(Reuters) - U.S. authorities are investigating allegations that an Indian government spy unit hacked into emails of an official U.S. commission that monitors economic and security relations between the United States and China, including cyber-security issues.
The request for an investigation came after hackers posted on the Internet what purports to be an Indian military intelligence document on cyber-spying, which discusses plans to target the commission - apparently using technical know-how provided by Western mobile phone manufacturers.
Appended to the document are transcripts of what are said to be email exchanges among commission members.
“We are aware of these reports and have contacted relevant authorities to investigate the matter. We are unable to make further comments at this time,” said Jonathan Weston, a spokesman for the U.S.-China Economic and Security Review Commission.
The document’s authenticity could not be independently verified. But the U.S.-China commission is not denying the authenticity of the emails.
Officials in India declined to comment on the document’s content or authenticity. One India-based website quoted an unnamed army representative as denying India used mobile firms to spy on the commission and calling the documents forged.
Retired Brigadier Rumel Dahiya, Deputy Director General at India’s Defence Ministry-funded Institute for Defence Studies and Analyses, also said the document appeared to be a forgery.
“On the face of it, it doesn’t look like a genuine letter at all,” Dahiya, who served as a defense attache to Turkey, Syria and Lebanon, told Reuters.
“The subject that is there inside is not dealt with by the officer who is mentioned. I know that because I dealt with that office when I was a defense attache. This office deals only with defense attaches and foreign ministry cooperation.”
Dahiya said the letterhead and signature had been cut and pasted from another letter. He said he did not know whether the contents were genuine.
The purported memo says India cut a technological agreement - the details are not clear - with mobile phone manufacturers “in exchange for the Indian market presence.” It cites three: Research in Motion, maker of the BlackBerry; Nokia; and Apple.
Apple spokeswoman Trudy Muller said her company had not provided the Indian government with backdoor access to its products. A spokesman for RIM in India said the company does not typically comment on rumor or speculation. A spokesman for Nokia declined comment.
The U.S. Congress created the commission in 2000 to investigate and report on the national security implications of the economic relationship between the United States and China. The bipartisan, 12-member panel holds periodic hearings each year on China-related topics such as cyber security, weapons proliferation, energy, international trade compliance, and information policy.
The email breach, if confirmed, would be the latest in a series of cyber intrusions that have struck U.S. institutions ranging from the Pentagon and defense contractors to Google Inc.
A group calling itself the Lords of Dharmaraja said in an internet post that it had uncovered the hacking. It said it had discovered the source codes of a dozen software companies in Indian Military Intelligence servers.
A U.S. government official, who asked not to be identified, said the matter is under investigation. The FBI has jurisdiction to investigate cyber-hacking inside the United States. An FBI spokesman declined to comment.
Many of the previous hacks have been blamed on China.
India would be intensely interested in the official U.S. view of Beijing. Ties between the two countries, which fought a brief border war in 1962, remain difficult. New Delhi sees Beijing as a long-term rival.
Stewart Baker, a former cyber-security policy expert at the National Security Agency and U.S. Department of Homeland Security, said the commission “would be a high-priority target for China, since USCC has been one of the most vocal U.S. agencies in warning against Chinese hacking.”
“What’s interesting is that they seem to have become a target for India for the same reason,” Baker said. “If it’s genuine, it should cause red faces all around. At USCC for apparently getting hacked by Indian intelligence, and even more so at Indian intelligence for getting hacked by what may be a bunch of amateurs.”
The purported emails between U.S.-China commission staff members, dating from September and October 2011, include discussions of how senior analysts from the Office of the Director of National Intelligence were scheduling a classified briefing for commission officials on a forthcoming National Intelligence Estimate looking at global manufacturing trends.
The messages also contain discussions between commission staff members about legislation pending in Congress related to alleged currency manipulation by China.
In one email, a staff member, reacting to criticism that a China currency bill pending on Capitol Hill would be “ineffective,” argues: “Don’t make the perfect the enemy of the good; we should confront bullies even if there is a risk we will get punched back.”
The emails are attached to what purports to be a memo dated October 6 and signed by a Colonel Ishwar Singh of India’s Directorate General of Military Intelligence, Foreign Division.
In the memo, Singh describes how “the President” had given “sanction” to an operation “to gain access to USCC transmittals.” What “President” the memo is referring to is not further explained.
According to the memo, because “MI” - presumably Military Intelligence - had trouble accessing U.S.-China commission cyber networks, the “decision was made earlier this year to sign an agreement with mobile manufacturers (MM) in exchange for the Indian market presence.”
One U.S. law enforcement official said the commission would be a logical target for intense surveillance by Chinese authorities, since its principal mission was to produce policy studies and recommendations about the U.S.-China relationship.
In October 2009 the commission produced a detailed study on the “Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation.” A spokesman for the commission said it was working on a second study of cyber security issues related to China.
Additional reporting by Paul Eckert in Washington, Jim Finkle in Boston, Tarmo Virki in Helsinki, Devidutta Tripathy and Frank Jack Daniel in New Delhi and Alastair Sharp in Toronto; editing by Warren Strobel, Mohammad Zargham and Ian Geoghegan