Huge Spy-For-Hire Scheme Target Thousands of Organizations Including Politicians
Hackers’ large-scale spy-for-hire scheme was caught spying
on thousands of individuals. According to ACS’s latest report, an obscure
Indian tech company has been exposed and traced to have been targeting
thousands of organizations including politicians and human rights groups.
The report confirmed that it took more than two years of
mapping the infrastructure used by the hackers before the Researchers Citizen
Lab exposed the hacker-for-hire scheme dubbed as “Dark Basin.”
Hundreds of organizations and thousands of individuals
across six continents including high-profile private equity firms in the United
States, Greenpeace, and politicians in Mexico were targeted by the group.
The security researchers claimed that Dark Basin is
connected to an obscure IT firm based in New Delhi called BellToX InfoTech
Services.
“Over the course of our multi-year investigation, we found
that Dark Basin likely conducted commercial espionage on behalf of their
clients, against opponents involved in high-profile public events, criminal
cases, financial transactions, news stories, and advocacy,” said the
researchers of Citizen Lab.
According to ACS, tens of thousands of malicious messages
designed to dupe the victims into handing over login details were sent to the
targeted organizations and individuals between 2013 and 2020. The messages were
often disguised by the hackers as Facebook login requests, messages from other
organizations, or graphic notifications asking the user to unsubscribe from a
pornography website.
Although the researchers said that the clients of the
hacker-for-hire or Dark Basin groups could not be identified, the process of
the hackers in approaching their targets revealed that they had a deep
knowledge and understanding of informal organizational hierarchies.
“Some of this knowledge would likely have been hard to
obtain from an open-source investigation alone,” said Citizens Lab.
“Combined with the bait content . . . we concluded that Dark
Basin operators were likely provided with detailed instructions not only about
whom to target, but what kinds of messages specific targets might be responsive
to,” the researchers further explained.
The U.S. digital rights organizations Fight for the Future
and Free Press, one of the targets of BellTrox, said that although the wider
network was unaffected by the attack, the accounts of a small number of their
employees were compromised. The report found out that the organizations
targeted by the IT firm were mostly linked to only one side of a contested
legal proceeding, business deal, or advocacy issue.
“I didn’t help them access anything, I just helped them with
downloading the emails and they provided me with all the details,” said the
owner of BellTrox, Sumit Gupta.
“I am not aware how they got these details but I was just
helping them with the technical support,” Gupta further explained. BellTrox’s
owner declined to reveal the company’s clients and any wrongdoing in the
matter.
Comments
Post a Comment