A little-known Indian computer company offered its hacking services to help its customers spy on more than 10,000 email accounts in seven years.
BellTroX InfoTech Services, based in New Delhi, focused on European officials, Bahamian gambling warehouses and major U.S. investors, including private equity giant CR and alcohol-free vendor Muddy Waters, according to three former employees, third-party researchers and online evidence.
Certain aspects of the BellTroX hacking of U.S. targets are currently being investigated by U.S. law enforcement, as five people familiar with the Reuters case said. The U.S. Department of Justice refused to comment.
Reuters does not know the identity of BellTroX customers. In a telephone interview, Sumit Gupta, the owner of the company, refused to reveal who hired him and denied any violation. Muddy Waters’ founder, Carson Block, said he was disappointed, but not surprised that we were probably targeted by a BellTroX client hack. KKR refused to comment.
Researchers from the Citizen Lab, an internet group that has been mapping the infrastructure of hackers for over two years, released a report on Tuesday in which they say they are convinced that BellTroX employees are behind the espionage campaign.
This is one of the largest espionage operations ever uncovered, says civil laboratory researcher John Scott-Railton.
Although they get some of the attention given to state-sponsored spy groups or headline-grabbing raids, cyber mercenary services are widespread, he said.
Our research has shown that no area is immune. The cache of recovered data provides insight into the operation and contains tens of thousands of malicious messages designed to entice victims to reveal their passwords, which were sent to BellTroX between 2013 and 2020. The data was made available, on an anonymous basis, by the online service providers used by the hackers, after Reuters informed the companies of unusual activity patterns on their platforms.
The data is essentially a numerical list of who was targeted and when. The routers compare the data with the emails received from the target groups.
The list includes judges in South Africa, politicians in Mexico, lawyers in France and environmental groups in the United States.
These dozens of people, among the thousands of people targeted by BellTroX, did not respond to the news or refused to comment. Reuters doesn’t know how many successful hacking attempts have been made.
BellTroX’s Gupta was sued in 2015 for a hacking case in which two U.S. private investigators admitted to paying him to hack into marketing executives’ accounts. Mr Gupta was declared a fugitive in 2017, although the US Department of Justice refused to decide on the current status of the case and whether an extradition request had been made.
Mr. Gupta, who made a phone call from his home in New Delhi, denied the break-in and stated that law enforcement never contacted him.
I didn’t help them access anything, I just helped them download the letters and they gave me all the details, he said. I don’t know how they got those parts, but I only helped them with technical support.
Reuters couldn’t determine why the private investigators would need Gupta to download the email. Gupta did not respond to later reports and repeatedly refused to speak when a Reuters reporter visited him in his office on Monday.
Spokespersons of the Delhi Police and the Indian Ministry of Foreign Affairs have not responded to requests for comments.
In a small room above a closed tea room in a shopping mall in West Delhi, BellTroX is said to have fired tens of thousands of malicious emails at its targets. Some messages would imitate colleagues or parents; others would be Facebook sign-up messages or graphic messages to disconnect from pornographic sites.
Fahmi Quadir, a New York-based company specializing in short-term sales, Safkhet Capital was one of 17 investment companies that BellTroX focused on between 2017 and 2019. She said she noticed a wave of suspicious e-mails in early 2018. He didn’t seem smart at first, Mr. Quadir said. It was just horoscopes, then it became pornography.
Eventually, the hackers took over his game by sending him reliable audio messages that seemed to come from his colleagues, other short sellers or family members. American interest groups have also been targeted on several occasions. These include the digital human rights organisations Free Press and Struggle for the Future, both of which advocate pure neutrality.
The groups reported that a small number of employee accounts had been compromised, but the networks of larger organisations were not affected. The espionage of these groups has been described in detail in a report of the Electronic Border Foundation from 2017, but has not yet been publicly linked to BellTroX.
Timothy Carr, director of the Free Press, said his organization sees a tidal wave of violations when we have passionate and high-profile political debates.
Evan Greer, deputy director of Wrestling for the Future, said that if companies and politicians can hire digital mercenaries to work with civil society defenders, it undermines our democratic process.
Although Reuters could not determine who hired BellTroX to break into the company, two former employees stated that the company and others like them were usually hired by private investigators on behalf of business rivals or political opponents.
Bart Santos of San Diego Bulldog Investigations is one of 12 U.S. and European private investigators who told Reuters they received unsolicited ads for hacking services outside India – including from a man who identified himself as a former BellTroX employee.
The step was proposed for data and e-mail penetration.
Santos says he ignores these claims, but he can understand why some people do not. Indian boys have a good reputation for customer service, he says.