A startup allegedly “hacked the world.” Then came the censorship—and now the backlash.

  News, Security
image_pdfimage_print
A startup allegedly “hacked the world.” Then came the censorship—and now the backlash.

Hacker-for-hire firms like NSO Group and Hacking Team have become notorious for enabling their customers to spy on vulnerable members of civil society. But as far back as a decade ago in India, a startup called Appin Technology and its subsidiaries allegedly played a similar cyber-mercenary role while attracting far less attention. Over the past two years, a collection of people with direct and indirect links to that company have been working to keep it that way, using a campaign of legal threats to silence publishers and anyone else reporting on Appin Technology’s alleged hacking past. Now, a loose coalition of anti-censorship voices is working to make that strategy backfire.

For months, lawyers and executives with ties to Appin Technology and to a newer organization that shares part of its name, called the Association of Appin Training Centers, have used lawsuits and legal threats to carry out an aggressive censorship campaign across the globe. These efforts have demanded that more than a dozen publications amend or fully remove references to the original Appin Technology’s alleged illegal hacking or, in some cases, mentions of that company’s co-founder, Rajat Khare. Most prominently, a lawsuit against Reuters brought by the Association of Appin Training Centers resulted in a stunning order from a Delhi court: It demanded that Reuters take down its article based on a blockbuster investigation into Appin Technology that had detailed its alleged targeting and spying on opposition leaders, corporate competitors, lawyers, and wealthy individuals on behalf of customers worldwide. Reuters “temporarily” removed its article in compliance with that injunction and is fighting the order in Indian court.

As Appin Training Centers has sought to enforce that same order against a slew of other news outlets, however, resistance is building. Earlier this week, the digital rights group the Electronic Frontier Foundation (EFF) sent a response—published here—pushing back against Appin Training Centers’ legal threats on behalf of media organizations caught in this crossfire, including the tech blog Techdirt and the investigative news nonprofit MuckRock.

No media outlet has claimed that Appin Training Centers—a group that describes itself as an educational firm run in part by former franchisees of the original Appin Technology, which reportedly ceased its alleged hacking operations more than a decade ago—has been involved in any illegal hacking. In December, however, Appin Training Centers sent emails to Techdirt and MuckRock demanding they too take down all content related to allegations that Appin Technology previously engaged in widespread cyberspying operations, citing the court order against Reuters.

Techdirt, Appin Training Centers argued, fell under that injunction by writing about Reuters’ story and the takedown order targeting it. So had MuckRock, the plaintiffs claimed, which hosted some of the documents that Reuters had cited in its story and uploaded to MuckRock’s DocumentCloud service. In the response sent on their behalf, the EFF states that the two media organizations are refusing to comply, arguing that the Indian court’s injunction “is in no way the global takedown order your correspondence represents it to be.” It also cites an American law called the SPEECH Act that deems any foreign court’s libel ruling that violates the First Amendment unenforceable in the US.

“It’s not a good state for a free press when one company can, around the world, disappear news articles,” Michael Morisy, the CEO and co-founder of MuckRock, tells WIRED. “That’s something that fundamentally we need to push back against.”

Techdirt founder Mike Masnick says that, beyond defeating the censorship of the Appin Technology story, he hopes their public response to that censorship effort will ultimately bring even more attention to the group’s past. In fact, 19 years ago, Masnick coined the term “the Streisand effect” to describe a situation in which someone’s attempt to hide information results in its broader exposure—exactly the situation he hopes to help create in this case. “The suppression of accurate reporting is problematic,” says Masnick. “When it happens, it deserves to be called out, and there should be more attention paid to those trying to silence it.”

The anti-secrecy nonprofit Distributed Denial of Secrets (DDoSecrets) has also joined the effort to spark that Streisand Effect, “uncensoring” Reuters’ story on the original Appin Technology as part of a new initiative it calls the Greenhouse Project. DDoSecrets cofounder Emma Best says the name comes from its intention to foster a “warming effect”—the opposite of the “chilling effect” used to describe the self-censorship created by legal threats. “It sends a signal to would-be censors, telling them that their success may be fleeting and limited,” Best says. “And it assures other journalists that their work can survive.”

Neither Appin Training Centers nor Rajat Khare responded to WIRED’s request for comment, nor did Reuters.

The fight to expose the original Appin Technology’s alleged hacking history began to reach a head in November of 2022, when the Association for Appin Training Centers sued Reuters based only on its reporters’ unsolicited messages to Appin Training Centers’ employees and students. The company’s legal complaint, filed in India’s judicial system, accused Reuters not only of defamation, but “mental harassment, stalking, sexual misconduct and trauma.”

Nearly a full year later, Reuters nonetheless published its article, “How an Indian Startup Hacked the World.” The judge in the case initially sided with Appin Training Centers, writing that the article could have a “devastating effect on the general students population of India.” He quickly ordered an injunction stating that Appin Training Centers can demand Reuters take down their claims about Appin Technology.

https://arstechnica.com/?p=2000875