India as an Emerging Hack-For-Hire Hub
As the Cyberworld is advancing, so are the methods of invading cybersecurity by the attackers. Hacking, just like any other profession, has two types of usage- legitimate and non-legitimate. A recent report by Google TAG indicated a rise in hack-for-hire operations and claimed that most operations are based in countries like Iran, India, China, etc.
Hackers-for-hire is a contractual way of appointing hackers by the clients. Ethically, hackers can be hired online. Unethically, the Dark Web is a hub of unauthorized hacking opportunities for hackers. The platform has been present for many years now, but its presence has become evident in the last couple of years. It yields a good amount of money even for basic hacking functions, like hacking email or social media accounts, etc.
A report released by an Internet Security Watchdog, Citizen Labs in June, traced clusters of such unethical hacking activities to a Delhi-based company called BellTrox Infotech Services Pvt. Ltd. The organization which hired Belltrox was primarily called the Dark Basin. The company’s role was so huge that the incident had shifted the focus onto India as an emerging hub for black hat hacking activities. Black hat hacking is when the attackers hack into the account unauthorized with malicious intent.
According to the researchers, the BellTrox company’s targets included journalists, activists, political organizations, corporates, and many others spread throughout seven years during its operations. Citizen lab published the name of agreed victims in the blog and notified many targets about the attacks. It even shared the data with the US Department of Justice to carry on further investigation.
How it is established
Hack-for-Hire organizations start by establishing their presence on the dark web and then looking for clients. They send a large number of emails and wait for the responses of the clients. Evidently, the number of emails sent is so vast that the probability of getting a reply increases. For attracting more clients, businesses need to maintain a rep on the dark web forums. The payment is made in cryptocurrencies like bitcoins, which are untraceable. Thus, it makes tracing down the culprits even more challenging.
The businesses can be hired by individuals or organizations for doing professional or personal damage to the targets. The motive of the breach can range from revenge to competition. The attacks are often targeted through phishing scams. Emails pretending to be from close acquaintances are used to compromise the targets. Sometimes, for revealing information about a particular organization, people associated with it are targeted (like employees), and hence these attacks become successful.
Not all the people involved need to be particularly aware of the illegality clause of the work. It is possible that the attackers, especially those working for companies, are unaware that they are contributing to unethical practices. The biggest issue of all is that many hackers are working at individual capacities because it becomes difficult to trace them.
India has a huge number of qualified hackers. While it is easy to make quick money out of the profession, it depends on the individual to make the right choice. BellTrox is just one piece of the puzzle; there are many others out that need to be exposed.