U.S. China Commission Emails HackedU.S. China Commission Emails Hacked
Was Indian hacker group's alleged hack for India or China?
January 10, 2012
Attackers out of India reportedly hacked the emails of the U.S. organization commissioned with handling economic and security relations with China.
The U.S.-China Economic and Security Review Commission -- best known in the security industry for its reports calling out China for its pervasive cyberespionage activities against the U.S. -- has contacted U.S. authorities to investigate the online leak of what appears to be stolen emails and evidence of calls for targeting the Commission, according to a report by Reuters.
It remains unclear whether the hackers might have been spying on the commission for India's own benefit or on behalf of China.
"If true, it certainly has a dose of irony to it. The Indians have had many disputes with the Chinese over the years, and it seems odd to spy on a U.S. commission [whose] goal is to publicly publish their findings. Perhaps they were looking for dirt that may be too sensitive for the commission to publish," says Chester Wisniewski, a senior security adviser at Sophos Canada, of reports of the email hack. "What is probably more interesting is what these guys didn’t get [or] didn’t release."
The hackers behind the latest caper have been identified by some experts as the so-called Lords of Dharmaraja, the same group that claims to have grabbed Symantec's Norton antivirus source code. While Symantec confirmed that a hacking group had accessed some of the source code of its Norton Antivirus product, it said the code was old and not stolen directly from Symantec servers.
The data posted by the hacker group on Pastebin was documentation related to an API used in Norton Antivirus, and dates from April 1999, according to Symantec. But the Lords of Dharmaraja also shared source code associated with the 2006 version of the antivirus product with Infosec Island.
Sophos' Wisniewski says some of the Indian hacker group's claims seem questionable, but they do have source code. And that could indicate they have some legit stolen information from other sources, he says. "I saw the reports from the same hackers who seem to have acquired the Symantec source code, allegedly from hacking some Indian military systems. Some of their claims appear to be slightly dubious, although they clearly do have the source code, so we could infer that some of the other materials may, in fact, also be legitimate and unaltered," he says.
The hackers posted on Pastebin a document that allegedly comes from Indian military intelligence and includes plans to employ backdoor access provided by mobile phone makers. The document says India struck technology deals for backdoor access with Research In Motion, Nokia, and Apple in exchange for providing access to the Indian mobile market. Apple has denied providing the Indian government with a backdoor to its mobile products. In its 2010 annual report (PDF), the U.S.-China Economic and Security Review Commission said that the Chinese government, its Communist Party, and Chinese individuals and organizations were hacking into American networks, as well as other nations'.
"Recent high-profile, China-based computer exploitations continue to suggest some level of state support. Indicators include the massive scale of these exploitations and the extensive intelligence and reconnaissance components," the report says. "The methods used during these activities are generally more sophisticated than techniques used in previous exploitations. Those responsible for these acts increasingly leverage social networking tools as well as malicious software tied to the criminal underground."
The Commission recommended that Congress ask the Oval Office to issue regular reports on these types of targeted attacks against federal agencies. "To the extent feasible, these reports should indicate points of origin for this malicious activity and planned measures to mitigate and prevent future exploitations and attacks," the report says.
Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.
About the Author(s)
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023