Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

1/10/2012
05:46 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

U.S. China Commission Emails Hacked

Was Indian hacker group's alleged hack for India or China?

Attackers out of India reportedly hacked the emails of the U.S. organization commissioned with handling economic and security relations with China.

The U.S.-China Economic and Security Review Commission -- best known in the security industry for its reports calling out China for its pervasive cyberespionage activities against the U.S. -- has contacted U.S. authorities to investigate the online leak of what appears to be stolen emails and evidence of calls for targeting the Commission, according to a report by Reuters.

It remains unclear whether the hackers might have been spying on the commission for India's own benefit or on behalf of China.

"If true, it certainly has a dose of irony to it. The Indians have had many disputes with the Chinese over the years, and it seems odd to spy on a U.S. commission [whose] goal is to publicly publish their findings. Perhaps they were looking for dirt that may be too sensitive for the commission to publish," says Chester Wisniewski, a senior security adviser at Sophos Canada, of reports of the email hack. "What is probably more interesting is what these guys didn’t get [or] didn’t release."

The hackers behind the latest caper have been identified by some experts as the so-called Lords of Dharmaraja, the same group that claims to have grabbed Symantec's Norton antivirus source code. While Symantec confirmed that a hacking group had accessed some of the source code of its Norton Antivirus product, it said the code was old and not stolen directly from Symantec servers.

The data posted by the hacker group on Pastebin was documentation related to an API used in Norton Antivirus, and dates from April 1999, according to Symantec. But the Lords of Dharmaraja also shared source code associated with the 2006 version of the antivirus product with Infosec Island.

Sophos' Wisniewski says some of the Indian hacker group's claims seem questionable, but they do have source code. And that could indicate they have some legit stolen information from other sources, he says. "I saw the reports from the same hackers who seem to have acquired the Symantec source code, allegedly from hacking some Indian military systems. Some of their claims appear to be slightly dubious, although they clearly do have the source code, so we could infer that some of the other materials may, in fact, also be legitimate and unaltered," he says.

The hackers posted on Pastebin a document that allegedly comes from Indian military intelligence and includes plans to employ backdoor access provided by mobile phone makers. The document says India struck technology deals for backdoor access with Research In Motion, Nokia, and Apple in exchange for providing access to the Indian mobile market. Apple has denied providing the Indian government with a backdoor to its mobile products. In its 2010 annual report (PDF), the U.S.-China Economic and Security Review Commission said that the Chinese government, its Communist Party, and Chinese individuals and organizations were hacking into American networks, as well as other nations'.

"Recent high-profile, China-based computer exploitations continue to suggest some level of state support. Indicators include the massive scale of these exploitations and the extensive intelligence and reconnaissance components," the report says. "The methods used during these activities are generally more sophisticated than techniques used in previous exploitations. Those responsible for these acts increasingly leverage social networking tools as well as malicious software tied to the criminal underground."

The Commission recommended that Congress ask the Oval Office to issue regular reports on these types of targeted attacks against federal agencies. "To the extent feasible, these reports should indicate points of origin for this malicious activity and planned measures to mitigate and prevent future exploitations and attacks," the report says.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
7 Tips for Choosing Security Metrics That Matter
Ericka Chickowski, Contributing Writer,  10/19/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-4564
PUBLISHED: 2020-10-20
IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 6.0.3.1 and IBM Sterling File Gateway 2.2.0.0 through 6.0.3.1 are vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially lea...
CVE-2020-4748
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188517.
CVE-2020-4749
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to the insecure link ...
CVE-2020-4755
PUBLISHED: 2020-10-20
IBM Spectrum Scale 5.0.0 through 5.0.5.2 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: 188595.
CVE-2020-4756
PUBLISHED: 2020-10-20
IBM Spectrum Scale V4.2.0.0 through V4.2.3.23 and V5.0.0.0 through V5.0.5.2 as well as IBM Elastic Storage System 6.0.0 through 6.0.1.0 could allow a local attacker to invoke a subset of ioctls on the device with invalid arguments that could crash the keneral and cause a denial of service. IBM X-For...