Alleged Indian memo fake, but security breach real

Investigation of alleged U.S.-India hacking deepens as authorities speculate memo detailing potential cyberattack from Indian military intelligence was fake and had origins in Pakistan or China.
Written by Ellyne Phneah, Contributor

U.S. investigations of a memo alluding to a potential cyberattack from the Indian military intelligence have uncovered that the note is likely a fake but confirmed that a security breach did take place. Speculations of its origins are now focused on India's neighbours Pakistan and China.

U.S. authorities had commenced its investigation on hacker group "Lords of Dharmaraja" which posted e-mail exchanges between staff members at the U.S.-China Economic and Security Review Commission (USCC) as well as a document detailing India's plans for a cyberattack targeting the commission. The group alleged that the Indian intelligence unit had breached the USCC's e-mail system based on technological expertise obtained from Western mobile phone manufacturers.

Lords of Dharmaraja had also exposed Symantec's antivirus code last Friday in a security breach confirmed by the IT security vendor.

In a Reuters report Wednesday, Indian military and cybersecurity experts said hackers might have created the military intelligence memo to draw attention to their work, or taint relations between India and the United States.

"There is some malicious intent, but to try and work out who has done it, given the current nature of the Internet, is an exercise in futility," Cherian Samuel, cyber-security specialist and Indo-U.S. relations at India's Defense Ministry-funded Institute for Defense, said in the report.

Claiming India was spying on the USCC, the alleged memo had contained several inconsistences including the letterhead of a military intelligence unit not involved in surveillance. The "sophisticated" language of the documents also suggested it was created by someone who understood India's bureaucratic style.

Mukesh Saini, a cybersecurity expert who served on the secretariat of India's national security council until 2006, told Reuters there were "so many means and measures" the hackers could have done it. "There may be cooperation between India and the U.S. and the U.S. may have shared them, or India could've done the hack...or a third country may have handed it to India," said Saini, whom himself was charged with leaking secrets to Washington in 2006.

Speculations focus on India's neighbors
Citing two sources in Washington close to the U.S. China Commission, Reuters said while the U.S. was certain the commission was a target for Chinese intelligence, it was hard to believe the hacking activities were from Indian intelligence. The sources added that it could be possible Chinese hackers forged the document to embarrass the commission as well as the Indians.

Other Washington officials suggested it was also possible the alleged Indian intelligence documents were indeed legitimate and that Indians were spying on the commission to learn about Washington's attitudes toward China.

According to Saini, it may be possible that hackers from Pakistan or China were responsible for the breach. If that was the case, the attackers could be acting without state sponsorship, he said.

"Pro-Indian and pro-Pakistan individuals and small hacker groups have been attacking each other's government and non-government Web sites, with or without the consent of their government, for a very long time," he told Reuters.

Editorial standards