Global Market Data
Tales from the Trail
Lucy P. Marcus
David Cay Johnston
The Great Debate
Macro & Markets
Personal Finance Video
Life & Culture
Amazon may miss earnings estimates
Despite strong holiday sales and analyst optimism, StarMine analyst Sri Raman says Amazon.com is one of the companies most likely to miss earnings estimates for Q4. Video
TV makers battle at CES
Ultrabook, smartphones take CES stage
The buzz on the top tech show
A $15 million makeover
Aching thumbs? Try the virtual keyboard
Pot smokers don't puff away lung health: study
Bomb kills Iran nuclear scientist as crisis mounts
Mafia now "Italy's No.1 bank" as crisis bites: report
10 Jan 2012
Gay marriage a threat to humanity's future: Pope
09 Jan 2012
Solar stocks soar on strong Germany, improved prices
Huntsman outraged at ad targeting adopted daughters
Obama to help unveil ”realistic” military plan
Gay marriage a threat to humanity’s future-Pope
Bungee jumper plummets into Zimbabwe river
Sun, Jan 8 2012
Russian warships arrive in Syria
Mon, Jan 9 2012
Polish prosecutor shoots himself
Mon, Jan 9 2012
Fake memo but real code? India-U.S. hacking mystery deepens
U.S. authorities probe U.S.-China commission email hack
Tue, Jan 10 2012
UPDATE 3-U.S. authorities probe U.S.-China commission email hack
Tue, Jan 10 2012
China warns U.S. to be "careful" in military refocus
Mon, Jan 9 2012
GSM phones vulnerable to hijack scams -researcher
Tue, Dec 27 2011
Pakistan president vows defiance as crises mount
Tue, Dec 27 2011
Analysis & Opinion
Failing to learn: US resumes drone attacks in Pakistan
Indian Muslims demand Salman Rushdie be denied entry over 1989 blasphemy charge
By Frank Jack Daniel
NEW DELHI |
Wed Jan 11, 2012 1:49pm EST
NEW DELHI (Reuters) - A memo that triggered a U.S. investigation into a possible cyber-attack by Indian military intelligence is probably a fake, but it is clear from leaked documents that serious security breaches did take place.
A little-known hacker group, 'Lords of Dharmaraja', began posting the documents last year, but only drew widespread attention after the anti-virus software firm Symantec confirmed on Saturday that a segment of its source code had been accessed by the group.
Reuters has obtained a large digital cache appearing to contain emails that were posted by the group but were quickly blocked by file-sharing sites.
Dated between April and October last year, many of the emails were addressed to Bill Reinsch, a member of an official U.S. commission monitoring economic and security ties between the United States and China, including cyber-security issues.
Military and cyber-security experts in India say the hackers may have created the purported military intelligence memo simply to draw attention to their work, or to taint relations between close allies India and the United States.
"There is some malicious intent, but to try and work out who has done it, given the current nature of the Internet, is an exercise in futility," said Cherian Samuel, a specialist on cyber-security and Indo-U.S. relations at India's Defense Ministry-funded Institute for Defense Studies and Analyses.
Speculation has focused on India's neighbors, arch-rival Pakistan and China, both of which are active in cyber-operations.
"It's also possible that Pakistan's hackers have done it, or China's hackers," said Mukesh Saini, an expert on cyber-security who served on the secretariat of India's national security council, an intelligence agency, until 2006.
But if that were the case, he said, the attackers could be acting without state sponsorship.
"Pro-Indian and pro-Pakistan individuals and small hacker groups have been attacking each other's government and non-government websites, with or without the consent of their government, for a very long time," he said.
Two Washington sources close to the U.S. China Commission said that while they were positive the commission was a target for Chinese intelligence, they found it hard to believe its activities were of any interest to Indian intelligence.
They said it was possible that Chinese operatives forged the document to embarrass both the commission and the Indians.
Other Washington officials, however, said it was equally possible, if not more plausible, that the alleged Indian intelligence document was genuine and that the Indians were spying on the commission out of their own interest in learning about Washington's attitudes to China.
Genuine or not, the sophisticated language the document was written in suggests it was created by someone with a clear grasp of India's bureaucratic style.
Technology blog Infosec Island said on Wednesday it had seen more data obtained by the Lords of Dharmaraja, including dozens of usernames and passwords for compromised U.S. government network accounts.
Infosec Island blogger Anthony Freed said the hacker group claimed to have taken the data from servers belonging to India's Ministry of External Affairs and the Indian government's IT organization, among others.
Officials in India declined to comment on the document's content or authenticity.
The alleged memo (bit.ly/zYze7w), which had a number of inconsistencies, including the letterhead of a military intelligence unit not involved in surveillance, claimed India had been spying on the USCC using know-how provided by Western mobile phone manufacturers.
While the memo looks dubious, the U.S.-China Economic and Security Review Commission has not denied the veracity of the email cache, and U.S. authorities are investigating the matter.
The emails include conversations between U.S. embassy officials in Tripoli, DHL and General Electric about delivering medical equipment to Libya, as well as concerns that GE was helping China improve its jet engine industry.
It is unclear whether Lords of Dharmaraja got the emails from Indian military intelligence servers, as they claim, but they first mentioned the documents in November, at the same time as they announced they hacked India's embassy server in Paris.
That breach was confirmed at the time by India's foreign ministry, and some experts believe the cache of U.S. emails was taken from the same source, raising the question of how they ended up there in the first place.
"An individual could have hacked someone's personal computer and handed it over to the embassy. There are so many means and measures," said Saini, who himself was charged with leaking secrets to Washington in 2006. He proclaims his innocence.
"There may be cooperation between India and the United States, the United States may have shared them, or India could have done the hack ... or a third country may have handed it to India," said Saini.
It is also unclear how Symantec's source code ended up with the Lords of Dharmaraja, whose public face goes by the name Yamatough on a Twitter feed.
Yamatough, whose profile picture shows a Tibetan painting of Dharmaraja, the Hindu god of death and justice, follows many members of the "Anonymous" hacking collective, and Symantec attributes the hack to that group.
"We are still investigating exactly where or how Anonymous accessed the code, but to date we have found no evidence that we shared any information with the Indian government," Symantec said in a statement.
"If the Indian government was indeed in possession of the code - as Anonymous claims and which has not yet been verified - we have no indication that it came from Symantec or as a result of our software assurance processes."
(Additional reporting by Paul Eckert in WASHINGTON; Editing by John Chalmers and Ian Geoghegan)
Related Quotes and News
We welcome comments that advance the story through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can flag it to our editors by using the report abuse links. Views expressed in the comments do not represent those of Reuters. For more information on our comment policy, see http://blogs.reuters.com/fulldisclosure/2010/09/27/toward-a-more-thoughtful-conversation-on-stories/
Be the first to comment on reuters.com.
Add yours using the box above.
Back to top
New York Legal
Support & Contact
Advertise With Us
Connect with Reuters
Our Flagship financial information platform incorporating Reuters Insider
An ultra-low latency infrastructure for electronic trading and data distribution
A connected approach to governance, risk and compliance
Our next generation legal research platform
Our global tax workstation
About Thomson Reuters
Thomson Reuters is the world's largest international multimedia news agency, providing investing news, world news, business news, technology news, headline news, small business news, news alerts, personal finance, stock market, and mutual funds information available on Reuters.com, video, mobile, and interactive television platforms. Thomson Reuters journalists are subject to an Editorial Handbook which requires fair presentation and disclosure of relevant interests.
NYSE and AMEX quotes delayed by at least 20 minutes. Nasdaq delayed by at least 15 minutes. For a complete list of exchanges and delays, please click here.