Hello User
Sign in
Hello
Sign Out
Subscribe
Next Story
Business News/ Technology / News/  Delhi firm linked to global hacking scam

Delhi firm linked to global hacking scam

  • Among the targeted organizations were US advocacy firms working on climate change and net neutrality
  • The group behind these operations, Dark Basin, is allegedly linked to an obscure Delhi-based IT firm, BellTroX InfoTech Services

Sumit Gupta, founder of Delhi-based BellTroX InfoTech Services, has denied any wrongdoing

NEW DELHI: Toronto University-based Citizen Lab has uncovered a global hack-for-hire operation targeting hundreds and thousands of institutions and individuals, including journalists, government officials, CEOs, lawyers and human rights activists. Among targeted organizations were US advocacy firms working on climate change and net neutrality.

The group behind these operations, Dark Basin, is allegedly linked to an obscure Delhi-based IT firm, BellTroX InfoTech Services.

Email queries to BellTroX did not elicit any response till press time. According to a Reuters report, Sumit Gupta, founder, BellTroX InfoTech, has denied any wrongdoing.

Citizen Lab alerted hundreds of individuals and institutions who were targeted by the group and has shared material confirming their targeting with the US Department of Justice (DOJ).

It has also shared technical information unearthed during the investigation with researchers at cybersecurity company NortonLifeLock, who were conducting a parallel investigation into Dark Basin’s operations.

Citizen Lab’s investigation started in 2017 when it was contacted by a journalist who was the target of a phishing attack.

It linked the attack to a custom URL shortener used to mask the phishing links. The shortener was part of a larger network of custom URL shorteners and was used by a single group—Dark Basin.

The shorteners created URLs with sequential shortcodes, which allowed the researchers to enumerate them and identify almost 28,000 more such URLs containing the e-mail addresses of targets.

Using open-source intelligence techniques, Citizen Lab identified hundreds of targeted individuals and organizations.

Further investigation revealed that the timestamps found in phishing emails were consistent with working hours in India’s UTC+5:30 time zone.

Besides, several URL shortening services used by Dark Basin had Indian festival names such as Holi and Rongali, while log files showed that Dark Basin conducted some testing using IP addresses in India.

ABOUT THE AUTHOR

Abhijit Ahaskar

Abhijit writes on tech policy, gaming, security, AI, robotics, electronics and startups. He has been in the media industry for over 12 years.
Catch all the Business News , Technology News , Breaking News Events and Latest News Updates on Live Mint. Download The Mint News App to get Daily Market Updates.

Dive into the Amazon Great Indian Festival Sale 2024!
Unbelievable deals on laptops, washing machines, refrigerators, kitchen appliances, gadgets, automotives, luggage and more in amazon sale. Celebrate Diwali 2024 with Amazon's biggest sale of the year.
Get the latest financial, economic and market news, instantly.