How an obscure Indian cyber firm spied on politicians, investors through horoscopes and porn

News Network
June 27, 2020

Jun 27: Alittle-known Indian IT firm offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years.

New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence.

Aspects of BellTroX's hacking spree aimed at American targets are currently under investigation by U.S. law enforcement, five people familiar with the matter told Reuters. The U.S. Department of Justice declined to comment.

Reuters does not know the identity of BellTroX's clients. In a telephone interview, the company's owner, Sumit Gupta, declined to disclose who had hired him and denied any wrongdoing.

Muddy Waters founder Carson Block said he was "disappointed, but not surprised, to learn that we were likely targeted for hacking by a client of BellTroX." KKR declined to comment.

Researchers at internet watchdog group Citizen Lab, who spent more than two years mapping out the infrastructure used by the hackers, released a report that BellTroX employees were behind the espionage campaign.

"This is one of the largest spy-for-hire operations ever exposed," said Citizen Lab researcher John Scott-Railton.

Although they receive a fraction of the attention devoted to state-sponsored espionage groups or headline-grabbing heists, "cyber mercenary" services are widely used, he said. "Our investigation found that no sector is immune."

A cache of data reviewed by Reuters provides insight into the operation, detailing tens of thousands of malicious messages designed to trick victims into giving up their passwords that were sent by BellTroX between 2013 and 2020. The data was supplied on condition of anonymity by online service providers used by the hackers after Reuters alerted the firms to unusual patterns of activity on their platforms.

The data is effectively a digital hit list showing who was targeted and when. Reuters validated the data by checking it against emails received by the targets.

On the list: judges in South Africa, politicians in Mexico, lawyers in France and environmental groups in the United States. These dozens of people, among the thousands targeted by BellTroX, did not respond to messages or declined comment.

Reuters was not able to establish how many of the hacking attempts were successful.

BellTroX's Gupta was charged in a 2015 hacking case in which two U.S. private investigators admitted to paying him to hack the accounts of marketing executives. Gupta was declared a fugitive in 2017, although the U.S. Justice Department declined to comment on the current status of the case or whether an extradition request had been issued.

Speaking by phone from his home in New Delhi, Gupta denied hacking and said he had never been contacted by law enforcement. He said he had only ever helped private investigators download messages from email inboxes after they provided him with login details.

"I didn't help them access anything, I just helped them with downloading the mails and they provided me all the details," he told Reuters. "I am not aware how they got these details but I was just helping them with the technical support."

Reuters could not determine why the private investigators might need Gupta to download emails. Gupta did not return follow-up messages. Spokesmen for Delhi police and India's foreign ministry did not respond to requests for comment.

HOROSCOPES AND PORNOGRAPHY

Operating from a small room above a shuttered tea stall in a west-Delhi retail complex, BellTroX bombarded its targets with tens of thousands of malicious emails, according to the data reviewed by Reuters. Some messages would imitate colleagues or relatives; others posed as Facebook login requests or graphic notifications to unsubscribe from pornography websites.

Fahmi Quadir's New York-based short selling firm Safkhet Capital was among 17 investment companies targeted by BellTroX between 2017 and 2019. She said she noticed a surge in suspicious emails in early 2018, shortly after she launched her fund.

Initially "it didn't seem necessarily malicious," Quadir said. "It was just horoscopes; then it escalated to pornography."

Eventually the hackers upped their game, sending her credible-sounding messages that looked like they came from her coworkers, other short sellers or members of her family. "They were even trying to emulate my sister," Quadir said, adding that she believes the attacks were unsuccessful.

U.S. advocacy groups were also repeatedly targeted. Among them were digital rights organizations Free Press and Fight for the Future, both of whom have lobbied for net neutrality. The groups said a small number of employee accounts were compromised, but the wider organizations' networks were untouched. The spying on those groups was detailed in a report by the Electronic Frontier Foundation in 2017, but has not been publicly tied to BellTroX until now.

Timothy Karr, a director at Free Press, said his organization "sees an uptick in breach attempts whenever we're engaged in heated and high-profile public policy debates." Evan Greer, deputy director of Fight for the Future, said: "When corporations and politicians can hire digital mercenaries to target civil society advocates, it undermines our democratic process."

While Reuters was not able to establish who hired BellTroX to carry out the hacking, two former employees said the company and others like it were usually contracted by private investigators on behalf of business rivals or political opponents.

Bart Santos of San Diego-based Bulldog Investigations was one of a dozen private detectives in the United States and Europe who told Reuters they had received unsolicited advertisements for hacking services out of India - including one from a person who described himself as a former BellTroX employee. The pitch offered to carry out "data penetration" and "email penetration."

Santos said he ignored those overtures, but could understand why some people didn't. "The Indian guys have a reputation for customer service," he said.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
News Network
March 29,2020

New Delhi, Mar 29: The Centre on Sunday asked state governments and Union Territory administrations to effectively seal state and district borders to stop movements of migrant workers during lockdown, officials said.

During a video conference with Chief Secretaries and DGPs, Cabinet Secretary Rajiv Gauba and Union Home Secretary Ajay Bhalla asked them to ensure that there is no movement of people across cities or on highways as the lockdown continues.

"There has been movement of migrant workers in some parts of the country. Directions were issued that district and state borders should be effectively sealed," a government official said.

States were directed to ensure there is no movement of people across cities or on highways.

Only movement of goods should be allowed.

District Magistrates and SPs should be made personally responsible for implementation of these directions, the official said.

Adequate arrangements for food and shelter of poor and needy people including migrant labourers be made at the place of their work, the official said.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
May 21,2020

Eminent river engineer and former professor of civil engineering at IIT in the Banaras Hindu University (BHU) Prof. U.K. Choudhary has said that the judicious use of river technology can help resolve the Coronavirus crisis as well as the plight of Ganga river.

Choudhary, who is also founder of Ganga Research Centre at IIT (BHU), said: "The Ganga water contains a significantly higher proportion of bacteriophages - a kind of virus that kill bacteria. Our ancient scriptures like Vedas, Puranas and Upanishads say that Ganga jal is medicinal water. Scientists later found that Ganga water has bacteriophages capable of killing pathogens."

Explaining further, he said, "Let us analyze the source of bacteriophages. If we take three rivers of Himalayan origin having sources at different heights -the Ganga (Gomukh), Yamuna (Yamunotri) and the Sone river, we find the colours of waters are different. The whitish colour of Ganga water, greenish colour of Yamuna water and the brownish colour of Sone water is also indicative. As Gomukh is the highest among the three, its water comes from lowest depth of aquifer as compared to Yamunotri and Sone river," he explained.

Thus, the quality of river water is proportional to height of origin point. This defines the genetic character of Ganga water. The balanced flow of this water in entire length of the Ganga defines the medicinal property of Ganga water," he stated.

Prof Chaudhary said that the bacteriophages in the Ganga can curb the spread of coronavirus through soil, water and air.
He suggested that the idea is to preserve the medicinal value of Ganga water and to use it to fight Corona. He said that this can be done by opening the gates of all the dams and barrages in a way that the discharge through each is similar to the water at Gomukh. In this way, the concentration of bacteriophage will be enhanced in Ganga water making it more effective against pathogens.

"With increasing diffusion of bacteriophages in water and soil, the spread of Coronavirus will be impacted and reduced. This methodology and technique can also help maintain the quality of Ganga water later when the problem of Corona ends," he said.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.
Agencies
February 5,2020

New Delhi, Feb 5: Over five crore farmers were yet to get the third instalment of money under the Centre's ambitious PM-Kisan scheme, aimed at providing direct support of Rs 6,000 annually to them, according to the latest Ministry of Agriculture and Farmers' Welfare data.

The total amount of the scheme, which came into effect on December 1, 2018, is to be paid in three equal instalments of Rs 2,000 every four months.

The data showed about 2.51 crore farmers have not got even the second instalment and 5.16 crore of them were yet to get the third instalment.

Over 9 crore farmers have registered themselves under the scheme between December 2018 and November 2019, it said.

Of these, 7.62 crore or 84 per cent of farmers have received the first instalment.

The money through the second instalment was given to nearly 6.5 crore farmers and the amount under the third instalment was given to 3.85 crore beneficiaries, according to the data received in response to an RTI query filed by this PTI journalist.

The agriculture ministry, in its response, gave three sets of data mentioning the benefits given to farmers under the scheme between December 2018 and November 2019.

It said 4.74 crore farmers were registered between December 2018 and March 2019.

Of them, 4.22 crore received the first instalment, 4.02 crore the second and 3.85 crore the third.

There was no mention why nearly 50 lakh, 70 lakh and 90 lakh registered farmers during this period did not get the first, second and third instalment respectively.

There was no registered beneficiary in West Bengal and Sikkim, hence no amount was disbursed during this period, according to the data.

Giving details of the 3.08 crore farmers registered between April and July last year, it said 2.66 crore and 2.47 crore beneficiaries have got their first and second instalments respectively.

The RTI reply did no mention why around 40 lakh and 61 lakh registered farmers during this period did not get their first and second instalment respectively.

"The beneficiaries are eligible for the instalment for the period in which he/she gets registered and subsequent periods, thereafter. Therefore, the third instalment is not due for the beneficiaries registered in the period April 2019-July 2019," the ministry said.

There was no registered beneficiary during this period in West Bengal, Punjab and Chandigarh and therefore nobody was paid first and second instalments.

The ministry said around 1.19 crore beneficiaries were registered between August and November 30, 2019, of these nearly 73.66 lakh farmers have been given the first instalment.

There was no mention of payment of first instalment to over 45 lakh eligible beneficiaries during the period.

"The beneficiaries are eligible for the instalment for the period in which he/she gets registered and subsequent periods, thereafter. Therefore, the second and third instalments are not due for the beneficiaries registered in the period August 2019 to November 2019," it said.

The ministry was asked to provide the total number of farmers, state-wise, and the amount received by them under the Pradhan Mantri Kisan Samman Nidhi or PM-Kisan scheme.

"PM-Kisan Samman Nidhi scheme has been implemented from December 1, 2018. It is stated that PM-Kisan is a continuous and ongoing scheme, in which the financial benefits are transferred to the bank accounts of the identified beneficiaries as and when their correct and verified data is uploaded by the concerned states/union territories on PM-Kisan web portal," the ministry said in the RTI response vide its letter dated December 26, 2019.

The data of beneficiaries so uploaded by them undergoes a multi-level verification, including by banks, and only then the amount is released to the beneficiary, it said, adding that www.pmkisan.gov.in website can be accessed to get more details on the operational guidelines of the scheme.

According to the data updated on the website on February 3, around 8.82 crore farmers have been registered and 8.41 crore have received the first installment, 7.56 crore the second instalment, 6.19 crore the third and 3.03 crore have received the fourth installment.

In Assam, out of 16.97 lakh farmers registered during this period, 14.02 lakh got the first instalment, 13.72 lakh received the second and 9.87 lakh the third.

Of the 42.34 lakh registered beneficiaries in Maharashtra, 36.98 lakh got the first instalment, 31.53 lakh the second and 27.67 lakh got the third instalment.

As many as 23.83 lakh farmers in Kerala received their first instalment, 18.79 lakh got the second and 18.43 lakh the third. A total of 26.13 lakh beneficiaries were registered in the state between December 2018 and March 2019.

There was no beneficiary registered during the period from West Bengal, which has refused to implement the scheme, according to the ministry's response.

In Uttar Pradesh, nearly 9.57 lakh out of 19.64 lakh farmers have got the first instalment. In Gujarat, nearly 1.22 lakh out of 1.98 lakh registered farmers got the first instalment.

Around 9.78 lakh farmers out of the 17.18 lakh registered beneficiaries have received the first instalment in Madhya Pradesh. In Odisha, only 5,507 farmers out of 5.6 lakh registered farmers have got the first instalment, the ministry said.

None of the 7,326 farmers registered in Sikkim was paid the first instalment, according to the ministry's reply. In Delhi, 1,447 farmers out of 1,734 have got the first instalment.

Comments

Add new comment

  • Coastaldigest.com reserves the right to delete or block any comments.
  • Coastaldigset.com is not responsible for its readers’ comments.
  • Comments that are abusive, incendiary or irrelevant are strictly prohibited.
  • Please use a genuine email ID and provide your name to avoid reject.