The country has developed a lucrative specialty: cyberattacks for hire.
Researchers at Citizen Lab had learned of BellTroX’s activities from someone that the company had tried to trick with “spear phishing”—sending a bogus message to trick a recipient into providing access to personal data. Citizen Lab spent three years investigating BellTroX, including by analyzing Web sites used to shorten and disguise phishing links, combing through social-media accounts of BellTroX’s employees, and contacting victims. Reuters, in coördination with Citizen Lab, published an exposé on BellTroX the same day as the report. But BellTroX’s owner denied any wrongdoing, the Indian authorities never publicly responded to the allegations, and the accusations remained unconfirmed.
Rey’s investigation into the Azima case shed new light not only on BellTroX but also on several other outfits like it, establishing beyond dispute that India is home to a vast and thriving cyberattack industry. Last year, Rey secured the first detailed confession from a participant in a hacking-for-hire operation. In court papers, an Indian hacker admitted that he had infiltrated Azima’s e-mail account—as had employees at another firm. Moreover, there were countless other Indian hackers for hire, whose work was often interconnected. John Scott-Railton, a senior researcher at Citizen Lab, who helped lead the BellTroX investigation, told me that the admissions Rey obtained are “huge” and “move the whole conversation forward.” He added, “You know how in some industries, everybody ‘knows a guy’ who can do a certain thing? Well, in hacking for hire, India is ‘the guy.’ They are just so prolific.”