In association with heise online

10 January 2012, 13:07

Did Symantec source code hack reveal Indian phone surveillance?

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Espionage icon Indian hackers have claimed to have breached a military intelligence server in India and obtained source code to two of Symantec's anti-virus enterprise security products, along with many documents. The attack and subsequent leaks of information have also led to speculation over the existence of a program to give the Indian intelligence agencies access to backdoors in mobile phones or their supporting infrastructure.

Symantec has played down the source code leak saying that the elements of the code that were leaked to reporters belonged to a 2006 edition of Symantec Endpoint Protection 11.0 and a discontinued version of Symantec Antivirus (10.2). The hackers, operating under the name "The Lords of Dharmaraja", dumped some of the documentation in a Pastebin posting saying they had "discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI". The documentation in the release was dated April 1999 and according to Symantec was from publicly available documentation.

On the day after the hackers posted their claims, Christopher Soghoian, a security and privacy researcher in the US, tweeted: "Hackers leak indian Military Intel memo suggesting Apple has provided intercept backdoor to govs", and linked to a gallery of images of a scanned document. This also refers to TANCS, as mentioned by the hackers pastebin posting, as the "Tactical Network for Cellular Surveillance". It also mentions a technical agreement with mobile manufacturers and listed RIM, Nokia and Apple as companies involved in providing backdoors to data networks. The rest of the document appeared to be emails between members of the US-China Economic and Security Review Commission. The authenticity of the document and the emails within it have not been independently verified.

According to a Reuters report, a spokesman for the US commission said they are aware of the reports and have "contacted relevant authorities to investigate the matter". The spokesman did not deny the authenticity of the emails contained within the letter. An Apple spokesperson told Reuters that the company had not provided the Indian government with backdoor access to its product. A RIM spokesperson said the company does not comment on rumour or speculation and Nokia's spokesperson declined to comment.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit