A New-Delhi based cybersecurity company offered its hacking services to a broad range of clients to spy on more than 10,000 email accounts for 7 years.
This revelation has been made by 3 ex-employees and corroborated by a trail of online evidence and independent researchers.
According to details, BellTroX InfoTech Services, the IT firm in question, targeted high-level government officials in Europe, multi-millionaire gamblers in the Bahamas, judges in South Africa, politicians in Mexico, lawyers in France, environmental groups, famous US-based investors, and thousands of other victims.
Private investigators contracted BellTroX InfoTech Services on behalf of political opponents or business rivals to carry out the hacking.
The claims of the ex-employees have been validated by a report published recently by an internet watchdog group, Citizen Lab, stating that BellTroX InfoTech Services is at the heart of the one the biggest spy-for-hire operations and espionage campaigns.
Researchers at Citizen Lab have spent the last 2 years mapping out the infrastructure used by the BellTroX.
Between 2013 and 2020, BellTroX sent thousands of malicious messages designed to trick victims into giving up their passwords, as per Citizen Lab.
Some of the methods used by BellTroX to dupe victims included Facebook login requests, voice messages imitating colleagues or relatives, and graphic notifications to unsubscribe from pornography websites.
U.S. law enforcement agencies have taken up the matter and initiated a comprehensive probe into the hacking spree waged by BellTroX.
CEO BellTroX, Sumit Gupta, had already been declared a fugitive in 2017 by the U.S. Justice Department over his indictment in a separate hacking case lodged in 2015.
However, the U.S. Justice Department hasn’t disclosed the current status of the case and whether it had submitted a request to the Indian government to extradite Sumit Gupta to the US.