Two Indian conglomerates were forced to pay $5 million each in order to prevent hackers from disclosing information that could have implicated them in wrongdoing.
The payoff was made in May, but people aware of the matter said the hackers would have obtained access to the IT systems of the companies two to three years before that, reflecting a widespread vulnerability that criminals are looking to exploit when the time is right.
This is said to be the first known case of cyber criminals extorting money from large Indian companies. ET has pieced together the story by speaking to executives, private investigators and officials. The break-ins and threats weren’t reported to the authorities for fear that the information thus provided could have proven incriminating — hence the involvement of private detectives.
The threat is said to have emanated from the Middle East although it’s not clear whether it goes back even further. The companies were told to pay up or face the consequences of the data being passed on to the Indian government, one person said.
The blackmail demands came a few months after a scam involving thefts of documents from the petroleum and other minstries erupted earlier this year. “They waited for the opportune moment. The hackers kept reading and even downloading each and every correspondence between the employees and others for years,” the person added.
The data are said to have included correspondence with middlemen and paperwork on sensitive financial transactions. While the companies didn’t approach police or government investigators, senior officials currently involved in cyber security programme of the government have been tracking the development.
“In one case, the email system of a company got compromised, while in the other case, the hackers were able to get remote access inside the company’s IT system to gain sensitive information,” said an official. Cyber experts said both attacks were made through botnets.
Botnets are infected computers that can be controlled by a hacker. “In one of the cases, the hacker could actually even see when a senior executive would move a mouse on his computer,” said one person.
Indian companies, including the two cited above, recently provided a list of hacker groups that had attacked them in the past six months. According to the official cited above, these included njRAT, XtreameRAT, h-w0rm, anonghost, SEA and Opsavegaza.
Three of them — anonghost, SEA and Opsavegaza — have been traced as far back as the Middle East. Some experts suspect they could have some connection to the Indian underworld. Domestic intelligence agencies don’t back the theory.
In similar incidents, two big Indian banks were hacked recently by cyber criminals. ET couldn’t confirm whether any payment was made to them. One senior bank official said no money had been paid.