Share this post

🔑 Key Takeaways

  1. Despite being at a disadvantage, sticking to morals and integrity can ultimately lead to success in the business world. Even in the face of deceit and denial, honesty prevails.
  2. Whistleblowers are crucial in exposing corporate fraud, but they face serious risks and must be protected. The case of Matthew Earl shows the importance of supporting and safeguarding those who speak out against misconduct.
  3. Citizen Lab is a non-profit organization that uses open-source intelligence to protect individuals and organizations from cyber-attacks. Their work in computer forensics helps those who cannot afford to protect themselves against state-sponsored hackers.
  4. Be cautious of suspicious emails and shortened links to protect sensitive information from potential hacking attempts. It is essential to remain vigilant and seek evidence-based research to stay safe.
  5. By analyzing short URLs and target e-mails, Citizen Lab was able to uncover the extensive reach of Dark Basin's hacking campaign. Their analysis also revealed that the targets were not limited to nation state actors.
  6. By clustering targets and identifying patterns through OSINT, investigative teams can uncover the motives of hacking groups like Dark Basin, who are likely motivated by financial gain.
  7. The case of Dark Basin reveals the extent and impact of cybercrime. It underscores the importance of staying vigilant and prioritizing cybersecurity to prevent data breaches and phishing attacks.
  8. Even the most advanced hackers can make mistakes, and collaboration between cybersecurity experts can pinpoint and track them down.
  9. BellTroX InfoTech Services was involved in illegal activities such as phishing and hacking, despite describing itself as offering ethical hacking and penetration testing services. Their web presence and employees' online behavior led to their exposure.
  10. Private investigators may hire hackers like BellTroX to obtain sensitive information for various purposes. BellTroX openly solicits services and targets Western private investigators, indicating different motives than financially driven attacks.
  11. Large-scale hacking operations like Dark Basin pose a significant risk to companies and individuals, as they can harm reputations and undermine democracy. Criminal investigations are necessary to hold accountable those who engage in unethical and illegal activities.
  12. Citizen Lab's Dark Basin report not only led to a criminal investigation and arrest, but it also prompted responses from companies, exposed financial wrongdoing, and gave validation to victims. This highlights the significance of investigative journalism and organizations like Citizen Lab.

📝 Podcast Summary

The battle of good vs. evil in business

In the battle between good and evil, the good team is at a disadvantage because they are bound by morals and integrity while the evil team has no qualms about breaking laws and playing dirty to achieve their objectives. While it may be difficult to distinguish between good and evil and what is right and wrong, the fundamental difference lies in their approach and actions towards achieving their goals. This is evident in the case of Wirecard AG, where a short seller, Matthew Earl, discovered that the company's acquisition of an Indian company was overvalued, exposing the company's fraudulent practices. Despite Wirecard's continued denial of wrongdoing, Matthew was able to see through their deception and invest in shorting their stocks, ultimately proving that honesty and integrity are still values that hold importance in the world of business.

The dangers of whistleblowing: a case study on Matthew Earl's experience with Wirecard

Matthew Earl's report under the alias Zatarra Research exposed Wirecard's fraudulent activities in February 2016. Wirecard denied the accusations but later accused Matthew of criminal insider trading and market manipulation. This led to creepy surveillance and threatening letters for months, causing Matthew to be on high alert and take serious precautions to protect himself and his family. The ultimate intention behind the surveillance is uncertain but it is clear that it was an attempt to intimidate and silence Matthew. The incident highlights the importance of protecting whistleblowers and exposing fraudulent activities in corporations, as well as the potential consequences and risks involved.

Citizen Lab's Fight Against State-Sponsored Hackers

Matthew was bombarded by thousands of suspicious e-mails with links supposedly from his family and friends, but they were actually sent by state-sponsored hackers who had an understanding of his interests and relationships. The e-mails had a level of sophistication that amazed his lawyer. He reached out to Citizen Lab, a non-profit organization that uses open-source intelligence to protect free expression, transparency, and accountability on the internet. Citizen Lab already had quite a case built on who might be sending these e-mails, and they were able to help Matthew. Their work is rooted in computer forensics and they aim to help organizations that can't afford to protect themselves from cyber-attacks.

Citizen Lab Investigates Phishing Emails to Uncover Hackers' Tactics.

Citizen Lab takes their investigations seriously and relies on evidence-based research and ethical practices. They investigate carefully-crafted phishing emails designed specifically for target victims. The emails were suspicious and contained links shortened using open-source software, which Citizen Lab was able to trace and investigate. By carefully-peeling back the layers, Citizen Lab was able to gain insight into the hacking group's tactics and motives. The hackers' goal was to obtain victims' email login credentials and gain access to sensitive information they were working on. Ultimately, Citizen Lab's work highlights the importance of being vigilant about suspicious emails and using caution when clicking on links, particularly those that are shortened.

How Citizen Lab Mapped Out Dark Basin's Massive Hacking Campaign

Citizen Lab was able to uncover a massive amount of information related to the Dark Basin hacking group by enumerating through the different short URLs and extracting target e-mails, which helped them to build a massive pile of information. As they started looking at more and more URLs, they were able to see how wide this campaign was, and the target database grew to thousands of e-mail addresses. By analyzing the targets and finding commonalities between them, Citizen Lab was able to build maps and clusters to paint a picture of who would have an interest in hacking people like that, which suggests that the targets were not just the bread and butter of a nation state actor.

Dark Basin's Targeting Tactics Revealed

The hacking group, Dark Basin, targeted a wide variety of people and organizations all over the world, indicating that they were a mercenary group for hire. The investigative team approached their investigation by clustering the targets and trying to identify patterns to identify the adversary. Through OSINT, they were able to identify groups of targets in the financial sector and politics as well as American environmental NGOs. These groups were heavily targeted, and it was not immediately clear why. The investigative team conducted desk research and met with people to figure out why these groups were all being targeted. Through these efforts, they were able to uncover a vast hacking network conducted by Dark Basin, whose motivation was likely financial gain.

Dark Basin: The Cybercrime Group Targeting Multiple Organizations

Dark Basin, a hacking group, was responsible for several phishing attacks and data breaches not only against ExxonKnew Campaign members, but also against government officials, financial firms, pharmaceutical companies, advocacy groups, and more. John and Adam collaborated with organizations associated with the campaign and linked the phishing attacks to Dark Basin. The trail was never truly cold as new data kept coming and a wider picture emerged. While Dark Basin's spread was massive, Citizen Lab recorded data to identify who was behind the cyberattacks as ExxonKnew and Wirecard offered circumstantial evidence against the hackers. The story highlights the severity of cyberattacks and emphasizes the need for cybersecurity awareness and vigilance among individuals and organizations.

Citizen Lab and NortonLifeLock uncover Dark Basin's origins and tactics.

Citizen Lab collaborated with NortonLifeLock to track down Dark Basin, a group of mercenary hackers responsible for an advanced spear phishing campaign that attacked internet freedom advocacy groups. They identified the attackers as working out of an office in India Standard Time and gathered evidence from URL shorteners and log files left on the phishing websites. The hackers made some glaring errors when testing their phishing kits, allowing Citizen Lab to uncover personal information about them, such as a resume or a CV. Through their investigation, Citizen Lab was able to determine where Dark Basin was operating from, but they were still hunting for the identity of the hackers themselves.

BellTroX InfoTech Services Exposed for Phishing and Hacking

BellTroX InfoTech Services, a company based in New Delhi, was found to be into phishing and hacking. Their employees were evidence of this fact, as they openly shared company secrets and techniques online. The company described itself as offering certified ethical hacking, penetration testing, and medical transcription services. However, certified ethical hacking and penetration testing are often used as code language for hacking. The owner of BellTroX, Sumit Gupta, had a history in the hack-for-hire business, and was indicted and charged earlier for similar illegal activities. BellTroX's illicit activities were not limited to a few employees, but went all the way to the top. These findings were possible due to the company's noisy web presence and the incriminating information its employees publicly exposed.

Private Investigators' Controversial Hire for Sensitive Information

Private investigators often hire hackers through companies like BellTroX to gain access to sensitive information that can be used for various purposes like legal disputes, political strategies, and media leaks. BellTroX and similar companies openly solicit online and target Western private investigators offering e-mail based targeting services with coded language or clear descriptions of what they can do. Sumit Gupta, also known as Sumit Vishnoi, was involved in the hack-for-hire scheme with Visalus and has taken this model to the next level with BellTroX, which is described as a cyber-intelligence company. The motivations behind these attacks are not primarily financial, indicating a different motive than other types of attacks like ransomware or CEO fraud.

The Threat of Large-Scale Hacking Operations to Democracy

Large-scale hacking operations like Dark Basin are a threat to democracy as they can be used to attack people who can't defend themselves. These operations are different from commercial operations trying to steal money, as they look for the valuable commodity that directly benefits the adversary of a company. The risk behind these operations is a lot greater as it can harm the reputation of a company. Big platforms are just starting to come to terms with this problem. Although researchers can only do what they are legally allowed to do, a criminal investigation is necessary as it has access to legally-authorized resources that researchers don't have. Hiring groups like Dark Basin to spy on journalists and activists is unethical and illegal.

The Power of Investigative Journalism and the Impact of Citizen Lab's Dark Basin Report

Citizen Lab's Dark Basin report led to a criminal investigation and arrest of an Israeli private investigator engaged in a hack-for-hire scheme. The report also prompted responses from companies like Exxon and Wirecard, who denied any involvement with the hacker group. However, the collapse of Wirecard due to a missing $2 billion shortly after the report's release provided vindication for those who had accused the company of financial wrongdoing for years. The report also added credibility to the experiences of targets who had been harassed by the group, making it easier for them to describe their experiences and seek justice. This shows the power of investigative journalism and the importance of organizations like Citizen Lab in bringing hidden wrongdoings to light.