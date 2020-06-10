A hack-for-hire group, called Dark Basin, has been outed after targeting thousands of individuals and organizations worldwide – including advocacy groups and journalists, elected and senior government officials, and hedge funds — over the course of seven years. Dark Basin conducted commercial espionage on behalf of their clients, against customers’ opponents involved in high-profile public events, criminal cases, financial transactions, news stories and advocacy, according to researchers at Citizen Lab. In all, more than 10,000 victim email accounts were targeted, according to Reuters, who broke the news.
Colin Bastable, CEO , Lucy Security
June 10, 2020
The University of Toronto’s Citizen Lab’s report reads like a movie script.
Half the time I'm thinking that the bad guys left so many trails that it must be an exercise in misdirection. Only State actors could pull something like this together. The quality of the phishing site landing pages is excellent, and the English grammar is very good - too good, unless you were running a very professional well-financed and targeted operation. The subdomains are also well designed, especially for mobile users. The URL shorteners, the 5 and a half-hour time zone difference, and the different email address which tie back to BellTroX are all very interesting.
Paul Bischoff, Privacy Advocate, Comparitech
June 10, 2020
Even if Dark Basin is shut down, another hack-for-hire business could replace it.
The most striking part of the Dark Basin operation is how it was able to openly advertise its services without consequence. It clearly didn't fear any legal consequences that might arise despite much of its activity being blatantly illegal. I have to wonder, even after Citizen Lab's report, if authorities will go after Dark Basin. India is home to many phishing and scam operations that go about th ....The most striking part of the Dark Basin operation is how it was able to openly advertise its services without consequence. It clearly didn't fear any legal consequences that might arise despite much of its activity being blatantly illegal. I have to wonder, even after Citizen Lab's report, if authorities will go after Dark Basin. India is home to many phishing and scam operations that go about their business in broad daylight. Even if Dark Basin is shut down, another hack-for-hire business could replace it. So perhaps the best course of action is further investigation to reveal its clients and take legal action against them."
