Express Computer
Home  »  News  »  How a Delhi-based obscure firm executed global cyber heist

How a Delhi-based obscure firm executed global cyber heist

0 186

Tucked in a small office at Netaji Subhash Place in Shakurpur area of East Delhi, an obscure IT company BellTroX InfoTech Services has targeted thousands of powerful individuals and organisations on six continents, creating ripples among the powers-that-be.

Although Citizen Lab, a laboratory based at the Munk School of Global Affairs and Public Policy of the University of Toronto which broke the story first, will further provide a comprehensive overview of certain targets and technical indicators in days to come, the ‘hack-for-hire’ firm has created ripples among the advocacy groups and journalists, elected and senior government officials, hedge funds and multiple industries.

How did a small Delhi firm able to execute such a big cyber heist?

Nicknamed ‘Dark Basin,’ the multi-year investigation found that ‘BellTroX’, owned by Sumit Gupta who was indicted in California in 2015 for his role in a similar hack-for-hire scheme, conducted commercial espionage on behalf of their clients against opponents involved in high-profile public events, criminal cases, financial transactions, news stories, and advocacy.

The story goes back to 2017 when a journalist who had been targeted with phishing attempts contacted Citizen Lab and asked if they could investigate.

The research team linked the phishing attempts to a custom URL shortener, which the operators used to disguise the phishing links.

Citizen Lab subsequently discovered that this shortener was part of a larger network of custom URL shorteners operated by a single group now called ‘Dark Basin’.

“Because the shorteners created URLs with sequential shortcodes, we were able to enumerate them and identify almost 28,000 additional URLs containing e-mail addresses of targets,” says Citizen Lab.

The team used open source intelligence techniques to identify hundreds of targeted individuals and organizations, yielding several clusters of interest, including two clusters of advocacy organizations in the US working on climate change and net neutrality.

Dark Basin’s targets were often on only one side of a contested legal proceeding, advocacy issue or business deal.

The timings of sending phishing emails were consistent with working hours in India’s time zone.

Additionally, ‘Dark Basin’ left copies of their phishing kit source code available openly online, as well as log files showing testing activity.

The logging code invoked by the phishing kit recorded timestamps in India time zone, and log files show that Dark Basin appeared to conduct some testing using “an IP address in India”.

Citizen Lab collaborated with consumer cybersecurity brand NortonLifeLock and unearthed numerous technical links between the campaigns and individuals associated with BellTroX.

“In at least one case, Dark Basin repurposed a stolen internal email to re-target other individuals. This incident led us to conclude that Dark Basin had some success in gaining access to the email accounts of one or more advocacy groups,” said the report.

BellTroX employees sent phishing emails masquerading as targets’ colleagues and friends. The individuals that Dark Basin chose to target showed that it had a deep knowledge of informal organizational hierarchies (masquerading as individuals with greater authority than the target).

“We concluded that Dark Basin operators were likely provided with detailed instructions not only about whom to target, but what kinds of messages specific targets might be responsive to,” the report noted.

Citizen Lab says they do not have strong evidence pointing to the party commissioning them and is not conclusively attributing Dark Basin’s phishing campaign against these organizations to a particular Dark Basin client at this time.

“That said, the extensive targeting of American nonprofits exercising their first amendment rights is exceptionally troubling,” it added.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image