Obscure Indian cyber firm spied on politicians, investors worldwide

By Newsdesk
June 10, 2020

LONDON/WASHINGTON: A little-known Indian IT firm offered its hacking services to help clients spy on more than 10,000 email accounts over a period of seven years.

New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence.

Aspects of BellTroX’s hacking spree aimed at American targets are currently under investigation by U.S. law enforcement, five people familiar with the matter told media. The U.S. Department of Justice declined to comment.

Media does not know the identity of BellTroX’s clients. In a telephone interview, the company’s owner, Sumit Gupta, declined to disclose who had hired him and denied any wrongdoing.Muddy Waters founder Carson Block said he was “disappointed, but not surprised, to learn that we were likely targeted for hacking by a client of BellTroX.” KKR declined to comment.

Researchers at internet watchdog group Citizen Lab, who spent more than two years mapping out the infrastructure used by the hackers, released a report on Tuesday saying they had “high confidence” that BellTroX employees were behind the espionage campaign. “This is one of the largest spy-for-hire operations ever exposed,” said Citizen Lab researcher John Scott-Railton. Although they receive a fraction of the attention devoted to state-sponsored espionage groups or headline-grabbing heists, “cyber mercenary” services are widely used, he said. “Our investigation found that no sector is immune.” A cache of data reviewed by media provides insight into the operation, detailing tens of thousands of malicious messages designed to trick victims into giving up their passwords that were sent by BellTroX between 2013 and 2020. The data was supplied on condition of anonymity by online service providers used by the hackers after media alerted the firms to unusual patterns of activity on their platforms.