The Citizen Lab, an academic institution dependent on the University of Toronto and focused on the study of Internet surveillance, has just released a report denouncing the existence of a group of mercenary hackers to which several multinationals would have resorted to hack thousands of people and institutions that investigated or denounced their abuses.

This group, called ‘Dark Basin’, would have acted against officials, politicians, journalists, lawyers and NGOs. commissioned by companies such as the fintech company Wirecard or the oil company ExxonMobil (one of the group’s main targets were the promoters of the #ExxonKnew campaign, which denounces the company’s concealment of data on climate change).

So they found Dark Basin

The researchers They found this group of cybercriminals while investigating a hack suffered by . in 2017, when it in turn investigated the allegations of fraud against Wirecard.

Pulling the thread, they discovered 28,000 websites used to launch targeted phishing attacksThat is, to obtain the credentials of specific people and entities, for which they spread emails that linked to malicious clones of popular pages such as LinkedIn, YouTube or Dropbox.

Dark Basin’s ‘services’ would be contracted through a complex payment structure that allows customers to stay ‘clean’ facing the authorities, a structure to which the Hindu cyber intelligence company BellTroX InfoTech Service would be linkeds.

According to Citizen Lab, both the timestamps of Dark Basin’s phishing campaign emails and the Hindi terms contained in the source code of the tool they used to send them reinforce the Hindu origin of the attacks.

BellTroX’s slogan is “You want it, we do it!”.

BellTroX CEO Sumit Gupta he was already accused in 2015 by the US authorities of participating in another similar plot of ‘hackers for hire’, although he was never arrested. Now the company offers services it sells euphemistically as “certified ethical hacking”:

“We were able to identify several BellTroX employees whose activities overlapped with Dark Basin, because they used personal documents, including a CV, to test URL shorteners [de este Ășltimo grupo] and because they claimed credit for attack techniques on social media by attaching screenshots that linked them to the Dark Basin attacks. “

Citizen Lab warned that its findings are demonstration of the existence of a large booming market for mercenary hacking services, in which influential organizations from all over the world would be subcontracting surveillance tasks in such a way that they can deny their participation in them.


This is Dark Basin, one of the groups of ‘rental hackers’ that large multinationals turn to, according to Citizen Lab