With devout Muslim targets – such as the employees of a Middle Eastern company he had hacked – there was another window of time when they might not be using their phone. “We used to attack them on Friday during the prayer times. At that time no one was there, they were busy with the prayers – and we were doing our job.”
Rathore too wanted to deploy Pegasus. He claimed he had made contact with a corrupt Israel-based insider working for NSO Group and he was negotiating access to Pegasus so he could offer a powerful new service to his clients. “I hope in three or four months the partnership will be done and I can give that service also,” he said.
The NSO Group denied Pegasus had been sold to Rathore.
Meeting the ex-army intelligence chief
In the garden of the five-star Marriott Hotel next to Delhi airport’s runway, the two undercover reporters sat across a table from a man who knew all about state-sponsored cyberattacks.
Brigadier Ram Chhillar had been the commander of the Indian army’s “trans-frontier” intelligence unit and had overseen its “sensitive” cyber division until he retired in 2014. He had set up a company in Gurugram called Phronesis.
The brigadier’s spy background made him suspicious of the undercover reporters’ claims to be former British agents. He attended the meeting with a colleague who made a point of stressing that the company did not do hacking, “cyber stealing” or obtaining “bank statements”.
The brigadier did admit, however, to mining the “the deep, dark web” to obtain people’s personal data. “Insurance companies have had their breaches so that dataset which is there also includes personal data of you and me. So all that is available,” Chhillar told the reporters. “It adds to your investigations.”
He claimed his company were experts at finding this type of data and they could even conjure up people’s computer passwords from the dark web. “[Passwords are] available at a cost … that’s part of intelligence gathering,” he said. His associate added: “It takes time but yes, it is done, it is being done every day, everywhere.”
The two men did not explain why their customers would wish to buy someone else’s password.
Chhillar said the firm had several UK-based corporate intelligence clients. His colleague said he played golf with the managing directors of two leading London-based corporate intelligence companies. “I drink with them, they’re my old time buddies,” he said.
Last month Chhillar failed to explain why he provided clients with targets’ passwords but insisted that he would not “indulge or support” hacking emails or “any such illegal activity anywhere in the world”.
Hacking factory
Before leaving India the undercover reporters attempted to contact another alleged hacking company named CyberRoot.
The firm is alleged to have received $1 million from a former British police officer turned private investigator called Nick Del Rosso to hack the opponents of the Gulf emirate Ras al Khaimah, according to a case in London’s high court.
CyberRoot’s office is on the fifth floor of a glass building on Gurugram’s outskirts. The receptionist seemed flustered when the two reporters walked into the office and said they were from a London corporate intelligence company.
She went away and the reporters popped their heads around the door she had left ajar. Inside was a large darkened room with banks of computers in lines. Young employees, some wearing hoodies, were hunched over keyboards punching keys intensively.
Was this an Indian criminal hacking factory in action? The receptionist came back to say her boss was unavailable. This was not the kind of place to welcome unannounced guests.
Last month, CyberRoot denied involvement in hacking and said the payment from Del Rosso was for cybersecurity and other computer-related services. Del Rosso denies commissioning hacking.