The TLDR: An obscure Indian company called Belltrox Infotech Services is making global headlines for all the wrong reasons. Citizen Lab—a Toronto-based internet advocacy organisation—has named it as an illegal hacker-for-hire operation that targets big-name media publications, hedge funds and advocacy groups around the world. And it reveals the other side of India’s well-established IT prowess and jugaad.
Tell me about this Belltrox
The hacker-in-chief: The tiny 15-employee company operates out of Delhi—apparently from above a chai shop. Its directors are Sumit Gupta and his wife, Veenu Arora. In 2015, Gupta was charged with 10 counts of email and computer hacking in California. And two San Francisco-area private investigators were charged with hiring him to access private email correspondence in a legal dispute between two companies. He seems to have then fled to India. And attempts to extradite him have failed.
Point to note: Gupta’s former employees say they were asked to breach firewalls and find loopholes in computer systems: “The incentives were always project based. The more information (we) gathered, the more money we were paid.”
The company: The company was first incorporated in Rajasthan back in 2012, and took on its current avatar a year later after a split between Gupta and Surender Mehra. And its website—now taken down—looked like this:
So what did they do, exactly?
They targeted people via phishing—i.e. sending fake links. They would click on these links, and allow Belltrox to gain access to all the information on their phone or computer. And they would use that information (email addresses, etc.) to further target other persons with valuable information. Family members—including kids—were not exempt.
The fake emails could include fake Dropbox or spurious Google News links, and looked something like this:
In recent months, they have been using fake WHO updates to lure their targets.
And who did they target?
The targets range from journalists, politicians and foundations to hedge funds and advocacy organisations—and spread across the world. More recently, business leaders in financial services, consulting, and healthcare corporations have been in their crosshairs.
Why? Who hired them?
In every case, the spying appears to benefit one party in a corporate litigation case or investigation. Here are two examples.
ExxonKnew: Citizen Lab found that Belltrox systematically targeted leading members of the #ExxonKnew campaign—which claims that the oil company hid information about climate change for decades. These include people at the Rockefeller Family Fund, Greenpeace and the Union of Concerned Scientists. And they were targeted by Belltrox right when Exxon was under investigation by the New York state attorneys for wilfully deceiving the public.
Wirecard AG: The German technology firm has been accused of cooking its books and market manipulation. And its headquarters were recently raided. Belltrox targeted hedge funds, investigators, journalists, and short sellers—people who bet on a company’s stock falling—who raised questions about Wirecard’s numbers.
So they were hired by these companies?
There is only circumstantial evidence. Belltrox was hired by middlemen in the US and Israel. For example: Israeli private investigator Aviram Azari who was recently indicted by US authorities is suspected of working closely with Belltrox. But as Bloomberg notes: “[T]heir ultimate clients are often law firms or corporations, which may receive pilfered material under the guise of corporate intelligence or litigation preparation.”
However, there is no direct evidence linking these ‘beneficiaries’ to Belltrox or any other illegal hacking operation.
Is this just Belltrox?
North India—particularly Delhi—is now a hub of illegal hacking rings, dubbed ‘Dark Basin’ by Citizen Lab. A cyber-expert told Economic Times:
“There are over 100 hacking-for-hire companies across India. They would have started with state actors and expanded to offer it to private companies… There are always people who look out for such companies.”
Many are school or college dropouts who get a certificate at privately-owned “technical” ethical-hacking institutes—which typically cost between Rs 60,000-100,000. And they are paid in bitcoins—the equivalent of Rs 20,000 for, say, hacking one social media account.
What we were amused by: Ok so hacking isn’t to be taken lightly, but we were very entertained by these little nuggets:
Hey, we take the laughs where we get ‘em.
Reading list:
Check out Citizen Lab’s detailed investigation of Belltrox. Bloomberg (via Yahoo News) did an excellent follow up on the Wirecard story. Economic Times reports on Delhi as a hacker hub, and on Belltrox’s most recent activity.
Does the BJP actually need 400 seats to change the Constitution?
Read MoreDengue has emerged as a formidable killer—becoming more dangerous each passing year due to climate change.
Read MoreThe ambitious plans for NEOM are falling by the wayside. Are the Saudis running out of money?
Read MoreThe US is on the verge of banning TikTok—is this vindication for Indian govt or politicians grandstanding against China?
Read More