Lords of Dharmaraja
Lords of Dharmaraja is the name of a hacker group, allegedly operating in India. This group came into the limelight for threatening to release the source code of Symantec's product Norton Antivirus, and for allegations on Government of India "arm-twisting" international mobile manufacturers to spy on United States-China Economic and Security Review Commission(USCC). Symantec has confirmed that the Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 version source code has been compromised and obtained by the group, while United States authorities are still investigating allegations suspecting India's hand in spying.
This group is alleged, to have hacked and posted a threat by uploading the secret documents, memos, and source code of Symantec's product on Pastebin - a website renowned for source code snippets upload by several users, for public viewing. The group, it seems, has uploaded some secret documents, revealing Indian government arm-twisting international mobile manufacturers like RIM, Apple, and Nokia to assist in spying USCC. In addition to these, the group seems to have claimed in discovering source code related to dozen software companies, which have signed agreements with the Indian TANCS programme and CBI.
After the hacker's posted their threats, Christopher Soghojan, a security and privacy researcher in USA, tweeted: "Hackers leak Indian Military Intel memo suggesting Apple has provided intercept backdoor to govs". He also provided the links to the gallery of images and documents. The documents appear to be related to Tactical Network for Cellular Surveillance (TANCS), technical agreement with mobile manufacturers, and email communication stuff associated with members of USCC.
As reported in The Times of India article, the group posted a statement on Pastebin website saying, "As of now, we start sharing with all our brothers and followers information from the Indian Militaty [sic] Intelligence servers, so far, we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI."
The group also said, "Now we release confidential documentation we encountered of Symantec corporation and it's Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies."
When a correspondent of The Times of India tried to reach an alleged member of the Lords of Dharamraja with the name "YamaTough," he did not reply. YamaTough also has a Twitter account; wherein, he described himself as an "anonymous [avenger] of Indian independence frontier."
As reported in The Times of India article, based on uploaded secret memos dated October 6, 2011, international mobile manufacturers like RIM, Apple, and Nokia along with domestic Micromax have given "backdoor access" for digital surveillance to Indian military intelligence officials in exchange for doing business in Indian market. In the memo, a decision was also made to sign an agreement with mobile manufacturers in exchange for "business presence" in the Indian market because military intelligence has no access to United States Chamber of Commerce's LAN due to VPN and communication gateways like POP servers, etc. The memos further reveal that this "backdoor" was allegedly used by Indian intelligence to spy on USCC.
As reported in Rediff.com article based on leaked documents, Indian Army's intelligence arm Military intelligence along with Central Bureau of Investigation(CBI) were performing bilateral cellular and Internet surveillance operations right from April 2011. Later, in July 2011, during a meeting of the sub-committee of Military Intelligence, a detailed Cyber Defence Plan for 2011 was prepared and subsequently Military intelligence-Central Bureau of Investigation "joint operations" are being conducted daily.
Another article on The Register based on uploaded documents says, "CYCADA" data intercept team are in operation on the networks using backdoors provided by mobile manufacturers. It also says that the leaked memos elicit conversations between members of USCC on currency issues and discussions on the western firms actions in assisting Chinese aircraft industry to improve its "avionics" and engine manufacturing too.
As reported by the news agency Reuters, USCC officials have asked the "concerned authorities to investigate the matter" and didn't dispute the authenticity of intercepted mails pointing the "backdoor channel" as evident in the leaked documents. Also reported on Hindustan Times, Jonathan Weston, a spokesman for USCC, said "We are aware of these reports and have contacted relevant authorities to investigate the matter." Apparently, US authorities are investigating the allegations pointing Indian government's spy-unit hacking into emails of US official panel - that monitors economic and security relations between United States and China.
Mobile manufacturer officials, more or less, refused to comment on the issue, when The Times of India contacted the relevant spokesmen or authorities. Alan Hely, a senior director of Corporate Communications at Apple Inc., refused to comment on the leaked documents, but he denied any backdoor access been provided. RIM too, refused to comment on the leaked memos as rumors or speculations, when The Register contacted them; besides, RIM countered them saying, "it does not do deals with specific countries and has no ability to provide its customer's encryption keys." A spokesman for Nokia was quoted as saying, "The company takes the privacy of customers and their data seriously and is committed to comply with all applicable data protection and privacy laws."
Speaking to Rediff.com on phone, Indian Army denied the reports of spying on USCC through mobile companies; however, military spokesman said that the uploaded documents were in fact forged with malicious intent.
Symantec's Anti-virus source code
The hacker's group threatened to publish the entire source code of Norton Antivirus, a Symantec's product, allegedly stolen after the group has discovered it, while hacking the servers associated with India's Military Intelligence. To add weight to its threats, the group posted some of the hacked source code to Pastebin.
Imperva, a data security company, commented on the hacker group's claims and threats as that would potentially be an embarrassment on Symantec's part. Rob Rachwald from Imperva speculated that the hacker group might have retrieved the files as because the files probably resided on a "test server" or were posted to FTP; consequently, exposing them mistakenly and became public unintentionally through negligence. He further said that, "governments do require source code of vendor products to prove that product is not spyware".
Symantec initially, tried to douse the fears saying that the documentation and preview code is nothing special; accordingly, Chris Paden from Symantec said that the published data and documents are no more than Symantec's API documentation which every software vendor, including Symantec will share with any client, including governments. Eventually, Symantec has confirmed that the source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 has been compromised to the hacker group.
- Hackers in India Leak Symantec Source Code
- SECTION - Update:
- US suspects India hand behind email hacking Archived 2012-01-13 at the Wayback Machine
- The hackers, operating under the name "The Lords of Dharmaraja", dumped some of the documentation in a Pastebin
- Rediff.com Hackers claim India spied on US Congress body; Army denies it
- In addition to the Symantec data, the group claimed to have discovered “source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI
- Christopher Soghoian, a security and privacy researcher in the US, tweeted:
- TOI News the group said in a statement posted on a website called Pastebin
- "Hackers in India Leak Symantec Source Code". Tomshardware.co.uk. 2012-01-06. Retrieved 2012-02-11.
- Twitter.com - LoD - @YamaTough Mumbai - Lords of Dharmaraja -Anonymous Avengers of Indian Independence Frontier
- TOI News TOI tried to reach YamaTough
- The memo revealed that the "backdoor" was allegedly used by Indian intelligence to spy on officials of United States-China Economic and Security Review Commission (USCC).
- Rediff.com 'Military Intelligence and the CBI have been conducting bilateral cellular and Internet surveillance operations since April 2011
- Discussions on the actions of Western firms helping the Chinese aircraft industry improve its avionics and engine manufacturing
- USCC officials on Monday told Reuters that the organization has "contacted relevant authorities to investigate the matter"
- Apple, RIM deny claims of data backdoor for Indian government
- TOI NewsRIM refused to comment on the matter
- Hackers claim India spied on US Congress body; Army denies it
- Security firm Imperva commented on the group's claims, noting that Indian group's actions are an embarrassment on Symantec's part
- Symantec has confirmed that the source code for Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 has been obtained by the group
- Rediff.com Symantec confirmed the break-in, but said the initial documents pertain to April 1999 and are no longer relevant for its current systems
- CNN-IBN or IBNLive - Fake memo but real code? India-US hacking mystery deepens
- BBC News - Symantec advises disabling pcAnywhere software - Blueprints
- msnbc.com - Symantec Says Anti-Virus Source Code Was Stolen Years Ago
- BusinessWorld - India-US Hacking Mystery Deepens[permanent dead link]
- zdnetasia.com - India allegedly hacks US-China trade watchdog
- wordpress.com - Lords of Dharmaraja hacking group claim to have access to part of Symantec's Norton source code
- Jordandirections.com - Symantec: parts of antivirus source code
- Forbes.com - Lords Of Kings Hack Norton Antivirus, Are You Safe?
- Symantec.com Security Community Blog
- SiliconIndia News - Indian Hackers: Threat to Symantec, Wreak Havoc
- CNET.com - Hackers release source code for Symantec's PCAnywhere
- Rediff.com - Hacking group's target is Sunil Mittal, wants 'pro-US' govt
- Fox News - Indian Intelligence Have U.S. Government Passwords, Hackers Claim
- eWeek Security Watch - Hackers' Threat to Publish Symantec Source Code Not a Reason to Worry
- The Times of India - Hackers expose Symantec source code
- Hacking News - Indian hacker group 'Lords of Dharmaraja' offers help to man suing Symantec
- The New York Times - Hackers Threaten to Post Source Code for Symantec Product
- Hindustan Times - Indian hackers offer help to man suing Symantec