InfoSecBulletin Cybersecurity for mankind
Rajat and Anuj Khare, two brothers who owned the Indian company Appin, were involved in a large-scale hacking incident. They stole personal information from celebrities, multinational executives, politicians, and others.
An Indian company hacked on a large scale and got personal information of executives, lawyers, and politicians from all over the world. Appin, during the time of the Shinnecock incident, was a top provider of cyberespionage services for private investigators working for big companies, law firms, and wealthy clients.
Unauthorized access to computer systems is illegal worldwide, including in India. However, Reuters found 17 pitch documents that showcased Appin’s knowledge in the field of computer security. The documents mentioned terms like “social engineering,” “cyber warfare,” “email monitoring,” and “cyber spying” which involve tactics to trick individuals into revealing private information. Appin openly claimed to have hacked businessmen on behalf of corporate clients in a presentation from 2010.
Reuters, The New Yorker, Intelligence Online (a Paris-based publication), Rundschau (a Swiss investigative program), and internet companies like Google have all written articles about Appin, an Indian cyber mercenary company.
This paper provides the most comprehensive description to date of Appin’s operations, including the global scope of its operations and the fruitless attempts by international law enforcement to gain control over it. Rajat and Anuj Khare founded an Indian educational startup that trains hired spies currently active in the field.
Some cyber defence training institutions in India still use the name Appin from a previous franchising system. However, there is no evidence that these institutions are involved in hacking.
The legal firm Clare Locke, who represents Rajat Khare in the United States, denied any connection between its client and the cyber-mercenary industry. Khare “has never operated or supported, and certainly did,” the statement read.
“Mr. Khare has dedicated much of his career to the fields of information technology security – that is, cyber-defense and the prevention of illicit hacking,” according to Clare Locke, who wrote a series of letters to Reuters over the course of the previous year.
Under Khare’s leadership, according to Clare Locke, Appin focused on teaching thousands of pupils robotics, artificial intelligence, and cybersecurity—”never in illicit hacking.” According to the attorneys, Khare departed Appin partly in order “to avoid the appearance of associations with people who were misusing the Appin name” and because he saw that rogue actors were utilizing the company’s name.
The media reports linking Khare to hacking, according to the attorneys, are “false” or “fundamentally flawed.” Regarding the Appin 2010 presentation that exalted its hacking services, they asserted that Khare
This report is based on a large amount of company data, including emails, financial documents, presentations, images, and chats. It also includes interviews with victims of Indian hackers and former employees of the company. Reporters also studied case files from law enforcement in several countries. Reuters obtained this information from former workers, clients, and security experts who have researched the organization. The report covers the period from 2005 to early this year.
Reuters interviewed 15 people, including former Appin hackers and private investigators who hired hackers. They confirmed that the Appin exchanges were true. Reuters also asked SentinelOne, a US cybersecurity company, to check if the content was digitally manipulated. SentinelOne found no evidence of manipulation.
