Clickbait emails, URL shortening services and phishing messages -- that's how a small and unheard of Delhi-based company named BellTroX allegedly ruled the 'hack-for-hire' world of 'cyber mercenaries', which targeted thousands of individuals and hundreds of professionals. The company, owned by its director Sumit Gupta, is officially an independent firm of "transcriptionists, designers, developers" but its secret hacking operations spanned across Europe and the US.
A report by Citizen Lab, an interdisciplinary laboratory based at the Munk School of Global Affairs at the University of Toronto, Canada, on Tuesday concluded that BellTroX is behind an organisation of hackers (named Dark Basin) that spied on over 10,000 email accounts for several years. Its victim included judges, politicians, journalists, gambling tycoons, environment groups, among others.
Though Sumit Gupta has denied any wrongdoing, his chequered past -- he was charged by US authorities in a hacking case in 2015 -- and the tracking of hacking operations by Dark Basin alleges he could be the mastermind behind several hacking cases.
Sumit Gupta's Twitter handle. He is not active on Twitter since 2013. The company website has also been taken down since the row erupted.
Gupta runs his company from a small place in Sant Nagar area of Burari, New Delhi. Its LinkedIn profile suggests BellTroX InfoTech Services has grown into one of the world's premier transcription and digital dictation provider for numerous "hospitals, clinics, expert witnesses, independent practitioners and commercial organisations".
The official address of BellTroX InfoTech Services
It also offers a "cost-effective, accessible solution" to its clients at "unbeatable prices". "BellTroX wants to establish itself as a Consulting Market Leader by developing productive relationships, synergies and partnerships with the people we work with. By pioneering new ideas, embracing change and developing new ways of doing things," says the director's message on its website. Another company named Suvidhi KPO (OPC) Private Limited has also been registered with the same name.
Allegations against BellTroX
Numerous technical links unearthed during the investigation suggested Dark Basin is linked to BellTroX. Its employees focused on email penetration, exploitation, corporate espionage, phone pinger and cyber intelligence operations. As per the report, BelltroX used to send malicious emails to its targets to get their crucial information. The malicious emails ranged from horoscopes to porn spam messages.
Depending upon the severity of the case, BellTroX allegedly used to send messages ranging from imitating colleagues or relatives and sending Facebook login requests to graphic notifications and messages asking the target to unsubscribe pornography credentials.
What is Dark Basin
Dark Basin is a hack-for-hire group that targeted thousands of individuals and hundreds of institutions in six continents. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries. Dark Basin extensively targeted American nonprofits, including organisations working on a campaign called ExxonKnew, which asserted that ExxonMobil hid information about climate change for decades.
BellTroX's India connection
Citizen Lab has said "with high confidence" that Dark Basin is linked to BellTroX InfoTech Services. It also found that timestamps in hundreds of phishing emails assessed by it were consistent with working hours in India's UTC+5:30 time zone.
The same timing correlations were found by the Electronic Frontier Foundation (EFF) in a prior investigation of phishing messages targeting net neutrality advocacy groups. Several of Dark Basin's URL shortening services had names associated with India: Holi, Rongali, and Pochanchi.
Several BellTroX employees used personal documents, including a CV, as bait content, when testing their URL shorteners. They also made social media posts describing and taking credit for the attack techniques containing screenshots of links to Dark Basin infrastructure.