Spy on USDocuments purportedly lifted from Indian government servers contain explosive allegations: that leading Western firms including Apple Corp., Research in Motion and Nokia provided the government with secret access to mobile devices their mobile operating systems- access that the Indian government then used to spy on official, high-level conversations about trade relations between the U.S. and China.

The documents, apparently leaked from the Indian Directorate General of Military Intelligence and dated October 6, describe an Indian government program dubbed RINOA SUR to get secret access to mobile devices running software by Apple, Research in Motion and Nokia (RINOA). The leaked documents suggest that Indian intelligence officers used the secret access to conduct surveillance of communications between members of the U.S.-China Economic and Security Review Commission (USCC), a U.S. government Commission that reports to Congress on the state of bilateral relations with the U.S. and the People’s Republic of China.

The leaked documents have not been verified by either the Indian government or the USCC. They first came to light after Christopher Soghoian, a fellow at Open Society Foundation and the Center for Applied Cybersecurity Research, published a link to scanned images of documents using a Twitter account. They are rumored to be part of a hoard of documents obtained by a domestic hacking group called the Lords of Dharmaraja. Among other things, that hack is alleged to have netted the group source code for the Symantec Norton Antivirus Product – code that was provided to the Indian government under an agreement between the government and Symantec.

In an e-mail statement, USCC Communications Director Jonathan Weston said that the Commission was aware of the reports of the leaked documents and had “contacted relevant authorities to investigate the matter,” but was unable to comment further. Weston declined to name the authorities that were notified of the breach.

Requests for comment from Apple, RIM and Nokia were not returned prior to publication of this story.

If legitimate, the leaked documents would be a serious security and intelligence failure for the Indian government, suggesting that sensitive and secret intelligence documents were residing on systems that were vulnerable to attack and data theft. It would also be direct evidence that government requests to private software firms for so-called “lawful intercept” capabilities are being used for intelligence gathering, not merely law enforcement.

The use of lawful intercept has become a contentious topic between civil liberties advocates and governments in the West as well as Asia. In October, the German government acknowledged that it employed a Trojan horse program dubbed “Quellen-TKU” to monitor a wide range of communications to and from persons of interest. The Trojan was allegedly installed by German police during customs checks. The popular revolts in Egypt also revealed the cooperation of a UK firm, Gamma, in helping authorities there spy on citizens using a program dubbed Finfisher. 

Countries like Dubai and India have also pressured Western technology firms, including Research in Motion, to provide them with tools to decrypt encrypted communications from their mobile devices

Categories: Cryptography, Government, Hacks, Mobile Security

Comment (1)

  1. Anonymous

    Nearly all governments give these companies a ultimatum, give access or get out, including the US Government. Printer companies are instructed to make faint yellow color codes on all copies, routers have backdoors, internet backbone has secret NSA rooms, all cell phones are tower GPS triangulated, recorded 8 times a hour, Mac’s have EFI, TOMTOM devices report your vehicle speed, ISP’s record all your website vists, OnStar is watching on you despite it not enabled, iPhones have been recording your location and all your activity, CarrierIQ Flash, HTML, Evercookies etc., etc…the list goes on and on and on, there is no rest or peace as the governments are in collusion with industry as a whole. In fact a top ex-NSA executive is in charge of Apple’s security. And what has been repeated over and over again, if there is a backdoor, placed there under the guise of a good intentions, will always be used for bad and against the user intentions. It’s the story of the snake who gives a mouse a ride across a river, the snake eats the mouse half-way across. Why? Because it’s a snake. Technology is the snake, the user of technology is the mouse.

Comments are closed.