IT company BellTroX InfoTech Services, based at Netaji Subhash Place in the Shakurpur area of East Delhi, is back in the news as Meta has removed 400 Facebook accounts linked to the India-based ‘hack-for-hire’ firm — known for social engineering and to sending malicious links to hack influential people around the globe.
Hiding under the radar for some time after its activities were exposed last year, BellTroX InfoTech Services targeted advocacy groups and journalists, elected and senior government officials, hedge funds, and multiple industries on the six continents, creating ripples among the powers-that-be.
In June last year, Citizen Lab, a laboratory-based at the Munk School of Global Affairs and Public Policy of the University of Toronto, broke the story around BelltroX and its ‘hack-for-hire’ activities.
Meta said that BellTroX is based in India and sells what’s known as ‘hacking for hire’ services.
“We removed about 400 Facebook accounts, the vast majority of which were inactive for years, linked to BellTroX and used for reconnaissance, social engineering and to send malicious links,” Meta said.
“Its activity on our platform was limited and sporadic between 2013 to 2019, after which it paused,” Meta added in a blog post late on Thursday.
“BellTroX operated fake accounts to impersonate a politician and pose as journalists and environmental activists in an attempt to social-engineer its targets to solicit information, including their email addresses, likely for phishing attacks at a later stage,” the social network added.
Based on the same playbook, this activity re-started in 2021 with a small number of accounts impersonating journalists and media personalities to send phishing links and solicit the targets’ email addresses.
“Among those targeted were lawyers, doctors, activists, and members of the clergy in countries, including Australia, Angola, Saudi Arabia, and Iceland,” Meta informed.
Following an investigation by researchers at Citizen Lab and Facebook’s new parent company, Meta, seven surveillance-for-hire groups in total have been banned from using the social media giant’s platforms to target other users.
Last year, Citizen Lab, as part of its multi-year ‘Dark Basin’ investigation, collaborated with consumer cybersecurity brand NortonLifeLock and unearthed numerous technical links between the campaigns and individuals associated with BellTroX.
BellTroX, owned by Sumit Gupta, indicted in California in 2015 for his role in a similar hack-for-hire scheme, targeted government officials in Europe and well-known investors in the US.
The ‘hack-for-hire’ organization extensively targeted American nonprofits, including organizations working on a campaign called #ExxonKnew, which asserted that ExxonMobil hid information about climate change for decades.
“In at least one case, Dark Basin repurposed a stolen internal email to re-target other individuals. This incident led us to conclude that Dark Basin had some success in gaining access to the email accounts of one or more advocacy groups,” said the report.
BellTroX employees sent phishing emails masquerading as targets’ colleagues and friends. The individuals that Dark Basin chose to target showed that it had a deep knowledge of informal organizational hierarchies (masquerading as individuals with greater authority than the target).
“We concluded that Dark Basin operators were likely provided with detailed instructions not only about whom to target, but what kinds of messages specific targets might be responsive to,” the report had said.