Lords of Dharamraja: A New Vector for Disinformation and a Call for an Organizational Response

By Fletcher Schoen, Research Assistant
Edited by Dr. Christopher Lamb, Distinguished Research Fellow

In January, 2012, a ‘hacktivist’ group called “The Lords of Dharamraja” released information obtained by penetrating the secure servers at the Indian embassy in Paris.[1] One document was a memo detailing a purported deal between the Indian government and the international telecom firms Apple, Nokia, and Research in Motion. The companies allegedly provided Indian intelligence agencies with a technical backdoor into their mobile devices like the ubiquitous Blackberry or iPhone in return for greater access to the Indian telecom market.  Indian Military Intelligence utilized this backdoor to read the emails of the U.S.-China Economic and Security Review Commission (USCC), a bipartisan panel that reports to Congress on the security and economic relationship between the United States and the People’s Republic of China.[2]  The USCC has not denied that it was the victim of a cyber attack and it has asked the FBI, the lead agency on cybercrime inside the United States, to begin an investigation. The investigation however is not concentrating on Indian intelligence, despite the memo.  The origins of the attack are not what they seem.

At first glance, the memo seems genuine. It has an official layout, some redacted text, and is consistent with Indian bureaucratic language.[3] But according to the Times of India, which interviewed a number of Indian military and intelligence sources, the memo is replete with inaccuracies.  The most glaring is the wrong agency logo at the top of the page.[4]  The letterhead and signature block were lifted from authentic documents but the signatories do not work for the organization that produced the document.  Other sources familiar with Indian Intelligence said text is never redacted in internal documents.[5]  Finally, the Directorate General of Military Intelligence (Foreign Division) deals with defense attachés and foreign military cooperation not signals intelligence.[6] The Times of India’s conclusions are backed by investigations undertaken by The Guardian and Reuters.  All three investigative reports agree the memo is most certainly a forgery.

Recent reports about the ongoing FBI investigation further undermine the memo’s authenticity. American sources say the e-mails were stolen as part of the first stages of a “blended attack” on the USCC rather than alleged Indian signals interception of USCC communications.[7]  Blended attacks involve finding email servers that regularly communicate with the main target but have relatively lax cyber security.  Hacking them can eventually provide access to the harder to infiltrate main networks. Most of the stolen emails came not from the more secure USCC servers but from the personal email account of a former USCC Chairman, William Reinsch, who now heads the pro-trade organization, The National Foreign Trade Commission.  American officials with knowledge of the investigation point out that it is much more likely that hackers associated with Chinese rather than Indian interests would know who Reinsch was and would bother taking the time to track him down.  In any case, the intrusion into Reinsch’s email suggests some third party unconnected with Indian Intelligence committed this cyber attack against the USCC.

Hackers have always taken great care to hide the electronic and national origins of their attacks but this forged memo demonstrates that defensive misdirects can become offensive information warfare tools. Cyber attacks and the subsequent revealing of stolen data can act as a means for disseminating disinformation in a manner that compounds the damage done by the release of sensitive information. The size of a massive electronic data theft would make it difficult to sort out what was real and what wasn’t and the sensitivity of the real documents would make commenting on the fakes a delicate undertaking for the U.S. government. The effects of this kind of attack can be extrapolated from this recent incident. The forged Indian memo was just one document and yet it managed to morph a relatively routine cyber attack into an uncomfortable supposition of espionage between allies that will only be sorted out through careful investigation. All the while the real perpetrators can continue their work.

Dealing with this kind of sophisticated attack in the future will require a coherent interagency approach that combines cyber security with counter-disinformation and strategic communications.  Unfortunately, the response to this cyber attack and forgery has been anything but coherent.  The lack of comment by the FBI about its ongoing investigation is understandable only because revealing details of the attack gives free damage assessment to its adversaries. However the lack of any government response to the forgery is troubling. An information vacuum allows the forgery to have its intended effect. Forgeries like this one are relatively easy to expose and may seem relatively unimportant, but if ignored, over time such disinformation will erode and seriously damage U.S. political relationships.

Sources inside the U.S. government have told me that the United States has a counter-disinformation capability, but I have yet to see an official denunciation of this forgery and it is unclear if the alleged capability is working with the FBI on countering the new cyber vector for disinformation.  This should change, and quickly.  After all, this is not the first time the United States has confronted state-sponsored disinformation on a large scale.  During the last decade of the Cold War the State Department led an interagency working group that became adept at dealing with the Soviet Union’s frequent use of forged U.S. government documents.  Despite spending nearly $300 million on their disinformation apparatus, Soviet forgeries never withstood official American scrutiny and denunciation. Eventually an exasperated Soviet leadership foreswore the use of disinformation.

As China increases its cyber attacks on the United States it would be safe to assume the use of disinformation to support these attacks will increase as well.  China’s political system gives it monolithic control over information management but the United States and its open society retain the supreme advantage in information warfare.  Open expression of ideas will always triumph over manufactured information—eventually.  In the meantime, we need to energize the organizations that can convert this advantage into a concrete response.

Fletcher Schoen is a research assistant with INSS and co-author of “Deception, Disinformation and Strategic Communications: How One Interagency Group made a Major Difference,” a forthcoming study on the Active Measures Working Group to be published by NDU Press. 

---

[1] Yatish Yadev, “Hackers Invade Server of Indian Embassy in Paris,”  December 17, 2011. http://indiatoday.intoday.in/story/servers-of-indian-embassy-in-paris-hacked/1/164664.html

[2] The USCC also provides “recommendations, where appropriate, to Congress for legislative and administrative action.” http://www.uscc.gov/

[3] Frank Jack Daniel “Fake Memo but real code?  Indian-U.S. Hacking Mystery Deepens.” January 12, 2012.

[4] Charles Arthur and Agencies, “US Accuses China of Hacking emails,” The Guardian, January 20, 2012.

[5] Mark Hosenball, “US probes Commission Hack ,” Reuters, January 10, 2012.

[6] Josey Joseph, “Fake Letter Blows lid off Hacker’s Espionage Claim,” The Times of India, January 12, 2012.

[7] Charles Arthur and Agencies, “US Accuses China of Hacking emails”  The Guardian, January 20, 2012.

More than Partners, not quite Allies – The “NATO Association”: a proposal for the Chicago Summit.

By Stefano Santamato
Center for Transatlantic Security Studies

In an article published in the NATO Review in March 2008, the late Ron Asmus wrote, “In the 1990s, NATO’s new partnerships were a key component of the Alliance’s reinvention for the post-Cold War era.”[1] Since then, partnerships involving the former Soviet Union and its Eastern European satellites – Partnership-for-Peace and the Euro-Atlantic Partnership Council – as well as parts of North African and Middle East – such as the Mediterranean Dialogue and the Istanbul Cooperation Initiative – have become keystones of NATO’s strategy to project stability across the European continent and beyond. In the past twenty years, partnership frameworks and programs have evolved constantly, reflecting different degrees of integration (nine European Partners are now full NATO members) and of reciprocal strategic interest.

As the Alliance embraces the tenets of its new Strategic Concept, adopted at the Lisbon Summit in 2010, and as these relationships enter their third decade, the perception is that NATO partnerships should not just be renovated, but renewed altogether.

The need to identify a new form of partnership relations in NATO is the result of two converging factors. On one side, there is growing recognition that the original intent of NATO partnerships has exhausted its political, enlargement, and outreach thrust. This, in parallel with the growing involvement of “operational” partners in NATO operations – from KFOR (Kosovo) to ISAF (Afghanistan) to Libya – has de facto created a two-tier NATO partnership cadre. First are partners like Sweden, Australia, Finland, or South Korea, to name but few, that are considered and consider themselves to be net contributors to NATO’s “cooperative security” paradigm; second are partners that are only interested in the political stage and international legitimacy that NATO’s partnership programs bring to their respective governments and bureaucracies.

On the other side, the growing post-ISAF vision of a NATO focused on core activities has led a number of Allies, spearheaded by the United States, to look at NATO as the ultimate operational enabler. This view was voiced by U.S. Secretary of State Hillary Clinton during the December 2011 NATO Foreign Ministerial meeting, when the holding of a “special relationship” meeting at the Chicago Summit, with a yet to be identified core group of partners, was proposed. The idea envisions for a shift from geographically-based NATO partnerships towards more functionally related ones, placing a premium on the partners’ ability to contribute to NATO’s mandate and priorities. This shift is also aimed at removing – or rather contouring – the obstacles to a closer regional cooperation, e.g. Israel and the Mediterranean Dialogue or Russia and the EAPC, while preserving the self-differentiating nature of NATO’s partnership approach.

But there is also another important factor of the partnership equation that needs to be taken into account. The partners’ increased involvement in NATO operations has opened a “decision-making” debate in the Alliance. According to the NATO Political-Military Framework, which regulates partners’ participation in NATO-led operations, partners can only be involved in shaping decisions that, ultimately, will be taken only by Allies. This provision has created some frustration in many contributing partners, which see their troops and assets operating side-by-side with NATO forces, but which are not allowed to take part in NATO’s final deliberations on issues regarding, for instance, KFOR, ISAF or Operation Unified Protector.

To be honest, in practice partners’ influence in so-called ISAF-format or KFOR-format discussions goes well beyond mere decision-shaping. And NATO’s Comprehensive Approach has introduced a culture of increased inclusiveness. It is however true that granting full decision-making rights to operational partners would equate to the establishment of an á la carte NATO, in which partners would be allowed to pick and choose missions or activities while opting out of the Article 5 solidarity commitment.

Yet, this is an issue that needs to be addressed if NATO is to embrace a new concept of functional partnerships. A possible solution is the creation of a “NATO Association” that allows selected partners to move closer to the Alliance without committing to full membership for them. The initiative for such a NATO Association could be launched at the next Summit of NATO Heads of State and Government, to be held in Chicago (IL) on 20-21 May 2012.

The NATO Association should build on the three enabling pillars of the Alliance’s collective defense mandate — namely: a) defense planning, b) command and control, and c) standardization – and develop along specific functional areas or missions lines. Associated partners would not be able to participate to the policy making or in the management of the three pillars, but new decision-making mechanisms would allow their full involvement in activities such as operations planning, capability development, or training and education in the areas or missions of choice.

To begin with, Associated partners should focus on cooperation areas identified by NATO’s Smart Defense initiative, as well as on emerging security challenges such as cyber-defense, counter-terrorism or energy security. The NATO Association would be self-selective and organized along the principles of voluntary participation, active contribution and functional commitment.

In doing so, Allies and Associated partners would benefit from an input-driven and output-oriented relationship. The result would preserve the core of NATO’s Allies-only solidarity commitment while expanding it as a standard-setting, enabling platform. Ultimately, a NATO Association would provide a greater incentive to partners from various regions to cooperate and operate with the Alliance, either collectively or in coalition frameworks.  This would reinforce the vision of U.S. President Obama of NATO as a unique “force multiplier.”[2]

Stefano Santamato is a Senior Visiting Research Fellow for the Center for Transatlantic Security Studies (CTSS) at National Defense University’s Institute for National Strategic Studies (NDU-INSS). Mr. Santamato may be contacted at s.santamato.ctr@ndu.edu. The views expressed in this article are those of the author alone.

---

[1] Ron Asmus: “Rethinking NATO Partnerships for the 21^st Century”, March 19, 2008. In NATO Review on line – http://www.nato.int/docu/review/2008/03/ART4/EN/index.htm.

[2] U.S. President Barack Obama press conference for the unveiling of the review of the U.S. Strategic Guidance for the Department of Defense – January 5^th, 2012 – Source: BBC.co.uk