Logo

American Security Council Foundation

Back to main site

Alan W. Dowd is a Senior Fellow with the American Security Council Foundation, where he writes on the full range of topics relating to national defense, foreign policy and international security. Dowd’s commentaries and essays have appeared in Policy Review, Parameters, Military Officer, The American Legion Magazine, The Journal of Diplomacy and International Relations, The Claremont Review of Books, World Politics Review, The Wall Street Journal Europe, The Jerusalem Post, The Financial Times Deutschland, The Washington Times, The Baltimore Sun, The Washington Examiner, The Detroit News, The Sacramento Bee, The Vancouver Sun, The National Post, The Landing Zone, Current, The World & I, The American Enterprise, Fraser Forum, American Outlook, The American and the online editions of Weekly Standard, National Review and American Interest. Beyond his work in opinion journalism, Dowd has served as an adjunct professor and university lecturer; congressional aide; and administrator, researcher and writer at leading think tanks, including the Hudson Institute, Sagamore Institute and Fraser Institute. An award-winning writer, Dowd has been interviewed by Fox News Channel, Cox News Service, The Washington Times, The National Post, the Australian Broadcasting Corporation and numerous radio programs across North America. In addition, his work has been quoted by and/or reprinted in The Guardian, CBS News, BBC News and the Council on Foreign Relations. Dowd holds degrees from Butler University and Indiana University. Follow him at twitter.com/alanwdowd.

ASCF News

Scott Tilley is a Senior Fellow at the American Security Council Foundation, where he writes the “Technical Power” column, focusing on the societal and national security implications of advanced technology in cybersecurity, space, and foreign relations.

He is an emeritus professor at the Florida Institute of Technology. Previously, he was with the University of California, Riverside, Carnegie Mellon University’s Software Engineering Institute, and IBM. His research and teaching were in the areas of computer science, software & systems engineering, educational technology, the design of communication, and business information systems.

He is president and founder of the Center for Technology & Society, president and co-founder of Big Data Florida, past president of INCOSE Space Coast, and a Space Coast Writers’ Guild Fellow.

He has authored over 150 academic papers and has published 28 books (technical and non-technical), most recently Systems Analysis & Design (Cengage, 2020), SPACE (Anthology Alliance, 2019), and Technical Justice (CTS Press, 2019). He wrote the “Technology Today” column for FLORIDA TODAY from 2010 to 2018.

He is a popular public speaker, having delivered numerous keynote presentations and “Tech Talks” for a general audience. Recent examples include the role of big data in the space program, a four-part series on machine learning, and a four-part series on fake news.

He holds a Ph.D. in computer science from the University of Victoria (1995).

Contact him at stilley@cts.today.

Unmasking of the “Dark Basin” Group Indicates the Extent of Underground Hack-For-Hire Services

Thursday, June 25, 2020

Categories: ASCF News Cyber Security

Comments: 0

The cyberpunk novels of the 1980s and 1990s were rife with visions of “hack-for-hire” services openly doing business on the wrong side of the law, but that particular fantasy never seemed to materialize. Though underground markets have certainly developed, the world of threat actors has been dominated by state-sponsored groups and private criminal cliques that tend to be paranoid about keeping to themselves.

That’s not to say that hack-for-hire outfits don’t exist, but they have tended to be small fish in the sea. The recent unmasking of a globe-spanning group called Dark Basin is an indication that this market may be significantly expanding. Dark Basin reportedly has been operating in the shadows for years while targeting hundreds of institutions and thousands of individuals around the world, seemingly with a particular focus on activists and journalists.

Exposing the hack-for-hire kingpins

The report on Dark Basin is a result of three years of research by a team at the University of Toronto’s Citizen Lab, an academic research lab that specializes in studying threats to civil society.

Dark Basin appears to have been operating behind a public front called “BellTroX InfoTech Services,” an India-based company purporting to offer cybersecurity and web design services. The Citizen Lab researchers note numerous pieces of evidence that tie Dark Basin to BellTroX: phishing messages sent during Indian business hours, phishing kit source code with Indian IP addresses and references to national holidays, the use of personal documents of BellTroX employees (such as CVs) in some of the phishing attempts, and BellTroX social media posts that implicate the company in Dark Basin attacks. A link to Dark Basin was also established as BellTroX appears to have participated in testing their link shorteners.

Another connection is that BellTroX company director Sumit Gupta, who also goes by the alias Sumit Vishnoi, was arrested in California in 2015 for running a similar hack-for-hire operation under the guise of being a private investigator.

Paul Bischoff, privacy advocate with Comparitech, notes that the group appears to have had substantial legal room to maneuver right out in the open: “India is home to many phishing and scam operations that go about their business in broad daylight. Even if Dark Basin is shut down, another hack-for-hire business could replace it. So perhaps the best course of action is further investigation to reveal its clients and take legal action against them.”

Who hired the hackers?

In addition to the size and scope of the effort, the most interesting aspect of the story is the nature of the clients that appeared to be engaging Dark Basin’s services.

The Citizen Lab found that the hack-for-hire group was active on six continents as it targeted a broad range of organizations and industries. There is a common theme of targeting public figures and activism or advocacy organizations, however, presumably with the intention of digging up dirt on them or spying on their plans. The report notes that Dark Basin targeted non-profit activist organizations, government officials and journalists among other targets that would not have been particularly lucrative for cyber crime purposes.

For example, Dark Basin appears to have been heavily involved in phishing campaigns directed against net neutrality advocacy groups. It also targeted an activist group that was asserting that ExxonMobil had hid information about climate change for decades. The report notes that Dark Basin’s clients were ” … often on only one side of a contested legal proceeding, advocacy issue, or business deal.” Other prominent targets in this area include Greenpeace, the Rockefeller Family Fund, Public Citizen and 350.org.

There are also some questionable connections to governments. BellTroX staff appear to have openly listed items like “corporate espionage” and “email penetration” on their LinkedIn resumes, which have received endorsements from a handful of figures in Canadian and United States federal government and local law enforcement positions.

The Citizen Lab does not name any potential clients, but notes cases (such as the attack on the Exxon advocacy group) that show that Dark Basin had extensive knowledge of the internal structures of some organizations guiding its phishing attempts, information that would not have been available to the general public.

Not all of the targets were political or advocacy-oriented, however. Dark Basin also did a lot of work in the financial industry primarily targeting hedge funds, government regulators conducting investigations, short sellers and journalists. The hack-for-hire group also attacked several international banks, investment firms and law firms.

Dark Basin also appears to have been contracted by wealthy individuals to intervene in personal disputes, such as one side of a divorce.

A new world of hackers-for-hire?

Nothing about Dark Basin’s methods was particularly sophisticated or original; The Citizen Lab attributes their successes to sheer persistence, being willing to send hundreds of targeted phishing emails on a diverse array of subjects to the victim until something finally worked. Colin Bastable, CEO of Lucy Security, also noted that Dark Basin was likely paid well to polish its work: “The University of Toronto’s Citizen Lab’s report reads like a movie script. Half the time I’m thinking that the bad guys left so many trails that it must be an exercise in misdirection. Only State actors could pull something like this together. The quality of the phishing site landing pages is excellent, and the English grammar is very good – too good, unless you were running a very professional well-financed and targeted operation. The subdomains are also well designed, especially for mobile users.”

The report concludes with a warning that the hack-for-hire market is likely already large and is poised to grow even further in the coming years. One of the key factors driving it is the normalization and increasing availability of private investigation and intelligence firms, which allow hack-for-hire groups like Dark Basin to create webs and layers of plausible deniability while hiding behind various shell companies and payment handlers.

Photo and Link: https://www.cpomagazine.com/cyber-security/unmasking-of-the-dark-basin-group-indicates-the-extent-of-underground-hack-for-hire-services/

Comments RSS feed for comments on this page

There are no comments yet. Be the first to add a comment by using the form below.