Delhi-based ‘hack-for-hire’ firm spied on politicians, investors globally

New Delhi, June 9 (IANS) In a startling revelation, a New Delhi-based technology company, BellTroX InfoTech Services, has been linked to a massive ‘hack-for-hire’ operation that targeted thousands of individuals and organisations in six continents, including senior politicians, government prosecutors, CEOs, journalists and human rights defenders.
Named ‘Dark Basin’ by Citizen Lab, a laboratory based at the Munk School of Global Affairs and Public Policy of the University of Toronto, the organisation offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years.
BellTroX targeted government officials in Europe and well-known investors in the US.
The ‘hack-for-hire’ organisation extensively targeted American nonprofits, including organisations working on a campaign called #ExxonKnew, which asserted that ExxonMobil hid information about climate change for decades.
“With high confidence, we link Dark Basin to BellTroX InfoTech Services (BellTroX), an India-based technology company, and related entities,” Citizen Lab said in a detailed statement on Tuesday.
“We also identify Dark Basin as the group behind the phishing of organisations working on net neutrality advocacy, previously reported by the Electronic Frontier Foundation,” it added.
To recall, BellTroX’s director, Sumit Gupta, was indicted in California in 2015 for his role in a similar hack-for-hire scheme.
Some of the targeted organisations are Rockefeller Family Fund, Climate Investigations Center, Greenpeace, Center for International Environmental Law, Oil Change International, Public Citizen, Conservation Law Foundation, Union of Concerned Scientists and several others.
“Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy,” said Citizen Lab.
The investigation found that some “high value” targets were sent more than 100 phishing attempts with very diverse content.
The investigators were able to identify almost 28,000 additional URLs containing email addresses of the targets.
“We used open source intelligence techniques to identify hundreds of targeted individuals and organisations. We later contacted a substantial fraction of them, assembling a global picture of Dark Basin’s targeting,” said the researchers.
Dark Basin’s targets were often on only one side of a contested legal proceeding, advocacy issue, or business deal.
“Dark Basin has targeted dozens of journalists in multiple countries. Citizen Lab has notified and worked with some of these journalists over the past three years to assist them in investigating this case,” said the report.
Several of Dark Basin’s URL shortening services had names associated with India: Holi, Rongali and Pochanchi (likely a transliteration of the Bengali word for ‘fifty-five’).
The researchers were able to identify several BellTroX employees, whose activities overlapped with Dark Basin because they used personal documents, including a CV, as bait content when testing their URL shorteners.
“They also made social media posts describing and taking credit for attack techniques containing screenshots of links to Dark Basin infrastructure,” the report said.
BellTroX and its employees appear to use euphemisms for promoting their services online, including ‘Ethical Hacking’ and ‘Certified Ethical Hacker’. BellTroX’s slogan is: “You desire, we do!”
On June 7, the BellTroX website began serving an error message.
The Citizen Lab researchers also observed that postings and other materials linking BellTroX to these operations have been recently deleted.
In 2015, the US Department of Justice (DOJ) indicted several US-based private investigators and an Indian national, Sumit Gupta (for whom the DOJ notes also use the alias Sumit Vishnoi), for their role in a hack-for-hire scheme.
“To our knowledge, Gupta was never arrested in relation to the indictment. An aggregator of Indian corporate registration data lists Sumit Gupta as the director of BellTroX, and online postings by a ‘Sumit Vishnoi’ contain references to BellTroX,” said the report.
BellTroX staff activities listed on LinkedIn include email penetration, exploitation, corporate espionage, phone pinger and conducting cyber intelligence operations.
BellTroX’s LinkedIn pages, and those of their employees, have received hundreds of endorsements from individuals working in various fields of corporate intelligence and private investigation.
“Dark Basin has a remarkable portfolio of targets, from senior government officials and candidates in multiple countries, to financial services firms such as hedge funds and banks, to pharmaceutical companies,” according to the report.

- Advertisement -