Monday, January 30, 2023
HomeIndiaReuters goofs up, shows innocent Delhi man as wanted Indian hacker behind...

Reuters goofs up, shows innocent Delhi man as wanted Indian hacker behind global spy racket

The Reuters exclusive story published early this month identified a herbal medicine business owner as a wanted hacker. He was subsequently questioned by Delhi Police.

Text Size:

New Delhi: In an exclusive story by global news agency Reuters, the photo of a man named Arvind Kumar was published, misidentifying him as a hacker named Sumit Gupta who has been indicted by the US.

The Reuters exclusive on 9 June reported on an “obscure” firm in Delhi which hacked and spied on over 10,000 email accounts, including those of politicians, journalists, and investors worldwide.

While following up on the story, ThePrint met the man photographed in the Reuters‘ report who claimed he was not Sumit Gupta or a hacker.

When ThePrint asked the news agency to confirm the accuracy of the image accompanying the report, Reuters, after a review, responded on email saying: “The person in this image was incorrectly identified as Sumit Gupta. We regret the error, and have withdrawn the picture.”

The fact, it turned out, was Reuters had photographed Arvind Kumar, who runs a herbal medicine business at the same address listed for BellTroX InfoTech Services, a company identified as a mercenary hacking firm, also known as “BellTroX D|G|TAL Security.

Kumar told ThePrint that he had been bothered by a “foreigner” for his photograph, which was eventually carried in the initial Reuters report. After the news was picked up by several media outlets, Kumar was questioned by the police.

The Reuters story has since changed the image and now carries a message at the top of the story, “This June 9 story corrects to remove reference to speaking with Gupta at his office”.

The story was mainly reported on by three journalists not based in Delhi. A fourth journalist in Delhi was credited with giving additional inputs as well as taking the photo of Kumar.

A screenshot of the 9 June report which in correctly identifies Arvind Kumar as Sumit Gupta | web.archive.org
A screenshot of the 9 June report which incorrectly identifies Arvind Kumar as Sumit Gupta | web.archive.org
A screenshot of the same report which later took down Arvind Kumar's photo from the story | Reuters
A screenshot of the same report which later took down Arvind Kumar’s photo from the story | Reuters

Also read: How hackers broke into WHO computers by posing as journalists, researchers


Google search links Kumar to Gupta

Despite Reuters’ correction, a Google image search for ‘belltrox’ or ‘sumit gupta belltrox’ shows Kumar’s photo.

After Reuters put out its story, multiple news sites carried the same photo of Kumar, similarly misidentifying him as the hacker behind BellTroX, which has been described as “one of the largest spy-for-hire operations ever exposed” by a researcher at Citizen Lab.

Citizen Lab, a research lab linked to University of Toronto in Canada, had first discovered BellTroX was behind a large-scale hacking operation. In its report, the lab, in turn, links to a 2015 US Department of Justice (DOJ) press note announcing the indictment of Sumit Gupta in an “e-mail hacking scheme”. The 2015 DOJ press note said the Federal Bureau of Investigation was working to “secure Gupta’s prosecution”.

Citizen Lab only named Sumit Gupta as the director of BellTroX and did not offer any image of him.

The Reuters report currently still carries quotes attributed to Gupta, who claimed innocence in a telephone interview with the agency. Reuters said the telephone interview had been conducted with the actual hacker. ThePrint was not able to verify if Reuters had spoken to the real Sumit Gupta in this conversation.

What an image search for Sumit Gupta throws up | Google
What an image search for Sumit Gupta throws up | Google

Also read: Pakistan-linked hackers pose as Indian govt, carry out cyberattacks under Covid-19 cover


How Arvind Kumar became Sumit Gupta

The confusion may have occurred since one of the addresses listed for BellTroX is the small office Gupta currently occupies. Located above a tea shop in Pitampura’s Vardhman Corporate Plaza, this office has hosted Kumar since February 2020.

Reuters had taken the photograph of Kumar at this address.

When ThePrint spoke to Kumar at length on 15 June, he showed his Aadhaar card and passport to prove his identity.

He said his firm is called Newzet Retails Pvt Ltd and deals with herbal medicines under the brand name Lasa Pharmaceuticals. The documents Kumar shared about his firm shows an address in Mukherjee Nagar. Kumar said he has not had time to change the address due to the lockdown.

Arvind Kumar owns Newzet Retails Pvt Ltd. His office is at Pitampura's Vardhman Corporate Plaza, the address listed for BellTroX D|G|TAL Security | Regina Mihindukulasuriya | ThePrint
Arvind Kumar owns Newzet Retails Pvt Ltd. His office is at Pitampura’s Vardhman Corporate Plaza, the address listed for BellTroX D|G|TAL Security | Regina Mihindukulasuriya | ThePrint

The identity confusion began on 8 June, Kumar told ThePrint. On this day, he said he was incessantly bothered by a “foreigner” trying to take his photo. According to Kumar, the foreigner had come up to his office and insisted he was Sumit Gupta. The foreigner did not seem to believe Kumar when he told him otherwise, Kumar said.

For the most part, Kumar said he did not understand what the foreigner was saying. However, he did recall an Indian accompanying the foreigner saying they were from an “agency” but not the name Reuters.

Outside the office, when the foreigner had tried to take pictures of Kumar, the entrepreneur said he was so irritated by the whole episode that he pushed the foreigner out of his way.

A day after the 8 June visit, Kumar said policemen from the Subhash Place station had come. Then, on 10 June, Kumar had gone to the Subhash Place Police Station and was interrogated from around 11 am to 8:30 pm.

He had been interrogated by the station house officer and a sub-inspector. He said he was also interrogated by the cyber crime unit, which threatened to hit him if he didn’t tell the truth.

The police eventually gave him a clean chit after going through his documents and laptop.

ThePrint spoke to two police officers involved in the investigation at Subhash Police Station, who both confirmed Kumar is not a hacker.

One police officer said Kumar was interrogated after the media identified him as Sumit Gupta. The second officer said no FIR had been registered against Kumar and confirmed that he runs a medicine business. This officer, however, said he was unaware of the cyber police crime unit investigating Kumar.


Also read: Yes, Zoom messed up, but it’s really not the villain


The ‘real’ Sumit Gupta

So, who is the real Sumit Gupta?

A Facebook page for BellTrox D|G|TAL SECURITY has a contact number that belongs to Surender Mehra, a former business partner of Sumit Gupta. Mehra was interviewed by the US-based news agency Bloomberg for a story on BellTroX’s spying activities.

Mehra identified a Facebook photo of Sumit Gupta with his wife Veenu Arora to ThePrint.

Mehra believes Gupta is currently working out of his home in Burari village, Delhi. The number Mehra provided for Veenu Arora is switched off.

Mehra is quoted in the Bloomberg story as saying he parted ways with Gupta and the firm because “he [Gupta] was into hacking”.

However, Mehra refuted this quote to ThePrint saying he didn’t know about Gupta’s hacking activities and split from Gupta because he had started cheating the company out of money after he got married. The Bloomberg reporter told ThePrint that their “story is accurate”.

Mehra’s name does appear in an old 2013 Facebook post promoting BellTroX’s ethical hacking workshop. However, Mehra told ThePrint it was not a “hacking workshop”, but an “internet security workshop”.

A screenshot of the event that was posted to Facebook.
A screenshot of the event that was posted to Facebook.

Also read: Spying or hacking — nothing is hurting WhatsApp’s status as India’s top messaging app


 

Subscribe to our channels on YouTube & Telegram

Support Our Journalism

India needs fair, non-hyphenated and questioning journalism, packed with on-ground reporting. ThePrint – with exceptional reporters, columnists and editors – is doing just that.

Sustaining this needs support from wonderful readers like you.

Whether you live in India or overseas, you can take a paid subscription by clicking here.

Support Our Journalism

1 COMMENT

  1. Hi. Good story. But you should have disclosed the names of the Reuters reporters. Also, the name of the place in Pitampura is Netaji Subhash Place, not Subhash Place. It is often referred to as NSP in short.

Comments are closed.

Most Popular