Previously a group of Indian hackers called The Lords of Dharmaraja had posted documents that were pillaged during the hack of an Indian military network. That Pastebin post was removed, but can be viewed via Google cache.
The memo suggests that, “in exchange for the Indian market presence” mobile device manufacturers, including RIM, Nokia, and Apple (collectively defined in the document as “RINOA”) have agreed to provide backdoor access on their devices. The Indian government then “utilized backdoors provided by RINOA” to intercept internal emails of the U.S.-China Economic and Security Review Commission, a U.S. government body with a mandate to monitor, investigate and report to Congress on ‘the national security implications of the bilateral trade and economic relationship’ between the U.S. and China.
Although security and privacy researcher Christopher Soghoian tweeted about a possible “intercept backdoor” that Apple has provided to governments, (as seen in paragraphs 3 and 4 above), there were additional interesting insights found while reviewing other @csoghoian tweets. One said, “Instead of worrying about hackers getting access to 5+ year old Norton code we should worry about what NSA/US Military does with recent code.” In another, Soghoian tweeted,
Apparently it’s not just Apple, or even RINOA (RIM, Nokia, and Apple) according to this Twitter conversation between Soghoian and Morten Kaasa. Kaasa asked, “Who is less ‘evil’? Microsoft or Google? I suppose Apple is out…” to which Soghoian replied, “Microsoft has access to your data when you use Skydrive. Microsoft is quite open about it. Not real crypto.”
The ‘backstory’ of the hack, so to speech, was posted on Pastebin on December 21, claiming [precise quote typos and all]: “Our Pastebin account was locked and permanently deleted by unknown GVMNT losers. Well we know the reason Y – first of all We do not think Indian Intel is so braniac, It all comes down to USA LE fagots, since they do not want people know about their Secret Negotiations with Corporations and Governments what concerns CHINESE.” It included a Imgur link to documents called “the preview of the INDIAN MI spy prgramme called RINOA which they utilize to spy on USCC and so on.”
On Facebook, security software firm Symantec confirmed “that a segment of its source code used in two of our older enterprise products has been accessed, one of which has been discontinued. The code involved is four and five years old. This does not affect Symantec’s Norton products for our consumer customers.” Symantec said the source code was not stolen from its network, but from an unconfirmed third party. The Lords of Dharmaraja claimed to have snatched the files from Indian military intelligence servers.
Meanwhile cybersecurity guru Bruce Schneier agreed that exposed source code is not a big deal, but “Bad press is certainly Symantec’s biggest worry right now.” According to The Atlantic Wire, Schneier said, “The source code might have huge smoking guns.” And some of those smoking guns allegedly point to former CIA, U.S. law enforcement and Intelligence, at least according to an interview on InfoSec Island with Yama Tough — who was one of the hackers allegedly involved in the breach. In discussing the timeline to release the Norton source code, Tough wrote [another direct quote not rewritten for typos]:
As soon as we r over with the blockade we experience from Indian and US LE and Intel, since the issue not really in Symantec but In fact that India is spying on USCHINA ECON SEC commission (example William Reinsch Larry Wartzel, Dan Slane, Michael Dannis etc emails) we think since they are former CIA US and India block our mirrors and we have many of our brothers now under search and ceizure warrants pending Symantec is not a big deal they just happened to sign an agreement with Indian MI thats all the deal is what kind of stuff we;ve owneed by owneeing MEA servers…we expect to publish by 10th -16th this month.
Another document on Imgur is from the Embassy of Russian Federation complimenting the Department of Foreign Affairs and Trade, etc. It’s doubtful we’ve heard the last of The Lords of Dharmaraja AntiSec hack as details about big companies and government conspiring for backdoors and more surveillance will surely be dumped in due time.
Sometimes it seems like all the big players are surveillance bullies, so it’s no surprise that some hackers mean to expose it. Borrowing from Shinedown’s Bully lyrics, some hackers may be feeling like, “We don’t have to take this, back against the wall, we don’t have to take this, we can end it all.”