New Hacking-for-Hire Company in India

Citizen Lab has a new report on Dark Basin, a large hacking-for-hire company in India.

Key Findings:

  • Dark Basin is a hack-for-hire group that has targeted thousands of individuals and hundreds of institutions on six continents. Targets include advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries.
  • Dark Basin extensively targeted American nonprofits, including organisations working on a campaign called #ExxonKnew, which asserted that ExxonMobil hid information about climate change for decades.
  • We also identify Dark Basin as the group behind the phishing of organizations working on net neutrality advocacy, previously reported by the Electronic Frontier Foundation.
  • We link Dark Basin with high confidence to an Indian company, BellTroX InfoTech Services, and related entities.
  • Citizen Lab has notified hundreds of targeted individuals and institutions and, where possible, provided them with assistance in tracking and identifying the campaign. At the request of several targets, Citizen Lab shared information about their targeting with the US Department of Justice (DOJ). We are in the process of notifying additional targets.

BellTroX InfoTech Services has assisted clients in spying on over 10,000 email accounts around the world, including accounts of politicians, investors, journalists and activists.

News article. Boing Boing post

Posted on June 19, 2020 at 6:38 AM2 Comments


Phaete June 19, 2020 9:20 AM

Not just callcenters are outsourced to India it seems.
I’m curious who their customers are.

Alejandro June 19, 2020 11:00 AM

I read some of the write-ups and they are pretty scary. Also, as usual, no good advice on how to mitigate or prevent the intrusions.

I did pick up a couple tidbits though. Some of the phishing attempts originated in India, from 49.x, so possibly a firewall rule to block might help. Probably blocking India altogether could work, if you have that capability.

Apparently, much of the hacking is routed through anonymous VPNS which may have USA based ip addresses, so…good luck with that.

These are some real bad actors folks.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.