An investigation by a UK-based media outlet has uncovered India-based online hackers illegally targeting the email accounts of hundreds of high-profile government and private figures around the world, including in Pakistan.
The Sunday Times report claimed that the list of targets included Pakistani politicians, diplomats and generals. The hackers took control of computers they owned and “eavesdropped on their private conversations, apparently at the behest of Indian intelligence agencies,” she added.
Also on the list of targets were: one of the Hinduja brothers, Ashok Hinduja; Mark Fullbrook, chief of staff to Liz Truss as Prime Minister; former British Chancellor Philip Hammond; Fawad Chaudhry, leader of Pakistan’s Tehreek-e-Insaf; former Pakistani President Pervez Musharraf; BBC Political Editor Chris Mason; Swiss President Ignazio Cassis; former UEAFA President Michel Platini and German billionaire Stefan Quandt, who co-owns BMW.
The Times detailed its investigation, saying its undercover reporters visited India earlier this year posing as former MI6 agents-turned-corporate investigators working for a fake corporate investigative firm called Beaufort Intelligence in Mayfair, London.
They then contacted some of India’s top online hackers, saying they needed private information about their clients’ targets. They soon received offers of help. The reporters then arranged meetings with the suspected hackers and secretly filmed their conversations.
One of the suspected hackers spoke to the undercover reporters in Delhi online from Bengaluru, the report said. The report identified him as Utkarsh Bhargava.
Bhargava told reporters he had been hacking for the Indian government, breaking into the computer systems of various ministries in several countries including Turkey, Pakistan, Egypt, Cambodia and Canada, according to the Times report.
“Our job was to get the data and hand it over,” he told them.
He also claimed that the Indian police “didn’t understand these things” and therefore don’t try to prosecute illegal hackers. Bhargava also said he used the Pegasus software, which was at the center of a global snooping scandal. This software can be installed on mobile phones without user’s knowledge to take control of messaging services like WhatsApp, Signal and Telegram.
The reporters also met former Indian Army Brigadier Ram Chhillar, who founded the cyber intelligence company Phronesis. Brigadier Chhillar said he was able to scour the dark web for personal information of individuals stolen from companies in previous cyberattacks or data breaches, the report said.
Explaining how these hackers operate, the report said the hackers would often befriend their targets on social media by sending them a link to click. Once the victims clicked the link, they downloaded the malware that gave the hackers access to their email accounts.
The Sunday Times said its reporters also met a group of hackers operating from an office in Gurugram. This outlet called WhiteInt was run by Aditya Jain, 31.
Jain works part-time as a hacker and has a permanent job at Deloitte. He claimed he could hack into any email account in the world within 30 days. The reporters have appropriated Jain’s database.
Tej Singh Rathore, 28, a graduate of Rajasthan Technical University in Kota, explained to reporters how he obtained passwords through phishing. “Ninety percent of private investigators use Indian hackers to do this type of work,” he claimed.
“Incurable gamer. Infuriatingly humble coffee specialist. Professional music advocate.”