Hacking firm in India spied on 10K+ email accounts over 7 years: Report

• One of the largest spy-for-hire operations ever exposed

An Indian cyber firm that few people have ever heard of, BellTroX InfoTech Services, is reported to have been serving as an international hacking shop for surveillance jobs, helping clients spy on at least 10,000 email accounts belonging to politicians, investors, journalists and activists around the world.

The news comes from this report published Monday night by Citizen Lab:

Dark Basin Uncovering a Massive Hack-For-Hire Operation
By John Scott-Railton, Adam Hulcoop, Bahr Abdul Razzak, Bill Marczak, Siena Anstis, and Ron Deibert
June 9, 2020

"Researchers at internet watchdog group Citizen Lab, who spent more than two years mapping out the infrastructure used by the hackers, released a report here on Tuesday saying they had "high confidence" that BellTroX employees were behind the espionage campaign," Reuters reports:

New Delhi-based BellTroX InfoTech Services targeted government officials in Europe, gambling tycoons in the Bahamas, and well-known investors in the United States including private equity giant KKR and short seller Muddy Waters, according to three former employees, outside researchers, and a trail of online evidence.

Aspects of BellTroX's hacking spree aimed at American targets are currently under investigation by U.S. law enforcement, five people familiar with the matter told Reuters. The U.S. Department of Justice declined to comment.

Reuters does not know the identity of BellTroX's clients. In a telephone interview, the company's owner, Sumit Gupta, declined to disclose who had hired him and denied any wrongdoing.

Muddy Waters founder Carson Block said he was "disappointed, but not surprised, to learn that we were likely targeted for hacking by a client of BellTroX." KKR declined to comment.

Read more at Reuters:
Exclusive: Obscure Indian cyber firm spied on politicians, investors worldwide

[reporting by Jack Stubbs, Raphael Satter, Christopher Bing]