Introduction:
1、Google highlights Indian 'hack-for-hire' companies in new TAG report
Google highlights Indian 'hack-for-hire' companies in new TAG report ♂
The Google Threat Analysis Group (TAG), a division inside Google's security department that tracks nation-state and high-end cybercrime groups, has published today its inaugural TAG quarterly report.
, Google analysts chose to highlight two rising trends the company saw in the first three months of 2020.
The first is the rising scene of hack-for-fire companies currently operating out of India, a country where such services have not been prominent until now.
The second trend was the rising number of political influence operations carried out by governments across the world. This also marks the first time when Google publishes that abused the company's platforms.
According to Google, attacks that leveraged the coronavirus (COVID-19) theme were one of the most common trends the company saw among nation-state and high-end cybercrime operators in Q1 2020.
While the company saw efforts from Chinese and Iranian hacking groups, there was also a novel set of threat actors exploiting the coronavirus pandemic to launch cyber-attacks.
"We've seen new activity from "hack-for-hire" firms, many based in India, that have been creating Gmail accounts spoofing the WHO," said Shane Huntley, head of Google TAG.
"The accounts have largely targeted business leaders in financial services, consulting, and healthcare corporations within numerous countries including, the US, Slovenia, Canada, India, Bahrain, Cyprus, and the UK."
Huntley says the email lures sent in these campaigns urged individuals to sign up for direct notifications from the WHO to stay informed of COVID-19 related announcements.
The emails linked to attacker-hosted websites that resembled the official WHO website, but featured fake login pages that collected the potential victims' Google credentials, and sometimes more, such as phone number.
Image :Google
While there have been many hack-for-hire companies around the world, most are located in the UE, Israel, and some Arab countries. This is the first time that Indian companies are being singled out for their activities, and will most likely draw in more cyber-security firms looking to track their movements.
According to the TAG group, these Indian hack-for-hire firms represent just a few of the more than 270 threat actors from more than 50 countries the Google TAG team is tracking.
But the Google TAG group also said that they've also tracked and investigated more than hacking in the first three months of the year.
TAG said they've been also looking into groups that have also engaged in coordinated social and political influence operations, since many of these operations are now taking place on Google's network of sites, such as YouTube, the Play Store, AdSense, and the rest of its advertising platforms.
In total, TAG said it tracked seven influence operations in Q1 2020, with some also being taking place and being exposed by Twitter and Facebook as well.
January
Google terminated three YouTube channels as part of a coordinated influence operation linked to Iran.
Google said it linked the campaign to the Iranian state-sponsored International Union of Virtual Media (IUVM) news organization, which was spreading IUVM content covering Iran's strikes into Iraq and US policy on oil. More details about this campaign are also available in , a company using AI to study today's social media landscape.
February
Google also said it terminated one advertising account and 82 YouTube channels that were being used as part of a coordinated influence operation linked to Egypt.
TAG experts said the campaign was sharing political content in Arabic that was supportive of Saudi Arabia, the UAE, Egypt, and Bahrain and was critical of Iran and Qatar.
We found evidence of this campaign being tied to the digital marketing firm New Waves based in Cairo.
as well; campaign that was also detailed in .
March
Fact Check: Did A Bihar Boy Get Rs 3.66 Cr Package For Hacking Google For 51 Seconds? Here’s The Truth ♂
A post that is going viral on social media claims that Rituraj Choudhary, who hails from Begusrai in Bihar, hacked into Google for 51 seconds. The posts also claim that following the incident he was offered a job at Google with a package of Rs 3.66 crores.
The post further claims that Rituraj is a B.Tech second-year student in IIT Manipur. Since he did not have a passport, Google spoke to Government of India and his passport was delivered to him in just 2 hours.
The post read:
“This boy from Bihar, Rituraj Choudhary shook Google at 1:05:09 the day before. He hacked Google itself for 51 seconds. As soon as the hack happened, Google officials sitting all over the world were blown away. There was chaos in the American office. before they could understand anything, Rituraj again restored the services at Google and mailed to Google that because of your mistake I could hack it. After this, Rituraj slept because we had a night here. But America could not sit peacefully after reading the mail, after following all the details given in the mail, the officials there also hacked Google for 1 second and realized the mistake. In a hurry, the meeting went on for 12 hours in America and the last decision was to call that boy! At exactly 2 o’clock in the day, a mail came to Rituraj that we salute your ability, you work with us… our officers are coming to pick you up. Immediately in the second mail, Google gave a joining letter to Rituraj, in which a package of 3.66 crores was given. Rituraj did not have a passport, Google spoke to the Indian government and came home in just 2 hours as his passport. Rituraj will go to America today by private jet. Rituraj is a B.Tech second-year student in IIT Manipur. And near #Begusarai is a resident of #small #village #Mungeriganj…. a Bihari is heavy on all”
Here’s the link to the above post.
NewsMobile fact-checked the post and found it to be misleading.
We ran a keyword search and found a report by TOI dated February 3, 2022. The headline of the report read, “Bihar: Begusarai boy claims to have identified ‘bug’ in Google.”
The report mentioned that Rituraj Choudhary, a second-year student of IIIT-Manipur, and a “passionate bug hunter”.
The report mentioned that once he reported the bug to the company, it was acknowledged and he was awarded a place on its list of researchers. The report mentioned that his bug hunting is currently in the phase of P-2. As soon as he reaches P-0, Google will reward him.
Another report by ABP News mentioned that ‘Google has awarded ‘Hall of fame’ to Bihar’s boy Rituraj Choudhary for finding bug in its software. Rituraj has been added to the company’s Research list’.
Moreover, we also found a report by The Lallantop dated February 4, 2022, where Rituraj denied claims made in the viral post. In the report, he clarified that he did not hack Google, but rather found a bug and reported it to Google’s Bug Hunting website.
In the report, he also stated that he is a student of the Indian Institute of Information Technology Manipur (IIIT – Manipur) and not IIT- Manipur.
We also found that there is no IIT in Manipur.
Rituraj also clarified the same on his Instagram story dated February 4, 2022. “I haven’t got any package or job offer from Google or Hacked anything things it was just a bug which i have reported that’s it and currently I’m just in 2nd year Btech students so… Those news are Fake,” he wrote.
NewsMobile also reach out to Rituraj who confirmed that “the news about getting a job and hacking Google are fake.”
From the above fact check, we can conclude that;
Rituraj did not hack Google, he found a bug
He was not offered any job but his name was added to the list of researchers
He is a student of the Indian Institute of Information Technology Manipur (IIIT – Manipur) and Not IIT- Manipur
Thus, it is evident that the viral post is misleading.
If you want to fact-check any story, WhatsApp it now on +91 11 7127 9799
Related questions
The FBI does hire cybersecurity professionals, including ethical hackers, to combat cybercrime and enhance national security. However, there are strict requirements and policies in place:
Legal and Ethical Standards: The FBI only hires individuals with clean legal records. Engaging in unauthorized hacking (even as a "white hat") or drug use (e.g., marijuana, which remains illegal under federal law) would disqualify candidates.
Drug Testing: FBI applicants must pass rigorous drug tests. Marijuana use—even in states where it is legal—is prohibited for federal employees.
Roles in Cybersecurity: The FBI seeks candidates with skills in penetration testing, digital forensics, and network security. Relevant degrees (e.g., computer science) and certifications (e.g., CISSP, CEH) are typically required.
Weed-Related Investigations: The FBI may investigate crimes linked to illegal drug trafficking (including cannabis in certain contexts), but this is separate from hiring practices.
In short: The FBI does not hire individuals involved in illegal activities (hacking or drug use). Cybersecurity roles require adherence to federal laws and strict ethical standards.
评论已关闭