US probes India e-mail hack claim

2012-01-10 09:33

Washington - US authorities are investigating allegations that an Indian government spy unit hacked into e-mails of an official US commission that monitors economic and security relations between the US and China, including cyber-security issues.

The request for an investigation came after hackers posted on the internet what purports to be an Indian military intelligence document on cyber spying, which discusses plans to target the commission - apparently using technical expertise provided by Western mobile phone manufacturers.

Appended to the document are transcripts of what are said to be e-mail exchanges among commission members.

"We are aware of these reports and have contacted relevant authorities to investigate the matter. We are unable to make further comments at this time," said Jonathan Weston, a spokesperson for the US-China Economic and Security Review Commission.

The document's authenticity could not be independently verified. But the US-China commission is not denying the authenticity of the e-mails.

Backdoor access

Officials in India could not be reached for comment on the document's content or authenticity. One India-based website quoted an unnamed army representative as denying that India used mobile companies to spy on the commission and calling the documents forged.

The purported memo says that India cut a technological agreement - the details are not clear - with mobile phone manufacturers "in exchange for the Indian market presence".

It cites three: Research in Motion, maker of the BlackBerry; Nokia, and Apple.

Apple spokesperson Trudy Muller said her company had not provided the Indian government with backdoor access to its products. A spokesperson for Nokia declined comment; RIM officials could not be reached for comment.

The US Congress created the commission in 2000 to investigate and report on the national security implications of the economic relationship between the US and China.

The bipartisan, 12-member panel holds periodic hearings each year on China-related topics such as cyber security, weapons proliferation, energy, international trade compliance, and information policy.

The e-mail breach, if confirmed, would be the latest in a series of cyber intrusions that have struck US institutions ranging from the Pentagon and defence contractors to Google Inc.

Previous hacks

A group calling itself the Lords of Dharmaraja said in an internet post that it had uncovered the hacking. It said it had discovered the source codes of a dozen software companies in Indian Military Intelligence servers.

A US government official, who asked not to be identified, said the matter is under investigation. The FBI has jurisdiction to investigate cyber hacking inside the US. An FBI spokesperson declined to comment.

Many of the previous hacks have been blamed on China. In this case, it is unclear whether India might have been eavesdropping on the US-China commission for itself or sought to pass any information collected to authorities in China.

India would be intensely interested in the official US view of Beijing. Ties between the two countries, which fought a brief border war in 1962, remain difficult. New Delhi sees Beijing as a long-term rival.

Stewart Baker, a former cyber security policy expert at the National Security Agency and US Department of Homeland Security, said the commission "would be a high-priority target for China, since USCC has been one of the most vocal US agencies in warning against Chinese hacking".

"What's interesting is that they seem to have become a target for India for the same reason," Baker said.

"If it's genuine, it should cause red faces all around. At USCC for apparently getting hacked by Indian intelligence, and even more so at Indian intelligence for getting hacked by what may be a bunch of amateurs."

Pending legislation

The purported e-mails between US-China commission staff members, dating from September and October 2011, include discussions of how senior analysts from the Office of the Director of National Intelligence were scheduling a classified briefing for commission officials on a forthcoming National Intelligence Estimate looking at global manufacturing trends.

The messages also contain discussions between commission staff about legislation pending in Congress related to alleged currency manipulation by China.

In one e-mail, a staff member, reacting to criticism that a China currency bill pending on Capitol Hill would be "ineffective", argues: "Don't make the perfect the enemy of the good; we should confront bullies even if there is a risk we will get punched back."

The e-mails are attached to what purports to be a memo dated October 6 and signed by a Colonel Ishwal Singh of India's Directorate General of Military Intelligence, Foreign Division.

In the memo, Singh describes how "the President" had given "sanction" to an operation "to gain access to USCC transmittals". What "President" the memo is referring to is not further explained.

According to the memo, because "MI" - presumably Military Intelligence - had trouble accessing US-China commission cyber networks, the "decision was made earlier this year to sign an agreement with mobile manufacturers (MM) in exchange for the Indian market presence".

One US law enforcement official said the commission would be a logical target for intense surveillance by Chinese authorities, since its principal mission was to produce policy studies and recommendations about the US-China relationship.

In October 2009, the commission produced a detailed study on the "Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation".

A spokesperson for the commission said it was working on a second study of cyber security issues related to China.