Lords of Dharmaraja

Lords of Dharmaraja is the name of a hacker group, allegedly operating in India. In 2012 the group threatened to release the source code of Symantec's product Norton Antivirus, and for allegations on Government of India "arm-twisting" international mobile manufacturers to spy on United States-China Economic and Security Review Commission(USCC). Symantec has confirmed that the Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 version source code has been compromised and obtained by the group, while United States authorities are still investigating allegations suspecting India's hand in spying.

The group is alleged to have hacked and posted a threat by uploading the secret documents, memos, and source code of Symantec's product on Pastebin - a website for source code snippets upload by several users, for public viewing. The group, it seems, has uploaded some secret documents, revealing Indian government arm-twisting international mobile manufacturers like RIM, Apple, and Nokia to assist in spying USCC. In addition to these, the group seems to have claimed in discovering source code related to dozen software companies, which have signed agreements with the Indian TANCS programme and CBI.

After the hacker's posted their threats, Christopher Soghojan, a security and privacy researcher in USA, tweeted: "Hackers leak Indian Military Intel memo suggesting Apple has provided intercept backdoor to govs". He also provided the links to the gallery of images and documents. The documents appear to be related to Tactical Network for Cellular Surveillance (TANCS), technical agreement with mobile manufacturers, and email communication stuff associated with members of USCC.

Their claims
As reported in The Times of India, in 2012 the group posted a statement on Pastebin website saying, "As of now, we start sharing with all our brothers and followers information from the Indian Military Intelligence servers, so far, we have discovered within the Indian Spy Programme source codes of a dozen software companies which have signed agreements with Indian TANCS programme and CBI."

The group also said, "Now we release confidential documentation we encountered of Symantec corporation and it's Norton AntiVirus source code which we are going to publish later on, we are working out mirrors as of now since we experience extreme pressure and censorship from US and India government agencies."

When a correspondent of The Times of India tried to reach an alleged member of the Lords of Dharamraja with the name "YamaTough," he did not reply. YamaTough also has a Twitter account; wherein, he described himself as an "anonymous [avenger] of Indian independence frontier."

Cyber spying
As reported in The Times of India article, based on uploaded secret memos dated October 6, 2011, international mobile manufacturers like RIM, Apple, and Nokia along with domestic Micromax have given "backdoor access" for digital surveillance to Indian military intelligence officials in exchange for doing business in Indian market. In the memo, a decision was also made to sign an agreement with mobile manufacturers in exchange for "business presence" in the Indian market because military intelligence has no access to United States Chamber of Commerce's LAN due to VPN and communication gateways like POP servers, etc. The memos further reveal that this "backdoor" was allegedly used by Indian intelligence to spy on USCC.

As reported in Rediff.com article based on leaked documents, Indian Army's intelligence arm Military intelligence along with Central Bureau of Investigation(CBI) were performing bilateral cellular and Internet surveillance operations right from April 2011. Later, in July 2011, during a meeting of the sub-committee of Military Intelligence, a detailed Cyber Defence Plan for 2011 was prepared and subsequently Military intelligence-Central Bureau of Investigation "joint operations" are being conducted daily.

Another article on The Register based on uploaded documents says, "CYCADA" data intercept team are in operation on the networks using backdoors provided by mobile manufacturers. It also says that the leaked memos elicit conversations between members of USCC on currency issues and discussions on the western firms actions in assisting Chinese aircraft industry to improve its "avionics" and engine manufacturing too.

As reported by the news agency Reuters, USCC officials have asked the "concerned authorities to investigate the matter" and didn't dispute the authenticity of intercepted mails pointing the "backdoor channel" as evident in the leaked documents. Also reported on Hindustan Times, Jonathan Weston, a spokesman for USCC, said "We are aware of these reports and have contacted relevant authorities to investigate the matter." Apparently, US authorities are investigating the allegations pointing Indian government's spy-unit hacking into emails of US official panel - that monitors economic and security relations between United States and China.

Mobile manufacturer officials, more or less, refused to comment on the issue, when The Times of India contacted the relevant spokesmen or authorities. Alan Hely, a senior director of Corporate Communications at Apple Inc., refused to comment on the leaked documents, but he denied any backdoor access been provided. RIM too, refused to comment on the leaked memos as rumors or speculations, when The Register contacted them; besides, RIM countered them saying, "it does not do deals with specific countries and has no ability to provide its customer's encryption keys." A spokesman for Nokia was quoted as saying, "The company takes the privacy of customers and their data seriously and is committed to comply with all applicable data protection and privacy laws."

Speaking to Rediff.com on phone, Indian Army denied the reports of spying on USCC through mobile companies; however, military spokesman said that the uploaded documents were in fact forged with malicious intent.

Symantec's Anti-virus source code
The hacker's group threatened to publish the entire source code of Norton Antivirus, a Symantec's product, allegedly stolen after the group has discovered it, while hacking the servers associated with India's Military Intelligence. To add weight to its threats, the group posted some of the hacked source code to Pastebin.

Imperva, a data security company, commented on the hacker group's claims and threats as that would potentially be an embarrassment on Symantec's part. Rob Rachwald from Imperva speculated that the hacker group might have retrieved the files as because the files probably resided on a "test server" or were posted to FTP; consequently, exposing them mistakenly and became public unintentionally through negligence. He further said that, "governments do require source code of vendor products to prove that product is not spyware".

Symantec initially, tried to douse the fears saying that the documentation and preview code is nothing special; accordingly, Chris Paden from Symantec said that the published data and documents are no more than Symantec's API documentation which every software vendor, including Symantec will share with any client, including governments. Eventually, Symantec has confirmed that the source code of Symantec Endpoint Protection 11.0 and Symantec Antivirus 10.2 has been compromised to the hacker group.