1. Home
  2. How an obscure Indian cyber firm spied on politicians, investors through horoscopes and porn

How an obscure Indian cyber firm spied on politicians, investors through horoscopes and porn

News Network
June 27, 2020

Jun 27: Alittle-known Indian IT firm offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years.

New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence.

Aspects of BellTroX's hacking spree aimed at American targets are currently under investigation by U.S. law enforcement, five people familiar with the matter told Reuters. The U.S. Department of Justice declined to comment.

Reuters does not know the identity of BellTroX's clients. In a telephone interview, the company's owner, Sumit Gupta, declined to disclose who had hired him and denied any wrongdoing.

Muddy Waters founder Carson Block said he was "disappointed, but not surprised, to learn that we were likely targeted for hacking by a client of BellTroX." KKR declined to comment.

Researchers at internet watchdog group Citizen Lab, who spent more than two years mapping out the infrastructure used by the hackers, released a report that BellTroX employees were behind the espionage campaign.

"This is one of the largest spy-for-hire operations ever exposed," said Citizen Lab researcher John Scott-Railton.

Although they receive a fraction of the attention devoted to state-sponsored espionage groups or headline-grabbing heists, "cyber mercenary" services are widely used, he said. "Our investigation found that no sector is immune."

A cache of data reviewed by Reuters provides insight into the operation, detailing tens of thousands of malicious messages designed to trick victims into giving up their passwords that were sent by BellTroX between 2013 and 2020. The data was supplied on condition of anonymity by online service providers used by the hackers after Reuters alerted the firms to unusual patterns of activity on their platforms.

The data is effectively a digital hit list showing who was targeted and when. Reuters validated the data by checking it against emails received by the targets.

On the list: judges in South Africa, politicians in Mexico, lawyers in France and environmental groups in the United States. These dozens of people, among the thousands targeted by BellTroX, did not respond to messages or declined comment.

Reuters was not able to establish how many of the hacking attempts were successful.

BellTroX's Gupta was charged in a 2015 hacking case in which two U.S. private investigators admitted to paying him to hack the accounts of marketing executives. Gupta was declared a fugitive in 2017, although the U.S. Justice Department declined to comment on the current status of the case or whether an extradition request had been issued.

Speaking by phone from his home in New Delhi, Gupta denied hacking and said he had never been contacted by law enforcement. He said he had only ever helped private investigators download messages from email inboxes after they provided him with login details.

"I didn't help them access anything, I just helped them with downloading the mails and they provided me all the details," he told Reuters. "I am not aware how they got these details but I was just helping them with the technical support."

Reuters could not determine why the private investigators might need Gupta to download emails. Gupta did not return follow-up messages. Spokesmen for Delhi police and India's foreign ministry did not respond to requests for comment.

HOROSCOPES AND PORNOGRAPHY

Operating from a small room above a shuttered tea stall in a west-Delhi retail complex, BellTroX bombarded its targets with tens of thousands of malicious emails, according to the data reviewed by Reuters. Some messages would imitate colleagues or relatives; others posed as Facebook login requests or graphic notifications to unsubscribe from pornography websites.

Fahmi Quadir's New York-based short selling firm Safkhet Capital was among 17 investment companies targeted by BellTroX between 2017 and 2019. She said she noticed a surge in suspicious emails in early 2018, shortly after she launched her fund.

Initially "it didn't seem necessarily malicious," Quadir said. "It was just horoscopes; then it escalated to pornography."

Eventually the hackers upped their game, sending her credible-sounding messages that looked like they came from her coworkers, other short sellers or members of her family. "They were even trying to emulate my sister," Quadir said, adding that she believes the attacks were unsuccessful.

U.S. advocacy groups were also repeatedly targeted. Among them were digital rights organizations Free Press and Fight for the Future, both of whom have lobbied for net neutrality. The groups said a small number of employee accounts were compromised, but the wider organizations' networks were untouched. The spying on those groups was detailed in a report by the Electronic Frontier Foundation in 2017, but has not been publicly tied to BellTroX until now.

Timothy Karr, a director at Free Press, said his organization "sees an uptick in breach attempts whenever we're engaged in heated and high-profile public policy debates." Evan Greer, deputy director of Fight for the Future, said: "When corporations and politicians can hire digital mercenaries to target civil society advocates, it undermines our democratic process."

While Reuters was not able to establish who hired BellTroX to carry out the hacking, two former employees said the company and others like it were usually contracted by private investigators on behalf of business rivals or political opponents.

Bart Santos of San Diego-based Bulldog Investigations was one of a dozen private detectives in the United States and Europe who told Reuters they had received unsolicited advertisements for hacking services out of India - including one from a person who described himself as a former BellTroX employee. The pitch offered to carry out "data penetration" and "email penetration."

Santos said he ignored those overtures, but could understand why some people didn't. "The Indian guys have a reputation for customer service," he said.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
May 14,2020

London, May 14: Fugitive liquor baron Vijay Mallya on Thursday urged the Central government to accept his offer to repay 100 per cent of his loan dues and close the case against him.

While congratulating the Centre for introducing Rs 20 lakh crore relief package to boost the economy amid the coronavirus lockdown, Mallya, lamented that his repeated attempts to pay back his dues have been ignored by the Indian government.

"Congratulations to the Government for a Covid 19 relief package. They can print as much currency as they want BUT should a small contributor like me who offers 100% payback of State-owned Bank loans be constantly ignored? Please take my money unconditionally and close," he tweeted.

Earlier this month, Mallya had sought permission to appeal against a ruling ordering his extradition to India in Britain's highest court the UK Supreme Court.

The application comes two weeks after the High Court in London - the UK's second-highest court - dismissed Mallya's appeal against a lower court ruling that he be sent to India to face charges of defrauding a consortium of Indian banks of more than Rs 9,000 crores relating to the collapse of Kingfisher Airlines in 2012.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
June 10,2020

Chennai, Jun 10: DMK MLA J Anbazhagan who had tested positive for coronavirus and was on ventilator support from June 3 passed away at a hospital in Chennai on Wednesday.

Coincidently, today is the 62nd birthday of the MLA.

"Anbazhagan J, who has been fighting for his life with severe COVID 19 pneumonia rapidly deteriorated early this morning. In spite of full medical support including mechanical ventilation at our COVID facility, he succumbed to his illness. He was declared dead at 08:05 hours on the 10th of June 2020," the hospital said in a statement.

In 2001, Anbazhagan was elected from T Nagar Assembly constituency. He served for five years.

Later in 2011, he was elected to Tamil Nadu Assembly from Chepauk-Thiruvallikeni seat. The DMK leader was re-elected from the same constituency in 2016.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
May 14,2020

May 14: The UN’s children agency has warned that an additional 6,000 children could die daily from preventable causes over the next six months as the COVID-19 pandemic weakens the health systems and disrupts routine services, the first time that the number of children dying before their fifth birthday could increase worldwide in decades.

As the coronavirus outbreak enters its fifth month, the UN Children’s Fund (UNICEF) requested USD 1.6 billion to support its humanitarian response for children impacted by the pandemic.

The health crisis is “quickly becoming a child rights crisis. And without urgent action, a further 6,000 under-fives could die each day,” it said.

With a dramatic increase in the costs of supplies, shipment and care, the agency appeal is up from a USD 651.6 million request made in late March – reflecting the devastating socioeconomic consequences of the disease and families’ rising needs.

"Schools are closed, parents are out of work and families are under strain," UNICEF Executive Director Henrietta Fore said on Tuesday.

 “As we reimagine what a post-COVID world would look like, these funds will help us respond to the crisis, recover from its aftermath, and protect children from its knock-on effects.”

The estimate of the 6,000 additional deaths from preventable causes over the next six months is based on an analysis by researchers from the Johns Hopkins Bloomberg School of Public Health, published on Wednesday in the Lancet Global Health Journal.

UNICEF said it was based on the worst of three scenarios analysing 118 low and middle-income countries, estimating that an additional 1.2 million deaths could occur in just the next six months, due to reductions in routine health coverage, and an increase in so-called child wasting.

Around 56,700 more maternal deaths could also occur in just six months, in addition to the 144,000 likely deaths across the same group of countries. The worst case scenario, of children dying before their fifth birthdays, would represent an increase "for the first time in decades,” Fore said.

"We must not let mothers and children become collateral damage in the fight against the virus. And we must not let decades of progress on reducing preventable child and maternal deaths, be lost,” she said.

Access to essential services, like routine immunisation, has already been compromised for hundreds of millions of children and threatens a significant increase in child mortality.

According to a UNICEF analysis, some 77 per cent of children under the age of 18 worldwide are living in one of 132 countries with COVID-19 movement restrictions.

The UN agency also spotlighted that the mental health and psychosocial impact of restricted movement, school closures and subsequent isolation are likely to intensify already high levels of stress, especially for vulnerable youth.

At the same time, they maintained that children living under restricted movement and socio-economic decline are in greater jeopardy of violence and neglect. Girls and women are at increased risk of sexual and gender-based violence.

The UNICEF pointed out that in many cases, refugee, migrant and internally displaced children are experiencing reduced access to protection and services while being increasingly exposed to xenophobia and discrimination.

“We have seen what the pandemic is doing to countries with developed health systems and we are concerned about what it would do to countries with weaker systems and fewer available resources,” Fore said.

In countries suffering from humanitarian crises, UNICEF is working to prevent transmission and mitigate the collateral impacts on children, women and vulnerable populations – with a special focus on access to health, nutrition, water and sanitation, education and protection.

To date, the UN agency said it has received USD 215 million to support its pandemic response, and additional funding will help build upon already-achieved results.

Within its response, UNICEF has reached more than 1.67 billion people with COVID-19 prevention messaging around hand washing and cough and sneeze hygiene; over 12 million with critical water, sanitation and hygiene supplies; and nearly 80 million children with distance or home-based learning.

The UN agency has also shipped to 52 countries, more than 6.6 million gloves, 1.3 million surgical masks, 428,000 N95 respirators and 34,500 COVID-19 diagnostic tests, among other items.

Comments

Add new comment

About text formats
  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.