Suspicion is growing that operatives in China, rather than India, were behind the hacking of emails of an official US commission that monitors relations between the United States and China, US officials said.
News of the hacking of the US-China Economic and Secu­rity Review Commission surfaced earlier this month when an amateur “hacktivist” group calling themselves The Lords of Dhararaja and purporting to operate in India published what it said was a memo from an Indian Military Intelligence unit to which extracts from commission emails were attached.
The Guardian’s own investigation, alongside that by Reuters, established that the memo itself – which claimed that Apple, Nokia and Black­Berry-maker RIM had given the India government and military a “back door” to spy on data traffic and conversations — was almost certainly faked.
The emails, however, appeared authentic.
Now US officials said on condition of anonymity that the roundabout way the commission’s emails were obtained strongly suggests the intrusion originated in China, possibly by amateurs, and not from India’s spy service.
A large cache of raw email data from the security breach, reviewed by Reuters, indicates that the principal target of the intruders was not the commission, but instead a Washington-based non-governmental pro-trade group called the National Foreign Trade Council (NFTC).
NFTC head William Reinsch said he could think of “no particular reason” why the Indian government or Indian h
First, the sources found it difficult to believe anyone connected with India would have made the effort to track down Reinsch or his NFTC account, whereas his chairmanship of the US-China Commission made him a potential major target for Chinese hackers
Secondly, said the sources, the fact that Reinsch’s NFTC emails were the principal target suggests that whoever hacked them was hunting for a soft target with poor cybersecurity.
Pinning down the origin and perpetrator of a particular cyber intrusion can be very difficult, if not impossible, as hackers frequently take steps to mask their identity or appear that they are from a third country.