This obscure Indian cybersecurity startup reportedly spied on American investors and politicians worldwide in a massive hack-for-hire operation
BellTroX is a New Delhi-based cybersecurity startup and provider of solutions for government and corporate intelligence arrays. Its services include Cyber information Collection, Translations, Analysis Assessment, Communications Strategies and Negotiations, all of which are supported by complex technology systems.
Unknown to many, this little-known Indian IT startup firm also offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years. Now, many aspects of BellTroX’s hacking spree aimed at American targets are currently under investigation by U.S. law enforcement, according to an exclusive report from Reuters, citing five people familiar with the matter.
So far, the U.S. Department of Justice has declined to comment on the report. BellTroX InfoTech Services reportedly targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to Reuters, again citing three former employees, outside researchers, and a trail of online evidence.
Thus far, the identity of BellTroX’s clients is still unknown. In a telephone interview with Reuters, the company’s owner, Sumit Gupta, declined to disclose who had hired him and denied any wrongdoing. Muddy Waters founder Carson Block said he was “disappointed, but not surprised, to learn that we were likely targeted for hacking by a client of BellTroX.” KKR declined to comment.
Founded in 2013 by Sumit Gupta, BellTrox Infratech was recently called out by the Toronto-based web whistleblower Citizen Lab for supposedly targeting government officials, business biggies, politicians, lawyers, and environmentalists from around the world. Citizen Labs first started investigating the leads in 2018 after getting in touch with former BellTrox employees and online evidence.
“This is one of the largest spy-for-hire operations ever exposed”, Reuters quoted Citizen Lab researcher John Scott-Railton as saying on Tuesday. He also shared some info about the alleged hack attack on Twitter.
1. MAJOR REPORT: We’re outing a massive hack-for-hire operation @citizenlab . We’re attributing them to to BellTroX, an Indian company. Join me on a wild THREAD about mercenary hacking.
https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/
https://twitter.com/jsrailton/status/1270315659650531328
https://twitter.com/jsrailton/status/1270321440789868545
Although they receive a fraction of the attention devoted to state-sponsored espionage groups or headline-grabbing heists, “cyber mercenary” services are widely used, he said. “Our investigation found that no sector is immune.”
A cache of data reviewed by Reuters provides insight into the operation, detailing tens of thousands of malicious messages designed to trick victims into giving up their passwords that were sent by BellTroX between 2013 and 2020. The data was supplied on condition of anonymity by online service providers used by the hackers after Reuters alerted the firms to unusual patterns of activity on their platforms.
The data is effectively a digital hit list showing who was targeted and when. Reuters validated the data by checking it against emails received by the targets.
On the list: judges in South Africa, politicians in Mexico, lawyers in France and environmental groups in the United States. These dozens of people, among the thousands targeted by BellTroX, did not respond to messages or declined comment. Reuters said it was not able to establish how many of the hacking attempts were successful.
BellTroX’s Gupta was charged in a 2015 hacking case in which two U.S. private investigators admitted to paying him to hack the accounts of marketing executives. Gupta was declared a fugitive in 2017, although the U.S. Justice Department declined to comment on the current status of the case or whether an extradition request had been issued.