Reports of a hacker-for-hire group dubbed “Dark Basin,” which has targeted journalists, advocacy groups and elected officials, are rocketing around the world.
The India-based Dark Basin has been exposed by Citizen Lab, which is an “interdisciplinary laboratory” that is part of the University of Toronto’s Munk School and is focused on the intersection of information and communication technologies, human rights and global security.
The Citizen Lab report links Dark Basin “with high confidence to individuals working at an Indian company named BellTroX InfoTech Services,” which uses other names as well. The company’s director, Sumit Gupta, “was indicted in California in 2015 for his role in a similar hack-for-hire scheme,” Citizen Lab said.
“We see them again and again in areas where business and politics are contentious,” said John Scott-Railton, the lead author of the report. He told the Financial Post that the hackers were “brazen; they seem to think they are untouchable.”
Dark Basin has targeted thousands of individuals and hundreds of institutions on six continents, Citizen Lab said.
The report said “a large cluster of targeted individuals and organizations” were involved in environmental issues. According to Citizen Lab: “Dark Basin has extensively targeted American advocacy organizations working on domestic and global issues. These targets include climate advocacy organizations and net neutrality campaigners.”
Citizen Lab said it has worked with some of these groups to research the situation in-depth: “We determined that these organizations were all linked to the #ExxonKnew campaign, which highlights documents that, the advocacy organizations argue, point to Exxon’s decades-long knowledge of climate change.”
ExxonMobil is battling the release of documents in actions brought by numerous states’ attorneys general. According to The New York Times, the #ExxonKnew campaign has led to “exposés of the company’s research into climate change, including actions it took to incorporate climate projections into its exploration plans while playing down the threat.”
Citizen Lab said that Dark Basin’s phishing attempts against #ExxonKnew corresponded with “key events” in the group’s campaign.
Such key events occurred shortly before New York’s attorney general filed a lawsuit against ExxonMobil in January 2018.