Jump to content

Appin (company)

Add links
From Wikipedia, the free encyclopedia
Appin
IndustryComputer security
Founded2003
Founder
  • Rajat Khare
  • Anuj Khare
Headquarters
New Delhi
,
India
Services
WebsiteOfficial website

Appin was an Indian cyberespionage company founded in 2003 by brothers Rajat and Anuj Khare. It initially started as a cybersecurity training firm, but by 2010 the company had begun providing hacking services for governments and corporate clients.[1]

The company offered what its founders termed "ethical hacking" services.[2][3] However, since at least 2010, they have targeted victims in multiple countries with hacking and phishing attacks and have become known among security researchers by various monikers describing their activities, including Operation Hangover by Shadowserver Foundation, Monsoon by Forcepoint, and Viceroy Tiger by CrowdStrike. In 2013, Dark Reading reported that the Chicago Mercantile Exchange filed a complaint with the World Intellectual Property Organization regarding a phishing attack that allegedly used a suspicious domain to obtain investment information.[4][5][6] In March of that year, following Telenor's filing of a criminal case with the Norwegian criminal police Kripos, the infosec community received evidence that linked Appin to several high-profile cyberattacks.[7][8][9][10][11][12][13][14][15] Since then, various reports by media outlets, research organizations, and multinational corporations have linked Appin to hacks targeting high-profile individuals and groups, such as Boris Berezovsky and Mohamed Azmin Ali.[16][2][17][18] The firm rebranded in 2022 and its employees went on to form other similar firms including CyberRoot Risk Advisory and BellTroX InfoTech Services.[2]

History

[edit]

In December 2003, Rajat Khare along with high school friends conceived Appin to offer technology training workshops to university students. By 2005, now joined by Anuj, an entreprenuer and former motivational speaker, the company had an office in western New Delhi. Appin began as a digital security consultancy that provided cybersecurity classes to help Indian organizations defend themselves online. Shortly thereafter, it established a subsidiary to conduct surveillance activities for the Indian government. Employees were required to sign nondisclosure agreements and were assigned to military-controlled facilities, where they worked away from their colleagues in the wider company. By 2009, its clients had included the Indian Armed Forces, the Ministry of Home Affairs, and the Central Bureau of Investigation. However, the company earned extra money by discreetly reselling material it had hacked for one Indian agency to another. This practice of double-dipping was eventually uncovered, prompting several outraged Indian intelligence agencies to terminate their contracts with Appin. Facing dwindling opportunities in intelligence work, Appin shifted its focus to hacking for the private sector.[19]

Controversies

[edit]

Appin and co-founder Rajat Khare have pressured news sources in multiple countries, including France, Luxembourg, Switzerland and the United Kingdom, to remove references in articles to the company and Khare.[20][21][22]

On November 16, 2023, Reuters published an article about the company titled, "How an Indian Startup Hacked the World." The article alleged that Appin "grew from an educational startup to a hack-for-hire powerhouse that stole secrets from executives, politicians, military officials and wealthy elites around the globe."[23][24]

Appin sued Reuters, claiming the news agency had engaged in a "defamatory campaign."[25][3] It obtained an injunction from a Delhi court and, on December 4, 2023, Reuters temporarily removed its article. Reuters said that it stood by its reporting.[26][3][27] An archived version of the Reuters article hosted on the Wayback Machine was likewise removed following demands from lawyers representing Appin co-founder Rajat Khare.[28] Appin further sent demands to Meta Platforms, LinkedIn and Naukri.com to block accounts associated with the authors of the Reuters story.[22]

In February 2024, Wired reported that lawyers for Appin and a related entity called the Association for Appin Training Centers have filed lawsuits and made legal threats against more than a dozen news organizations. Appin sent emails demanding news site Techdirt and the organization MuckRock which hosted some of the information Reuters relied on. The two sites denied that the injunction was binding on them.[29][21][30] Other sites, such as the Lawfare blog, removed material based on the Reuters article.[3][29] The Electronic Frontier Foundation announced that they responded on behalf of Techdirt and MuckRock to legal threats made by Appin Training Centers.[31][21][30]

The Reuters article was restored in October 2024, after the Delhi court rescinded its injunction on October 3, 2024, noting "the plaintiff has not been able to show any prima facie case to make interference in the process of journalism".[32][33] The article is back online at its original location.[16]

On November 21, 2024, Reporters Without Borders (RSF) reported that works from at least 15 different media outlets had been modified or withdrawn as a result of a strategic lawsuit against public participation or a notice from Khare or the company, while posts praising Khare on self-published sites flooded the internet. Additionally, an Intelligence Online article was the subject of an abusive Digital Millennium Copyright Act takedown request.[34][35][36]

References

[edit]
  1. ^ Satter, Raphael; Bing, Christopher (2022-06-30). "How mercenary hackers swat litigation battles".
  2. ^ a b c Kirkpatrick, David (1 June 2023). "A Confession Exposes India's Secret Hacking Industry". The New Yorker. Retrieved 20 Nov 2023.
  3. ^ a b c d "The Hack-for-Hire Industry: Death by a Thousand Cuts + When Theft Doesn't Work... Troll". Default. Retrieved 2024-02-10.
  4. ^ Jackson, Kelly (2013-05-20). "'Commercialized' Cyberespionage Attacks Out Of India Targeting U.S., Pakistan, China, And Others". Dark Reading. Retrieved 2025-01-01.
  5. ^ Fowler, Geoffrey A.; Valentino-DeVries, Jennifer (2013-06-23). "Spate of Cyberattacks Points to Inside India". The Wall Street Journal. Retrieved 2025-01-01.
  6. ^ "Administrative Panel Decision - Chicago Mercantile Exchange Inc., CME Group Inc. v. Lun Ai - Case No. D2013-0350". WIPO Arbitration and Mediation Center. 2013-04-15. Retrieved 2025-01-01.
  7. ^ Jackson, Kelly (2013-05-20). "'Commercialized' Cyberespionage Attacks Out Of India Targeting U.S., Pakistan, China, And Others". Dark Reading. Retrieved 2025-01-01.
  8. ^ Jackson, Kelly (2013-07-18). "'Hangover' Persists, More Mac Malware Found". Dark Reading. Retrieved 2025-01-01.
  9. ^ "APT group: Operation HangOver, Monsoon, Viceroy Tiger". Electronic Transactions Development Agency. 2023-11-30. Retrieved 2025-01-01.
  10. ^ Fagerland, Snorre (2013-05-20). "The Hangover Report". Archived from the original on 2013-10-26. Retrieved 2023-12-18.
  11. ^ Fagerland, Snorre; Kråkvik, Morten; Camp, Jonathan (2013). "Operation Hangover: Unveiling an Indian Cyberattack Infrastructure" (PDF). Archived from the original (PDF) on 2013-06-12. Retrieved 2023-12-18.
  12. ^ Santos, Doel; Hinchliffe, Alex (2020-07-03). "Threat Assessment: Hangover Threat Group". Palo Alto Networks. Retrieved 2025-01-01.
  13. ^ Hinchliffe, Alex; Falcone, Robert (2020-05-11). "Threat Assessment: Hangover Threat Group". Palo Alto Networks. Retrieved 2025-01-01.
  14. ^ "Operation Hangover: Unveiling an Indian Cyberattack Infrastructure" (PDF). Archived from the original (PDF) on 2022-01-21. Retrieved 2023-12-18.
  15. ^ Settle, Andy; Griffin, Nicholas; Toro, Abel. "Monsoon – Analysis of an Apt Campaign Espionage and Data Loss Under the Cover of Current Affairs" (PDF). Forcepoint. Retrieved 2025-01-01.
  16. ^ a b Satter, Raphael (16 Nov 2023). "How an Indian startup hacked the world". Reuters. Archived from the original on 2023-11-17. Retrieved 20 Nov 2023.
  17. ^ Wild, Franz (11 May 2022). "Inside the global hack-for-hire industry". Bureau of Investigative Journalism. Retrieved 20 Nov 2023.
  18. ^ Tom Hegel (November 16, 2023). Elephant Hunting: Inside an Indian Hack-For-Hire Group (Report). SentinelLabs. Archived from the original on 17 Nov 2023.
  19. ^ Satter, Raphael; Siddiqui, Zeba; Bing, Chris (2023-01-16). "How an Indian startup hacked the world". Reuters. Retrieved 2024-12-31.
  20. ^ Ingram, Mathew. "A leak-hosting site looks to thaw the chill of censorship". Columbia Journalism Review. Retrieved 2024-02-12.
  21. ^ a b c Greenberg, Andy (February 1, 2024). "A Startup Allegedly Hacked the World. Then Came the Censorship—and Now the Backlash".
  22. ^ a b "Global censorship campaign raises alarms". Freedom of the Press. 2024-01-18. Retrieved 2024-02-12.
  23. ^ Satter, Raphael; Siddiqui, Zeba; Bing, Chris (2023-01-16). "How an Indian startup hacked the world". Reuters. Retrieved 2024-12-31.
  24. ^ Lizza, Ryan; Bade, Rachael; Daniels, Eugene (2023-11-18). "Playbook: Biden vs. Haley on abortion". POLITICO. Retrieved 2024-02-12.
  25. ^ Omar, Rashid (December 7, 2023). "Forced To Pull Story On Indian Firm's Alleged Global Hacking Operation, Reuters To Fight Court Order". The Wire.
  26. ^ Masnick, Mike (2023-12-07). "Indian Court Orders Reuters To Take Down Investigative Report Regarding A 'Hack-For-Hire' Company". Techdirt.
  27. ^ Cox ·, Joseph (2023-12-06). "Reuters Takes Down Blockbuster Hacker-for-Hire Investigation After Indian Court Order". 404 Media. Retrieved 2023-12-18.
  28. ^ Schaffer, Michael (2024-01-19). "How a Judge in India Prevented Americans From Seeing a Blockbuster Report". POLITICO. Retrieved 2024-02-12.
  29. ^ a b Masnick, Mike (2024-02-01). "Sorry Appin, We're Not Taking Down Our Article About Your Attempts To Silence Reporters". Techdirt. Retrieved 2024-02-10.
  30. ^ a b "The Association of Appin Training Centers is waging a global censorship campaign to stop you from reading these documents". MuckRock. 2024-02-01. Retrieved 2024-02-10.
  31. ^ Galperin, Cooper Quintin and Eva (2024-02-08). "EFF Helps News Organizations Push Back Against Legal Bullying from Cyber Mercenary Group". Electronic Frontier Foundation. Retrieved 2024-12-30.
  32. ^ "Reuters exposé of hack-for-hire world is back online after Indian court ruling". Reuters. October 26, 2024. Retrieved 2024-12-19.
  33. ^ "VINAY PANDEY VS. RAPHEL SATTER AND ORS" (PDF). 2024-10-03. Retrieved 2025-01-01.
  34. ^ "RSF investigation: the Indian cyber-security giant silencing media outlets worldwide". Reporters Without Borders. 2024-11-21. Retrieved 2024-12-31.
  35. ^ "La réputation d'un "roi de la tech" indien au cœur d'un curieux bras de fer". Gotham City (in French). 2022-12-07. Retrieved 2024-12-31.
  36. ^ "Former Indian cyber privateer Rajat Khare is helping Qatar keep the football World Cup safe". Intelligence Online. 2022-10-20. Retrieved 2024-12-31.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=Appin_(company)&oldid=1266664746"