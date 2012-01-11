* Original source of thousands of documents unknown
* Some Washington sources suspect Chinese role
* Tech blog: dozens of U.S. government passwords also hacked
By Frank Jack Daniel
NEW DELHI, Jan 11 A memo that triggered a
U.S. investigation into a possible cyber-attack by Indian
military intelligence is probably a fake, but it is clear from
leaked documents that serious security breaches did take place.
A little-known hacker group, 'Lords of Dharmaraja', began
posting the documents last year, but only drew widespread
attention after the anti-virus software firm Symantec
confirmed on Saturday that a segment of its source code had been
accessed by the group.
Reuters has obtained a large digital cache appearing to
contain emails that were posted by the group but were quickly
blocked by file-sharing sites.
Dated between April and October last year, many of the
emails were addressed to Bill Reinsch, a member of an official
U.S. commission monitoring economic and security ties between
the United States and China, including cyber-security issues.
Military and cyber-security experts in India say the hackers
may have created the purported military intelligence memo simply
to draw attention to their work, or to taint relations between
close allies India and the United States.
"There is some malicious intent, but to try and work out who
has done it, given the current nature of the Internet, is an
exercise in futility," said Cherian Samuel, a specialist on
cyber-security and Indo-U.S. relations at India's Defence
Ministry-funded Institute for Defence Studies and Analyses.
Speculation has focused on India's neighbours, arch-rival
Pakistan and China, both of which are active in
cyber-operations.
"It's also possible that Pakistan's hackers have done it, or
China's hackers," said Mukesh Saini, an expert on cyber-security
who served on the secretariat of India's national security
council, an intelligence agency, until 2006.
But if that were the case, he said, the attackers could be
acting without state sponsorship.
"Pro-Indian and pro-Pakistan individuals and small hacker
groups have been attacking each other's government and
non-government websites, with or without the consent of their
government, for a very long time," he said.
INCONSISTENCIES
Two Washington sources close to the U.S. China Commission
said that while they were positive the commission was a target
for Chinese intelligence, they found it hard to believe its
activities were of any interest to Indian intelligence.
They said it was possible that Chinese operatives
forged the document to embarrass both the commission and the
Indians.
Other Washington officials, however, said it was equally
possible, if not more plausible, that the alleged Indian
intelligence document was genuine and that the Indians were
spying on the commission out of their own interest in learning
about Washington's attitudes to China.
Genuine or not, the sophisticated language the document was
written in suggests it was created by someone with a clear grasp
of India's bureaucratic style.
Technology blog Infosec Island said on Wednesday it had seen
more data obtained by the Lords of Dharmaraja, including dozens
of usernames and passwords for compromised U.S. government
network accounts.
Infosec Island blogger Anthony Freed said the
hacker group claimed to have taken the data from servers
belonging to India's Ministry of External Affairs and the Indian
government's IT organisation, among others.
Officials in India declined to comment on the document's
content or authenticity.
The alleged memo (), which had a number
of inconsistencies, including the letterhead of a military
intelligence unit not involved in surveillance, claimed India
had been spying on the USCC using know-how provided by Western
mobile phone manufacturers.
While the memo looks dubious, the U.S.-China Economic and
Security Review Commission has not denied the veracity of the
email cache, and U.S. authorities are investigating the matter.
The emails include conversations between U.S. embassy
officials in Tripoli, DHL and General Electric
about delivering medical equipment to Libya, as well as concerns
that GE was helping China improve its jet engine industry.
"ANONYMOUS"
It is unclear whether Lords of Dharmaraja got the emails
from Indian military intelligence servers, as they claim, but
they first mentioned the documents in November, at the same time
as they announced they hacked India's embassy server in Paris.
That breach was confirmed at the time by India's foreign
ministry, and some experts believe the cache of U.S. emails was
taken from the same source, raising the question of how they
ended up there in the first place.
"An individual could have hacked someone's personal computer
and handed it over to the embassy. There are so many means and
measures," said Saini, who himself was charged with leaking
secrets to Washington in 2006. He proclaims his innocence.
"There may be cooperation between India and the United
States, the United States may have shared them, or India could
have done the hack ... or a third country may have handed it to
India," said Saini.
It is also unclear how Symantec's source code ended up with
the Lords of Dharmaraja, whose public face goes by the name
Yamatough on a Twitter feed.
Yamatough, whose profile picture shows a Tibetan painting of
Dharmaraja, the Hindu god of death and justice, follows many
members of the "Anonymous" hacking collective, and Symantec
attributes the hack to that group.
"We are still investigating exactly where or how Anonymous
accessed the code, but to date we have found no evidence that we
shared any information with the Indian government," Symantec
said in a statement.
"If the Indian government was indeed in possession of the
code - as Anonymous claims and which has not yet been verified -
we have no indication that it came from Symantec or as a result
of our software assurance processes."