www.reuters.com
Open in
urlscan Pro
65.9.66.42
Public Scan
URL:
https://www.reuters.com/article/us-india-cyber-mercenaries-exclusive/exclusive-obscure-indian-cyber-firm-spied-on-politi...
Submission: On July 08 via manual from NL — Scanned from NL
Submission: On July 08 via manual from NL — Scanned from NL
Form analysis 1 forms found in the DOM
<form>
<p class="NewsletterSignup-label-1xvVJ">Reuters News Now</p>
<p class="NewsletterSignup-description-Ed-MY">Subscribe to our daily curated newsletter to receive the latest exclusive Reuters coverage delivered to your inbox.</p>
<div><input class="NewsletterSignup-email-3nj-u" type="email" name="email" spellcheck="false" required="" placeholder="Enter email address"><button class="NewsletterSignup-submit-1jVHY" type="submit" disabled="">Submit</button></div>
</form>Text Content
Discover Thomson Reuters Directory of sitesLoginContactSupport World Business Markets Breakingviews Video More for-phone-onlyfor-tablet-portrait-upfor-tablet-landscape-upfor-desktop-upfor-wide-desktop-up Banks Invalid DateInvalid DateUpdated 2 years ago EXCLUSIVE: OBSCURE INDIAN CYBER FIRM SPIED ON POLITICIANS, INVESTORS WORLDWIDE By Jack Stubbs, Raphael Satter, Christopher Bing 7 Min Read (This June 9 story corrects to remove reference to speaking with Gupta at his office) Fahmi Quadir, founder of Safkhet Capital, poses in New York City, New York, U.S., June 9, 2020. REUTERS/Brendan McDermid LONDON/WASHINGTON (Reuters) - A little-known Indian IT firm offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years. New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence. Aspects of BellTroX’s hacking spree aimed at American targets are currently under investigation by U.S. law enforcement, five people familiar with the matter told Reuters. The U.S. Department of Justice declined to comment. Reuters does not know the identity of BellTroX’s clients. In a telephone interview, the company’s owner, Sumit Gupta, declined to disclose who had hired him and denied any wrongdoing. Muddy Waters founder Carson Block said he was “disappointed, but not surprised, to learn that we were likely targeted for hacking by a client of BellTroX.” KKR declined to comment. Researchers at internet watchdog group Citizen Lab, who spent more than two years mapping out the infrastructure used by the hackers, released a report here on Tuesday saying they had "high confidence" that BellTroX employees were behind the espionage campaign. “This is one of the largest spy-for-hire operations ever exposed,” said Citizen Lab researcher John Scott-Railton. Although they receive a fraction of the attention devoted to state-sponsored espionage groups or headline-grabbing heists, “cyber mercenary” services are widely used, he said. “Our investigation found that no sector is immune.” A cache of data reviewed by Reuters provides insight into the operation, detailing tens of thousands of malicious messages designed to trick victims into giving up their passwords that were sent by BellTroX between 2013 and 2020. The data was supplied on condition of anonymity by online service providers used by the hackers after Reuters alerted the firms to unusual patterns of activity on their platforms. The data is effectively a digital hit list showing who was targeted and when. Reuters validated the data by checking it against emails received by the targets. On the list: judges in South Africa, politicians in Mexico, lawyers in France and environmental groups in the United States. These dozens of people, among the thousands targeted by BellTroX, did not respond to messages or declined comment. Reuters was not able to establish how many of the hacking attempts were successful. BellTroX’s Gupta was charged in a 2015 hacking case in which two U.S. private investigators admitted to paying him to hack the accounts of marketing executives. Gupta was declared a fugitive in 2017, although the U.S. Justice Department declined to comment on the current status of the case or whether an extradition request had been issued. Speaking by phone from his home in New Delhi, Gupta denied hacking and said he had never been contacted by law enforcement. He said he had only ever helped private investigators download messages from email inboxes after they provided him with login details. “I didn’t help them access anything, I just helped them with downloading the mails and they provided me all the details,” he told Reuters. “I am not aware how they got these details but I was just helping them with the technical support.” Reuters could not determine why the private investigators might need Gupta to download emails. Gupta did not return follow-up messages. Spokesmen for Delhi police and India’s foreign ministry did not respond to requests for comment. HOROSCOPES AND PORNOGRAPHY Operating from a small room above a shuttered tea stall in a west-Delhi retail complex, BellTroX bombarded its targets with tens of thousands of malicious emails, according to the data reviewed by Reuters. Some messages would imitate colleagues or relatives; others posed as Facebook login requests or graphic notifications to unsubscribe from pornography websites. Fahmi Quadir’s New York-based short selling firm Safkhet Capital was among 17 investment companies targeted by BellTroX between 2017 and 2019. She said she noticed a surge in suspicious emails in early 2018, shortly after she launched her fund. Initially “it didn’t seem necessarily malicious,” Quadir said. “It was just horoscopes; then it escalated to pornography.” Eventually the hackers upped their game, sending her credible-sounding messages that looked like they came from her coworkers, other short sellers or members of her family. “They were even trying to emulate my sister,” Quadir said, adding that she believes the attacks were unsuccessful. U.S. advocacy groups were also repeatedly targeted. Among them were digital rights organizations Free Press and Fight for the Future, both of whom have lobbied for net neutrality. The groups said a small number of employee accounts were compromised, but the wider organizations' networks were untouched. The spying on those groups was detailed in a report here by the Electronic Frontier Foundation in 2017, but has not been publicly tied to BellTroX until now. Timothy Karr, a director at Free Press, said his organization “sees an uptick in breach attempts whenever we’re engaged in heated and high-profile public policy debates.” Evan Greer, deputy director of Fight for the Future, said: “When corporations and politicians can hire digital mercenaries to target civil society advocates, it undermines our democratic process.” While Reuters was not able to establish who hired BellTroX to carry out the hacking, two former employees said the company and others like it were usually contracted by private investigators on behalf of business rivals or political opponents. Bart Santos of San Diego-based Bulldog Investigations was one of a dozen private detectives in the United States and Europe who told Reuters they had received unsolicited advertisements for hacking services out of India - including one from a person who described himself as a former BellTroX employee. The pitch offered to carry out “data penetration” and “email penetration.” Santos said he ignored those overtures, but could understand why some people didn’t. “The Indian guys have a reputation for customer service,” he said. Additional reporting by Alasdair Pal in NEW DELHI and Ryan McNeill in LONDON; Editing by Jonathan Weber, Chris Sanders and Edward Tobin Our Standards: The Thomson Reuters Trust Principles. Trending Stories * Fact Check-Statement from Republican Rep. Debbie Lesko on protecting her grandchildren is missing context * Putin says Ukraine is heading for 'tragedy,' Kramatorsk city prepares its defence * Fact Check-2021 Florida bill requires schools to assess 'diversity and intellectual freedom' but is not mandatory for individuals * Crypto exchange Genesis discloses exposure to bankrupt Three Arrows Capital * Fact Check-No evidence Rep. Marjorie Taylor Greene posted 4th of July tweet Reuters News Now Subscribe to our daily curated newsletter to receive the latest exclusive Reuters coverage delivered to your inbox. Submit * Apps * Newsletters * Advertise with Us * Advertising Guidelines * Cookies * Terms of Use * Privacy * Do Not Sell My Personal Information All quotes delayed a minimum of 15 minutes. See here for a complete list of exchanges and delays. © 2022 Reuters. All Rights Reserved. for-phone-onlyfor-tablet-portrait-upfor-tablet-landscape-upfor-desktop-upfor-wide-desktop-up RIGHT TO WITHDRAW CONSENT UNDER GDPR We and our partners will store and access information on your device with your consent. Browsing data is collected through the use of cookies to process personal data. You can give or withdraw your consent by clicking on the `Show Purposes` button. You can manage your choices and exercise your right to object on the basis of legitimate interest at any time by clicking on the cog icon at the bottom left corner of every page.Cookie Policy WE AND OUR PARTNERS PROCESS DATA TO PROVIDE: Actively scan device characteristics for identification. Use precise geolocation data. Store and/or access information on a device. Personalised ads and content, ad and content measurement, audience insights and product development. List of Partners (vendors) Accept All Show Purposes ABOUT YOUR PRIVACY We process your data to deliver content or advertisements and measure the delivery of such content or advertisements to extract insights about our website. We share this information with our partners on the basis of consent and legitimate interest. You may exercise your right to consent or object to a legitimate interest, based on a specific purpose below or at a partner level in the link under each purpose. These choices will be signaled to our vendors. Allow All MANAGE CONSENT PREFERENCES STRICTLY NECESSARY COOKIES Always Active These cookies are necessary for the website to function and cannot be switched off in our systems. They are usually only set in response to actions made by you which amount to a request for services, such as setting your privacy preferences, logging in or filling in forms. You can set your browser to block or alert you about these cookies, but some parts of the site will not then work. These cookies do not store any personally identifiable information. * ENSURE SECURITY, PREVENT FRAUD, AND DEBUG Switch Label label Your data can be used to monitor for and prevent fraudulent activity, and ensure systems and processes work properly and securely. * TECHNICALLY DELIVER ADS OR CONTENT Switch Label label Your device can receive and send information that allows you to see and interact with ads and content. * RECEIVE AND USE AUTOMATICALLY-SENT DEVICE CHARACTERISTICS FOR IDENTIFICATION Switch Label label Your device might be distinguished from other devices based on information it automatically sends, such as IP address or browser type. * LINK DIFFERENT DEVICES Switch Label label Different devices can be determined as belonging to you or your household in support of one or more of purposes. * MATCH AND COMBINE OFFLINE DATA SOURCES Switch Label label Data from offline data sources can be combined with your online activity in support of one or more purposes List of Vendors | View Full Legal Text Opens in a new Tab FUNCTIONAL COOKIES Functional Cookies These cookies enable the website to provide enhanced functionality and personalisation. They may be set by us or by third party providers whose services we have added to our pages. If you do not allow these cookies then some or all of these services may not function properly. PERFORMANCE COOKIES Performance Cookies These cookies allow us to count visits and traffic sources so we can measure and improve the performance of our site. They help us to know which pages are the most and least popular and see how visitors move around the site. All information these cookies collect is aggregated and therefore anonymous. If you do not allow these cookies we will not know when you have visited our site, and will not be able to monitor its performance. TARGETING COOKIES Targeting Cookies These cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising. STORE AND/OR ACCESS INFORMATION ON A DEVICE Store and/or access information on a device Cookies, device identifiers, or other information can be stored or accessed on your device for the purposes presented to you. * ACTIVELY SCAN DEVICE CHARACTERISTICS FOR IDENTIFICATION Switch Label Your device can be identified based on a scan of your device's unique combination of characteristics. * USE PRECISE GEOLOCATION DATA Switch Label Your precise geolocation data can be used in support of one or more purposes. This means your location can be accurate to within several meters. List of Vendors | View Full Legal Text Opens in a new Tab PERSONALISED ADS AND CONTENT, AD AND CONTENT MEASUREMENT, AUDIENCE INSIGHTS AND PRODUCT DEVELOPMENT Personalised ads and content, ad and content measurement, audience insights and product development * DEVELOP AND IMPROVE PRODUCTS Switch Label Your data can be used to improve existing systems and software, and to develop new products Object to Legitimate Interests Remove Objection * CREATE A PERSONALISED ADS PROFILE Switch Label A profile can be built about you and your interests to show you personalised ads that are relevant to you. Object to Legitimate Interests Remove Objection * SELECT PERSONALISED ADS Switch Label Personalised ads can be shown to you based on a profile about you. Object to Legitimate Interests Remove Objection * CREATE A PERSONALISED CONTENT PROFILE Switch Label A profile can be built about you and your interests to show you personalised content that is relevant to you. Object to Legitimate Interests Remove Objection * SELECT PERSONALISED CONTENT Switch Label Personalised content can be shown to you based on a profile about you. Object to Legitimate Interests Remove Objection * MEASURE CONTENT PERFORMANCE Switch Label The performance and effectiveness of content that you see or interact with can be measured. Object to Legitimate Interests Remove Objection * APPLY MARKET RESEARCH TO GENERATE AUDIENCE INSIGHTS Switch Label Market research can be used to learn more about the audiences who visit sites/apps and view ads. Object to Legitimate Interests Remove Objection * SELECT BASIC ADS Switch Label Ads can be shown to you based on the content you’re viewing, the app you’re using, your approximate location, or your device type. Object to Legitimate Interests Remove Objection * MEASURE AD PERFORMANCE Switch Label The performance and effectiveness of ads that you see or interact with can be measured. Object to Legitimate Interests Remove Objection List of Vendors | View Full Legal Text Opens in a new Tab Back Button PERFORMANCE COOKIES Search Icon Filter Icon Clear checkbox label label Apply Cancel Consent Leg.Interest checkbox label label checkbox label label checkbox label label Reject All Confirm My Choices