Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Report: How hack-for-hire group Dark Basin wreaks havoc

Thursday, June 11, 2020

Categories: ASCF News Emerging Threats Cyber Security

Comments: 0

A hack-for-hire group known as Dark Basin is responsible for cyber activities that “threaten civil society and democracy,” according to a new report from The Citizen Lab.

The group has wreaked havoc on six continents, targeting thousands of individuals, including journalists, elected and senior government officials, as well as hundreds of institutions such as advocacy groups, hedge funds and multiple industries.

Sometimes Dark Basin’s hacktivism takes on specific causes, such as #ExxonKnew, in which the oil company was accused of hiding information about climate change for years.

“Over the course of our multi-year investigation, we found that Dark Basin likely conducted commercial espionage on behalf of their clients against opponents involved in high profile public events, criminal cases, financial transactions, news stories, and advocacy,” the Canadian academic think tank said.

Among the findings detailed in the report: 

Dark Basin was the group behind the phishing of organizations working on net neutrality advocacy, previously reported by the Electronic Frontier Foundation.Citizen Lab links Dark Basin with high confidence to an Indian company, BellTroX InfoTech Services, and related entities. BellTroX’s director, Sumit Gupta, was indicted in California in 2015 for his role in a similar hack-for-hire scheme.

“It is clear that Dark Basin operators were successful with at least some of their phishing campaigns,” the report said, adding that in cases observed by targets, Dark Basin was observed using commodity VPNs to access accounts using stolen credentials.

In regard to the ties between Dark Basin and BellTroX, the lab connected between the two entities phishing attempts to a custom URL shortener, which the operators used to disguise the phishing links.

The shortener turned out to be part of a larger network of custom URL shorteners operated by a single group, which Citizen Lab dubbed “Dark Basin.”

These shorteners created URLs with sequential shortcodes, from which the researchers were able to enumerate them and identify almost 28,000 additional URLs containing e-mail addresses of targets. Citizen Lab used open-source intelligence techniques to identify hundreds of targeted individuals and organizations, and later contacted a “substantial fraction” of them, assembling a global picture of Dark Basin’s targeting.

Citizen Lab admitted it initially thought Dark Basin might be state-sponsored, but the range of targets “soon made it clear that Dark Basin was likely a hack-for-hire operation,” with targets often on only one side of a contested legal proceeding, advocacy issue, or business deal.

Timestamps in hundreds of Dark Basin phishing emails appear to be consistent with working hours in India’s UTC+5:30 time zone. Citizen Lab noted EFF discovered the same timing correlations in a prior investigation of phishing messages targeting net neutrality advocacy groups, which it also links to Dark Basin.

Citizen Lab said Dark Basin left copies of its phishing kit source code available openly online, as well as log files showing testing activity. The logging code invoked by the phishing kit recorded timestamps in UTC+5:30, and log files show that Dark Basin appeared to conduct some testing using an IP address in India.

According to Citizen Lab, BellTroX and its employees use euphemisms for promoting their services online, including “Ethical Hacking” and “Certified Ethical Hacker.” BellTroX’s slogan is: “you desire, we do!”

As recently as June 7, Citizen Lab said it observed that the BellTroX website began serving an error message. In addition, recent postings and other materials linking BellTroX to these operations have been recently deleted, the report stated.

Among organizations targeted by Dark Basin consenting to be included in the Citizen Lab report are:

Rockefeller Family FundClimate Investigations CenterGreenpeaceCenter for International Environmental LawOil Change InternationalPublic CitizenConservation Law FoundationUnion of Concerned ScientistsM+R Strategic Services350.org

Photo and Link: https://www.scmagazine.com/home/security-news/report-how-hack-for-hire-dark-basin-wreaks-havoc/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.