SUMMARY
BellTroX InfoTech Services sent tens of thousands of malicious messages
The target group included politicians in Mexico, investors in the US and many more
The hacking has been underway since 2013
After several rounds of reports of India being a cyberattack target, a new report has found that a Delhi-based IT firm has been involved in hacking cases across the world.
A Reuters report said that BellTroX InfoTech Services sent tens of thousands of malicious messages designed to trick victims into giving up their passwords between 2013 and 2020. The targets included judges in South Africa, politicians in Mexico, lawyers in France and environmental groups in the United States as well as few gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short-seller Muddy Waters.
The report added that aspects of BellTroX’s hacking spree aimed at American targets are currently under investigation by US law enforcement. The company’s owner, Sumit Gupta, declined to disclose who had hired him and denied any wrongdoing.
Further, the report added that Gupta was charged in a 2015 hacking case in which two US private investigators admitted to paying him to hack the accounts of marketing executives. Gupta was declared a fugitive in 2017, although there is no update on the current status of the case.
Gupta told Reuters that he had never been contacted by law enforcement. He said he had only ever helped private investigators download messages from email inboxes after they provided him with login details.
BellTroX bombarded its targets with tens of thousands of malicious emails, which would imitate colleagues or relatives; others posed as Facebook login requests or graphic notifications to unsubscribe from pornography websites.
Google Threat Analysis Group (TAG) report, published on May 27, highlighted that the tech giant has sent out 1,755 warnings to users whose accounts were targets of government-backed attackers. The body has seen new activities from “hack-and-hire” firms, many of which are based in India.
The fake websites feature “fake” login pages, which prompt users to reveal their Google account credentials and also encourage them to share other personal information like phone numbers. The attackers target business leaders in financial services, consulting and healthcare corporations across India, US, Slovenia, Canada, Bahrain, Cyprus, and the UK.
According to MeitY, India witnessed 3.94 Lakh instances of cybersecurity incidents in 2019. This data was reported to and tracked by the Indian Computer Emergency Response Team (CERT-In). According to Nasscom’s Data Security Council of India (DSCI) report 2019, India witnessed the second-highest number of cyberattacks in the world between 2016 and 2018. This comes at a time when digitisation of the Indian economy is predicted to result in a $435 Bn opportunity by 2025.
