New Delhi: In an exclusive story by global news agency Reuters, the photo of a man named Arvind Kumar was published, misidentifying him as a hacker named Sumit Gupta who has been indicted by the US.
The Reuters exclusive on 9 June reported on an “obscure” firm in Delhi which hacked and spied on over 10,000 email accounts, including those of politicians, journalists, and investors worldwide.
While following up on the story, ThePrint met the man photographed in the Reuters‘ report who claimed he was not Sumit Gupta or a hacker.
When ThePrint asked the news agency to confirm the accuracy of the image accompanying the report, Reuters, after a review, responded on email saying: “The person in this image was incorrectly identified as Sumit Gupta. We regret the error, and have withdrawn the picture.”
The fact, it turned out, was Reuters had photographed Arvind Kumar, who runs a herbal medicine business at the same address listed for BellTroX InfoTech Services, a company identified as a mercenary hacking firm, also known as “BellTroX D|G|TAL Security.
Kumar told ThePrint that he had been bothered by a “foreigner” for his photograph, which was eventually carried in the initial Reuters report. After the news was picked up by several media outlets, Kumar was questioned by the police.
The Reuters story has since changed the image and now carries a message at the top of the story, “This June 9 story corrects to remove reference to speaking with Gupta at his office”.
The story was mainly reported on by three journalists not based in Delhi. A fourth journalist in Delhi was credited with giving additional inputs as well as taking the photo of Kumar.
Google search links Kumar to Gupta
Despite Reuters’ correction, a Google image search for ‘belltrox’ or ‘sumit gupta belltrox’ shows Kumar’s photo.
After Reuters put out its story, multiple news sites carried the same photo of Kumar, similarly misidentifying him as the hacker behind BellTroX, which has been described as “one of the largest spy-for-hire operations ever exposed” by a researcher at Citizen Lab.
Citizen Lab, a research lab linked to University of Toronto in Canada, had first discovered BellTroX was behind a large-scale hacking operation. In its report, the lab, in turn, links to a 2015 US Department of Justice (DOJ) press note announcing the indictment of Sumit Gupta in an “e-mail hacking scheme”. The 2015 DOJ press note said the Federal Bureau of Investigation was working to “secure Gupta’s prosecution”.
Citizen Lab only named Sumit Gupta as the director of BellTroX and did not offer any image of him.
The Reuters report currently still carries quotes attributed to Gupta, who claimed innocence in a telephone interview with the agency. Reuters said the telephone interview had been conducted with the actual hacker. ThePrint was not able to verify if Reuters had spoken to the real Sumit Gupta in this conversation.
How Arvind Kumar became Sumit Gupta
The confusion may have occurred since one of the addresses listed for BellTroX is the small office Gupta currently occupies. Located above a tea shop in Pitampura’s Vardhman Corporate Plaza, this office has hosted Kumar since February 2020.
Reuters had taken the photograph of Kumar at this address.
When ThePrint spoke to Kumar at length on 15 June, he showed his Aadhaar card and passport to prove his identity.
He said his firm is called Newzet Retails Pvt Ltd and deals with herbal medicines under the brand name Lasa Pharmaceuticals. The documents Kumar shared about his firm shows an address in Mukherjee Nagar. Kumar said he has not had time to change the address due to the lockdown.
The identity confusion began on 8 June, Kumar told ThePrint. On this day, he said he was incessantly bothered by a “foreigner” trying to take his photo. According to Kumar, the foreigner had come up to his office and insisted he was Sumit Gupta. The foreigner did not seem to believe Kumar when he told him otherwise, Kumar said.
For the most part, Kumar said he did not understand what the foreigner was saying. However, he did recall an Indian accompanying the foreigner saying they were from an “agency” but not the name Reuters.
Outside the office, when the foreigner had tried to take pictures of Kumar, the entrepreneur said he was so irritated by the whole episode that he pushed the foreigner out of his way.
A day after the 8 June visit, Kumar said policemen from the Subhash Place station had come. Then, on 10 June, Kumar had gone to the Subhash Place Police Station and was interrogated from around 11 am to 8:30 pm.
He had been interrogated by the station house officer and a sub-inspector. He said he was also interrogated by the cyber crime unit, which threatened to hit him if he didn’t tell the truth.
The police eventually gave him a clean chit after going through his documents and laptop.
ThePrint spoke to two police officers involved in the investigation at Subhash Police Station, who both confirmed Kumar is not a hacker.
One police officer said Kumar was interrogated after the media identified him as Sumit Gupta. The second officer said no FIR had been registered against Kumar and confirmed that he runs a medicine business. This officer, however, said he was unaware of the cyber police crime unit investigating Kumar.
The ‘real’ Sumit Gupta
So, who is the real Sumit Gupta?
A Facebook page for BellTrox D|G|TAL SECURITY has a contact number that belongs to Surender Mehra, a former business partner of Sumit Gupta. Mehra was interviewed by the US-based news agency Bloomberg for a story on BellTroX’s spying activities.
Mehra identified a Facebook photo of Sumit Gupta with his wife Veenu Arora to ThePrint.
Mehra believes Gupta is currently working out of his home in Burari village, Delhi. The number Mehra provided for Veenu Arora is switched off.
Mehra is quoted in the Bloomberg story as saying he parted ways with Gupta and the firm because “he [Gupta] was into hacking”.
However, Mehra refuted this quote to ThePrint saying he didn’t know about Gupta’s hacking activities and split from Gupta because he had started cheating the company out of money after he got married. The Bloomberg reporter told ThePrint that their “story is accurate”.
Mehra’s name does appear in an old 2013 Facebook post promoting BellTroX’s ethical hacking workshop. However, Mehra told ThePrint it was not a “hacking workshop”, but an “internet security workshop”.