Cybersecurity Firm Uncovers Hacking Group in India


CitizenLab,at the University of Toronto, has discovered a company operating out of India who hacked businesses for hire.

While companies suffer from cybersecurity infringement on a daily basis, CitizenLab said on June 9 that it discovered a professional hacking group in India, The Economist reported.

CitizenLab is part of the Munk School of Government at the University of Toronto. It noticed a hacking group that has targeted thousands of company leaders, judges, journalists, politicians and ordinary people across the world.

Most of the hacking attacks are described as “phishing” attempts, where hackers trick target victims into giving out usernames and passwords. One common way is to fake emails from friends or colleagues that contain a link to a convincing replica of legitimate social media or email provider websites.

Though tracing down the hacks is difficult, CitizenLab found the clues leading to the fact that all attacks occurred during Indian working hours, and subsequently pinpointed a New Delhi based company, BellTroX InfoTech Services. The firm claims to offer “penetration testing,” a legal form of hacking that companies pay for to test their electronic defenses.

BellTroX’s head, Sumit Gupta, has a record of being charged with a separate set of hacking activities in California in 2015. BellTroX’s website disappeared after CitizenLab released its report.

While CitizenLab did not accuse any company of hiring BellTroX for the hacks, findings reveal that many targets were involved in allegations against ExxonMobil, an oil firm that put great effort into deemphasizing climate change. Another group of victims are journalists who report on Wirecard, a German payment-processing firm currently in an accounting scandal. Hedge funds that have a short position in Wirecard’s stock were also hacked.

John Scott Railton, an author of CitizenLab’s report, said that the brazen nature of the hacking suggests the lack of sufficient legal measures for cybersecurity. “These kinds of services allow their clients to cause trouble from a distance, in a different jurisdiction, with minimal friction and not much chance of getting caught,” he said.

See the full report here.


Economics, Finance and Investing