Company:Appin: Difference between revisions

From HandWiki
(correction)
 
(simplify)
 
Line 1: Line 1:
{{Company
{{Infobox company
| name = Appin
| name = Appin
| logo = Appin logo.jpeg
| type = [[Finance:Privately held company|Private]]
| industry = Computer security
| industry = Computer security
| founded = 2003
| founded = 2003
| founder = {{Unbulleted list|Rajat Khare|Anuj Khare}}
| founder = {{Unbulleted list|Rajat Khare|Anuj Khare}}
| fate = Dissolved<ref name="bij-inside-the-h4h-industry" />
| hq_location_city = [[Place:New Delhi|New Delhi]]
| hq_location_city = [[Place:New Delhi|New Delhi]]
| hq_location_country = {{wipe|India}}
| hq_location_country = [[Place:India|India]]
| services = {{Unbulleted list|Cyber syping|[[Cyberwarfare|Cyber warfare]]|[[Social:Social engineering (security)|Social engineering]]|Cybersecurity training}}
| services = {{Unbulleted list|[[Social:Espionage|Espionage]]|[[Phishing]]|[[Cyberattack|Cyber attack]]|[[Cyberwarfare|Cyber warfare]]|[[Social:Social engineering (security)|Social engineering]]|Cybersecurity training}}
| website = [https://web.archive.org/web/20130218224746/http://appintechnology.com/contact-us.aspx Official website]
}}
}}


'''Appin''' was an Indian cyberespionage company started in 2003 and run by brothers Rajat and Anuj Khare. Although it initially started as a cybersecurity training firm, by 2010 the company had begun providing hacking services for governments and corporate clients.<ref>{{Cite news |last=Satter |first=Raphael |last2=Bing |first2=Christopher |date=2022-06-30 |title=How mercenary hackers swat litigation battles |url=https://www.reuters.com/investigates/special-report/usa-hackers-litigation/}}</ref> In 2013, a report by [[Organization:Shadowserver Foundation|Shadowserver Foundation]] publicly attributed several hacks of high-profile organizations to Appin.<ref>{{Cite web |last=Fagerland |first=Snorre |last2=Kråkvik |first2=Morten |last3=Camp |first3=Jonathan |date=2013 |title=Operation Hangover: Unveiling an Indian Cyberattack Infrastructure |url=https://web.archive.org/web/20130612144153/http://enterprise.norman.com/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf |access-date=2023-12-18 |website=web.archive.org}}</ref> The company offered "ethical hacking" to prospective clients.<ref name="ny-h4hi">{{cite magazine |last=Kirkpatrick|first=David|date=1 June 2023|title=A Confession Exposes India's Secret Hacking Industry|url=https://www.newyorker.com/news/annals-of-crime/a-confession-exposes-indias-secret-hacking-industry|magazine=The New Yorker|location= |access-date=20 Nov 2023}}</ref>
'''Appin''' was an Indian [[Cyber espionage|cyber espionage]] company founded in 2003 by brothers Rajat and Anuj Khare. It initially started as a cybersecurity training firm, but by 2010, the company had begun providing hacking services for governments and corporate clients that was reported to have stolen secrets from executives, politicians, military officials and wealthy elites worldwide. ''Reuters'', ''The New Yorker'', ''Wired'', ''SRF Investigativ'', and ''Intelligence Online'' have reported on Appin's [[Hack-for-hire operation|hack-for-hire]] operations and Rajat Khare's extensive efforts to suppress coverage through civil and criminal actions.<ref name="rsf-appin-silencing-media">{{Cite web |date=2024-11-21 |title=RSF investigation: the Indian cyber-security giant silencing media outlets worldwide |url=https://rsf.org/en/rsf-investigation-indian-cyber-security-giant-silencing-media-outlets-worldwide |access-date=2024-12-31 |website=Reporters Without Borders |language=en}}</ref> Appin created the model that is still used by the Indian hack-for-hire industry.<ref name="reuters-special-report-appin">{{Cite news |last1=Satter |first1=Raphael |last2=Siddiqui |first2=Zeba |last3=Bing |first3=Chris |date=2023-11-16 |title=How an Indian startup hacked the world |url=https://www.reuters.com/investigates/special-report/usa-hackers-appin/ |access-date=2024-12-31 |website=Reuters |language=en}}</ref><ref name="reuters-usa-hackers-litigation">{{Cite news |last1=Satter |first1=Raphael |last2=Bing |first2=Christopher |date=2022-06-30 |title=How mercenary hackers sway litigation battles |url=https://www.reuters.com/investigates/special-report/usa-hackers-litigation/ |access-date=2024-12-31 |website=Reuters |language=en}}</ref><ref name="bij-inside-the-h4h-industry">{{cite news |last=Wild |first=Franz |date=2022-05-11 |title=Inside the global hack-for-hire industry |url=https://www.thebureauinvestigates.com/stories/2022-11-05/inside-the-global-hack-for-hire-industry |access-date=2023-11-20 |website=Bureau of Investigative Journalism}}</ref><ref name="newyorker-india-hacking-industry">{{cite magazine |last=Kirkpatrick|first=David|date=1 June 2023|title=A Confession Exposes India's Secret Hacking Industry|url=https://www.newyorker.com/news/annals-of-crime/a-confession-exposes-indias-secret-hacking-industry|magazine=The New Yorker|location= |access-date=20 Nov 2023}}</ref>


The firm rebranded in 2022 and its employees went on to form other similar firms including CyberRoot Risk Advisory and BellTroX InfoTech Services. Appin hacked into private computers for state security agencies and private investigators.<ref>{{cite news |last=Satter|first=Raphael|date=16 Nov 2023|title=How an Indian startup hacked the world|url=https://www.reuters.com/investigates/special-report/usa-hackers-appin/|work={{wipe|Reuters}}|location= |access-date=20 Nov 2023|archive-url=https://archive.today/20231117025741/https://www.reuters.com/investigates/special-report/usa-hackers-appin/|archive-date=2023-11-17}}</ref><ref>{{cite magazine |last=Greenberg|first=Andy|date=10 Nov 2023|title=The Startup That Transformed the Hack-for-Hire Industry|url=https://www.wired.com/story/indian-startup-hack-for-hire-security-roundup/|magazine=Wired|location= |access-date=20 Nov 2023}}</ref><ref name="ny-h4hi"/><ref>{{cite news |last=Wild|first=Franz|date=11 May 2022|title=Inside the global hack-for-hire industry|url=https://www.thebureauinvestigates.com/stories/2022-11-05/inside-the-global-hack-for-hire-industry|work=Bureau of Investigative Journalism|location= |access-date=20 Nov 2023}}</ref><ref>{{cite report |author= Tom Hegel|date= November 16, 2023|title= Elephant Hunting: Inside an Indian Hack-For-Hire Group|url= https://www.sentinelone.com/labs/elephant-hunting-inside-an-indian-hack-for-hire-group/|publisher=SentinelLabs|page= |docket= |quote=|archive-url=https://web.archive.org/web/20231117061038/https://www.sentinelone.com/labs/elephant-hunting-inside-an-indian-hack-for-hire-group/|archive-date=17 Nov 2023}}</ref> In November 2023, Appin lawyers filed a lawsuit against {{wipe|Reuters}}, claiming that the news agency had engaged in a "defamatory campaign."<ref>{{cite news |last= Omar |first= Rashid|date= December 7, 2023|title= Forced To Pull Story On Indian Firm's Alleged Global Hacking Operation, Reuters To Fight Court Order|url= https://thewire.in/law/delhi-court-reuters-takes-down-story-indian-firm-hacking|work= The Wire|location= }}</ref> On December 4, 2023, Reuters temporarily removed an article about the company's "hack for hire" services, "How an Indian startup hacked the world," to comply with a Delhi district court order, though Reuters reiterated that it stood by its reporting.<ref>{{cite news |last= Masnick|first= Mike|date= December 7, 2023|title= Indian Court Orders Reuters To Take Down Investigative Report Regarding A 'Hack-For-Hire' Company|url=https://www.techdirt.com/2023/12/07/indian-court-orders-reuters-to-take-down-investigative-report-regarding-a-hack-for-hire-company/|work= Techdirt |location= }}</ref><ref>{{Cite web |title=The Hack-for-Hire Industry: Death by a Thousand Cuts + When Theft Doesn&#39;t Work... Troll |url=https://www.lawfaremedia.org/article/the-hack-for-hire-industry-death-by-a-thousand-cuts-when-theft-doesn't-work-troll |access-date=2023-12-18 |website=Default |language=en}}</ref><ref>{{Cite web |last=Cox · |first=Joseph |date=2023-12-06 |title=Reuters Takes Down Blockbuster Hacker-for-Hire Investigation After Indian Court Order |url=https://www.404media.co/reuters-takes-down-blockbuster-hacker-for-hire-investigation-after-indian-court-order/ |access-date=2023-12-18 |website=404 Media |language=en}}</ref> In February 2024, Wired reported that lawyers for Appin and a related entity called the <q>Association for Appin Training Centers</q> have filed lawsuits and made legal threats against more than a dozen news organizations.<ref>{{cite news |last= Greenberg|first= Andy|date=February 1, 2024|title=A Startup Allegedly Hacked the World. Then Came the Censorship—and Now the Backlash|url=https://www.wired.com/story/appin-training-centers-lawsuits-censorship/ |language=en}}</ref>
== History ==
In December 2003, Rajat Khare along with high school friends conceived Appin to offer technology training workshops to university students. By 2005, now joined by Anuj, an entrepreneur and former motivational speaker, the company had an office in western [[Place:New Delhi|New Delhi]]. Appin began as a digital security consultancy that provided cybersecurity classes to help Indian organizations defend themselves online. This drew the attention of Indian government officials, who were navigating internet-era intelligence challenges and seeking ways to hack into computers and emails.<ref name="reuters-special-report-appin" />


== External links ==
Shortly thereafter, Appin established a subsidiary called Appin Software Security also known as the Appin Security Group to conduct surveillance activities for the Indian government. Employees signed [[Social:Non-disclosure agreement|non-disclosure agreement]]s and were shipped to military-controlled facilities, where they worked away from their colleagues in the wider company.Their targets included Pakistan, China, and Khalistani separatists from India's Punjab state.<ref name="reuters-special-report-appin" />
* [https://www.documentcloud.org/documents/22065658-appin-efiia-pp A PowerPoint slide with Appin surveillance proposals provided to a Swiss private investigator on Nov. 22, 2010]<ref name="ny-h4hi"/>
 
By 2009, the company's clients had included the Research and Analysis Wing (RAW), the Intelligence Bureau, the Indian Armed Forces, the Ministry of Home Affairs, and the Central Bureau of Investigation (CBI). Appin claimed their solutions were used by government intelligence agencies to monitor hostile individuals, marketed software for analyzing call metadata, and explored importing Israeli cell phone interception devices. For the fiscal year ending in 2009, the company earned nearly $1 million in revenue and a profit of about $170,000, with a projected tenfold increase in revenue over the next 36 months.<ref name="reuters-special-report-appin" />
 
The company also made extra money by discreetly reselling material it had hacked for one Indian agency to another. This practice of double-dipping was eventually uncovered, prompting several outraged Indian intelligence agencies to terminate their contracts with Appin. Facing dwindling opportunities in intelligence work, Appin shifted its focus to hacking and phishing for the private sector.<ref name="reuters-special-report-appin" />
 
In 2010, Rajat Khare sent bulk emails to private intelligence firms across Europe offering hacking-for-hire services.<ref name="newyorker-india-hacking-industry" /> Around 2011, the mercenaries began operating a digital dashboard dubbed "My Commando" for spy services, resembling an e-commerce platform with a menu of hacking options. Customers logged in to request Appin to hack emails, computers, or phones, track the operation's progress like a delivery, and later download the stolen data.<ref name="reuters-special-report-appin" /> More than 70 global clients hired Appin to hack hundreds of targets through "My Commando."<ref name="reutersreport">{{cite news |last=Satter |first=Raphael |date=16 Nov 2023 |title=How an Indian startup hacked the world |url=https://www.reuters.com/investigates/special-report/usa-hackers-appin/ |archive-url=https://archive.today/20231117025741/https://www.reuters.com/investigates/special-report/usa-hackers-appin/ |archive-date=2023-11-17 |access-date=20 Nov 2023 |work=Reuters |location=}}</ref><ref name="newyorker-india-hacking-industry" />
 
Among the system's early users were Israeli private detectives Aviram Halevi and Tamir Mor, who accessed it in late 2011. That year, Mor ordered hacks on more than 40 targets, including Malaysian politician Mohamed Azmin Ali, Russian oligarch Boris Berezovsky, and his lawyers. Berezovsky was found dead in 2013 after losing a multibillion-dollar case the previous year.<ref>{{Cite news |last=Melville |first=Toby |date=2014-03-28 |title=UK coroner records open verdict on death of Russian oligarch Berezovsky |url=https://www.reuters.com/article/us-britain-berezovsky-idUSBREA2Q25O20140327/ |access-date=2024-02-03 |website=Reuters |language=en}}</ref> Around the same time, another user hired Appin to hack 30 targets, including a Rwandan dissident and the wife of another wealthy Russian going through a divorce.<ref name="reutersreport" /> The targets also included Kristi Rogers—the wife of Representative Mike Rogers, who was the Chairman of the U.S. House Intelligence Committee at the time. Less well-known individuals, such as a landscape architect in New Jersey and a Native American tribal member, were also targeted using the system. Other victims of Appin included [[Social:Human rights defender|human rights activists]], such as those associated with the Oslo Freedom Forum, along with governmental and private organizations.<ref name="reutersreport">{{cite news |last=Satter |first=Raphael |date=16 Nov 2023 |title=How an Indian startup hacked the world |url=https://www.reuters.com/investigates/special-report/usa-hackers-appin/ |archive-url=https://archive.today/20231117025741/https://www.reuters.com/investigates/special-report/usa-hackers-appin/ |archive-date=2023-11-17 |access-date=20 Nov 2023 |work=Reuters |location=}}</ref><ref name="newyorker-india-hacking-industry" /><ref name="bij-inside-the-h4h-industry" /><ref>{{Cite report |url=https://www.sentinelone.com/labs/elephant-hunting-inside-an-indian-hack-for-hire-group/ |title=Elephant Hunting: Inside an Indian Hack-For-Hire Group |author=Tom Hegel |date=16 November 2023 |publisher=SentinelLabs |page= |docket= |quote= |archive-url=https://web.archive.org/web/20231117061038/https://www.sentinelone.com/labs/elephant-hunting-inside-an-indian-hack-for-hire-group/ |archive-date=17 November 2023}}</ref>
 
Starting on 5 January 2012, a cyberattack targeted Peter Hargitay, a Zurich-based FIFA insider and consultant for Australia's 2022 World Cup bid. Hargitay and his son hired an expert who traced the hack to a server linked to Rajat Khare. The attack was part of an extensive hacking operation targeting numerous individuals for smear campaigns. This was tied to Qatar's web of espionage to secure the 2022 FIFA World Cup hosting rights.<ref name="reuters-special-report-appin" /><ref name="srf-project-merciless" /><ref name="ap-qatar-spy-on-fifa">{{Cite news |last=Suderman |first=Alan |date=2021-11-23 |title=World Cup host Qatar used ex-CIA officer to spy on FIFA |url=https://apnews.com/article/soccer-sports-business-united-states-middle-east-754753c3f425650eedfef6c264bf669c |access-date=2025-01-09 |website=Associated Press |language=en}}</ref><ref name="intonline-rajat-khare-helping-qatar">{{Cite web |date=2022-10-20 |title=Former Indian cyber privateer Rajat Khare is helping Qatar keep the football World Cup safe |url=https://www.intelligenceonline.com/surveillance--interception/2022/10/20/former-indian-cyber-privateer-rajat-khare-is-helping-qatar-keep-the-football-world-cup-safe,109836892-eve |access-date=2024-12-31 |website=Intelligence Online |language=en}}</ref> Hack-for-hire companies founded by Appin alumni were also implicated in the campaign.<ref name="bij-qatar-hacked-world-cup">{{Cite news |last1=Wild |first1=Franz |last2=Siddons |first2=Ed |last3=Lock |first3=Simon |last4=Calvert |first4=Jonathan |last5=Arbuthnott |first5=George |date=2022-11-05 |title=How Qatar hacked the World Cup |url=https://www.thebureauinvestigates.com/stories/2022-11-05/how-qatar-hacked-the-world-cup/ |access-date=2025-02-06 |website=Bureau of Investigative Journalism}}</ref>
 
Also in 2012, a German private investigator paid Appin $3,000 to hack an email during an inheritance feud involving a wealthy businessman.<ref name="reuters-usa-hackers-litigation" /> That same year, an Indian cybersecurity consultant traced an attempted hack on a client to Appin and discovered compromising material on its servers.<ref>{{Cite news |first=K.K. |last=Mookhey |date=2013 |title=Malware Analysis Report |url=https://networkintelligence.ai/wp-content/uploads/2024/11/malware-analysis-report-july-2013.pdf |access-date=2025-01-05 |website=Network Intelligence |language=en}}</ref> In the Dominican Republic, authorities raided a local newspaper publisher in 2012 and formally accused him of collaborating with Khare to hack emails and extract information from the nation's elite for his digital newspaper. The publisher later admitted that in 2011, he paid Appin between $5,000 and $10,000 a month to spy on over 200 prominent Dominicans—including then-President Leonel Fernández.<ref name="reuters-special-report-appin" />
 
In 2012, after analyzing a hack and leak targeting a Native American tribal member, the FBI linked multiple cases to a single perpetrator. Collaborating with Swiss authorities, the FBI identified the perpetrator as Appin and shared that they had human intelligence through a confidential source.<ref name="reutersreport" />
 
In February 2013, the [[Company:Chicago Mercantile Exchange|Chicago Mercantile Exchange]] filed a complaint with the [[Organization:World Intellectual Property Organization|World Intellectual Property Organization]] regarding a phishing attack that used a suspicious domain to steal investment information.<ref>{{Cite news |last=Jackson|first=Kelly |date=2013-05-20 |title='Commercialized' Cyberespionage Attacks Out Of India Targeting U.S., Pakistan, China, And Others |url=https://www.darkreading.com/cyberattacks-data-breaches/-commercialized-cyberespionage-attacks-out-of-india-targeting-u-s-pakistan-china-and-others |access-date=2025-01-01 |website=Dark Reading |language=en}}</ref><ref name="wsj-spate-of-indian-cyberattacks">{{Cite news |last1=Fowler|first1=Geoffrey A. |last2=Valentino-DeVries|first2=Jennifer |date=2013-06-23 |title=Spate of Cyberattacks Points to Inside India |url=https://www.wsj.com/articles/SB10001424127887324634304578539462436752602 |access-date=2025-01-01 |website=The Wall Street Journal |language=en}}</ref> In March of that year, after Telenor filed a criminal case with Norwegian police Kripos over a hack stealing 66,000 emails from its leadership and legal advisor, the infosec community obtained evidence that allowed them to access Appin's unsecured servers and link the group to several high-profile cyberattacks that had been directed at more than a dozen countries.<ref name="bij-inside-the-h4h-industry" /><ref name="theregister-hangover-india">{{Cite news |last=Muncaster|first=Phil |date=2013-05-21 |title='India attacked Norwegian telco to get at Pakistan, China' - report |url=https://www.theregister.com/2013/05/21/hangover_india_apt_discovered/ |access-date=2025-01-02 |website=The Register |language=en}}</ref><ref>{{Cite news |last=Jackson|first=Kelly |date=2013-07-18 |title='Hangover' Persists, More Mac Malware Found |url=https://www.darkreading.com/cyberattacks-data-breaches/-hangover-persists-more-mac-malware-found |access-date=2025-01-01 |website=Dark Reading |language=en}}</ref><ref>{{Cite news |last=Vijayan |first=Jai |date=2023-11-16 |title=Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks |url=https://www.darkreading.com/cyberattacks-data-breaches/shadowy-hack-for-hire-group-behind-sprawling-web-of-global-cyberattacks |archive-url=https://web.archive.org/web/20231207220822/https://www.darkreading.com/cyberattacks-data-breaches/shadowy-hack-for-hire-group-behind-sprawling-web-of-global-cyberattacks |archive-date=2023-12-07 |website=Dark Reading |language=en}}</ref><ref>{{Cite news |last=Johansen |first=Per Anders |date=2013-03-17 |title=Spionerte på Telenor-sjefer, tømte all e-post og datafiler |url=http://www.aftenposten.no/nyheter/Spionerte-pa-Telenor-sjefer_-tomte-all-e-post-og-datafiler-7149813.html |archive-url=https://web.archive.org/web/20130320072419/http://www.aftenposten.no/nyheter/Spionerte-pa-Telenor-sjefer_-tomte-all-e-post-og-datafiler-7149813.html |archive-date=2013-03-20 |website=Aftenposten |language=no}}</ref> Notably, Norman Shark publicly linked the Telenor hack to Appin.<ref name="norman-op-hangover">{{Cite web |last1=Fagerland |first1=Snorre |last2=Kråkvik |first2=Morten |last3=Camp |first3=Jonathan |date=2013 |title=Operation Hangover: Unveiling an Indian Cyberattack Infrastructure |url=http://enterprise.norman.com/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf |access-date=2023-12-18 |archive-url=https://web.archive.org/web/20130612144153/http://enterprise.norman.com/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf |archive-date=2013-06-12 |website=Norman ASA |language=en}}</ref><ref name="toi-2013-05-23">{{Cite news |date=2013-05-23 |title=Norwegian company names Indian firm for global cyber offensive? |url=http://timesofindia.indiatimes.com/tech/enterprise-it/security/Norwegian-company-names-Indian-firm-for-global-cyber-offensive/articleshow/20217320.cms |access-date=2025-01-10 |archive-url=https://web.archive.org/web/20130524020214/http://timesofindia.indiatimes.com/tech/enterprise-it/security/Norwegian-company-names-Indian-firm-for-global-cyber-offensive/articleshow/20217320.cms |archive-date=2013-05-24 |website=The Times of India |language=en}}</ref><ref name="reuters-special-report-appin" />
 
Appin's industrial-scale random attacks drew global attention,<ref name="srf-project-merciless">{{Cite web |last1=Eiholzer|first1=Leo |last2=Schmid|first2=Andreas |date=2022-11-02 |title='Project Merciless': how Qatar spied on the world of football in Switzerland |url=https://www.swissinfo.ch/eng/business/project-merciless-how-qatar-spied-on-the-world-of-football-in-switzerland/48022952 |access-date=2025-01-04 |website=Swiss investigative program Rundschau (swissinfo.ch) |language=en}}</ref> and by 2013, they had become well known among security researchers, who referred to them using various monikers to describe their pattern of activity, including Operation Hangover by [[Organization:Shadowserver Foundation|Shadowserver Foundation]] and Norman Shark,<ref>{{Cite web |last=Fagerland |first=Snorre |date=2013-05-20 |title=The Hangover Report |url=http://blogs.norman.com/2013/security-research/the-hangover-report |access-date=2023-12-18 |archive-url=https://web.archive.org/web/20131026100344/http://blogs.norman.com/2013/security-research/the-hangover-report |archive-date=2013-10-26 |website=Norman ASA |language=en}}</ref><ref name="norman-op-hangover"/><ref>{{Cite web |title=Operation Hangover: Unveiling an Indian Cyberattack Infrastructure |url=https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20an%20Indian%20Cyberattack%20Infrastructure%20-%20appendixes.pdf |access-date=2023-12-18 |archive-url=https://web.archive.org/web/20220121033948/https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20an%20Indian%20Cyberattack%20Infrastructure%20-%20appendixes.pdf |archive-date=2022-01-21 |website=Seebug, part of 360 Netlab |language=en}}</ref> Monsoon by [[Company:Forcepoint|Forcepoint]],<ref>{{Cite web |last1=Settle |first1=Andy |last2=Griffin |first2=Nicholas |last3=Toro |first3=Abel |title=Monsoon – Analysis of an Apt Campaign Espionage and Data Loss Under the Cover of Current Affairs |url=https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf |access-date=2025-01-01 |website=Forcepoint |language=en}}</ref> and Viceroy Tiger by [[Company:CrowdStrike|CrowdStrike]].<ref>{{Cite web |last1=Santos|first1=Doel |last2=Hinchliffe|first2=Alex |date=2020-07-03 |title=Threat Assessment: Hangover Threat Group |url=https://unit42.paloaltonetworks.com/threat-assessment-hangover-threat-group/ |access-date=2025-01-01 |website=Palo Alto Networks |language=en}}</ref><ref>{{Cite web |last1=Hinchliffe|first1=Alex |last2=Falcone|first2=Robert |date=2020-05-11 |title=Updated BackConfig Malware Targeting Government and Military Organizations in South Asia |url=https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/ |access-date=2025-01-01 |website=Palo Alto Networks |language=en}}</ref><ref>{{Cite web |last=Boutin|first=Jean-Ian |date=2013-05-16 |title=Targeted information stealing attacks in South Asia use email, signed binaries |url=https://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/ |access-date=2025-01-03|website=WeLiveSecurity |language=en}}</ref> From 2013 onward, Google spent a decade monitoring Appin-linked hackers who targeted tens of thousands of email accounts on its platform.<ref name="google-2022-17-30">{{Cite web |last=Huntley|first=Shane |date=2022-07-30 |title=Countering hack-for-hire groups |url=https://blog.google/threat-analysis-group/countering-hack-for-hire-groups/ |access-date=2025-01-04 |website=Google |language=en}}</ref><ref>{{Cite news |last=Vijayan |first=Jai |date=2022-07-01 |title=Google: Hack-for-Hire Groups Present a Potent Threat |url=https://www.darkreading.com/threat-intelligence/google-hack-for-hire-groups-present-a-potent-threat |access-date=2025-01-06 |website=Dark Reading |language=en}}</ref> Due to the unusually high volume worked by the hackers, Google had to expand its systems and procedures to keep up with them. Security researchers have been cautious in their public statements linking Appin to the hacking and [[Phishing|phishing]] incidents to avoid legal trouble; however, privately, they remain confident in the connection.<ref name="reuters-special-report-appin" />
 
Since 2012, Appin and its CEO Rajat Khare have been under criminal investigations in multiple countries. Swiss authorities linked Appin and Rajat Khare to a criminal complaint filed by the Hargitays for intrusion into their systems, while Norwegian investigators connected Appin to the Telenor hack. In 2016, the person who had hired a private detective to access the email of her fellow Native American tribal member pleaded guilty in federal court. Later, in mid-2020, that detective confessed in an affidavit that he had hired Appin to carry out the email heist. Similarly, Aviram Halevi, who hired Appin to hack at least three dozen people in 2011, admitted to employing them to steal emails from a Korean businessman.<ref name="reuters-usa-hackers-litigation" /> In 2021, the State Bank of India filed a criminal complaint with the Central Bureau of Investigation, Appin's former client, accusing Rajat Khare and others of embezzling ₹8.06 billion ($97 million) from loans to [[Company:Educomp Solutions|Educomp]], where Khare was a director.<ref name="reuters-special-report-appin" />
 
== Controversies ==
Appin and co-founder Rajat Khare have systematically pressured news sources in multiple countries, including France, Luxembourg, Switzerland, the United Kingdom, and India, to remove references in articles to the company and Khare.<ref>{{Cite web |last=Ingram |first=Mathew |title=A leak-hosting site looks to thaw the chill of censorship |url=https://www.cjr.org/the_media_today/qa_emma_best_ddosecrets.php |date=2024-01-18 |access-date=2024-02-12 |website=Columbia Journalism Review |language=en}}</ref><ref name="wired-appin-lawsuits" /><ref name="freedompress-global-censorship-campaign" >{{Cite web |date=2024-01-18 |title=Global censorship campaign raises alarms |url=https://freedom.press/news/global-censorship-campaign-raises-alarms/ |access-date=2024-02-12 |website=Freedom of the Press |language=en}}</ref><ref name="rsf-appin-silencing-media" />
 
On 2 November 2022, Swiss media outlet ''SRF Investigativ'' published an investigative piece about Qatar's elaborate and extensive espionage operation to secure the 2022 FIFA World Cup hosting rights. The operation, which was dubbed Project Merciless, involved hacking emails and phones of FIFA officials and critics of Qatar's corruption and poor human rights record. It also targeted their friends and family members to run smear campaigns and influence FIFA policy.<ref name="srf-project-merciless" /><ref name="ap-qatar-spy-on-fifa" /><ref name="bij-qatar-hacked-world-cup" /><ref name="intonline-rajat-khare-helping-qatar" /> In November 2022, a lower court in Geneva ordered the publication to provisionally remove Rajat Khare's name and photo from the article. When contacted by RSF, Khare's Swiss lawyer, Nicolas Capt, stated that Khare has taken civil and criminal action in Switzerland and other countries to protect his honor.<ref name="rsf-appin-silencing-media" />
 
On 1 June 2023, The ''New Yorker'' published an article titled, "A Confession Exposes India's Secret Hacking Industry." The article primarily focused on firms founded by Appin alumni, such as BellTroX Infotech Services and CyberRoot Risk Advisory, which have targeted climate activists, investors, lawsuit defendants, and organizations on a global scale and still remain operational. Appin first sued the U.S. magazine in India, and later, Rajat Khare filed a lawsuit against it in Switzerland. The New Yorker refused to take down their article, stating that they fully stand behind the piece, which is an accurate and fair account of a matter of legitimate public interest. They further stated that they will continue to defend the right to publish important reporting without fear or favor.<ref name="newyorker-india-hacking-industry" /><ref name="rsf-appin-silencing-media" />
 
On 16 November 2023, ''Reuters'' published an explosive article about the company and its cofounder Rajat Khare titled, "How an Indian Startup Hacked the World." Drawing on hundreds of interviews and thousands of vetted documents, ''Reuters'' found that Appin "grew from an educational startup to a hack-for-hire powerhouse that stole secrets from executives, politicians, military officials and wealthy elites around the globe." The report was based on Appin's activities for nearly two decades, including company records, law enforcement files, and input from former employees, clients, and security professionals. The raw material spanning 2005 to 2022 was authenticated by ''Reuters'' and further verified by U.S. cybersecurity firm [[Company:SentinelOne|SentinelOne]].<ref name="reuters-special-report-appin" /><ref name="rsf-appin-silencing-media" />
 
Appin sued ''Reuters'', claiming the news agency had engaged in a "defamatory campaign."<ref>{{Cite news |last= Omar |first= Rashid |date=2023-12-07 |title=Forced to Pull Story on Indian Firm's Alleged Global Hacking Operation, Reuters to Fight Court Order |url=https://thewire.in/law/delhi-court-reuters-takes-down-story-indian-firm-hacking |archive-url=https://web.archive.org/web/20231208133113/https://thewire.in/law/delhi-court-reuters-takes-down-story-indian-firm-hacking |archive-date=2023-12-08 |website=The Wire |language=en}}</ref><ref name="404-reuters-takes-down-h4h-inv">{{Cite web |title=The Hack-for-Hire Industry: Death by a Thousand Cuts + When Theft Doesn't Work... Troll |url=https://www.lawfaremedia.org/article/the-hack-for-hire-industry-death-by-a-thousand-cuts-when-theft-doesn't-work-troll |access-date=2024-02-10 |website=Lawfare |date=24 November 2023 |language=en |last1=Uren |first1=Tom }}</ref> It obtained an injunction from a Delhi court and, on 4 December 2023, ''Reuters'' temporarily removed its article. Reuters said that it stood by its reporting.<ref>{{cite news |last= Masnick|first= Mike|date= 2023-12-07|title= Indian Court Orders Reuters To Take Down Investigative Report Regarding A 'Hack-For-Hire' Company|url=https://www.techdirt.com/2023/12/07/indian-court-orders-reuters-to-take-down-investigative-report-regarding-a-hack-for-hire-company/|work= Techdirt |location= }}</ref><ref name="404-reuters-takes-down-h4h-inv"/><ref>{{Cite web |last=Cox |first=Joseph |date=2023-12-06 |title=Reuters Takes Down Blockbuster Hacker-for-Hire Investigation After Indian Court Order |url=https://www.404media.co/reuters-takes-down-blockbuster-hacker-for-hire-investigation-after-indian-court-order/ |access-date=2023-12-18 |website=404 Media |language=en}}</ref> An archived version of the ''Reuters'' article hosted on the [[Wayback Machine]] was likewise removed following demands from lawyers representing Appin co-founder Rajat Khare.<ref>{{Cite web |last=Schaffer |first=Michael |date=2024-01-19 |title=How a Judge in India Prevented Americans From Seeing a Blockbuster Report |url=https://www.politico.com/news/magazine/2024/01/19/india-judge-reuters-story-00136339 |access-date=2024-02-12 |website=POLITICO |language=en}}</ref> Appin further sent demands to [[Company:Meta Platforms|Meta Platforms]], [[Company:LinkedIn|LinkedIn]] and [[Organization:Naukri.com|Naukri.com]] to block accounts associated with the authors of the ''Reuters'' story.<ref name="freedompress-global-censorship-campaign" />
 
In February 2024, ''Wired'' reported that lawyers for Appin and a related entity called the <q>Association for Appin Training Centers</q> have filed lawsuits and made legal threats against more than a dozen news organizations. Appin sent emails demanding news site ''Techdirt'' and the organization MuckRock which hosted some of the information ''Reuters'' relied on. The two sites denied that the injunction was binding on them.<ref name=":2">{{Cite web |last=Masnick |first=Mike |date=2024-02-01 |title=Sorry Appin, We're Not Taking Down Our Article About Your Attempts To Silence Reporters |url=https://www.techdirt.com/2024/02/01/sorry-appin-were-not-taking-down-our-article-about-your-attempts-to-silence-reporters/ |access-date=2024-02-10 |website=Techdirt |language=en-US}}</ref><ref name="wired-appin-lawsuits">{{cite magazine |last= Greenberg|first= Andy|date=1 February 2024|title=A Startup Allegedly Hacked the World. Then Came the Censorship—and Now the Backlash|url=https://www.wired.com/story/appin-training-centers-lawsuits-censorship/ |magazine=Wired |language=en}}</ref><ref name="muckrock">{{Cite web |date=2024-02-01 |title=The Association of Appin Training Centers is waging a global censorship campaign to stop you from reading these documents |url=https://www.muckrock.com/news/archives/2024/feb/01/global-censorship-appin-reuters/ |access-date=2024-02-10 |website=MuckRock |language=en-US}}</ref> Other sites, such as the ''Lawfare'' blog, removed material based on the ''Reuters'' article.<ref name="404-reuters-takes-down-h4h-inv" /><ref name=":2"/> The [[Organization:Electronic Frontier Foundation|Electronic Frontier Foundation]] (EFF) announced that they responded on behalf of ''Techdirt'' and MuckRock to legal threats made by Appin Training Centers. One of the arguments the EFF made in their letter to Appin is that the Indian court's order is unenforceable in U.S. courts because it conflicts with the First Amendment and Section 230 of the Communications Decency Act (47 U.S.C. § 230), as reinforced by the SPEECH Act (28 U.S.C. § 4102). The EFF also urged recipients of Indian gag orders to carefully evaluate their legitimacy.<ref>{{Cite web |last=Galperin |first=Cooper Quintin and Eva |date=2024-02-08 |title=EFF Helps News Organizations Push Back Against Legal Bullying from Cyber Mercenary Group |url=https://www.eff.org/deeplinks/2024/02/eff-helps-news-organizations-resist-legal-bullying-cyber-mercenary-group |access-date=2024-12-30 |website=Electronic Frontier Foundation |language=en}}</ref><ref name="wired-appin-lawsuits"/><ref name="muckrock"/>
 
The ''Reuters'' article was restored in October 2024, after the Delhi court rescinded its injunction on 3 October 2024, noting "the plaintiff has not been able to show any [[Philosophy:Prima facie|prima facie]] case to make interference in the process of journalism".<ref>{{cite web |url=https://www.reuters.com/world/india/reuters-expos-hack-for-hire-world-is-back-online-after-indian-court-ruling-2024-10-26/ |title=Reuters exposé of hack-for-hire world is back online after Indian court ruling |date=26 October 2024 |access-date=2024-12-19 |work=Reuters}}</ref> The article is back online at its original location.<ref name="reutersreport"/>
 
On 21 November 2024, Reporters Without Borders (RSF) reported that works from at least 15 different media outlets had been modified or withdrawn as a result of a [[Social:Strategic lawsuit against public participation|strategic lawsuit against public participation]] or a legal notice from Rajat Khare or Appin Training Centers, while posts praising Khare on self-published sites flooded the internet. Additionally, an ''Intelligence Online'' article<ref name="intonline-rajat-khare-helping-qatar" /> was the subject of what Reporters Without Borders described as an "abusive DMCA takedown request".<ref name="rsf-appin-silencing-media" /><ref>{{Cite web |date=2022-12-07 |title=La réputation d'un "roi de la tech" indien au cœur d'un curieux bras de fer |url=https://gothamcity.ch/2022/12/07/piratage-la-reputation-dun-prodige-indien-au-coeur-dun-curieux-bras-de-fer/ |access-date=2024-12-31 |website=Gotham City |language=fr}}</ref>
 
==Legacy==
Following Norman Shark's public attribution of the Telenor hack to Appin,<ref name="norman-op-hangover" /> the company faced increasing scrutiny, and the group began scaling back its online presence.<ref name="reuters-special-report-appin" /> Around that time, former Appin employees branched out, founding similar hack-for-hire firms.<ref name="bij-inside-the-h4h-industry" />
 
Two such companies—BellTroX InfoTech Services led by Sumit Gupta and CyberRoot Risk Advisory<ref name="reuters-exposing-hack-and-leak-industry">{{Cite news |last1=Satter |first1=Raphael |last2=Bing |first2=Christopher |date=2022-06-30 |title=SPECIAL REPORT-His emails were stolen; now he's exposing the hack-and-leak industry |url=https://www.reuters.com/article/business/special-report-his-emails-were-stolen-now-hes-exposing-the-hack-and-leak-indus-idUSL1N2YG2PB/ |access-date=2025-01-29 |website=Reuters |language=en}}</ref><ref>{{Cite web |last1=Dvilyanski |first1=Mike |last2=Franklin |first2=Margarita |last3=David |first3=Agranovich |date=2013-05-16 |title=Threat Report on the Surveillance-for-Hire Industry |url=https://about.fb.com/wp-content/uploads/2022/12/Threat-Report-on-the-Surveillance-for-Hire-Industry.pdf |access-date=2025-01-10 |website=Meta |language=en}}</ref>—started collaborating with Appin, sharing staff and computer infrastructure for their hacking operations.<ref name="reuters-usa-hackers-litigation" />
 
Their activities were identified using a database of over 80,000 phishing emails sent to 13,000 targets from 2013 to 2020.<ref name="reuters-special-report-appin" /> This database was vetted by six expert groups, with each group independently confirming recognized hacking activity.<ref name="reuters-usa-hackers-litigation" />
Further analysis by [[Company:Mandiant|Mandiant]], LinkedIn, Google,<ref name="google-2022-17-30" /> and court records revealed that the hacking was carried out by three Appin-linked companies with an intermingling of resources among them.<ref name="reuters-usa-hackers-litigation" /> This network of mercenaries charged clients anywhere from a few thousand to millions of dollars,<ref name="reuters-exposing-hack-and-leak-industry" /> while paying workers just $370 per month.<ref name="reuters-special-report-appin" />
 
The hackers targeted attorneys and their clients—including companies, advocacy groups, media organizations, and business executives—seeking to undermine the legal process. Notably, media reports have linked Appin alumnus Sumit Gupta to criminal cases, former Israeli policeman Aviram Azari,<ref>{{Cite news |last=Bing |first=Christopher |date=2022-04-20 |title=Israeli charged in global hacker-for-hire scheme pleads guilty |url=https://www.reuters.com/world/middle-east/israeli-charged-global-hacker-for-hire-scheme-pleads-guilty-2022-04-20/|access-date=2025-01-12 |website=Reuters |language=en}}</ref><ref>{{Cite news |last=Reddick |first=James |date=2023-11-17 |title=Israeli private eye gets 80-month sentence for global hack-for-hire scheme |url=https://therecord.media/israeli-aviram-azari-sentenced-hacker-for-hire |access-date=2025-01-12 |website=The Record |language=en}}</ref><ref>{{Cite web |date=2020-06-24 |title=India, Israel, United States BellTrox affair scares corporate intelligence world |url=https://www.intelligenceonline.com/corporate-intelligence_corridors-of-power/2020/06/24/belltrox-affair-scares-corporate-intelligence-world,109240236-gra |access-date=2025-01-27 |website=Intelligence Online |language=en}}</ref> [[Organization:Dark Basin|Dark Basin]],<ref>{{Cite journal |last1=Scott-Railton |first1=John |last2=Hulcoop |first2=Adam |last3=Abdul Razzak |first3=Bahr |last4=Marczak |first4=Bill |last5=Anstis |first5=Siena |last6=Deibert |first6=Ron |date=2020-06-09 |title=Dark Basin - Uncovering a Massive Hack-For-Hire Operation |url=https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/ |access-date=2025-01-27 |website=Citizen Lab |language=en}}</ref> and the wider network of Indian hackers.<ref name="reuters-usa-hackers-litigation" /><ref>{{Cite news |last1=Stubbs |first1=Jack |last2=Satter |first2=Raphael |last3=Bing |first3=Christopher |date=2020-06-27 |title=Exclusive: Obscure Indian cyber firm spied on politicians, investors worldwide |url=https://www.reuters.com/article/us-india-cyber-mercenaries-exclusive/exclusive-obscure-indian-cyber-firm-spied-on-politicians-investors-worldwide-idUSKBN23G1GQ/ |access-date=2025-01-25 |website=Reuters |language=en}}</ref><ref name="newyorker-india-hacking-industry" /><ref>{{Cite news |last=Turton |first= William |date=2020-06-09 |title=U.S. Investigating Hacker Ring Paid to Target Corporate Critics |url=https://www.bloomberg.com/news/articles/2020-06-09/u-s-investigating-hacker-ring-paid-to-target-corporate-critics|access-date=2025-01-25 |website=Bloomberg |language=en}}</ref><ref>{{Cite news |last=Marchiando |first=Amy |date=2020-06-09 |title=Professional Hackers for Hire carried out large-scale credential spearphishing campaigns since at least 2013 |url=https://www.nortonlifelock.com/blogs/security-response/mercenary-amanda-professional-hackers-hire|archive-url=https://web.archive.org/web/20220629062546/https://www.nortonlifelock.com/blogs/security-response/mercenary-amanda-professional-hackers-hire |archive-date=2022-06-29 |website=NortonLifeLock |language=en}}</ref>
Appin Technology rebranded multiple times before adopting the name Sunkissed Organic Farms in 2017. Its subsidiaries also underwent rebranding. In 2015, Appin Software Security—which billed private eyes for the hacking work—became Adaptive Control Security Global Corporate (ACSG).<ref name="reuters-special-report-appin" />
 
Rajat Khare resigned as director of Appin Technology in 2016 and now resides in Switzerland. The multinational criminal investigations into him and Appin ultimately proved abortive due to jurisdictional challenges.
After the Swiss criminal investigation into his hacking of the Hargitays was closed, in the fall of 2020, Khare purchased a villa in Switzerland for 13.5 million Swiss francs from the daughter of a Ukrainian oligarch. He now portrays himself as a renowned start-up investor.<ref name="srf-project-merciless" />
In September 2023, The Economic Times reported that Rajat and Shweta Khare had purchased a plot in Delhi for ₹760 million (about $9.1 million). Together, they run Boundary Holding, a Luxembourg-based venture capital firm.<ref>{{Cite news |last=Haidar |first=Faizan |date=2023-09-05 |title=Boundary Holding's top executives buy land in Delhi for Rs 76 crore |url=https://economictimes.indiatimes.com/industry/services/property-/-cstruction/boundary-holdings-top-executives-buy-land-in-delhi-for-rs-76-crore/articleshow/103368654.cms |access-date=2025-01-10 |website=The Economic Times |location=}}</ref>
 
Rajat Khare's family controls companies founded under the Appin name, as well as the renamed Indian firms, including ACSG, which officially claims to provide confidential computer security services to governments.<ref name="reuters-special-report-appin" />
 
== See also ==
* [[Organization:Dark Basin|Dark Basin]]


==References==
==References==
{{reflist}}
{{reflist}}


[[Category:Hacking (computer security)]]
{{Hacking in the 2010s}}




{{Sourceattribution|Appin (company)|1}}
{{Sourceattribution|Appin}}

Latest revision as of 03:39, 3 August 2025

Appin
TypePrivate
IndustryComputer security
FateDissolved[1]
Founded2003
Founder
  • Rajat Khare
  • Anuj Khare
Headquarters
New Delhi
,
India
Services
WebsiteOfficial website

Appin was an Indian cyber espionage company founded in 2003 by brothers Rajat and Anuj Khare. It initially started as a cybersecurity training firm, but by 2010, the company had begun providing hacking services for governments and corporate clients that was reported to have stolen secrets from executives, politicians, military officials and wealthy elites worldwide. Reuters, The New Yorker, Wired, SRF Investigativ, and Intelligence Online have reported on Appin's hack-for-hire operations and Rajat Khare's extensive efforts to suppress coverage through civil and criminal actions.[2] Appin created the model that is still used by the Indian hack-for-hire industry.[3][4][1][5]

History

In December 2003, Rajat Khare along with high school friends conceived Appin to offer technology training workshops to university students. By 2005, now joined by Anuj, an entrepreneur and former motivational speaker, the company had an office in western New Delhi. Appin began as a digital security consultancy that provided cybersecurity classes to help Indian organizations defend themselves online. This drew the attention of Indian government officials, who were navigating internet-era intelligence challenges and seeking ways to hack into computers and emails.[3]

Shortly thereafter, Appin established a subsidiary called Appin Software Security also known as the Appin Security Group to conduct surveillance activities for the Indian government. Employees signed non-disclosure agreements and were shipped to military-controlled facilities, where they worked away from their colleagues in the wider company.Their targets included Pakistan, China, and Khalistani separatists from India's Punjab state.[3]

By 2009, the company's clients had included the Research and Analysis Wing (RAW), the Intelligence Bureau, the Indian Armed Forces, the Ministry of Home Affairs, and the Central Bureau of Investigation (CBI). Appin claimed their solutions were used by government intelligence agencies to monitor hostile individuals, marketed software for analyzing call metadata, and explored importing Israeli cell phone interception devices. For the fiscal year ending in 2009, the company earned nearly $1 million in revenue and a profit of about $170,000, with a projected tenfold increase in revenue over the next 36 months.[3]

The company also made extra money by discreetly reselling material it had hacked for one Indian agency to another. This practice of double-dipping was eventually uncovered, prompting several outraged Indian intelligence agencies to terminate their contracts with Appin. Facing dwindling opportunities in intelligence work, Appin shifted its focus to hacking and phishing for the private sector.[3]

In 2010, Rajat Khare sent bulk emails to private intelligence firms across Europe offering hacking-for-hire services.[5] Around 2011, the mercenaries began operating a digital dashboard dubbed "My Commando" for spy services, resembling an e-commerce platform with a menu of hacking options. Customers logged in to request Appin to hack emails, computers, or phones, track the operation's progress like a delivery, and later download the stolen data.[3] More than 70 global clients hired Appin to hack hundreds of targets through "My Commando."[6][5]

Among the system's early users were Israeli private detectives Aviram Halevi and Tamir Mor, who accessed it in late 2011. That year, Mor ordered hacks on more than 40 targets, including Malaysian politician Mohamed Azmin Ali, Russian oligarch Boris Berezovsky, and his lawyers. Berezovsky was found dead in 2013 after losing a multibillion-dollar case the previous year.[7] Around the same time, another user hired Appin to hack 30 targets, including a Rwandan dissident and the wife of another wealthy Russian going through a divorce.[6] The targets also included Kristi Rogers—the wife of Representative Mike Rogers, who was the Chairman of the U.S. House Intelligence Committee at the time. Less well-known individuals, such as a landscape architect in New Jersey and a Native American tribal member, were also targeted using the system. Other victims of Appin included human rights activists, such as those associated with the Oslo Freedom Forum, along with governmental and private organizations.[6][5][1][8]

Starting on 5 January 2012, a cyberattack targeted Peter Hargitay, a Zurich-based FIFA insider and consultant for Australia's 2022 World Cup bid. Hargitay and his son hired an expert who traced the hack to a server linked to Rajat Khare. The attack was part of an extensive hacking operation targeting numerous individuals for smear campaigns. This was tied to Qatar's web of espionage to secure the 2022 FIFA World Cup hosting rights.[3][9][10][11] Hack-for-hire companies founded by Appin alumni were also implicated in the campaign.[12]

Also in 2012, a German private investigator paid Appin $3,000 to hack an email during an inheritance feud involving a wealthy businessman.[4] That same year, an Indian cybersecurity consultant traced an attempted hack on a client to Appin and discovered compromising material on its servers.[13] In the Dominican Republic, authorities raided a local newspaper publisher in 2012 and formally accused him of collaborating with Khare to hack emails and extract information from the nation's elite for his digital newspaper. The publisher later admitted that in 2011, he paid Appin between $5,000 and $10,000 a month to spy on over 200 prominent Dominicans—including then-President Leonel Fernández.[3]

In 2012, after analyzing a hack and leak targeting a Native American tribal member, the FBI linked multiple cases to a single perpetrator. Collaborating with Swiss authorities, the FBI identified the perpetrator as Appin and shared that they had human intelligence through a confidential source.[6]

In February 2013, the Chicago Mercantile Exchange filed a complaint with the World Intellectual Property Organization regarding a phishing attack that used a suspicious domain to steal investment information.[14][15] In March of that year, after Telenor filed a criminal case with Norwegian police Kripos over a hack stealing 66,000 emails from its leadership and legal advisor, the infosec community obtained evidence that allowed them to access Appin's unsecured servers and link the group to several high-profile cyberattacks that had been directed at more than a dozen countries.[1][16][17][18][19] Notably, Norman Shark publicly linked the Telenor hack to Appin.[20][21][3]

Appin's industrial-scale random attacks drew global attention,[9] and by 2013, they had become well known among security researchers, who referred to them using various monikers to describe their pattern of activity, including Operation Hangover by Shadowserver Foundation and Norman Shark,[22][20][23] Monsoon by Forcepoint,[24] and Viceroy Tiger by CrowdStrike.[25][26][27] From 2013 onward, Google spent a decade monitoring Appin-linked hackers who targeted tens of thousands of email accounts on its platform.[28][29] Due to the unusually high volume worked by the hackers, Google had to expand its systems and procedures to keep up with them. Security researchers have been cautious in their public statements linking Appin to the hacking and phishing incidents to avoid legal trouble; however, privately, they remain confident in the connection.[3]

Since 2012, Appin and its CEO Rajat Khare have been under criminal investigations in multiple countries. Swiss authorities linked Appin and Rajat Khare to a criminal complaint filed by the Hargitays for intrusion into their systems, while Norwegian investigators connected Appin to the Telenor hack. In 2016, the person who had hired a private detective to access the email of her fellow Native American tribal member pleaded guilty in federal court. Later, in mid-2020, that detective confessed in an affidavit that he had hired Appin to carry out the email heist. Similarly, Aviram Halevi, who hired Appin to hack at least three dozen people in 2011, admitted to employing them to steal emails from a Korean businessman.[4] In 2021, the State Bank of India filed a criminal complaint with the Central Bureau of Investigation, Appin's former client, accusing Rajat Khare and others of embezzling ₹8.06 billion ($97 million) from loans to Educomp, where Khare was a director.[3]

Controversies

Appin and co-founder Rajat Khare have systematically pressured news sources in multiple countries, including France, Luxembourg, Switzerland, the United Kingdom, and India, to remove references in articles to the company and Khare.[30][31][32][2]

On 2 November 2022, Swiss media outlet SRF Investigativ published an investigative piece about Qatar's elaborate and extensive espionage operation to secure the 2022 FIFA World Cup hosting rights. The operation, which was dubbed Project Merciless, involved hacking emails and phones of FIFA officials and critics of Qatar's corruption and poor human rights record. It also targeted their friends and family members to run smear campaigns and influence FIFA policy.[9][10][12][11] In November 2022, a lower court in Geneva ordered the publication to provisionally remove Rajat Khare's name and photo from the article. When contacted by RSF, Khare's Swiss lawyer, Nicolas Capt, stated that Khare has taken civil and criminal action in Switzerland and other countries to protect his honor.[2]

On 1 June 2023, The New Yorker published an article titled, "A Confession Exposes India's Secret Hacking Industry." The article primarily focused on firms founded by Appin alumni, such as BellTroX Infotech Services and CyberRoot Risk Advisory, which have targeted climate activists, investors, lawsuit defendants, and organizations on a global scale and still remain operational. Appin first sued the U.S. magazine in India, and later, Rajat Khare filed a lawsuit against it in Switzerland. The New Yorker refused to take down their article, stating that they fully stand behind the piece, which is an accurate and fair account of a matter of legitimate public interest. They further stated that they will continue to defend the right to publish important reporting without fear or favor.[5][2]

On 16 November 2023, Reuters published an explosive article about the company and its cofounder Rajat Khare titled, "How an Indian Startup Hacked the World." Drawing on hundreds of interviews and thousands of vetted documents, Reuters found that Appin "grew from an educational startup to a hack-for-hire powerhouse that stole secrets from executives, politicians, military officials and wealthy elites around the globe." The report was based on Appin's activities for nearly two decades, including company records, law enforcement files, and input from former employees, clients, and security professionals. The raw material spanning 2005 to 2022 was authenticated by Reuters and further verified by U.S. cybersecurity firm SentinelOne.[3][2]

Appin sued Reuters, claiming the news agency had engaged in a "defamatory campaign."[33][34] It obtained an injunction from a Delhi court and, on 4 December 2023, Reuters temporarily removed its article. Reuters said that it stood by its reporting.[35][34][36] An archived version of the Reuters article hosted on the Wayback Machine was likewise removed following demands from lawyers representing Appin co-founder Rajat Khare.[37] Appin further sent demands to Meta Platforms, LinkedIn and Naukri.com to block accounts associated with the authors of the Reuters story.[32]

In February 2024, Wired reported that lawyers for Appin and a related entity called the Association for Appin Training Centers have filed lawsuits and made legal threats against more than a dozen news organizations. Appin sent emails demanding news site Techdirt and the organization MuckRock which hosted some of the information Reuters relied on. The two sites denied that the injunction was binding on them.[38][31][39] Other sites, such as the Lawfare blog, removed material based on the Reuters article.[34][38] The Electronic Frontier Foundation (EFF) announced that they responded on behalf of Techdirt and MuckRock to legal threats made by Appin Training Centers. One of the arguments the EFF made in their letter to Appin is that the Indian court's order is unenforceable in U.S. courts because it conflicts with the First Amendment and Section 230 of the Communications Decency Act (47 U.S.C. § 230), as reinforced by the SPEECH Act (28 U.S.C. § 4102). The EFF also urged recipients of Indian gag orders to carefully evaluate their legitimacy.[40][31][39]

The Reuters article was restored in October 2024, after the Delhi court rescinded its injunction on 3 October 2024, noting "the plaintiff has not been able to show any prima facie case to make interference in the process of journalism".[41] The article is back online at its original location.[6]

On 21 November 2024, Reporters Without Borders (RSF) reported that works from at least 15 different media outlets had been modified or withdrawn as a result of a strategic lawsuit against public participation or a legal notice from Rajat Khare or Appin Training Centers, while posts praising Khare on self-published sites flooded the internet. Additionally, an Intelligence Online article[11] was the subject of what Reporters Without Borders described as an "abusive DMCA takedown request".[2][42]

Legacy

Following Norman Shark's public attribution of the Telenor hack to Appin,[20] the company faced increasing scrutiny, and the group began scaling back its online presence.[3] Around that time, former Appin employees branched out, founding similar hack-for-hire firms.[1]

Two such companies—BellTroX InfoTech Services led by Sumit Gupta and CyberRoot Risk Advisory[43][44]—started collaborating with Appin, sharing staff and computer infrastructure for their hacking operations.[4]

Their activities were identified using a database of over 80,000 phishing emails sent to 13,000 targets from 2013 to 2020.[3] This database was vetted by six expert groups, with each group independently confirming recognized hacking activity.[4] Further analysis by Mandiant, LinkedIn, Google,[28] and court records revealed that the hacking was carried out by three Appin-linked companies with an intermingling of resources among them.[4] This network of mercenaries charged clients anywhere from a few thousand to millions of dollars,[43] while paying workers just $370 per month.[3]

The hackers targeted attorneys and their clients—including companies, advocacy groups, media organizations, and business executives—seeking to undermine the legal process. Notably, media reports have linked Appin alumnus Sumit Gupta to criminal cases, former Israeli policeman Aviram Azari,[45][46][47] Dark Basin,[48] and the wider network of Indian hackers.[4][49][5][50][51] Appin Technology rebranded multiple times before adopting the name Sunkissed Organic Farms in 2017. Its subsidiaries also underwent rebranding. In 2015, Appin Software Security—which billed private eyes for the hacking work—became Adaptive Control Security Global Corporate (ACSG).[3]

Rajat Khare resigned as director of Appin Technology in 2016 and now resides in Switzerland. The multinational criminal investigations into him and Appin ultimately proved abortive due to jurisdictional challenges. After the Swiss criminal investigation into his hacking of the Hargitays was closed, in the fall of 2020, Khare purchased a villa in Switzerland for 13.5 million Swiss francs from the daughter of a Ukrainian oligarch. He now portrays himself as a renowned start-up investor.[9] In September 2023, The Economic Times reported that Rajat and Shweta Khare had purchased a plot in Delhi for ₹760 million (about $9.1 million). Together, they run Boundary Holding, a Luxembourg-based venture capital firm.[52]

Rajat Khare's family controls companies founded under the Appin name, as well as the renamed Indian firms, including ACSG, which officially claims to provide confidential computer security services to governments.[3]

See also

References

  1. 1.0 1.1 1.2 1.3 1.4 Wild, Franz (2022-05-11). "Inside the global hack-for-hire industry". https://www.thebureauinvestigates.com/stories/2022-11-05/inside-the-global-hack-for-hire-industry. 
  2. 2.0 2.1 2.2 2.3 2.4 2.5 "RSF investigation: the Indian cyber-security giant silencing media outlets worldwide" (in en). 2024-11-21. https://rsf.org/en/rsf-investigation-indian-cyber-security-giant-silencing-media-outlets-worldwide. 
  3. 3.00 3.01 3.02 3.03 3.04 3.05 3.06 3.07 3.08 3.09 3.10 3.11 3.12 3.13 3.14 3.15 3.16 Satter, Raphael; Siddiqui, Zeba; Bing, Chris (2023-11-16). "How an Indian startup hacked the world" (in en). https://www.reuters.com/investigates/special-report/usa-hackers-appin/. 
  4. 4.0 4.1 4.2 4.3 4.4 4.5 4.6 Satter, Raphael; Bing, Christopher (2022-06-30). "How mercenary hackers sway litigation battles" (in en). https://www.reuters.com/investigates/special-report/usa-hackers-litigation/. 
  5. 5.0 5.1 5.2 5.3 5.4 5.5 Kirkpatrick, David (1 June 2023). "A Confession Exposes India's Secret Hacking Industry". The New Yorker. https://www.newyorker.com/news/annals-of-crime/a-confession-exposes-indias-secret-hacking-industry. Retrieved 20 Nov 2023. 
  6. 6.0 6.1 6.2 6.3 6.4 Satter, Raphael (16 Nov 2023). "How an Indian startup hacked the world". Reuters. https://www.reuters.com/investigates/special-report/usa-hackers-appin/. 
  7. Melville, Toby (2014-03-28). "UK coroner records open verdict on death of Russian oligarch Berezovsky" (in en). https://www.reuters.com/article/us-britain-berezovsky-idUSBREA2Q25O20140327/. 
  8. Tom Hegel (16 November 2023). Elephant Hunting: Inside an Indian Hack-For-Hire Group (Report). SentinelLabs. https://www.sentinelone.com/labs/elephant-hunting-inside-an-indian-hack-for-hire-group/. 
  9. 9.0 9.1 9.2 9.3 Eiholzer, Leo; Schmid, Andreas (2022-11-02). "'Project Merciless': how Qatar spied on the world of football in Switzerland" (in en). https://www.swissinfo.ch/eng/business/project-merciless-how-qatar-spied-on-the-world-of-football-in-switzerland/48022952. 
  10. 10.0 10.1 Suderman, Alan (2021-11-23). "World Cup host Qatar used ex-CIA officer to spy on FIFA" (in en). https://apnews.com/article/soccer-sports-business-united-states-middle-east-754753c3f425650eedfef6c264bf669c. 
  11. 11.0 11.1 11.2 "Former Indian cyber privateer Rajat Khare is helping Qatar keep the football World Cup safe" (in en). 2022-10-20. https://www.intelligenceonline.com/surveillance--interception/2022/10/20/former-indian-cyber-privateer-rajat-khare-is-helping-qatar-keep-the-football-world-cup-safe,109836892-eve. 
  12. 12.0 12.1 Wild, Franz; Siddons, Ed; Lock, Simon; Calvert, Jonathan; Arbuthnott, George (2022-11-05). "How Qatar hacked the World Cup". https://www.thebureauinvestigates.com/stories/2022-11-05/how-qatar-hacked-the-world-cup/. 
  13. Mookhey, K.K. (2013). "Malware Analysis Report" (in en). https://networkintelligence.ai/wp-content/uploads/2024/11/malware-analysis-report-july-2013.pdf. 
  14. Jackson, Kelly (2013-05-20). "'Commercialized' Cyberespionage Attacks Out Of India Targeting U.S., Pakistan, China, And Others" (in en). https://www.darkreading.com/cyberattacks-data-breaches/-commercialized-cyberespionage-attacks-out-of-india-targeting-u-s-pakistan-china-and-others. 
  15. Fowler, Geoffrey A.; Valentino-DeVries, Jennifer (2013-06-23). "Spate of Cyberattacks Points to Inside India" (in en). https://www.wsj.com/articles/SB10001424127887324634304578539462436752602. 
  16. Muncaster, Phil (2013-05-21). "'India attacked Norwegian telco to get at Pakistan, China' - report" (in en). https://www.theregister.com/2013/05/21/hangover_india_apt_discovered/. 
  17. Jackson, Kelly (2013-07-18). "'Hangover' Persists, More Mac Malware Found" (in en). https://www.darkreading.com/cyberattacks-data-breaches/-hangover-persists-more-mac-malware-found. 
  18. Vijayan, Jai (2023-11-16). "Shadowy Hack-for-Hire Group Behind Sprawling Web of Global Cyberattacks" (in en). https://www.darkreading.com/cyberattacks-data-breaches/shadowy-hack-for-hire-group-behind-sprawling-web-of-global-cyberattacks. 
  19. Johansen, Per Anders (2013-03-17). "Spionerte på Telenor-sjefer, tømte all e-post og datafiler" (in no). http://www.aftenposten.no/nyheter/Spionerte-pa-Telenor-sjefer_-tomte-all-e-post-og-datafiler-7149813.html. 
  20. 20.0 20.1 20.2 Fagerland, Snorre; Kråkvik, Morten; Camp, Jonathan (2013). "Operation Hangover: Unveiling an Indian Cyberattack Infrastructure" (in en). http://enterprise.norman.com/resources/files/Unveiling_an_Indian_Cyberattack_Infrastructure.pdf. 
  21. "Norwegian company names Indian firm for global cyber offensive?" (in en). 2013-05-23. http://timesofindia.indiatimes.com/tech/enterprise-it/security/Norwegian-company-names-Indian-firm-for-global-cyber-offensive/articleshow/20217320.cms. 
  22. Fagerland, Snorre (2013-05-20). "The Hangover Report" (in en). http://blogs.norman.com/2013/security-research/the-hangover-report. 
  23. "Operation Hangover: Unveiling an Indian Cyberattack Infrastructure" (in en). https://paper.seebug.org/papers/APT/APT_CyberCriminal_Campagin/2013/Unveiling%20an%20Indian%20Cyberattack%20Infrastructure%20-%20appendixes.pdf. 
  24. Settle, Andy; Griffin, Nicholas; Toro, Abel. "Monsoon – Analysis of an Apt Campaign Espionage and Data Loss Under the Cover of Current Affairs" (in en). https://www.forcepoint.com/sites/default/files/resources/files/forcepoint-security-labs-monsoon-analysis-report.pdf. 
  25. Santos, Doel; Hinchliffe, Alex (2020-07-03). "Threat Assessment: Hangover Threat Group" (in en). https://unit42.paloaltonetworks.com/threat-assessment-hangover-threat-group/. 
  26. Hinchliffe, Alex; Falcone, Robert (2020-05-11). "Updated BackConfig Malware Targeting Government and Military Organizations in South Asia" (in en). https://unit42.paloaltonetworks.com/updated-backconfig-malware-targeting-government-and-military-organizations/. 
  27. Boutin, Jean-Ian (2013-05-16). "Targeted information stealing attacks in South Asia use email, signed binaries" (in en). https://www.welivesecurity.com/2013/05/16/targeted-threat-pakistan-india/. 
  28. 28.0 28.1 Huntley, Shane (2022-07-30). "Countering hack-for-hire groups" (in en). https://blog.google/threat-analysis-group/countering-hack-for-hire-groups/. 
  29. Vijayan, Jai (2022-07-01). "Google: Hack-for-Hire Groups Present a Potent Threat" (in en). https://www.darkreading.com/threat-intelligence/google-hack-for-hire-groups-present-a-potent-threat. 
  30. Ingram, Mathew (2024-01-18). "A leak-hosting site looks to thaw the chill of censorship" (in en). https://www.cjr.org/the_media_today/qa_emma_best_ddosecrets.php. 
  31. 31.0 31.1 31.2 Greenberg, Andy (1 February 2024). "A Startup Allegedly Hacked the World. Then Came the Censorship—and Now the Backlash" (in en). Wired. https://www.wired.com/story/appin-training-centers-lawsuits-censorship/. 
  32. 32.0 32.1 "Global censorship campaign raises alarms" (in en). 2024-01-18. https://freedom.press/news/global-censorship-campaign-raises-alarms/. 
  33. Omar, Rashid (2023-12-07). "Forced to Pull Story on Indian Firm's Alleged Global Hacking Operation, Reuters to Fight Court Order" (in en). https://thewire.in/law/delhi-court-reuters-takes-down-story-indian-firm-hacking. 
  34. 34.0 34.1 34.2 Uren, Tom (24 November 2023). "The Hack-for-Hire Industry: Death by a Thousand Cuts + When Theft Doesn't Work... Troll" (in en). https://www.lawfaremedia.org/article/the-hack-for-hire-industry-death-by-a-thousand-cuts-when-theft-doesn't-work-troll. 
  35. Masnick, Mike (2023-12-07). "Indian Court Orders Reuters To Take Down Investigative Report Regarding A 'Hack-For-Hire' Company". Techdirt. https://www.techdirt.com/2023/12/07/indian-court-orders-reuters-to-take-down-investigative-report-regarding-a-hack-for-hire-company/. 
  36. Cox, Joseph (2023-12-06). "Reuters Takes Down Blockbuster Hacker-for-Hire Investigation After Indian Court Order" (in en). https://www.404media.co/reuters-takes-down-blockbuster-hacker-for-hire-investigation-after-indian-court-order/. 
  37. Schaffer, Michael (2024-01-19). "How a Judge in India Prevented Americans From Seeing a Blockbuster Report" (in en). https://www.politico.com/news/magazine/2024/01/19/india-judge-reuters-story-00136339. 
  38. 38.0 38.1 Masnick, Mike (2024-02-01). "Sorry Appin, We're Not Taking Down Our Article About Your Attempts To Silence Reporters" (in en-US). https://www.techdirt.com/2024/02/01/sorry-appin-were-not-taking-down-our-article-about-your-attempts-to-silence-reporters/. 
  39. 39.0 39.1 "The Association of Appin Training Centers is waging a global censorship campaign to stop you from reading these documents" (in en-US). 2024-02-01. https://www.muckrock.com/news/archives/2024/feb/01/global-censorship-appin-reuters/. 
  40. Galperin, Cooper Quintin and Eva (2024-02-08). "EFF Helps News Organizations Push Back Against Legal Bullying from Cyber Mercenary Group" (in en). https://www.eff.org/deeplinks/2024/02/eff-helps-news-organizations-resist-legal-bullying-cyber-mercenary-group. 
  41. "Reuters exposé of hack-for-hire world is back online after Indian court ruling". Reuters. 26 October 2024. https://www.reuters.com/world/india/reuters-expos-hack-for-hire-world-is-back-online-after-indian-court-ruling-2024-10-26/. 
  42. "La réputation d'un "roi de la tech" indien au cœur d'un curieux bras de fer" (in fr). 2022-12-07. https://gothamcity.ch/2022/12/07/piratage-la-reputation-dun-prodige-indien-au-coeur-dun-curieux-bras-de-fer/. 
  43. 43.0 43.1 Satter, Raphael; Bing, Christopher (2022-06-30). "SPECIAL REPORT-His emails were stolen; now he's exposing the hack-and-leak industry" (in en). https://www.reuters.com/article/business/special-report-his-emails-were-stolen-now-hes-exposing-the-hack-and-leak-indus-idUSL1N2YG2PB/. 
  44. Dvilyanski, Mike; Franklin, Margarita; David, Agranovich (2013-05-16). "Threat Report on the Surveillance-for-Hire Industry" (in en). https://about.fb.com/wp-content/uploads/2022/12/Threat-Report-on-the-Surveillance-for-Hire-Industry.pdf. 
  45. Bing, Christopher (2022-04-20). "Israeli charged in global hacker-for-hire scheme pleads guilty" (in en). https://www.reuters.com/world/middle-east/israeli-charged-global-hacker-for-hire-scheme-pleads-guilty-2022-04-20/. 
  46. Reddick, James (2023-11-17). "Israeli private eye gets 80-month sentence for global hack-for-hire scheme" (in en). https://therecord.media/israeli-aviram-azari-sentenced-hacker-for-hire. 
  47. "India, Israel, United States BellTrox affair scares corporate intelligence world" (in en). 2020-06-24. https://www.intelligenceonline.com/corporate-intelligence_corridors-of-power/2020/06/24/belltrox-affair-scares-corporate-intelligence-world,109240236-gra. 
  48. Scott-Railton, John; Hulcoop, Adam; Abdul Razzak, Bahr; Marczak, Bill; Anstis, Siena; Deibert, Ron (2020-06-09) (in en). Dark Basin - Uncovering a Massive Hack-For-Hire Operation. https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/. Retrieved 2025-01-27. 
  49. Stubbs, Jack; Satter, Raphael; Bing, Christopher (2020-06-27). "Exclusive: Obscure Indian cyber firm spied on politicians, investors worldwide" (in en). https://www.reuters.com/article/us-india-cyber-mercenaries-exclusive/exclusive-obscure-indian-cyber-firm-spied-on-politicians-investors-worldwide-idUSKBN23G1GQ/. 
  50. Turton, William (2020-06-09). "U.S. Investigating Hacker Ring Paid to Target Corporate Critics" (in en). https://www.bloomberg.com/news/articles/2020-06-09/u-s-investigating-hacker-ring-paid-to-target-corporate-critics. 
  51. Marchiando, Amy (2020-06-09). "Professional Hackers for Hire carried out large-scale credential spearphishing campaigns since at least 2013" (in en). https://www.nortonlifelock.com/blogs/security-response/mercenary-amanda-professional-hackers-hire. 
  52. Haidar, Faizan (2023-09-05). "Boundary Holding's top executives buy land in Delhi for Rs 76 crore". https://economictimes.indiatimes.com/industry/services/property-/-cstruction/boundary-holdings-top-executives-buy-land-in-delhi-for-rs-76-crore/articleshow/103368654.cms. 



Retrieved from "https://handwiki.org/wiki/index.php?title=Company:Appin&oldid=3741900"