{"id":391252,"date":"2023-11-16T17:52:00","date_gmt":"2023-11-16T17:52:00","guid":{"rendered":"https:\/\/haftavasool.com\/haftavasool\/blog\/2023\/11\/16\/how-an-indian-startup-hacked-the-world\/"},"modified":"2023-11-16T17:52:00","modified_gmt":"2023-11-16T17:52:00","slug":"how-an-indian-startup-hacked-the-world","status":"publish","type":"post","link":"https:\/\/haftavasool.com\/haftavasool\/blog\/2023\/11\/16\/how-an-indian-startup-hacked-the-world\/","title":{"rendered":"How An Indian Startup Hacked The World"},"content":{"rendered":"<p> [ad_1]<br \/>\n<\/p>\n<div itemprop=\"articleBody\" id=\"ins_storybody\"><!-- \n\n<div itemprop=\"articleBody\" class=\"sp-cn ins_storybody\" id=\"ins_storybody\">--><\/p>\n<div class=\"ins_instory_dv\">\n<div class=\"ins_instory_dv_cont\"><img decoding=\"async\" title=\"How An Indian Startup Hacked The World\" alt=\"How An Indian Startup Hacked The World\" id=\"story_image_main\" src=\"https:\/\/c.ndtvimg.com\/2023-11\/6c4sc6jg_rajat-anuj-khare_625x300_16_November_23.jpg\"\/><\/div>\n<p class=\"ins_instory_dv_caption sp_b\">Run by pair of brothers, Rajat and Anuj Khare, the company began as Indian educational startup<\/p>\n<\/div>\n<p><b class=\"place_cont\">New Delhi: <\/b><\/p>\n<p>Chuck Randall was on the verge of unveiling an ambitious real estate deal he hoped would give his small Native American tribe a bigger cut of a potentially lucrative casino project.<\/p>\n<p>A well-timed leak derailed it all.<\/p>\n<p>In July of 2012, printed excerpts from Randall&#8217;s private emails were hand-distributed across the Shinnecock Nation&#8217;s square-mile reservation, a wooded peninsula hanging off the South Fork of Long Island.<\/p>\n<p>The five-page pamphlets detailed secret negotiations between Randall, his tribal government allies and outside investors to wrest some of the profits from the tribe&#8217;s then-partner in the gambling deal.<\/p>\n<p>They sparked an uproar. The pamphlets claimed Randall&#8217;s plan would sell out the tribe&#8217;s \u201cLANDS, RESOURCES, and FUTURE REVENUES.\u201d Within days, four of Randall&#8217;s allies were voted out of tribal government. Randall, who held no formal position with the tribe, was ordered to cease acting on its behalf.<\/p>\n<p>Amid the upheaval, the Shinnecocks&#8217; casino hopes faded. \u201cWe lost the biggest economic opportunity that has come to the tribe in forever,\u201d Randall told Reuters. \u201cMy emails were weaponized.\u201d<\/p>\n<p>The scandal that roiled the Shinnecocks barely registered beyond the reservation. But it was part of a phenomenon that has drawn interest from law enforcement and intelligence agencies on both sides of the Atlantic.<\/p>\n<p>Randall&#8217;s inbox was breached by a New Delhi-based information technology firm named Appin, whose sudden interference in the matters of a faraway tribe was part of a sprawling cyber-mercenary operation that extended across the world, a Reuters investigation found.<\/p>\n<p>The Indian company hacked on an industrial scale, stealing data from political leaders, international executives, prominent attorneys and more. By the time of the Shinnecock scandal, Appin was a premier provider of cyberespionage services for private investigators working on behalf of big business, law firms and wealthy clients.<\/p>\n<p>Unauthorized access to computer systems is a crime worldwide, including in India. Yet at least 17 pitch documents prepared for prospective business partners and reviewed by Reuters advertised Appin&#8217;s prowess in activities such as \u201ccyber spying,\u201d \u201cemail monitoring,\u201d \u201ccyber warfare\u201d and \u201csocial engineering,\u201d security lingo for manipulating people into revealing sensitive information. In one 2010 presentation, the company explicitly bragged about hacking businessmen on behalf of corporate clients.<\/p>\n<p>Reuters previously named Appin in a story about Indian cyber mercenaries published last year. Other media outlets \u2013 including The New Yorker, Paris-based Intelligence Online, Swiss investigative program Rundschau and tech companies such as Alphabet-owned Google\u2013 have also reported on the firm&#8217;s activities.<\/p>\n<p>This report paints the clearest picture yet of how Appin operated, detailing the world-spanning extent of its business, and international law enforcement&#8217;s abortive efforts to get a handle on it.<\/p>\n<p>Run by a pair of brothers, Rajat and Anuj Khare, the company began as a small Indian educational startup. It went on to train a generation of spies for hire that are still in business today.<\/p>\n<p>Several cyber defense training organizations in India carry the Appin name, the legacy of an old franchise model. But there&#8217;s no suggestion that those firms are involved in hacking.<\/p>\n<p>The Indian company hacked on an industrial scale, stealing data from political leaders, international executives, sports figures and more.<\/p>\n<p>Rajat Khare&#8217;s U.S. representative, the law firm Clare Locke, rejected any association between its client and the cyber-mercenary business. It said Khare \u201chas never operated or supported, and certainly did not create, any illegal \u2018hack for hire&#8217; industry in India or anywhere else.\u201d<\/p>\n<p>In a series of letters sent to Reuters over the past year, Clare Locke said that \u201cMr. Khare has dedicated much of his career to the fields of information technology security \u2013 that is, cyber-defense and the prevention of illicit hacking.\u201d<\/p>\n<p>Clare Locke said that, under Khare&#8217;s tenure, Appin specialized in training thousands of students in cybersecurity, robotics and artificial intelligence, \u201cnever in illicit hacking.\u201d The lawyers said Khare left Appin, in part, because rogue actors were operating under the company&#8217;s brand, and he wanted \u201cto avoid the appearance of associations with people who were misusing the Appin name.\u201d<\/p>\n<p>The lawyers described media articles tying Khare to hacking as \u201cfalse\u201d or \u201cfundamentally flawed.\u201d As for the 2010 Appin presentation boasting of hacking services, they said Khare had never seen it before. \u201cThe document is a forgery or was doctored,\u201d they said.<\/p>\n<p>Clare Locke added that Khare could not be held responsible for Appin employees who went on to work as mercenary hackers, saying that doing so \u201cwould be akin to holding Harvard University responsible for the terrorist bombings carried out by its former student Ted Kaczynski,\u201d referring to the former math prodigy known as the \u201cUnabomber.\u201d<\/p>\n<p>A lawyer acting for Rajat&#8217;s brother, Anuj, said his client&#8217;s position was the same as the one laid out by Clare Locke.<\/p>\n<p>This report on Appin draws on thousands of company emails as well as financial records, presentations, photos and instant messages from the firm. Reporters also reviewed case files from American, Norwegian, Dominican and Swiss law enforcement, and interviewed dozens of former Appin employees and hundreds of victims of India-based hackers.<\/p>\n<p>Reuters gathered the material \u2013 which spans 2005 until earlier this year \u2013 from ex-employees, clients and security professionals who&#8217;ve studied the company.<\/p>\n<p>Reuters verified the authenticity of the Appin communications with 15 people, including private investigators who commissioned hacks and ex-Appin hackers themselves. The news agency also asked U.S. cybersecurity firm SentinelOne to review the material for signs that it had been digitally altered. The firm said it found none.<\/p>\n<p>\u201cWe assess the emails to be accurately represented and verifiably associated with the Appin organization,\u201d SentinelOne researcher Tom Hegel said.<\/p>\n<p>Though Khare&#8217;s lawyers say Appin \u201cfocused on teaching cybersecurity and cyber-defense,\u201d company communications seen by Reuters detailed the creation of an arsenal of hacking tools, including malicious code and websites. Hegel and two other U.S.-based researchers \u2013 one from cybersecurity firm Mandiant, the other from Symantec \u2013 all working independently, were able to match that infrastructure to publicly known cyberespionage campaigns.<\/p>\n<p>\u201cIt all lines up perfectly,\u201d Hegel said.<\/p>\n<p>Over the last decade, Google saw hackers linked to Appin target tens of thousands of email accounts on its service alone, according to Shane Huntley, who leads the California company&#8217;s cyber threat intelligence team.<\/p>\n<p>\u201cThese groups worked very high volumes, to the point that we actually had to expand our systems and procedures to work out how to track them,\u201d Huntley said.<\/p>\n<p>The original Appin has now largely disappeared from public view, but its impact is still felt today. Copycat firms led by Appin alumni continue to target thousands, according to court records and cybersecurity industry reporting.<\/p>\n<p>\u201cThey were groundbreaking,\u201d Google&#8217;s Huntley said. \u201cIf you look at the companies at the moment who are picking up the baton, many of them are led by ex-employees\u201d of Appin.<\/p>\n<h3><strong>\u2018Get me result ASAP!!!&#8217;<\/strong><\/h3>\n<p>Private eyes have been hiring hackers to do their dirty work since the dawn of the internet. Former clients say Appin&#8217;s central innovation was turning the cloak-and-dagger market into something more like an e-commerce platform for spy services.<\/p>\n<p>The mercenaries marketed a digital dashboard with a menu of options for breaking into inboxes, including sending fake, booby-trapped job opportunities, bogus bribe offers and risqu\u00e9 messages with subject lines like \u201cMy Sister&#8217;s Hot Friend.\u201d<\/p>\n<p>Customers would log in to a discreet site \u2013 once dubbed \u201cMy Commando\u201d \u2013 and ask Appin to break into emails, computers or phones. Users could follow the spies&#8217; progress as if they were tracking a delivery, eventually receiving instructions to download their victim&#8217;s data from digital dead drops, according to logs of the system reviewed by Reuters.<\/p>\n<p>\u201cIt was the best-organized system that I have ever seen,\u201d said Jochi G\u00f3mez, a former news publisher in the Dominican Republic. G\u00f3mez told Reuters that in 2011 he paid Appin $5,000 to $10,000 a month to spy on the Caribbean nation&#8217;s elite and mine the material for stories for his now-defunct digital newspaper, El Siglo 21.<\/p>\n<p>One of Appin&#8217;s selling points was a project management tool once called \u201cMy Commando.\u201d Appin told customers it used the tool to tailor its hacking attempts, enticing targets with bogus business proposals, fake interview requests or porn.<\/p>\n<p>Some booby-trapped emails were elaborate deceptions, like this message created in the name of a non-existent journalist.<\/p>\n<p>Others relied on sex appeal, like this message promising photos of a woman taking off a traditional Indian dress.<\/p>\n<p>Targets who clicked would soon have their emails stolen by Appin \u2013 and read by the hackers&#8217; clients.<\/p>\n<p>Reuters reviewed more than a year&#8217;s worth of activity from Appin&#8217;s \u201cMy Commando\u201d system. The logs showed that G\u00f3mez was one of 70 clients, mostly private investigators, from the United States, Britain, Switzerland and beyond who sought Appin&#8217;s help in hacking hundreds of targets.<\/p>\n<p>Some of these marks were high-society figures, including a top New York art dealer and a French diamond heiress, according to the logs. Others were less prominent, like a New Jersey landscape architect suspected of having an affair.<\/p>\n<p>Several detectives used the service frequently, among them Israeli private eye Aviram Halevi, who tasked the spies with going after at least three dozen people via the system.<\/p>\n<p>\u201cThere is a returning customer who needs the following addresses cracked ASAP,\u201d the logs show Halevi telling the hackers in August 2011.<\/p>\n<p>Reuters previously reported that Halevi, a former lieutenant colonel in the Israeli Defense Forces, hired Appin to spy on a litigant in a lawsuit in Israel on behalf of a client on the opposing side of the case. Halevi did not respond to questions about his ties to the hackers.<\/p>\n<p>Another big user of My Commando was Israeli private detective Tamir Mor, who used the service around the same time to order hacks on more than 40 targets, the logs show. Among them were the late Russian oligarch Boris Berezovsky and Malaysian politician Mohamed Azmin Ali.<\/p>\n<p>\u201cPlease get me result ASAP!!!\u201d Mor wrote on the My Commando chat feature after providing Appin with details about two members of Berezovsky&#8217;s legal team in December 2011, the logs show.<\/p>\n<p>Reuters could not establish Mor&#8217;s motives for targeting Berezovsky and Azmin, whether he succeeded in hacking either of them, or on whose behalf he was working. Mor did not respond to requests for comment.<\/p>\n<p>Azmin, a former cabinet minister, was a prominent opposition leader at the time of the hack attempts. He and his former party didn&#8217;t respond to messages seeking comment.<\/p>\n<p>The order to hack Berezovsky came while the tycoon was in the middle of a British court battle against fellow oligarch Roman Abramovich over the sale of a Russian oil company. The multibillion dollar case ended in a decisive defeat for Berezovsky. The 67-year-old was found dead at his suburban English home the following year.<\/p>\n<p>Mark Hastings, one of the Berezovsky lawyers mentioned in the My Commando logs, said he was not aware that he had been in Appin&#8217;s crosshairs, but that he was \u201cnot entirely surprised.\u201d<\/p>\n<p>\u201cIt is an open secret that lawyers are often targeted by hackers in major commercial litigations,\u201d said Hastings, now with the London firm Quillon Law.<\/p>\n<p>Abramovich&#8217;s representatives said the tycoon had no dealings with or knowledge of Mor or Appin, and that he had never engaged with hackers or hacked material of any kind.<\/p>\n<p>Many of Appin&#8217;s clients signed into My Commando using their real names. A prolific customer who didn&#8217;t was someone using the alias \u201cJim H.\u201d<\/p>\n<p>Jim H assigned the Appin hackers more than 30 targets in 2011 and 2012, including a Rwandan dissident and the wife of another wealthy Russian who was in the middle of a divorce, the logs show.<\/p>\n<p>Among Jim H&#8217;s most sensitive requests: hacking Kristi Rogers, wife of Representative Mike Rogers, then-Chairman of the U.S. House Intelligence Committee. The Michigan Republican served in Congress from 2001 until his retirement in 2015; he&#8217;s currently running for U.S. Senate.<\/p>\n<p>Back in 2012, Kristi Rogers was an executive at Aegis, a London-based security company. Jim H told the hackers that Aegis competed with his client, another security contractor called Global Security, an apparent reference to Virginia-based Global Integrated Security.<\/p>\n<p>Cracking Rogers&#8217; corporate email was a \u201ctop priority,\u201d Jim H told the hackers. He claimed that her company was trying to undermine Global&#8217;s bid for a $480 million U.S. Army Corps of Engineers contract to provide security for Afghanistan&#8217;s reconstruction.<\/p>\n<p>Jim H said he needed dirt on Aegis to sully its reputation, and he suggested a way to trick Rogers into opening a malicious link.<\/p>\n<p>\u201cYou could send an invitation to an event organised by the Rotary Club or a gala dinner,\u201d he wrote, according to the logs.<\/p>\n<p>Shortly thereafter, Appin reported back that it had successfully broken into Aegis&#8217; network.<\/p>\n<p>Reuters could not verify whether Rogers&#8217; account was ultimately compromised. Global eventually won the contract.<\/p>\n<p>Rogers, who left Aegis in late 2012, told Reuters she was outraged to learn of the hacking operation.<\/p>\n<p>His emails were stolen; now he&#8217;s exposing the hack-and-leak industry<\/p>\n<p>Former WSJ reporter says law firm used Indian hackers to sabotage his career<\/p>\n<p>\u201cIt gives me goosebumps right now,\u201d she said. \u201cIt angers me that people are so cavalier with other people&#8217;s reputations and their lives.\u201d<\/p>\n<p>Reuters was unable to determine Jim H&#8217;s identity or whether he was telling the truth when he said Global was his client. Messages sent to Jim H&#8217;s old email account were returned as undeliverable.<\/p>\n<p>Global Integrated Security&#8217;s website is inoperative, and corporate records show its Virginia branch is inactive. Damian Perl, the founder of Britain&#8217;s Global Strategies Group \u2013 Global Integrated Security&#8217;s former parent company \u2013 \u201cvehemently\u201d denies any allegations of wrongdoing, his family office said in a statement.<\/p>\n<p>The Army Corps of Engineers confirmed that Aegis had protested Global&#8217;s contract, but said it could offer no further comment. Canadian security company GardaWorld, which acquired Aegis in 2015, said it had no information on the incident.<\/p>\n<p>The My Commando logs also shine new light on the Shinnecock casino scandal. In January 2012, a New York private eye named Steven Santarpia ordered the hack of tribal member Chuck Randall, whose leaked emails sparked chaos.<\/p>\n<p>Within days, an Appin hacker reported to Santarpia that he had hit pay dirt, according to the logs: \u201cWe got success in investigating Chuck@shinnecock.org.\u201d<\/p>\n<p>\u201cExcellent,\u201d Santarpia replied.<\/p>\n<p>Santarpia didn&#8217;t respond to repeated messages sent by Reuters over several months, and he declined comment when a reporter approached him outside his Long Island home.<\/p>\n<p>Operations like Jim H&#8217;s or Santarpia&#8217;s were aimed at only three or four email accounts at a time. But Appin had greater capabilities.<\/p>\n<p>G\u00f3mez, the Dominican publisher, ordered break-in attempts aimed at the email accounts of more than 200 high-profile Dominicans, the logs show. Among them was an account belonging to then-President Leonel Fern\u00e1ndez, a frequent target of G\u00f3mez&#8217;s reporting.<\/p>\n<p>G\u00f3mez&#8217;s hacking requests preceded several stories alleging government corruption that his paper published before it was raided by Dominican authorities in February 2012. G\u00f3mez eventually shut it down amidst mounting official scrutiny of the hacking.<\/p>\n<p>\u201cI was very active in requesting emails,\u201d he told Reuters, adding that those days are firmly \u201cin my past.\u201d<\/p>\n<p>Fern\u00e1ndez did not return messages seeking comment.<\/p>\n<p>Lawyers for Rajat Khare said he \u201cdoes not know\u201d G\u00f3mez, Santarpia, Mor or Halevi and \u201chas no knowledge\u201d of the My Commando dashboard \u201cor anything similar.\u201d<\/p>\n<p>The ability to target heads of state was an improbable amount of power for a company that only a few years earlier had been teaching college kids to code.<\/p>\n<h3><strong>Approaching infinity<\/strong><\/h3>\n<p>Rajat Khare was a 20-year-old computer science major when he and his friends came up with the idea for Appin over chicken pizza at a Domino&#8217;s in New Delhi.<\/p>\n<p>Rajat Khare at a party in New Delhi in or around 2007. He hatched the idea for Appin with some school chums back in 2003.\u00a0<\/p>\n<p>It was December 2003. Khare had joined his high school buddies to catch up and bemoan the state of India&#8217;s universities, which they thought weren&#8217;t preparing students for the professional world. When one suggested organizing technology training workshops to supplement undergraduates&#8217; education, people present at the meal said Khare jumped on the idea.<\/p>\n<p>\u201cLet&#8217;s give the students what they want,\u201d he quoted himself telling the group in a book on entrepreneurship he co-wrote years later. \u201cLet&#8217;s start something that will not only change their lives, but our lives too \u2026 forever.\u201d<\/p>\n<p>After the Domino&#8217;s meeting, Khare and his friends came up with the name Appin \u2013 short for \u201cApproaching infinity\u201d \u2013 and launched their first classes on computer programming.<\/p>\n<p>It was the right idea at the right time. India&#8217;s IT outsourcing boom had created voracious demand for tech talent. Appin franchises would soon sprout across India, offering not just programming lessons but also courses on robotics and cybersecurity, nicknamed \u201cethical hacking.\u201d<\/p>\n<p>By 2005, the company had an office in western New Delhi. Rajat had been joined by his older brother, Anuj, a motivational speaker who returned to India after a stint running a startup in Texas. As other members of the Domino&#8217;s group stepped away, the Khare brothers took charge of the fast-growing firm.<\/p>\n<p>The cybersecurity classes proved especially popular. By 2007, Appin opened a digital security consultancy helping Indian organizations protect themselves online, according to a draft pitch deck intended for potential investors.<\/p>\n<p>That soon drew the attention of Indian government officials who were still feeling their way through intelligence work in the internet age. To help the officials break into computers and emails, Appin set up a team of hackers out of a subsidiary called Appin Software Security Pvt. Ltd., also known as the Appin Security Group, according to a former executive, company communications, an ex-senior Indian intelligence figure and promotional documents seen by Reuters.<\/p>\n<p>The spying was a secret within the wider company. Some early Appin employees signed nondisclosure agreements before being shipped off to military-controlled safe houses where they worked out of sight from their colleagues, according to another former executive familiar with the matter and three hackers who spent time in the safe houses.<\/p>\n<p>One of the hackers recalled being only 22 years old when he broke into the inboxes of Khalistani separatists \u2013 Sikh militants fighting to carve an independent homeland out of India&#8217;s Punjab province \u2013 and delivering the trove to his handlers.<\/p>\n<p>\u201cIt was the experience of a lifetime,\u201d he said, recalling how proud he was to be contributing to India&#8217;s national security.<\/p>\n<p>Anuj Khare walks on a bed of broken glass on a rooftop in New Delhi in or around 2007. \u00a0A former motivational speaker, he ran Appin together with his brother Rajat as it grew from a modest Indian education company into a hub for outsourced cyberespionage services.\u00a0<\/p>\n<p>One of Appin&#8217;s primary targets was Pakistan, according to interviews with former insiders, company emails, and stolen passwords and key logs of Pakistani officials reviewed by Reuters. The hackers created fake dating websites designed to ensnare Pakistani military officers, two of the insiders said.<\/p>\n<p>Another early mission, dubbed Operation Rainbow, involved penetrating Chinese military computers and stealing information about missiles and radar, according to an undated Appin memo. The memo said the company&#8217;s hackers compromised several Chinese officials; Reuters was unable to confirm the alleged intrusions independently.<\/p>\n<p>Those early operations led to more contracts.<\/p>\n<p>Soon Appin was working with the Research &amp; Analysis Wing (RAW), India&#8217;s external intelligence service; and the Intelligence Bureau, the country&#8217;s domestic spy agency, according to the two former executives, one former Appin hacker and a former senior Indian intelligence official.<\/p>\n<p>Detailed messages from Reuters seeking comment from the Intelligence Bureau and RAW, sent via India&#8217;s Ministry of Home Affairs and its Cabinet Secretariat, respectively, were not returned. India&#8217;s Ministry of Defense did not return messages about the hacking. The Pakistani foreign affairs ministry did not return messages. China&#8217;s foreign ministry said in a statement that it was unaware of the hacking activity.<\/p>\n<p>By 2008, Appin was claiming it offered a \u201cone stop interception solution\u201d for government clients, according to one company presentation.<\/p>\n<p>Company executives marketed software for the analysis of call record data\u2013 the who, what, when of phone calls monitored by spy agencies and law enforcement \u2013 and discussed the importation of Israeli cell phone interception devices, Appin emails show.<\/p>\n<p>In 2009, Appin boasted to prospective customers that it was serving India&#8217;s military, its Ministry of Home Affairs, and the Central Bureau of Investigation (CBI), an Indian agency roughly equivalent to America&#8217;s Federal Bureau of Investigation (FBI), emails show.<\/p>\n<p>Appin&#8217;s solutions \u201care being used by various elite intelligence agencies in government to monitor hostile people,\u201d one pitch claimed.<\/p>\n<p>The CBI and Ministry of Home Affairs didn&#8217;t return detailed messages seeking comment.<\/p>\n<p>Company revenues in the fiscal year ending in 2009 were estimated at nearly $1 million, with profit after tax pegged at about $170,000, according to the draft pitch deck aimed at potential investors. The deck projected that figure would multiply almost tenfold over the next 36 months.<\/p>\n<p>But Appin had hit a speed bump. The two former executives, one of the former hackers, and the former Indian intelligence official said the company earned extra money by quietly taking material it hacked for one Indian agency and reselling it to another. This double dipping was eventually discovered, the people said, and several enraged spy agency clients canceled their contracts with Appin.<\/p>\n<p>With intelligence work drying up, Appin pivoted to the private sector, the sources said.<\/p>\n<h3><strong>\u2018Fucking with the wrong people&#8217;<\/strong><\/h3>\n<p>The influx of Western clients brought new revenue \u2013 and new risk.<\/p>\n<p>American and Swiss law enforcement documents, including emails and investigative reports reviewed by Reuters, reveal how Appin got caught hacking as it fulfilled its customers&#8217; orders.<\/p>\n<p>An early example was the compromise of prominent Zurich-based communications consultant Peter Hargitay, who had served as an advisor to Australia&#8217;s football federation. He and his filmmaker son Stevie detected the intrusion and filed a Swiss criminal complaint.<\/p>\n<p>Within weeks, an expert they hired traced the hack to a server near the Zurich airport, according to the law enforcement documents. Billing records tied to the server listed Rajat Khare as the client.<\/p>\n<p>Father and son had come off a failed bid to bring the 2022 FIFA World Cup to Australia and were in no mood to let the hack slide, according to emails provided by an independent source.<\/p>\n<p>In a March 2012 message to his father, Stevie said he had spoken on the phone with an Appin employee who was clearly rattled by the exchange. \u201cI told him in no uncertain terms that they are fucking with the wrong people,\u201d Stevie wrote.<\/p>\n<p>Rajat Khare called Stevie the same day to try to smooth things over, saying he \u201cwants to cooperate \u2018100%,&#8217;\u201d Stevie wrote. The emails show that an Appin employee later told Stevie the hack was ordered by a U.S. private investigator; contact fell off as the Hargitays pushed for more information about who was ultimately behind the spying.<\/p>\n<p>\u201cWe don&#8217;t know who his client was,\u201d Peter Hargitay said.<\/p>\n<p>Khare&#8217;s lawyers told Reuters he \u201cdoes not know\u201d the Hargitays.<\/p>\n<p>A few months later, Appin was implicated in another incident, this time in India. Cybersecurity consultant K. K. Mookhey told a conference near New Delhi that he had tied an attempted hack against one of his clients to the firm. In a report published in 2013, Mookhey wrote that the link to Appin was \u201cnot concrete.\u201d But he told Reuters he had been \u201covercautious\u201d in choosing those words and that the evidence, including Appin documentation inadvertently left on the hackers&#8217; servers, made it obvious they were involved.<\/p>\n<p>\u201cThe link was actually pretty clear,\u201d he said.<\/p>\n<p>Appin&#8217;s name had popped up earlier that year in Norway. In February 2013, technicians at telecommunications company Telenor discovered that hackers had stolen as many as 66,000 emails from the company&#8217;s chief executive, two personal assistants and a senior lawyer at the firm, according to Norwegian law enforcement documents reviewed by Reuters.<\/p>\n<p>Three months later, Oslo-based cybersecurity firm Norman Shark \u2013 which had launched its own independent investigation into the Telenor hack \u2013 publicly linked the intrusion to Appin.<\/p>\n<p>Telenor&#8217;s headquarters in Fornebu, Norway. Hackers stole 66,000 emails from the telecom firm in 2013, an incident the company described as \u201cindustrial espionage.\u201d REUTERS\/Ints Kalnins<\/p>\n<p>The Oslo headquarters of Kripos, Norway&#8217;s national criminal police service. Kripos traced the Telenor hack to India, according to law enforcement files reviewed by Reuters. But the investigation ran aground and was eventually closed in 2016.<\/p>\n<p>Norman Shark stopped short of directly blaming the company, saying only that \u201cthere seems to be some connection\u201d between Appin and the Telenor hackers. One of the report&#8217;s coauthors, security researcher Jonathan Camp, told Reuters that Norman Shark had softened the report&#8217;s language to avoid legal trouble.<\/p>\n<p>Camp said he and his colleagues privately were confident that Appin was behind the hacking, citing an unusually large number of digital clues pointing to the company, including multiple malicious websites registered under the Appin name.<\/p>\n<p>\u201cThere was no doubt in our minds,\u201d he said.<\/p>\n<p>California-based tech firm Broadcom, which absorbed Norman Shark following a series of acquisitions, did not respond to requests seeking comment. Telenor confirmed it had been the victim of \u201cindustrial espionage,\u201d which it reported to police at the time. It declined further comment. The motive behind the hacking has never been made public.<\/p>\n<p>Appin denied all wrongdoing in the wake of Camp&#8217;s report, and the Khares&#8217; lawyers still insist the research didn&#8217;t implicate the company. Nevertheless, Appin came under increasing scrutiny in the years that followed.<\/p>\n<p>Norway was one of at least four countries \u2013 along with the United States, Switzerland and the Dominican Republic \u2013 that had opened investigations into Appin. Some began comparing notes.<\/p>\n<p>In an undated written exchange reviewed by Reuters, FBI official Dan Brady told Swiss prosecutor Sandra Schweingruber that U.S. officials looking into the hack of the Shinnecock tribe on Long Island had \u201caccumulated a fair amount of data identifying other victims.\u201d<\/p>\n<p>Schweingruber declined to comment for this story. Reuters was unable to reach Brady. The FBI declined to answer a list of questions about its investigation into Appin.<\/p>\n<p>In his note to Schweingruber, Brady said \u201cthe link in our respective cases is that I believe we have the same ultimate perpetrator.\u201d<\/p>\n<p>Then he added, in parentheses: \u201cAppin.\u201d<\/p>\n<h3><strong>Lost leads, lasting pain<\/strong><\/h3>\n<p>The multinational investigations into Appin each carried on for years before petering out.<\/p>\n<p>Jochi G\u00f3mez, the Dominican newspaper publisher, was formally accused of working with Rajat Khare to hack emails following the 2012 raid on his publication.<\/p>\n<p>But the case never went to trial; it was quashed on procedural grounds in 2013, a decision reaffirmed by the country&#8217;s highest court the following year. Dominican prosecutors described Khare as a member of G\u00f3mez&#8217;s \u201cinternational criminal network.\u201d But one of the judges involved dismissed the idea as a \u201ctheory.\u201d Khare was never charged in the matter.<\/p>\n<p>Dominican entrepreneur Jochi G\u00f3mez in Punta Cana, Dominican Republic in January 2023. G\u00f3mez hired Appin to dig up dirt on the country&#8217;s elite for his now-defunct digital newspaper.\u00a0<\/p>\n<p>Dominican judiciary officials didn&#8217;t return messages seeking comment about the case.<\/p>\n<p>Speaking to Reuters a decade later, G\u00f3mez acknowledged hiring Khare for surveillance, saying he had been hunting for evidence of corruption.<\/p>\n<p>\u201cI did it for journalism,\u201d G\u00f3mez said. \u201cIs it lawful or not? That&#8217;s another story.\u201d<\/p>\n<p>Norway&#8217;s investigation into the Telenor hack led to four internet protocol addresses in New Delhi, according to the law enforcement files reviewed by Reuters. In an undated email sent to the FBI, the Swiss prosecutor Schweingruber said the Norwegians had gone further still. \u201cTheir investigation leads also to Appin,\u201d she wrote.<\/p>\n<p>That inquiry similarly ran aground. A spokesperson for Norway&#8217;s National Criminal Investigation Service confirmed to Reuters that the case was closed in June 2016 \u201ctaking into consideration the chances of obtaining further evidence and information through further investigation.\u201d<\/p>\n<p>Swiss authorities also implicated Appin in the case of PR consultant Peter Hargitay, according to the files.<\/p>\n<p>In her email to the FBI, Schweingruber said the Swiss investigation \u00a0\u2013 nicknamed \u201cTandoori\u201d \u2013 had found that \u201cthe Indian company Appin Security Group as well as their CEO Rajat Khare are involved in this case.\u201d<\/p>\n<p>Yet the files show Swiss authorities rebuffed the Hargitays&#8217; request to have Khare quizzed about the hack. In a message to the Hargitays sent in September 2020, Schweingruber&#8217;s successor, Anna Carter, said she was discontinuing the case \u201cdue to the lack of further promising investigative approaches.\u201d<\/p>\n<p>Swiss prosecutors confirmed that the investigation was closed, but wouldn&#8217;t elaborate. Peter Hargitay told Reuters that the prosecutors&#8217; decision \u201cremains a mystery to us to this day.\u201d<\/p>\n<p>\u201cYou can do this from across the world. The penalties and the laws have to catch up.\u201d<\/p>\n<p>Hacking victim Chuck Randall of the Shinnecock Nation<\/p>\n<p>Former U.S. cybercrime prosecutor Mark Califano told Reuters that cracking international hacking cases is \u201creally very hard.\u201d But he said it was still \u201cvery disconcerting\u201d that Appin&#8217;s hackers were \u201cso successful in evading law enforcement despite apparently significant effort to try to track them down \u2013 and some very good evidence.\u201d<\/p>\n<p>Rajat Khare&#8217;s lawyers said their client had never been charged with hacking \u201cby any police, investigative, regulatory, or charging authority.\u201d<\/p>\n<p>Reuters was unable to establish whether Appin was ever investigated in its native India.<\/p>\n<p>K. K. Mookhey, the cybersecurity consultant whose client was targeted by Appin, said he alerted India&#8217;s cyber response agency, CERT-In, in 2013, but never heard back. CERT-In did not respond to requests for comment.<\/p>\n<p>Rajat Khare has come to the attention of the Indian government on a separate matter: A 2021 complaint filed with the country&#8217;s Central Bureau of Investigation accused Khare of being one of at least eight people who embezzled roughly 8.06 billion rupees ($97 million) lent to the Indian education company Educomp, where he had previously served as a director. There is no indication that the case is related to hacking.<\/p>\n<p>The complaint was filed by a senior official at the country&#8217;s biggest lender, the State Bank of India. Reuters could not determine the case&#8217;s status. The State Bank, the CBI and Educomp did not respond to requests for comment. Khare&#8217;s lawyers said he had been \u201ccleared\u201d by Educomp&#8217;s management. They didn&#8217;t provide evidence and said they could not offer details on the CBI probe.<\/p>\n<p>U.S. intelligence agencies have known about Appin&#8217;s capabilities for more than a decade, according to three former American security officials and law enforcement documents reviewed by Reuters.<\/p>\n<p>The National Security Agency (NSA), which spies on foreigners for the U.S. government, began surveilling the company after watching it hack \u201chigh value\u201d Pakistani officials around 2009, one of the sources said. An NSA spokesperson declined to comment.<\/p>\n<p>Another former U.S. security official said Rajat Khare was of such interest that the FBI tracked his travel and communications. The law enforcement case files also show that the FBI told its Swiss counterparts that it had \u201ca confidential human source who has the capacity to report on Appin Security matters.\u201d<\/p>\n<p>Rajat Khare&#8217;s lawyers said the notion that he had been investigated by the FBI or any other such law enforcement body was \u201cabsurd.\u201d<\/p>\n<p>The bureau&#8217;s investigation into the Appin hack that sparked turmoil within the Shinnecock Nation did yield two convictions.<\/p>\n<p>The first came in 2016, when a Shinnecock tribal official named Karen Hunter pleaded guilty at a federal court in the Long Island town of Islip to unlawfully accessing the email account of her fellow Shinnecock tribal member Chuck Randall.<\/p>\n<p>A van drives past a \u201cNo Trespassing\u201d sign at the border of Shinnecock Indian Nation Territory on Long Island, New York. In 2012, the Shinnecocks were thrown into turmoil by a hack-and-leak operation that led to the removal of several members from tribal government and sparked an FBI investigation.<\/p>\n<p>The court filings, which were partially sealed, show that Hunter got probation. It was not until several years later that Steven Santarpia, the private eye, said he had been hired by Hunter to carry out the job.<\/p>\n<p>Santarpia was the second to be convicted. He received probation from the same court in Islip in 2020 after pleading guilty to a single count of computer hacking, saying in an affidavit reviewed by Reuters that he hired Appin to carry out the email heist. Most of the filings in that case, which mask his identity, remain secret. No public mention of Appin was made in either his or Hunter&#8217;s prosecution.<\/p>\n<p>Hunter did not return repeated messages from Reuters seeking comment. A reporter who visited Shinnecock Nation territory in an effort to interview her was intercepted by the tribe&#8217;s chairman, Bryan Polite, and ordered off the reservation. Polite said in an email that the tribe&#8217;s governing body was not interested in commenting.<\/p>\n<p>Randall said he was baffled by the U.S. government&#8217;s lack of action against Appin.<\/p>\n<p>\u201cYou can do this from across the world,\u201d he said. \u201cThe penalties and the laws have to catch up.\u201d<\/p>\n<p>Spoke with the client today. Her husband seems to be a big sex addict. She found out he goes to swinger clubs. She believes these 2 mail addresses. [email addresses redacted], will be the addresses we will find stuff about him cheating. She doesn&#8217;t think the aol address will have much information about his cheating. So if we can get in those 2 email addresses, we should find stuff.<\/p>\n<p>Long Island private detective Steven Santarpia on May 10, 2011, chats with Appin employees about hacking a man whose wife suspects infidelity.<\/p>\n<p>Spoke with the client today. Her husband seems to be a big sex addict. She found out he goes to swinger clubs. She believes these 2 mail addresses. [email addresses redacted], will be the addresses we will find stuff about him cheating. She doesn&#8217;t think the aol address will have much information about his cheating. So if we can get in those 2 email addresses, we should find stuff.<\/p>\n<p>Long Island private detective Steven Santarpia on May 10, 2011, chats with Appin employees about hacking a man whose wife suspects infidelity.<\/p>\n<p>A California private eye asks Appin on Nov. 16, 2011, for advice on how to move undetected through a woman&#8217;s hacked email account.<\/p>\n<h3><strong>\u2018Godfather for all hackers&#8217;<\/strong><\/h3>\n<p>Appin&#8217;s legacy still lingers more than a decade after the Shinnecock hack.<\/p>\n<p>Its web presence faded in the months following the publication of the Norman Shark report in 2013, internet archives show. Eight former employees say their old managers told them to delete references to Appin from their public profiles.<\/p>\n<p>Its former holding company, Appin Technology, changed its name three times, finally settling on Sunkissed Organic Farms in 2017, records filed with India&#8217;s Ministry of Corporate Affairs show. Its subsidiaries also underwent rebrandings: Appin Software Security, the arm which billed private eyes for the hacking work, became Adaptive Control Security Global Corporate, or ACSG, in 2015.<\/p>\n<p>Rajat Khare&#8217;s lawyers say he left Appin Technology in December 2012, a move that \u201cofficially and immediately separated him from all Appin entities.\u201d They produced two letters they said showed those resignations.<\/p>\n<p>Yet Khare&#8217;s signature is on several Appin corporate filings dating to 2013 and 2014; and shareholder data shows he maintained a stake in Appin Technology for several years past 2012. According to Indian corporate records, Khare \u2013 who is now a Switzerland-based investor \u2013 resigned as director of the company once known as Appin Technology only in 2016.<\/p>\n<p>His family still controlled the companies as recently as last year. Rajat&#8217;s brother, Anuj, and their father, Vijay Kumar, are majority owners of Sunkissed Organic Farms, which in turn owns ACSG and at least two other firms founded under the Appin name, according to the latest available financial data disclosed to the corporate affairs ministry.<\/p>\n<p>In an exchange of messages over WhatsApp this week, ACSG company secretary Deepak Kumar confirmed that his firm was once known as Appin and described Rajat Khare as the corporate group&#8217;s \u201cowner.\u201d The following day, he said he would no longer reply to questions.<\/p>\n<p>Anuj Khare&#8217;s lawyer, Kumar &amp; Kumar Advocates, said questions about his client&#8217;s financial dealings were \u201cnot relevant.\u201d The Khare brothers&#8217; father, Vijay Kumar, did not return repeated messages seeking comment.<\/p>\n<p>On its website, ACSG describes itself as a critical infrastructure protection company that caters to government clients. Employee resumes posted to job sites say the company carries out \u201clawful interception\u201d and \u201coffensive security,\u201d industry terms for digital surveillance work.<\/p>\n<p>More than 50 current and former ACSG employees reached by Reuters either did not respond or declined to comment, saying their work was confidential.<\/p>\n<p>A metro train moves past commercial buildings in the Netaji Subhash Place area of New Delhi. The neighborhood is a technology hotbed where Appin once operated.<\/p>\n<p>Reuters found at least half a dozen other hack-for-hire firms in India that have adopted Appin&#8217;s business model of serving private investigators and corporate lawyers. Some have run into trouble with American tech companies or been named in U.S. lawsuits.<\/p>\n<p>Last year, Facebook and Instagram owner Meta Platforms identified CyberRoot Risk Advisory, a firm created by Appin alumni, as a mercenary spy company that used bogus accounts to trick people into clicking malicious links.<\/p>\n<p>In October 2022, CyberRoot and BellTroX InfoTech Services, another firm founded by a former Appin employee, were accused of hacking former Wall Street Journal reporter Jay Solomon and one of his key sources, according to lawsuits filed last year by each of the men in federal court, one in Washington, the other in New York. Solomon later settled his Washington case on undisclosed terms; the New York lawsuit filed by his source is ongoing.<\/p>\n<p>In June 2022, Google researchers linked hack-for-hire activity to another Indian company named Rebsec Solutions, which Google said \u201copenly advertises corporate espionage.\u201d<\/p>\n<p>Rebsec&#8217;s founder, Vishavdeep Singh, told Reuters he had worked for Appin and BellTroX but was never involved in hacking, and that Rebsec merely taught cybersecurity courses.<\/p>\n<p>CyberRoot said in a public statement issued last year that it \u201chas never engaged in illegal activities.\u201d It declined further comment. Attempts to reach BellTroX&#8217;s founder, Sumit Gupta, have been unsuccessful.<\/p>\n<p>In his last known interview, speaking with Reuters in 2020, Gupta claimed he was not personally involved in cyberespionage. But he did acknowledge the outsized role that his former employer played in shaping the industry.<\/p>\n<p>\u201cAppin is the godfather for all the hackers,\u201d he said.<\/p>\n<p><i>(This story has not been edited by NDTV staff and is auto-generated from a syndicated feed.)<\/i><\/p>\n<\/div>\n<p>[ad_2]<br \/>\n<br \/><a href=\"https:\/\/www.ndtv.com\/india-news\/how-an-indian-startup-hacked-the-world-appin-rajat-khare-anuj-khare-4580813\">Source link <\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>[ad_1] Run by pair of brothers, Rajat and Anuj Khare, the company began as Indian educational startup New Delhi: Chuck Randall was on the verge of unveiling an ambitious real estate deal he hoped would give his small Native American tribe a bigger cut of a potentially lucrative casino project. A well-timed leak derailed it [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":391253,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[5],"tags":[461567,461568,461569],"_links":{"self":[{"href":"https:\/\/haftavasool.com\/haftavasool\/wp-json\/wp\/v2\/posts\/391252"}],"collection":[{"href":"https:\/\/haftavasool.com\/haftavasool\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/haftavasool.com\/haftavasool\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/haftavasool.com\/haftavasool\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/haftavasool.com\/haftavasool\/wp-json\/wp\/v2\/comments?post=391252"}],"version-history":[{"count":0,"href":"https:\/\/haftavasool.com\/haftavasool\/wp-json\/wp\/v2\/posts\/391252\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/haftavasool.com\/haftavasool\/wp-json\/wp\/v2\/media\/391253"}],"wp:attachment":[{"href":"https:\/\/haftavasool.com\/haftavasool\/wp-json\/wp\/v2\/media?parent=391252"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/haftavasool.com\/haftavasool\/wp-json\/wp\/v2\/categories?post=391252"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/haftavasool.com\/haftavasool\/wp-json\/wp\/v2\/tags?post=391252"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}