From IT outsourcing to hack-for-hire: the new face of India's digital market

The global IT outsourcing market has undergone a drastic evolution. Initially, it was dominated by the migration of IT services of American and European multinational companies to Indian companies, thanks to the combination of technical expertise and lower costs. However, with the advent of artificial intelligence, cloud platforms, and out-of-the-box services from tech giants like Google, Microsoft, and Amazon AWS, that has started to change. Today we are witnessing the emergence of a new trend: hack-for-hire, or the transformation of ethical hackers into cyber mercenaries who attack to damage and steal information.

The hack-for-hire market: a difficult reality to quantify

The Indian hack-for-hire market has become a tangible reality, although its overall size is still difficult to quantify. In India, as in many other parts of the world, there are individuals or groups who offer hacking services to third parties for illegal purposes, such as the theft of sensitive information or the sabotage of computer systems. These attacks can range from industrial espionage and sabotage to looking for evidence of infidelity or hiding money in divorce and separation cases. However, it is important not to label these hackers as criminals who operate exclusively illegally; many work remotely for digital security consultancies, which may just be a cover for hired attacks.

Indian Cyber Mercenaries: A Hidden Industry

In Gurugram, the technological citadel of the state of Haryana, home to giants such as Google, Meta and Microsoft, some Indian consultancy firms appear to be acting as a cover for a ring of cybermercenaries. These cybermercenaries attack individuals around the world, with fees ranging from a few hundred to thousands of dollars, breaking into Facebook accounts and Android backups, downloading data, and filtering matches and images according to the client's requests. This practice has developed into a veritable hack-on-demand industry, useful for jealous individuals, betrayed lovers, executives seeking revenge against inconvenient colleagues, trade secrets, and marketing plans for new products. Behind these operations, there are well-known companies such as BellTroX and Appin, who present a facade of consultants, but in reality run illegal online operations through cybermercenaries.

Cybercriminal actions and security consequences

The Google security group distinguishes these hack-for-hire groups from commercial surveillance vendors who sell technical capabilities. According to them, these groups carry out the attacks themselves, have well-defined organizational structures and act illegally. As of the end of 2022, Reuters recorded 75 attacks targeting European and US companies and executives. Human rights defenders, journalists and judges are also often targeted by these campaigns. Some companies, such as Appin, appeared to be the development center for these activities. These companies, originally digital investigation or cybersecurity firms, have evolved into "private detectives" for unscrupulous contractors. These services often result in breaches of public systems and the theft of trade secret information. While companies like Appin have been discovered and shut down, others, like BellTroX, are still operating, despite ongoing investigations.