There rarely is a dull moment in Indian politics. The latest is the hasty attempt to hush up the bugging of the finance ministry offices. Pranab Mukherjee, the finance minister himself has dismissed the episode as “bogus”. The Intelligence Bureau (IB) says no such bugging took place. And Home minister P. Chidambaran, to whom the IB reports, says he didn’t know about the bugging till he saw it in the newspapers last week. But the controversy refuses to die down.
According to The Indian Express which broke the story, on September 4, 2010, the Central Board of Direct Taxes (CBDT), an agency that reports to the Finance Ministry, brought in a team of private sleuths to conduct a security sweep of the offices to check for eavesdropping devices. They found “plantable adhesive substances” in 16 locations in the office of the Finance Minister, the offices of his long-time aide Omita Paul, and personal secretary Manoj Pant as well as two conference rooms. Groove marks were found on the “adhesive substances”, suggesting that bugging devices were planted and removed later to wipe out surveillance trail.
Three days later, Mukherjee wrote to the Prime Minister asking him to launch a “secret probe” into the “serious breach of security”. He said no “live microphone” or recording devices were found but it could have “wider ramifications”. The Prime Minister then directly tasked the then IB chief, Rajiv Mathur, to probe Mukherjee’s complaint rather than passing it on to Chidambaram. The IB conducted its investigations and reported that there was no breach of security. A Home Ministry official told The Economic Times, “The IB probe concluded that the adhesive may just be chewing gum left behind by careless visitors or maintenance staff. The matter was subsequently treated as closed around six months back.” But why would any visitor or cleaning staff discard chewing gum or adhesives in a minister’s high-security office?
The corridors of power are rife with conspiracy theories. Leading the suspect list is Mukherjee’s political opponents.
Observers point to the simmering mistrust within the higher echelons of government. Given that Mukherjee wields a great degree of influence within the UPA, and is a strong contender for prime ministership after Manmohan Singh, perhaps someone within the Congress party wanted to keep a tab on him or pull him down a notch or two. It’s not the first time that such cloak and dagger activities have come to light. In May 2010, Outlook magazine reported how senior leaders like Sharad Pawar and Digvijay Singh had been illegally tapped. Sources told the Outlook that during the July 2008 no-confidence motion on the Indo-US nuclear deal, bugging devices were used extensively to listen in on the conversations of opposition leaders. Years ago, Zail Singh, former president of India felt that the Rashtrapati Bhawan was tapped. He told Vir Sanghvi, well known columnist and former editor, Hindustan Times, that he made it a point to discuss sensitive matters in the garden. Key officials and journalists are on the government’s watch list and their cell phones are allegedly tapped regularly.
Another theory doing the rounds is that a business house had engineered the bugging. Sources told The Times of India, “There are many private sector players who could be interested. If they were aware of a particular meeting on a subject crucial to their bottom line, then a corporate could take such a risk,” he said. So if a corporate house was to “buy off a lower level staff”, these transmitters could be smuggled in. “And the easiest way to plant them is using adhesives,” he adds. But why would businessmen adopt such risky options when they can easily find out what they want through their informants in the ministry or political cronies?
Yet another theory is the involvement of the foreign hand. Agencies seeking policy-related information critical for their governments to gain advantage from Indian deals or projects could have planted the bugs. For instance, there have been periodic reports of attempts from China to access classified information. Last year, Chinese hackers tried taking over websites and email accounts of government officials. Sounds a bit farfetched though!
But there’s not enough evidence to conclusively prove any of the conspiracy theories.
Asked if Mukherjee’s office bugged, B. Raman, a former senior RAW official, told the Outlook magazine, “Circumstantially yes if one takes into account the important position occupied by him in the Cabinet, his important role involving sensitive discussions in his office on many sensitive issues of a political nature and the suspicion that there are question marks over his head in the Congress leadership. Technically, it would depend on where the adhesive material was found. If it was found at places easily visible to the naked eye, then the allegations may not be correct. If the adhesive was found at places not easily visible to the naked eye, the allegation will acquire some credibility.”
Had the bugging device been found, there would have been valid ground for the charges. With just “adhesives” stuck in 16 locations, there’s no way the bugging can be proved or traced. A retired senior official known for his expertise in technical intelligence told The Times of India that as a snooping operation, it was poorly done. “There are far more sophisticated ways of monitoring,” he said. For instance, the telephone could have been converted into a transmitter, using laser beams. Solar-charged transmitters could have been planted in photo-frames etc. “Adhesives are used to stick transmitters that secretly record voice in a premise. It is then transmitted to a recorder kept at a distance. If this was the case in Mukherjee’s office, he may have been either a victim of a one-off snooping for a few hours, or sustained snooping over a long period of time,” the official added.
The speculation will continue. And we’ll likely never know the truth.
BERLIN – A German chemicals company said Monday its managers have started keeping their mobile phones in biscuit tins during meetings in order to guard against industrial espionage.
“Experts have told us that mobile phones are being eavesdropped on more and more, even when they are switched off,” Alexandra Boy, spokeswoman for Essen-based speciality chemicals maker Evonik, told AFP.
“The measure applies mostly when sensitive issues are being discussed, for the most part in research and development,” she said, confirming a report in business weekly Wirtschaftswoche.
Biscuit tins have a so-called Farraday cage effect, she said, blocking out electromagnetic radiation and therefore stopping people hacking into mobile phones, not only for calls but also to get hold of emails.
The firm, with 34,000 employees and sales of 13 billion euros (S$22.8 billion), is not alone in wanting to defend itself against what experts warn are increasingly sophisticated methods of industrial espionage.
This month the German government opened a new national centre in Bonn to coordinate efforts not only to protect firms from espionage but also state infrastructure from cyber attacks.
The network of defense contractor Lockheed-Martin was attacked using counterfeit electronic keys. Since the RSA Security network was hacked and the keys to its SecurID tokens were compromised a few months ago, the world has been waiting for the proverbial other shoe to drop. Well, it dropped.
In an analysis of the breach at RSA Security, NSS Labs predicted, “This was a strategic move to grab the virtual keys to RSA’s customers–who are the most security conscious in the world. One or several RSA clients are likely the ultimate target of this attack. Military, financial, governmental, and other organizations with critical intellectual property, plans and finances are at risk.”
Cyber attacks have evolved into precision tools for corporate and government espionage.Since the compromise of the SecurID keys, there have been malware and phishing campaigns probing for specific data connecting RSA tokens to the end-user, suggesting that those attacks were being conducted by the original RSA Security attackers with a goal in mind.
Most crimes are crimes of opportunity, and most crimes of opportunity can be avoided. Stay in populated, well-lit areas, and you’re relatively safe. Walk down dark, deserted alleys and your odds of getting mugged go up. Lock your car doors and keep valuable hidden, and you probably won’t get things stolen. Leave your car unlocked with your iPad sitting on the passenger seat and it probably won’t be there when you get back.
However, avoiding a targeted attack–a stalker dedicated to trailing you specifically–is much more difficult. The attack against RSA Security does not appear to have been a random crime of opportunity, but rather a targeted attack calculated with the goal of acquiring the keys necessary to tackle larger prey like Lockheed-Martin.
I am sure that Lockheed-Martin and the United States government have information security experts much smarter than me investigating these incidents and connecting the dots, but it certainly seems at face value like either a state-sponsored attack, or an attack by well-funded hackers with the intent to market whatever information can be extracted internationally to other governments.
Thankfully, Lockheed-Martin detected the attack and acted quickly to thwart it. A spokesperson for Lockheed-Martin reports that no customer, program, or employee data has been compromised as a result of this attack.
But, the entire incident–starting from the RSA Security attack and compromise of the SecurID tokens, and ending at Lockheed-Martin–illustrates that malware and cyber-crime are becoming more insidious. Malware has evolved from a trivial, script-kiddie nuisance, to a professional crime syndicate, and now into a tool for precision corporate and government espionage.
PARIS — French automaker Renault SA named a top executive of Nissan Americas as its new chief operating officer on Monday, in an effort to move on from an embarrassing scandal around false accusations of espionage.
The partially state-owned French car maker said Carlos Tavares, head of operations at the U.S. division of Renault partner Nissan(NSANY), will take up the post immediately.
In a statement, Carlos Ghosn, the CEO of both Renault and Nissan, called the appointment of longtime Renault veteran Tavares “a first step in strengthening Renault’s management.”
Also Monday, Nissan Motor Co. Ltd. said Colin Dodge, its chief performance officer and chairman of Africa, Middle East, India and Europe, will take on the Americas post that had been held by Tavares.
Renault in April announced a wide-scale corporate shakeout — including the ouster of Patrick Pelata from the COO post — over a scandal over false accusations against three executives for espionage.
When the scandal was made public early this year, Pelata accused the three executives of masterminding an “organized, international network” to obtain information on Renault’s flagship electric car program.
The three were suspended Jan. 11 after Renault announced it had discovered signs of espionage and proof the men had received “funds from a foreign source,” and accused them of selling strategic information.
The executives had strongly denied the allegations and investigators could not verify them. Renault sent a deep apology to the wrongly accused employees in March.
Three of Renault’s top security officers and its legal counsel lost their jobs in the scandal, and Ghosn responded by announcing that he would waive all stock option benefits for this year and bonuses for 2010.
The three wrongly accused executives have since reached settlements with Renault, which the car maker did not make public.
Shortly after the scandal broke, Industry Minister Eric Besson spoke openly of “economic warfare” against one of France’s top industrial giants — and one lawmaker from French President Nicolas Sarkozy’s party floated an unspecified “Chinese buyer” connection on French radio.
China’s foreign ministry rejected that allegation by Bernard Carayon, a conservative UMP party lawmaker, as “totally groundless, irresponsible and unacceptable.”
CANBERRA (Reuters) – Australia will a develop a cyber defence strategy to combat hacking and electronic espionage, the government said on Friday, responding to what it sees as an increased threat after recent cyber attacks on global companies and government officials.
The United States said this week it was assessing whether security had been compromised after Google Inc revealed a major hacker attack targeting U.S. officials that the Internet giant pegged to China.
Google’s hacking has fuelled debate in Washington over China’s intentions in cyberspace, which the United States has identified as a potential flashpoint for future conflict.
Australia’s cyber defence blueprint will confront the growing threat posed by electronic espionage, theft and state-sponsored cyber attack, Attorney-General Robert McClelland and Defence Minister Stepehen Smith said.
“The Cyber White Paper will examine what we need to do to protect ourselves online, the role of government, industry and the public in protecting our interests,” McClelland told a cyber security function in Sydney.
The strategy paper, to be completed in the first half of 2012, would look at a broad range of areas including consumer protection, cyber safety, cyber crime, cyber security and cyber defence, McClelland said.
Google announced on Wednesday that suspected Chinese hackers tried to steal passwords of hundreds of Google email account holders, including senior U.S. government officials, Chinese activists and journalists.
The allegations by the world’s largest Web search company sparked an angry response from Beijing, which said blaming China was “unacceptable”.
Australia’s parliament came under cyber attack in February, with the computers of at least 10 federal ministers including Prime Minister Julia Gillard and Defence Minister Stephen Smith, targeted and confidential emails possibly accessed.
Chinese intelligence agencies were among a list of foreign hackers suspected of being behind those raids, which followed similar breaches in France concerning computer network information about the Group of 20 wealthy nations.
McClelland earlier this week urged companies to tighten vigilance over cyber attacks launched offshore against some of the world’s biggest resource firms and other businesses, warning high-tech threats were intensifying.
The head of Australia’s Department of Foreign Affairs, Dennis Richardson, told upper house budget hearings on Thursday that his officials were experiencing near daily cyber attacks.
“I doubt whether there would be a 24-hour period in which you wouldn’t get something. They can be anything ranging from skilled kids seeing what they can do, to sophisticated hackers getting a kick out of it, through to attempted espionage,” said Richardson, a former head of Australia’s domestic spy agency.
Australia’s former prime minister Kevin Rudd made cyber security a national security priorities in 2009, but the country has not yet followed the lead of close ally the United States and lifted cyber hacking to a sphere of actual war.
But Australian Defence Minister Smith said the cyber threat was “a real, evolving and a growing” test to Australia’s national security defences.
“It comes from a wide range of sources, and from adversaries possessing a broad range of skills,” he said.
