US-China commission email hack probed

Leaked memo creates storm.

United States authorities are investigating allegations that an Indian government spy unit hacked into emails of an official US commission that monitors economic and security relations between the United States and China, including cyber-security issues.

The request for an investigation came after hackers posted on the Internet what purports to be an Indian military intelligence document on cyber-spying, which discusses plans to target the commission - apparently using technical know-how provided by Western mobile phone manufacturers.

Appended to the document are transcripts of what are said to be email exchanges among commission members.

"We are aware of these reports and have contacted relevant authorities to investigate the matter. We are unable to make further comments at this time," Jonathan Weston, a spokesman for the US-China Economic and Security Review Commission, said on Monday.

The document's authenticity could not be independently verified. But the US-China commission is not denying the authenticity of the emails.

Officials in India could not be reached for comment on the document's content or authenticity. One India-based website quoted an unnamed army representative as denying that India used mobile companies to spy on the commission and calling the documents forged.

The purported memo says that India cut a technological agreement - the details are not clear - with mobile phone manufacturers "in exchange for the Indian market presence." It cites three: Research in Motion, maker of the BlackBerry; Nokia ; and Apple .

Apple spokeswoman Trudy Muller said her company had not provided the Indian government with backdoor access to its products. A spokesman for Nokia declined comment; RIM officials could not be reached for comment.

The US Congress created the commission in 2000 to investigate and report on the national security implications of the economic relationship between the United States and China.

The bipartisan, 12-member panel holds periodic hearings each year on China-related topics such as cyber security, weapons proliferation, energy, international trade compliance, and information policy.

The email breach, if confirmed, would be the latest in a series of cyber intrusions that have struck US institutions ranging from the Pentagon and defense contractors to Google.

A US government official, who asked not to be identified, said the matter is under investigation. The FBI has jurisdiction to investigate cyber-hacking inside the United States. An FBI spokesman declined to comment.

Many of the previous hacks have been blamed on China. In this case, it is unclear whether India might have been eavesdropping on the US-China commission for itself or sought to pass any information collected to authorities in China.

India interested

India and China have more often been competitors rather than collaborators on economic and foreign policy matters in recent years, and India would be intensely interested in the official US view of Beijing.

Stewart Baker, a former cyber-security policy expert at the National Security Agency and US Department of Homeland Security, said the commission "would be a high-priority target for China, since USCC has been one of the most vocal US agencies in warning against Chinese hacking."

"What's interesting is that they seem to have become a target for India for the same reason," Baker said.

"If it's genuine, it should cause red faces all around. At USCC for apparently getting hacked by Indian intelligence, and even more so at Indian intelligence for getting hacked by what may be a bunch of amateurs."

The purported emails between US-China commission staff members, dating from September and October 2011, include discussions of how senior analysts from the Office of the Director of National Intelligence were scheduling a classified briefing for commission officials on a forthcoming National Intelligence Estimate looking at global manufacturing trends.

The messages also contain discussions between commission staff members about legislation pending in Congress related to alleged currency manipulation by China.

In one email, a staff member, reacting to criticism that a China currency bill pending on Capitol Hill would be "ineffective," argues: "Don't make the perfect the enemy of the good; we should confront bullies even if there is a risk we will get punched back."

The emails are attached to what purports to be a memo dated October 6 and signed by a Colonel Ishwal Singh of India's Directorate General of Military Intelligence, Foreign Division.

In the memo, Singh describes how "the President" had given "sanction" to an operation "to gain access to USCC transmittals." What "President" the memo is referring to is not further explained.

According to the memo, because "MI" - presumably Military Intelligence - had trouble accessing U.S.-China commission cyber networks, the "decision was made earlier this year to sign an agreement with mobile manufacturers in exchange for the Indian market presence."

One U.S. law enforcement official said the commission would be a logical target for intense surveillance by Chinese authorities, since its principal mission was to produce policy studies and recommendations about the U.S.-China relationship.

In October 2009 the commission produced a detailed study on the "Capability of the People's Republic of China to Conduct Cyber Warfare and Computer Network Exploitation." A spokesman for the commission said it was working on a second study of cyber security issues related to China.

(Additional reporting by Paul Eckert in Washington, Jim Finkle in Boston, Tarmo Virki in Helsinki, Devidutta Tripathy in New Delhi and Alastair Sharp in Toronto; editing by Warren Strobel and Mohammad Zargham)