London: The use of the Indian underworld to break into email accounts and smartphones has become a practice that has been proliferating for years. British investigators have been able to commission “hack-for-hire” firms with little fear that they will be prosecuted for breaking the UKs computer misuse laws, an investigation revealed.
The probe by the Bureau of Investigative Journalism and the Sunday Times revealed the contents of a leaked database from inside one of the major “hack-for-hire” gangs. It shows the extent of illegal computer hacking across London for corporate intelligence companies targeting British businesses, journalists and politicians.
But this gang is not the only one. The undercover reporters made contact with a series of Indian hackers who were secretly filmed speaking openly about their illicit work and their underground industry’s nefarious influence in Britain.
It is illegal to commission hacking from the UK, a crime punishable with a prison sentence of up to 10 years. There are similar laws in India, where unlawfully accessing a computer carries a jail sentence of up to three years.
But the hackers had no fear of being found out. One laughed when asked if any Indian hacker had been caught. “Not even a single (one),” he said.
In recent years there has been a trend for computer security firms to pretend to be training “white hat” hackers so their knowledge can be used to protect clients from online attacks. In reality, however, they are being readied for the dark side.
There is plenty of money to be made from breaking into private email accounts, and plenty of clients willing to pay. This is how the Indian hacking industry began.
One of the industry’s founding fathers was a firm called Appin, set up in Delhi more than a dozen years ago supposedly to train a new generation of “ethical” hackers who could help safeguard individuals and businesses from cyberattacks.
However, the firm, now defunct, is alleged to have secretly established a lucrative sideline taking cash from clients around the world to hack individuals. These clients are said to have included corporate intelligence companies based in Britain, the investigationrevealed.
India was a particularly attractive proposition for the investigators. It was not just that India’s enforcement of computer misuse rules was light touch; the commissioning of crimes in a faraway country with a different jurisdiction greatly reduced the risk that the investigators would be caught or prosecuted.
Among the “ethical” hackers trained by Appin was Aditya Jain, whose secret database revealing that he hacked Qatar’s critics is also exposed by the Bureau and Sunday Times, the report said.
The Gulf state is said to have been one of Appin’s customers, according to one former employee who spoke to this newspaper’s undercover reporters. This is denied by Qatar.
Appin’s days at the forefront of the illegal industry came to an end when its activities were exposed publicly. In 2013, Norwegian cybersecurity experts linked Appin to wide-scale cyberattacks that had been directed at more than a dozen countries.
A year previously, Appin had been accepted onto a global entrepreneur programme run by the British government’s trade department. It appeared keen to help Appin’s founder, Rajat Khare, who had set up a business in the UK, says the investigation.
Remarkably, Khare was introduced to the then Duke and Duchess of Cambridge at a networking event in 2016 organised by the British High Commission, as a result of his continued participation in the UK taxpayer-funded programme.
The department said it had been unaware of any allegations against Appin when the firm was accepted onto the scheme. Last month, Khare said his involvement with Appin only related to “robotics, artificial intelligence and ethical hacking”.
As Appin grappled with hacking allegations in 2013, its well-trained former employees scattered like seeds and set up new firms to utilise their freshly acquired talents in the computer dark arts. This created a more diversified Indian hacking industry.
Several set up offices in Gurugram, a city of high-rise glass buildings criss-crossed by dusty pot-holed roads on Delhi’s south-western outskirts, where some of the biggest technology companies in the world, including Meta, Google and Twitter, have offices, the investigation further revealed.