Sunday, September 27, 2020
Home Lead Story Story Of Delhi-based Firm that Executed Global Cyber Heist

Story Of Delhi-based Firm that Executed Global Cyber Heist

A small IT company BellTroX InfoTech Services has targeted thousands of powerful individuals and organisations on six continents

Tucked in a small office at Netaji Subhash Place in Shakurpur area of East Delhi, an obscure IT company BellTroX InfoTech Services has targeted thousands of powerful individuals and organisations on six continents, creating ripples among the powers-that-be.

Although Citizen Lab, a laboratory based at the Munk School of Global Affairs and Public Policy of the University of Toronto which broke the story first, will further provide a comprehensive overview of certain targets and technical indicators in days to come, the ‘hack-for-hire’ firm has created ripples among the advocacy groups and journalists, elected and senior government officials, hedge funds and multiple industries.

How did a small Delhi firm able to execute such a big cyber heist?

Nicknamed ‘Dark Basin,’ the multi-year investigation found that ‘BellTroX’, owned by Sumit Gupta who was indicted in California in 2015 for his role in a similar hack-for-hire scheme, conducted commercial espionage on behalf of their clients against opponents involved in high-profile public events, criminal cases, financial transactions, news stories, and advocacy.

The story goes back to 2017 when a journalist who had been targeted with phishing attempts contacted Citizen Lab and asked if they could investigate. The research team linked the phishing attempts to a custom URL shortener, which the operators used to disguise the phishing links. Citizen Lab subsequently discovered that this shortener was part of a larger network of custom URL shorteners operated by a single group now called ‘Dark Basin’.

“Because the shorteners created URLs with sequential shortcodes, we were able to enumerate them and identify almost 28,000 additional URLs containing e-mail addresses of targets,” says Citizen Lab. The team used open source intelligence techniques to identify hundreds of targeted individuals and organizations, yielding several clusters of interest, including two clusters of advocacy organizations in the US working on climate change and net neutrality. Dark Basin’s targets were often on only one side of a contested legal proceeding, advocacy issue or business deal. The timings of sending phishing emails were consistent with working hours in India’s time zone.

Nicknamed ‘Dark Basin,’ the multi-year investigation found that ‘BellTroX’, owned by Sumit Gupta who was indicted in California in 2015 for his role in a similar hack-for-hire scheme. Pixabay

Additionally, ‘Dark Basin’ left copies of their phishing kit source code available openly online, as well as log files showing testing activity. The logging code invoked by the phishing kit recorded timestamps in India time zone, and log files show that Dark Basin appeared to conduct some testing using “an IP address in India”.

Citizen Lab collaborated with consumer cybersecurity brand NortonLifeLock and unearthed numerous technical links between the campaigns and individuals associated with BellTroX. “In at least one case, Dark Basin repurposed a stolen internal email to re-target other individuals. This incident led us to conclude that Dark Basin had some success in gaining access to the email accounts of one or more advocacy groups,” said the report.

For more news updates refer to Newsgram’s Facebook page

BellTroX employees sent phishing emails masquerading as targets’ colleagues and friends. The individuals that Dark Basin chose to target showed that it had a deep knowledge of informal organizational hierarchies (masquerading as individuals with greater authority than the target). “We concluded that Dark Basin operators were likely provided with detailed instructions not only about whom to target, but what kinds of messages specific targets might be responsive to,” the report noted.

Also Read: Stay Happy To Keep Gastrointestinal Distress At Bay, Research says

Citizen Lab says they do not have strong evidence pointing to the party commissioning them and is not conclusively attributing Dark Basin’s phishing campaign against these organizations to a particular Dark Basin client at this time. “That said, the extensive targeting of American nonprofits exercising their first amendment rights is exceptionally troubling,” it added. (IANS)



Most Popular

The Modern Bride

Lockdown may have forced the Big Fat Indian Wedding to become a leaner affair but a bride's approach to fashion is more discerning than...

Leading change in India’s Remote Areas: Nutrition Month

When Bihar's Kurmaha village-based Lalmati Devi, a rural laborer from an impoverished background, attended sessions on health and nutrition through a self-help group she's...

76% Marathi Singles Take Their Own Decision on Marriage

Data revealed fascinating insights on Maharashtrians and their partner preferences while choosing for their marriage. Marathi Matrimony one of the leading matchmaking services for Marathis,...

Playback Singer Asha Bhosle Says- “Do Your Riyaz Daily”

When she turned 88, Asha Bhosle reinvented herself. She launched her YouTube channel, shared anecdotes about her life with audiences spanning three generations or...

Know if Natural Medicines Can Heal Coronavirus Symptoms

In the last eight months of the Coronavirus pandemic, enough cases have been made for supplementing Covid-19 treatment with natural medicine. Data emerging from...

Having Pets Linked to Reduced Psychological Stress During Lockdown

Sharing a home with a pet appeared to act as a buffer against the psychological stress during the lockdown, say researchers adding that keeping...

Checkout The Latest Trends in Travel Amid Pandemic

Online searches for accommodations over the past few months are reflecting how consumers are viewing travel in the new normal, and several unique trends...

Depression Among COVID Patients can Defeat the Mission

BY SALIL GEWALI When uncertainty and worries come calling, the body's immune system crashes. But contrastingly, one believes, COVID-19 is fought only with better immunity....

Recent Comments