It turned out that the largest hacking ever was done by an Indian company, hackers brag about their work on SNS

On June 9, 2020, Citizen Lab, an information and communication technology research institute based in the University of Toronto, Canada, has spo Has been identified.' According to Reuters, which reported the issue, Dark Basin's activity is said to be 'the largest espionage ever published.'

Dark Basin: Uncovering a Massive Hack-For-Hire Operation-The Citizen Lab

Exclusive: Obscure Indian cyber firm spied on politicians, investors worldwide-Reuters

'Dark Basin' is a group of 'hack-for-hire' that has targeted thousands of individuals and institutions, mainly journalists, government officials, and hedge funds. Dark Basin has carried out a large-scale phishing attack on an NGO's e-frontier foundation to protect the right to free speech, and condemned petroleum companies such as Exxon Mobil for climate change issues. It is said that he has carried out spy activities targeting a large number of NGOs including ' #ExxonKnew '.


Mike Mozart

About this Dark Basin entity, Citizen Lab reported on June 9 'Dark Basin has a high probability of being linked to Indian company BellTroX InfoTech Services and its affiliates.'

Dark Basin's identity was discovered in 2017 when a journalist targeted by a phishing attack asked Citizen Lab to investigate. Citizen Lab discovered that the phishing was done through a URL shortening tool, further investigation conducted by Dark Basin for the purpose of the URL shortening tool 'to disguise the URL used for phishing attacks'. I found out that it is something that exists.

During the course of the investigation, 28,000 pieces of evidence were identified, including the email addresses of the individuals and organizations targeted by Dark Basin, but we are addressing the issue of climate change and Internet neutrality among the victims. Two groups were said to have suffered particularly noticeable damage. In addition to NGOs, various individuals and organizations were being targeted, including South African judges, Mexican politicians, and French lawyers, Reuters reported.

Due to the size of Dark Basin, Citizen Lab was initially thinking that 'Dark Basin is likely to be a government-supported hacker organization.' In addition, the time zones during which emails for phishing attacks are sent are concentrated in the time zone during the day in the Indian time zone, and the URL shortening service is named after festivals in India. , Dark Basin was speculated to be based in India.

Below is a screenshot of 'HOLI', one of the URL shortening services operated by Dark Basin. 'HOLI' is the Indian festival Holi .

In addition, the traces of the activities of Dark Basin correspond with the content of the activities that the staff of Indian IT company BellTroX has published on the Internet as 'actual results' with high accuracy, so 'the identity of Dark Basin is BellTroX. It's likely.'

Below is a screenshot of a profile posted by one of BellTroX's staff on the internet. Profiles that appear to belong to SNS for business and LinkedIn include some of BellTroX's company name and living in New Delhi, India.

In addition, the activities that this employee has listed as past achievements include 'Create Phishing Page', 'Email Tracking', etc. Staff used their activities at Dark Basin as their own publicity.” The Citizen Lab has also identified a number of BellTroX staff members who have used roundabout expressions such as 'Ethical Hacking' and 'Certified Ethical Hacker.'

It's unclear who BellTroX was hired to hack, but two former BellTroX employees contacted by Reuters said, ``These companies were usually hired by targeted business rivals or political opponents. I have a contract with a private detective.'

Citizen Lab added, “The rise of large-scale commercialized hacks is a threat to democratic societies. We are fully accountable to everyone involved in these phishing campaigns. I think there is an urgent need.' Citizen Lab is currently cooperating with the US Department of Justice to provide this investigation material at the request of several organizations targeted by Dark Basin.

in Web Service, Posted by log1l_ks