Update: Symantec Hacked in 2006? Claim Raises More Questions
Symantec now claims that the company's own networks were in fact breached back in 2006, leading to the loss of proprietary product data: "...an investigation into the matter had revealed that the company's networks had indeed been compromised"...
* * *
Update: Hacker to Release Symantec's PCAnywhere Source Code
"YamaTough, spokesperson for the hacktivist group “The Lords of Dharmaraja”, informed Infosec Island of plans to release source code for Symantec's PCAnywhere. The release is to be made prior to the threatened exposure of the full source code for the Norton antivirus..."
* * *
Update: Exclusive: Interview With Hacker YamaTough
* * *
The hacktivist responsible for exposing the source code for a leading antivirus product, as well as posting documents that showed the United States-China Economic and Security Review Commission (USCC) was possibly breached, has provided Infosec Island with evidence that Indian government operatives have successfully infiltrated other sensitive US government networks.
The saga began late last week when a hacktivist going by the handle “YamaTough” provided Infosec Island with a file alleged to contain the source code for Symantec’s Norton antivirus (NAV), which Symantec later confirmed was for older versions of the software dating from 2006.
The hacktivist claims the information was obtained from servers owned and operated by various ministries of the Indian government.
The news was quickly followed by reports on the posting of documents that appear to be from India’s Directorate General of Military Intelligence which refer to a program dubbed “RINOA SUR”, short for “RIM, Nokia and Apple” and “surveillance”.
The posted documents, which have not been confirmed as authentic by the Indian government, indicate that the mobile device producers may have voluntarily provided product information required for the development of backdoors that could be used for surveillance purposes in exchange for granting the companies access to the growing Indian marketplace.
Symantec has since denied providing the Indian government with the NAV source code, and both Apple and RIM have likewise denied any cooperation with Indian agencies, according to reports. Nokia has so far declined to comment on the allegations.
One of the alleged targets of the Indian intelligence operations is reported to have been the US-China Economic and Security Review Commission (USCC), created in the year 2000 “to monitor, investigate, and submit to Congress an annual report on the national security implications of the bilateral trade and economic relationship between the United States and the People’s Republic of China,” according to the organization’s website.
Each of these events individually could be considered of great importance from a security standpoint, and together they paint a picture of an overzealous Indian intelligence apparatus that provides a legitimate reason for concern by the US government.
Now YamaTough has provided potentially damning evidence that the Indian government is actively engaged in espionage efforts targeting not only the USCC, but potentially thousands of US government networks, ranging from those of federal agencies to systems used by state and municipal entities.
Infosec Island received what was described as merely a “sample”of what the group “The Lords of Dharmaraja” claim to have in their possession.
The data included sixty-eight sets of usernames and passwords for compromised US government network accounts which were said to have been acquired by hacking multiple servers belonging to India’s Ministry of External affairs (mea.gov.in) and the National Informatics Centre (nic.in), amongst others.
In the best interest of the federal, state and local municipalities and their constituents, Infosec Island will not publish the compromised account data. We have provided the information to the proper authorities and are fully cooperating with law enforcement, including delaying the publication of this article in an effort to avoid hindering their investigation.
YamaTough has also indicated the group is in possession of data from numerous companies other than Symantec, and they have yet to decide whether or not they will make the information public, though they have stated to Infosec Island that they may be inclined to do so.
As for the group’s motivations, YamaTough told Infosec Island that “The Lords of Dharmaraja” seek to undermine the current Indian “regime” in favor of a more solidly “pro-American” alternative, as well as lessening the influence of Indian telecom mogul Sunil Bharti Mittal, chairman and CEO of Bharti Enterprises.
“Our goal is Bharti Mittal go off political arena and stop manipulating our government,” the hacktivist stated.
“…my team is pro US, we fight for rights in our country we are not intentionally harm US companies (sometimes we do hack into since our botnet is worldwide) but we do not steal credit cards and make money of it and we do not do banks etc. Our mission - exposure of the corruption,” YamaTough continued.
“We wanna apologize for harm taken by the Symantec USCC and others, but without them being involved things which do occur in our state would never be covered and taken to the public, sometimes you have to sacrifice in order to achieve... and we do not approve sharing personal data and source codes with foreign governments. We want free and nice India and not police state,” YamaTough proclaimed.
Infosec Island will follow up this article with an exclusive interview with YamaTough that will contain more details of the group’s activities as well as analysis by leading security experts. Stay tuned…