SPECIAL REPORT-His emails were stolen; now he’s exposing the hack-and-leak industry

(For more Reuters Special Reports, click on)

June 30 (Reuters) - Indian mercenary hackers have worked in the shadows for at least a decade, helping private detectives get an edge in litigation, a Reuters investigation found. Now one victim – an aviation executive named Farhad Azima – is exposing the secretive industry, with potential ripple effects for legal battles on both sides of the Atlantic.

The outlook for Azima once looked grim. In 2020 a judge in London found the Iranian-American liable for cheating his former business partner, an investment fund based in the emirate of Ras Al Khaimah. In a ruling, Judge Andrew Lenon said Azima had been guilty of “seriously fraudulent conduct” in relation to a pair of aviation and tourism-related business deals.

But the case relied heavily on hacked emails that had mysteriously been posted to the web by an apparent whistleblower. Azima – who has long denied the fraud allegations – believed that allies of Ras Al Khaimah’s ruler, Sheikh Saud bin Saqr al-Qasimi, had masterminded the leak in a bid to win at trial.

Witnesses called by the investment fund, known as RAKIA, did nothing to convince him otherwise.

Azima told Reuters he shook his head in disbelief after Israeli journalist Majdi Halabi told the judge he innocently discovered the stolen material “in one of my regular Google searches” for the tycoon’s name in 2016.

Halabi testified that he sent web links to the material to an old friend, British private investigator Stuart Page, who was working for Sheikh Saud and who had asked Halabi to keep an eye out for any Azima-related news. But when cross-examined, Halabi struggled to recall how often he had searched Google for Azima’s name or explain why Page had given him such a peculiar task. Even the judge seemed baffled.

“Presumably Mr Page could have carried out Google searches himself?” Lenon asked.

In his May 2020 judgment, Lenon found Halabi’s testimony “not credible” and Page’s account of how he passed Halabi’s information to Sheikh Saud’s allies “both internally inconsistent and at odds with the contemporary documents.” The judge ruled there was no doubt a hack-and-leak took place and said the explanations provided by RAKIA’s witnesses for how they found the documents were full of “unexplained contradictions.”

Nevertheless, Lenon said Azima had failed to provide sufficient evidence that RAKIA had hacked his messages. He refused to throw out the emails and ordered him to pay $4.2 million in restitution.


As the ruling was being prepared, Reuters began sifting through a database of more than 80,000 emails Indian hackers had sent between 2013 and 2020. Obtained exclusively by Reuters, the file provides a down-to-the-second look at who the cyber mercenaries targeted in legal battles around the world. It’s effectively a hit list. Azima featured prominently.

The Indian hackers had aggressively tried to break into the businessman’s emails starting in March 2015. Accounts belonging to Azima’s associates, lawyers and friends were also pursued, the records show.

After being contacted by Reuters seeking comment, Azima launched his own inquiry. His legal team combed his inbox and those of his associates, finding more than 700 malicious emails sent over a 16-month period alone. Azima’s legal team said his data was breached around March 2016.

In subsequent legal filings, Azima’s lawyers accused Indian tech firms CyberRoot Risk Advisory Private Ltd and BellTroX Infotech Services Private Ltd of being behind the espionage campaign.

CyberRoot’s hackers created anonymous websites to disseminate Azima’s stolen emails using blogs titled “Farhad Azima Scammer” and “Farhad Azima Exposed Again,” the court records allege. It was one of those sites that Halabi said he innocently stumbled across in August of 2016.

Bank records submitted by Azima’s legal team show that CyberRoot was paid more than $1 million by Nicholas Del Rosso, a London cop-turned-North Carolina private investigator who was working for RAKIA’s U.S. law firm, Dechert, at the time of the hack.

A former CyberRoot employee was quoted in one of the filings as saying the “Azima Exposed” sites were intended “to mimic a genuine whistleblower campaign in similar fashion to offshore leaks like the Panama Papers.”

Azima successfully won a retrial of his London case, with a three-judge panel at Britain’s Court of Appeal ruling in March of last year that the revelations out of India would require “a complete re-evaluation of the evidence in support of the hacking claim.”

The businessman added Dechert and one of its former partners as defendants in the ongoing case, alleging the Philadelphia-based law firm and one of its most senior British lawyers, Neil Gerrard, masterminded the hacking operation.

Among Azima’s allegations against Gerrard: That he threatened to make him “collateral damage” in the weeks before the leak and that he tried to cover up the hacking by coaching witnesses and laying a false paper trail.

Several legal experts say the suit against Dechert and Gerrard, which is expected to go to trial in 2024, is extraordinary.

“It’s unheard of,” said David Butler, a partner who heads the civil fraud division at London-based Fox Williams law firm. “I’ve never known a case where a lawyer is alleged to have commissioned a hack.”

Dechert and Gerrard – who has since retired – have denied the allegations and are fighting them in court. Del Rosso did not return messages. In a court filing, he acknowledged paying CyberRoot but said the money was only for routine IT work – not hacking.

CyberRoot and BellTroX did not respond to interview requests. Sheikh Saud’s office and RAKIA – now part of the Ras Al Khaimah Economic Zone – did not return messages seeking comment.

Some of RAKIA’s original witnesses have since changed their stories.

Stuart Page, the British private eye, now admits in an affidavit he told lies about the way the emails were obtained. Majdi Halabi, the Israeli journalist, has also admitted not telling the truth.

The tale of finding Azima’s data through a routine Google search was a “cover story” created to hide the emails’ true provenance, Halabi said in an affidavit submitted in February. “I apologise for the false testimony I provided,” he added.

Late this month, RAKIA tried to pull out of the case. In a letter to the High Court sent on June 22 and reviewed by Reuters, RAKIA said it had split with its lawyers and was no longer fighting Azima’s claim, offering the executive “$1 million plus costs” to settle the matter. The investment agency said it “did not authorise or procure any hacking of Mr. Azima’s data” but added that it may have been the victim of unspecified “dishonest and unscrupulous third party advisers.”

Azima’s lawyer, Dominic Holden, did not disclose whether the tycoon would accept the offer, saying only that the settlement “will have to reflect the scope and gravity of the wrongdoing.”

The case’s dramatic turnaround is getting attention. Azima spokesman Tim Maltin said at least five other lawyers and businessmen have been in contact with Azima’s legal team over suspicions that they too were targeted by Indian hackers as part of separate court battles.

In an email from his home in Missouri, Azima told Reuters American law enforcement needed to do more to stop hackers from targeting litigants.

“Millions of dollars are being made by hackers, investigators and their instructing law firms from these illegal activities,” he said. “The hack-for-hire companies may be thousands of miles away, but the victims are often U.S. citizens on U.S. soil.”

Reporting by Raphael Satter and Christopher Bing. Editing by Ronnie Greene