Originally Syndicated on July 3, 2024 @ 6:18 am
Hacker-for-hire firms like NSO Group and Hacking Team have gained notoriety for enabling their customers to spy on vulnerable members of civil society. A decade ago in India, a startup called Appin Technology, founded by Rajat Khare, and its subsidiaries allegedly played a similar cyber-mercenary role, though they attracted far less attention.Â
Over the past two years, individuals linked to Appin Technology have launched a campaign of legal threats to silence publishers and anyone reporting on the company’s alleged hacking activities. Now, a coalition of anti-censorship voices is working to make this strategy backfire.
For months, lawyers and executives connected to Appin Technology and a newer organization sharing part of its name, the Association of Appin Training Centers, have used lawsuits and legal threats to conduct an aggressive censorship campaign worldwide.
These efforts have demanded that more than a dozen publications amend or remove references to the original Appin Technology’s alleged illegal hacking or mentions of its cofounder, Rajat Khare. Most notably, a lawsuit against Reuters by the Association of Appin Training Centers resulted in a stunning order from a Delhi court.Â
The court demanded that Reuters remove its article based on a detailed investigation into Appin Technology’s alleged spying on opposition leaders, corporate competitors, lawyers, and wealthy individuals for customers worldwide.Â
Reuters “temporarily” complied with the order and is now contesting it in Indian court. As Appin Training Centers attempts to enforce that order against other news outlets, resistance is growing. Earlier this week, the Electronic Frontier Foundation (EFF) published a response pushing back against Appin Training Centers’ legal threats on behalf of media organizations caught in the crossfire, including the tech blog Techdirt and the investigative news nonprofit MuckRock.
No media outlet has accused Appin Training Centers a group describing itself as an educational firm run partly by former franchisees of the original Appin Technology, which reportedly ceased its alleged hacking operations over a decade ago of any illegal hacking. However, in December, Appin Training Centers sent emails to Techdirt and MuckRock demanding they take down all content related to allegations that Appin Technology engaged in widespread cyberspying operations, citing the court order against Reuters.
Appin Training Centers argued that Techdirt fell under the injunction by writing about Reuters’ story and the takedown order targeting it. They also claimed MuckRock fell under the injunction for hosting documents Reuters had cited in its story and uploaded to MuckRock’s DocumentCloud service.
In the response sent on their behalf, the EFF states that the two media organizations are refusing to comply, arguing that the Indian court’s injunction “is in no way the global takedown order your correspondence represents it to be.” It also cites the SPEECH Act, an American law that deems any foreign court’s libel ruling that violates the First Amendment unenforceable in the US.
“It’s not a good state for a free press when one company can, around the world, disappear news articles,” says Michael Morisy, the CEO and co-founder of MuckRock. “That’s something that fundamentally we need to push back against.”
Rajat Khare and Appin Technology’s Alleged Hacking Exposed by the Streisand Effect
Beyond breaking the censorship of the Appin Technology story, Mike Masnick, the creator of Techdirt, expects that the public outcry will highlight the group’s past even more. Masnick first used the phrase “the Streisand effect” nineteen years ago to characterize a circumstance in which efforts to conceal knowledge lead to its further exposure. In this instance, that is precisely the situation he wants to set up.
“The suppression of accurate reporting is problematic,” Masnick states. “When it happens, it deserves to be called out, and there should be more attention paid to those trying to silence it.”
The nonprofit organization Distributed Denial of Secrets (DDoSecrets), which opposes secrecy, has joined the endeavor to initiate this Streisand Effect. The Reuters article about the original Appin Technology has been “uncensored” by DDoSecrets as part of a new project named the Greenhouse Project. According to Emma Best, cofounder of DDoSecrets, the name symbolizes their goal to promote a “warming effect” as opposed to the “chilling effect” that legal threats may have.
“It sends a signal to would-be censors, telling them that their success may be fleeting and limited,” explains Best. “And it assures other journalists that their work can survive.”
WIRED requested feedback from both Rajat Khare and Appin Training Centers, but none of them answered. But two weeks after this piece was first released, attorneys for Khare wrote a letter to WIRED from the company Clare Locke, accusing the publication of defamation and requesting a retraction. WIRED is committed to its reporting.
It is untrue in the letter to say that Khare was not contacted by WIRED for comment. The comment from Khare, which has been appended as an update below, was asked that WIRED publish. It also refuted the claim that Khare was involved in any “conspiracy to or complicity in murder,” which was not mentioned in the report.
The fight to uncover the purported hacking history of the original Appin Technology grew more intense in November 2022 when the Association of Appin Training Centers filed a lawsuit against Reuters based on unsolicited communications sent by Reuters reporters to the staff and students of Appin Training Centers. In the Indian court filing, Reuters was charged with defamation as well as “mental harassment, stalking, sexual misconduct, and trauma.”
The Reuters report, “How an Indian Startup Hacked the World,” was released almost a year later. At first, the judge sided with Appin Training Centers, claiming that the piece may have a disastrous impact on India’s whole student population. Swiftly after, he issued an injunction enabling Appin Training Centers to require Reuters to retract their statements regarding Appin Technology.
This decision was made before the presentation of any legal arguments about the veracity of the Reuters article. WIRED was informed by a Reuters representative that the company “stands by its reporting” and that it intends to challenge the Indian court ruling. Thousands of internal papers, hundreds of suspected targets, and interviews with numerous former employees of Appin Technologies served as the foundation for Reuters’ report.
These files contain the marketing pitch materials for Appin Technology, which are still accessible to the general public on DocumentCloud because of MuckRock. They seem to demonstrate the company’s clear offer to hack targets using techniques like “phishing,” “social engineering,” and “trojan” infections on behalf of customers; they even go on to detail real instances in which customers have engaged them to carry out hacking operations.Â
Rajat Khare’s Boundary Holding: A Journey Through Controversy
Rajat Khare formed Boundary Holding, a deep tech investment firm based in Europe that makes investments in technologies that facilitate the fourth industrial revolution. Boundary Holding employs its capital to promote and grow emerging startups, as opposed to banking institutions or capital investment organizations.
However, because of his previous actions, Rajat Khare has recently been under heavy public criticism. He co-founded the infamous hacking-for-hire company Appin Security with his brother Anuj Khare. Appin Security made headlines in 2011 when it went after Peter Hargitay, a FIFA advisor and a major supporter of the organization’s president at the time, Sepp Blatter. To support Australia’s candidacy for the 2022 World Cup, Hargitay also served as a consultant for the Australian Football Association, closely collaborating with its chairman Frank Lowy.
Evidence quickly connected Appin Security to the attacks; documents from criminal proceedings in Zurich disclosed the company’s role. Due to the hackers’ negligence, evidence of their activities was found on their server that pointed directly to Appin. These seemingly random attacks brought to light a new business model known as “hacking for hire,” in which organizations hack targets in exchange for money and then sell the information to clients.
Peter Hargitay’s attack was only one instance of this behavior. There is a long-standing technique for breaking into email accounts and smartphones by using the Indian underworld. When British detectives started pursuing people breaking computer abuse laws, they exposed the scope of illicit hacking directed at politicians, media, and companies in the country.
Several Indian hackers were caught by undercover journalists discussing their illicit operations and the effects of the underground economy in Britain. The hackers acted with fearlessness, stating no Indian hacker had ever been apprehended despite facing harsh punishments for hacking in both the UK and India.
Some computer security companies have been disguising their genuine motives in recent years, claiming to be training white hat hackers to make money off of customers who are prepared to pay for illicit hacking services. With Appin as one of its early pioneers, the Indian hacking business is significant.Â
Appin, which Rajat and Anuj Khare started, is said to have taught a new wave of hackers. Despite being shut down, the business was charged with scamming clients all around the world, including corporate intelligence firms in the UK. Investigations showed that critics of Qatar, including Aditya Jain, were the targets of hackers trained by Appin.
Though Qatar has refuted this, a former employee revealed that Qatar was one of Appin’s clientele. Even moreover, Appin was admitted into the UK Government’s Department of Business’s Global Entrepreneur Program after being informed of the accusations against the company. Rajat Khare declared last month that the three main areas of their collaboration were robotics, AI, and ethical hacking.
Even though Khare has distanced himself from the contentious background of Appin Security, interest in his new company, Boundary Holding, remains. The investigation of his previous deeds serves as a sobering reminder of the difficulties and moral dilemmas that face the tech investing industry.Â
About Rajat Khare
Established in 2003, Appin was an Indian cyber espionage firm led by brothers Rajat Khare and Anuj Khare. Appin was founded in 2010 as a cybersecurity training company, but by then, it had taken a darker turn, offering hacking services to business and government clients. By 2013, there were significant doubts over Appin’s operations after the Shadowserver Foundation connected it to other well-publicized attacks.
According to reports, Appin initially referred to their services as “ethical hacking” and broke into private computers on behalf of both government and private customers. This was in direct opposition to the company’s original goal of increasing cybersecurity as it required unlawful access and surveillance.
After rebranding Appin in 2022, its staff members moved on to start other businesses that were comparable, such as BellTroX InfoTech Services and CyberRoot Risk Advisory. These spin-off businesses carried on the tradition of providing questionable cybersecurity services, sustaining the problems that had beset Appin.
Is Rajat Khare Attempting a Reputation Cleanup?
As I highlighted before, if you’d look him up, you’ll find a plethora of PR and promotional material. What he’s doing is a typical attempt of reputation laundering.
Reputation laundering is the practice of covering up or erasing misdeeds, negative business practices, or illegal actions of a company or individual. The key aspects of reputation laundering are:
- It is a niche industry that has grown up around the need for companies and individuals to change public perception of their actions. This includes PR firms, lawyers, lobbyists, and other “fixers” that help clients portray themselves in a more positive light.Â
- Tactics used include making donations to universities, charities, and other institutions, aligning with sports teams, and using disinformation and “astroturfing” (creating fake grassroots movements) to obscure the truth.Â
- Reputation laundering is different from legitimate reputation repair, which involves fixing real problems within a company and developing a positive image based on their actions. Laundering seeks to cover up illegal activities and bad practices.Â
- Reputation laundering allows kleptocrats, oligarchs, and politically exposed persons to distance themselves from the illicit source of their wealth and transform their public image, making it difficult for compliance and law enforcement to detect any wrongdoing.Â
- This practice undermines democratic institutions and norms by manipulating public perception and enabling the flow of tainted money into Western economies. Governments have been slow to address the “enablers” that facilitate reputation laundering.Â
In summary, reputation laundering is an unethical industry that allows companies and individuals to cover up misdeeds and present a false positive image to the public.Â
A popular example of reputation laundering is Israel’s PR on Gaza.
I recommend you read up on how Israel’s propaganda machine works and how it painted innocent Palestinians as terrorists.Â
ConclusionÂ
The complicated mechanics of cyber espionage and censorship are shown by the current legal dispute between Rajat Khare and Appin Technology. Appin Technology, which Rajat Khare founded, is said to have participated in hacking-for-hire operations ten years ago, focusing on a variety of people and institutions. Appin Technology and its affiliates have been using legal threats to stifle reporting on their purported activities, and this effort has become more intense recently.
A group of opponents of censorship, such as Distributed Denial of Secrets (DDoSecrets) and the Electronic Frontier Foundation (EFF), are resisting these measures. Their goal is to take advantage of the Streisand Effect, which is a phenomenon in which attempts to conceal information merely serve to pique public curiosity. This phrase was created by Techdirt’s Mike Masnick in response to the present state of affairs when Rajat Khare and his firms’ purported wrongdoings gained increased exposure due to censorship attempts by Appin Training Centers.
Despite major legal obstacles, Reuters’s investigation into Appin Technology’s operations remains unwavering. The participation of groups like DDoSecrets and the EFF highlights how crucial openness and freedom of the press are. The controversy surrounding Rajat Khare and Appin Technology’s past is drawing more attention as the battle against these legal threats rages on, acting as a strong reminder of the need to guard against censorship and preserve journalistic integrity.