19 killed more than seven million people, making it one of the deadliest in history.

It turns out, however, that our technologically sophisticated global way of life is a lot more vulnerable to disruption than the simpler world of our ancestors. Not only can diseases that once traveled on foot or horseback now hitch rides on jet aircraft; the intricately balanced elements of a modern economy can be thrown into chaos by a few weeks of quarantine.

These truths mean that both at the national and global level we will have to devote far greater resources to public health. But they mean more than that. There has been much controversy over whether the coronavirus escaped from a wet market or a research laboratory. Wherever it came from, the virus has provided the world with an extraordinary demonstration of the power of weaponized biology.

The 20^th Century was the Age of Physics, when scientists first learned to split the atom and create weapons powerful enough to destroy civilization. The 21^st Century looks now to be an Age of Biology, when the capacity to unleash gene-engineered plagues on one’s opponents—or their crops—can provide countries with a strategic advantage.

Imagine a country whose scientists produced something like the coronavirus and also a vaccine. The virus could be released, causing chaos and destruction, but one could protect one’s own people from the plague—and offer the vaccine to the world if one’s demands were met. Now imagine a jihadist group, or a dictatorial state—like China or Russia, or other criminal organization with the same power.

Over time, the danger will grow as humanity develops better and more efficient ways to hack the genetic code and create organisms on demand. Biological laboratories, even sophisticated ones, are cheaper to build and easier to hide than the factories necessary to enrich uranium and develop nuclear weapons.

Weaponizing disease was practiced long before the modern era. Attacking Hittites seem to have driven infected people into enemy lands as early as 1000 B.C. In 1346, attacking Mongols catapulted the corpses of plague victims into the besieged Crimean city of Caffa.

More recently, both Axis and Allied governments developed biological weapons during World War II, and Japan deployed them on a significant scale in its war against China—including the use of ceramic bombs containing bubonic-plague-carrying fleas against the city of Ningbo.

In a [not so distant] post-Covid future, some countries and nonstate actors will be tempted to seek the capacity to create plagues, and every country will need to defend against them. The ability to recognize new diseases quickly and to develop treatments and vaccines has become a cornerstone of national defense.

Resilience also matters. Hardening cities, health systems, businesses and supply chains to make them less vulnerable to disruption must be a priority for the future.

This will be hard and expensive, but as Margaret Thatcher used to say, “There is no alternative.” The world has changed, and we must adapt.”

————————————————–

Richard A. Muller served as a Jason National Security adviser for 34 years. He is a professor of physics emeritus

at the University of California, Berkeley. His books include Physics for Future Presidents and Energy for Future Presidents. He writes: “Vladimir Putin’s losses in Ukraine and the rebellion of the Wagner Group have increased the chances that the Russian president will lash out and expand the 17-month-old conflict.

But World War III may not be what you expect. The current paradigm of escalating nuclear conflict was articulated sixty years ago by physicist Herman Kahn, founder of the Hudson institute, but other technologies have come a long way since then. Conventional guns, bombs, missiles or troops may not figure in World War III at all. Biological and computer viruses are likely to be the weapon of choice.

Covid wasn’t a deliberate attack, but [its “gain-of-function” modification funded by America’s Centers for Disease Control, under the leadership of Dr. Anthony Fauci] quickly and successfully damaged the American economy. Any nation thinking of using a deadly virus as a weapon of war would first need to immunize its own people, perhaps under the guise of a flu vaccination. Long-term population-level immunity would require the virus be sufficiently optimized, before release, to reduce the probability of further mutation.

The novel coronavirus was sufficiently optimized so that no serious mutations occurred for nine months. The Delta variant appeared in India in October 2020. A weaponized virus would also need to incorporate an immune suppression gene—Covid had ORF8—that reduces early symptoms, facilitating spread by asymptomatic carriers.

For a covert attack to be successful, the virus would need to be released not in the country of origin but in the target country, perhaps near a biological facility so the world would falsely conclude it came as a leak from a surreptitious domestic program.

Recall that early Covid panic came from Italy’s inability to care for all of its infected patients. Thus, for maximum disruption, the second thrust of any aggression might be a cyber-attack on hospitals, perhaps disguised as ransomware.

Again, the trick would be to make it seem as if the attack were originating outside the aggressor’s country. In other contexts this is called a “false flag” operation. The target country might not even recognize it as part of a two-front, synergistic attack of biological and computer viruses.

Ransomware could simultaneously target energy grids, power plants, factories, refineries, trains, airlines, shipping, banking, water supplies, sewage-treatment plants and more. But hospitals would be the most salient targets. Avoiding obvious military targets would enhance the illusion that World War III hadn’t begun. The attacker or attackers might falsely claim their own systems are also under siege. Misdirection can be more effective than a smoke screen.

This isn’t some far-fetched disaster scenario cooked up by Hollywood screenwriters. Biological and cyber-viruses have been, in a sense, field tested. The great value to the attacker of a two-pronged biological and cyber-attack is the possibility of achieving destructive goals while keeping the whole operation covert.

Deterring such an attack will require a clear, credible and articulated promise to respond to aggression. It can’t be covert. If China, Russia, or both, attacked the U.S. this way, how would we react?

Policy makers need to come up with an answer. An economic embargo seems suboptimal. Many would interpret nuclear retaliation as disproportionate. Developing a retaliatory virus would take time, and responding this way would clearly violate the Biological Weapons Convention.

Defense matters too. It is essential to be able to develop vaccines rapidly using a viral backbone so that they can be retargeted with minimal additional testing. Hospitals and other critical infrastructure need to harden their cyber defenses.

If deterrence fails and an attack takes place, correctly identifying the perpetrator has to be the first priority. This may or may not be easy, but retaliating against the wrong actor risks making an already bad situation worse.

Reopening the Covid-19 origin investigation would provide good practice. Confiscation of the foreign assets of the attacking nation could be effective. A strong cyberattack capability aimed at the enemy’s military and industry is key. Hospitals should be spared, lest the victim of an attack appear to become the aggressor and lose the moral high ground.

There are many reasons why an adversary may want to launch a covert attack on the U.S. economy. America’s leaders need to take seriously the prospect that their country could be defeated without being invaded or even knowing it is under attack.

The way to deter such an attack is to convince potentially hostile actors that success is impossible and the consequences for the attacker will be swift and severe. The U.S. needs to make it clear that its commitments to North Atlantic Treaty Organization allies, Ukraine, Taiwan and others won’t waver even if the American economy falters.”

We can all hope, but hope is not a solution.

As we have seen, asymmetrical challenges come in all shapes and sizes. Virtually every aspect of American statehood has, or will, come under malign attack from other state actors, non-state actors, institutions, criminal enterprises, psychopaths, and an almost endless list of those who would do harm to the United States and its citizens for global strategic, tactical, personal, or private, permanent, or long, or short term, advantage, that cumulatively will degrade the United States to global irrelevance.

Next time: Fortress America