How Qatar hacked the World Cup

53


Private investigators linked to the City of London are using an India-based computer hacking gang to target British businesses, government officials and journalists.

The Bureau of Investigative Journalism and the Sunday Times have been given access to the gang’s database, which reveals the extraordinary scale of the attacks.

It shows the criminals targeted the private email accounts of more than 100 victims on behalf of investigators working for autocratic states, British lawyers and their wealthy clients.

Critics of Qatar who threatened to expose wrongdoing by the Gulf state in the run-up to this month’s World Cup were among those hacked.

It is the first time the inner workings of a major “hack-for-hire” gang have been leaked to the media and it reveals multiple criminal conspiracies. Some of the hackers’ clients are private investigators used by major law firms with bases in the City of London.

Our investigation – based on the leaked documents and undercover work in India – can reveal:

  • Orders went out to the gang to target the BBC’s political editor Chris Mason in May, three weeks after his appointment was announced.
  • The president of Switzerland and his deputy were targeted just days after he met Boris Johnson and Liz Truss in Downing Street to discuss Russian sanctions.
  • Philip Hammond, then chancellor, was hacked as he was dealing with the fallout of Russia’s novichok poisonings in Salisbury.
  • A private investigator hired by a London law firm acting for the Russian state ordered the gang to target a British-based oligarch fleeing Vladimir Putin.
  • Michel Platini, the former head of European football, was hacked shortly before he was due to talk to French police about corruption allegations relating to the 2022 World Cup.
  • The hackers broke into the email inboxes of Formula One motor racing bosses Ruth Buscombe, the British head of race strategy at the Alfa Romeo team, and Otmar Szafnauer, who was chief executive of the Aston Martin team.
  • The gang seized control of computers owned by Pakistan’s politicians, generals and diplomats and eavesdropped on their private conversations, apparently at the behest of the Indian secret services.

‘It paints a grim picture of a network of criminal hacking that threatens justice and privacy here in the UK and across the world’

The commissioning of hacking is a criminal offence punishable with a maximum sentence of 10 years in jail in Britain. The Metropolitan Police was tipped off about the allegations regarding Qatar in October last year yet chose not to take any action.

David Davis, the former cabinet minister, said the force should reopen its investigation into potential criminal cyberattacks against British citizens.

Davis said the investigation exposed how London has become “the global centre of hacking”. He added: “It paints a grim picture of a network of criminal hacking that threatens justice and privacy here in the UK and across the world.”

The hacking gang, which operates under the name WhiteInt, is run from a fourth-floor apartment in a suburb of the Indian tech city Gurugram. Its mastermind is 31-year-old Aditya Jain – an occasional TV cybersecurity pundit who also holds down a day job at the Indian office of the British accountancy firm Deloitte.

For seven years, Jain has run a network of computer hackers who have been hired by British private detectives to steal the email inboxes of their targets using “phishing” techniques. Sometimes his team deploy malicious software which takes control of computer cameras and microphones, and allows them to view and listen to their victims.

Earlier this year undercover reporters from the Sunday Times travelled to India posing as corporate investigators seeking to hire a computer hacker and approached a number of suspected cybercriminals. The reporters contacted Jain and began a lengthy exchange of messages.

Jain told them: “I offer access to closed source information of email and computers of the POI [person of interest] anywhere across the globe … an average timeline is around 20 to 30 days.”

Then, he volunteered details about one of his projects that related to Fifa, football’s governing body and the organisers of the World Cup. “I have successfully worked on obtaining email data of [a] few high profile individuals (in relation to Fifa) based in [the] UK on the behest of a client sponsored by a Gulf country,” he wrote.

He went on to confirm that the ultimate client was Qatar, in response to questions from the undercover reporters. He said he had been hired for the project by a Swiss-based investigator called Jonas Rey.

Later the Bureau and the Sunday Times were given sight of the secret database detailing Jain’s clients and hacking targets. Seven clients are named on the list and they include British private investigators.

The former Metropolitan Police officer Nick Del Rosso appears to have provided the gang with the targets for at least 40 of the cyberattacks.

Rey was the gang’s most prolific client. He was working for the Swiss corporate intelligence company Diligence Global Business Intelligence, which is owned and run by the former MI5 officer Nick Day. The firm was the sister company of the well-known City of London corporate intelligence firm Diligence.

In January 2019, Diligence Global had been hired to work on a World Cup project, according to court documents. Over the following year Rey began to commission the gang to target people who had exposed wrongdoing by hosts Qatar.

The targets included Jonathan Calvert, the editor of the Sunday Times Insight team which had been at the forefront of exposing the corruption that led Fifa to award the World Cup to Qatar in 2010.

According to the database, Rey instructed Jain to target Calvert on 22 April 2019. Just weeks before, Insight had written a story revealing the rule-breaking $100 million “success fee” Qatar offered to Fifa in return for being given the right to host the World Cup.

There is a note on the database saying the hack of Calvert’s inbox was “completed”. Lawyers for Qatar’s government deny commissioning hacking. Last month they accused Calvert of a “politically motivated crusade” linked to Qatar’s Gulf UAE rival when they were questioned about the hacking of his email account ahead of this article.

“Your readers deserve to know that for several years, Mr Calvert has retained close links with Qatar’s neighbour, the United Arab Emirates,” they wrote. There is no truth in the claim.

Rey also instructed the gang to target Platini, the famous former footballer, on 10 May 2019. Platini had been one of the Fifa executive committee members that had backed Qatar’s winning bid to host this year’s World Cup. There had been rumours that he had been pressured to do so during a lunch meeting with the then French president Nicolas Sarkozy and Qatar’s ruler Sheikh Tamim bin Hamad Al Thani, who was then a prince, a few days before he voted.

At the time Platini was hacked, the Parquet National Financier (PNF), France’s serious and economic crime enforcement unit, were poised to talk to him about the lunch as part of an investigation into corruption in the World Cup bid.

A source close to the PNF’s investigation believes Qatar was “anxious” to find out what Platini was preparing to say when he was interviewed the following month. A representative for Platini said he was unaware he had been hacked but was concerned his private messages may have been compromised.

Rey left Diligence Global in November of that year to set up his own firm Athena Intelligence. By that time his name had appeared against 16 hacks carried out by the gang. After leaving Diligence Global, he told Jain to target several more individuals, according to the database.

Jain hacked Ghanem Nuseibeh, a 45-year-old Mayfair-based businessman, who had become a target for Qatar after writing a report on corruption relating to the 2022 World Cup. His London-based lawyer Paul Tweed was also hacked that November.

The hacker targeted two other people known to Nuseibeh at the same time. One was Mark Somos, a lawyer based in Germany who had made a complaint about the Qatari royal family to the United Nations Human Rights Council.

The other was Nathalie Goulet, a French politician who has been a vocal critic of the Gulf state for allegedly financing Islamic terrorism. Jain even notes Goulet’s email password in the database, which she says was previously known only to her.

The hacker also went after Yann Philippin, a journalist with the French investigative website Mediapart, shortly after he had written a story in December 2019 providing fresh details about the French judicial investigation into the awarding of the World Cup to Qatar. Rey is again listed as the client. The hack was unsuccessful because Philippin spotted the phishing emails and changed his phone and computer.

Rey passed the hacking gang three more targets: Nick Raudenski, a former investigator for Fifa and Uefa; Alan Suderman, an Associated Press journalist who had written about Qatar’s underhand campaign to host the tournament; and Rokhaya Diallo, a prominent campaigner who had been publicly critical of the Gulf state’s failure to pay migrant workers building the World Cup stadiums. AP said last month that it found “no indication” that Suderman was hacked.

In all, Rey’s name is against a dozen Qatar-related hacks in the leaked database. In total, he is listed as commissioning Jain to target 48 people.

Earlier this year, Rey sent a document to Jain containing a biography and email details of the BBC’s new political editor Chris Mason. The properties of the document state that it was prepared by Rey’s company Athena Intelligence and the last person to edit it is recorded as “JR”.

Soon afterwards, on 18 May, Jain’s employees began attempting to hack Mason. He was sent phishing emails – seen by this newspaper and the Bureau – pretending to be from Twitter and Facebook and seeking to steal his username and password.

The purpose of hacking Mason is unclear but his new role meant he was privy to sensitive briefings from leading members of the Cabinet and the prime minister’s office. Last month, Mason said: “It is worrying so much enterprise, energy and money goes into these hacking attempts.” He did not believe the hackers accessed his emails.

It was also Rey who instructed Jain to target the Swiss president Ignazio Cassis and his deputy Alain Berset this May. Most recently, the “hack-for-hire” firm attempted to break into the email account of Stefan Quandt, the billionaire German industrialist who co-owns BMW.

Several of the targets on the database are British lawyers and wealthy people involved in cases in London’s high court such as Boris Mints, a British-based oligarch who is on the run from the Russian state, and members of two of the UK’s richest families, Ashok Hinduja and Robert Tchenguiz. British courts do not automatically exclude dubiously obtained evidence.

The London offices of three law firms have all hired investigators who went on to order the gang to target individuals related to cases the lawyers were working on. The law firms deny commissioning or knowing about the hacking.

Del Rosso, who is now based in North Carolina in the United States, instructed the gang to target Mark Fullbrook, who was Liz Truss’s chief of staff when she was prime minister.

Fullbrook was targeted by Jain in May 2016 during the Brexit referendum campaign when he was working for CT Group, the lobbying company run by Conservative elections strategist Lynton Crosby. A source close to Fullbrook believes he may have been a target for hacking because there was speculation that he and Crosby were secretly working on the Brexit campaign.

The most high-profile British politician named on Jain’s database is the former MP Philip Hammond. Jain began hacking Hammond when he was the chancellor of the exchequer on 9 April 2018 and the database records the attempt as “completed”.

The work appears to have been commissioned by a businessman who runs a European investment fund. At the time, Hammond was involved in the Brexit negotiations as well as the response to Russia’s Skripal chemical weapons attack perpetrated just weeks before the hack. Hammond said last month: “It’ll be something to do with Brexit. I wasn’t aware of this.”

Several of Jain’s political targets seem to have arisen from the continued tensions between India and Pakistan.

On 10 January this year he was tasked with breaking into the email account of Fawad Chaudhry, Pakistan’s then minister of information in prime minister Imran Khan’s government. Jain took a screenshot of Chaudhry’s inbox, which has been seen by this newspaper and the Bureau.

Jain’s team used malware to take over his computers and targeted the country’s senior generals as well as its embassies in Beijing, Shanghai and Kathmandu in a similar way. The most famous Pakistan-related target was Pervez Musharraf, the former president of the country.

Last month, Jain admitted that he had hacked people in the past but said he had not done so for several years. He claimed he did not know some of the people named on his database and denied hacking the others listed. “I can say categorically that I have not hacked, launched or attempted to hack any of these people,” he said.

Rey strongly denied commissioning hacking and claimed that our journalists had been fed falsified information to discredit him. His former boss Nick Day said: “Diligence Global denies any allegation of wrongdoing. Diligence always works hard to ensure that its investigations are compliant with all applicable laws and regulations.”

Del Rosso did not respond to attempts to contact him.