A hack-for-hire group, called Dark Basin, has been outed after targeting thousands of individuals and organizations worldwide – including advocacy groups and journalists, elected and senior government officials, and hedge funds — over the course of seven years. Dark Basin conducted commercial espionage on behalf of their clients, against customers’ opponents involved in high-profile public events, criminal cases, financial transactions, news stories and advocacy, according to researchers at Citizen Lab. In all, more than 10,000 victim email accounts were targeted, according to Reuters, who broke the news.
Citizen Lab’s report underlines the relentless and ruthless nature of hackers; it shows us that anyone can be targeted by a cybercriminal, from government officials and large enterprises to advocacy organisations.
Phishing attacks are one of the most effective methods for cyber attackers. This is especially true when it comes to spear-phishing, where the attacker will thoroughly research the victim so they can send a convincing email posing as a trusted sender. These kinds of sophisticated attacks make it more difficult for victims to spot if they are being targeted.
To combat this, we would recommend that organisations train their users to spot the obvious signs of phishing and treat every email that looks suspicious carefully, alongside the usual cyber security controls and technologies. For example, users should be briefed to flag irregularities such as an unexpected emphasis on urgency, spelling and grammar and whether the sender is expected, when assessing suspicious emails. Organisations should also make sure there is a clear and easy process in place for staff to report suspicious behaviour.
While phishers will continue to seek new ways to target an organisation, the danger posed by cybercriminals can be limited by taking extra careful measures.
The Dark Basin report exposes a troubling development in the world of hacking, which is \”Hack-for-Hire.\” We will continue to see black hat hackers offer their services to the highest bidder in the coming years. Sadly, as we have seen in recent weeks, we may see these \”hired guns\” taking aim at more socially conscious groups, such as the NAACP, Black Lives Matter, and other social organizations.
The University of Toronto’s Citizen Lab’s report reads like a movie script. Half the time I’m thinking that the bad guys left so many trails that it must be an exercise in misdirection. Only State actors could pull something like this together. The quality of the phishing site landing pages is excellent, and the English grammar is very good – too good, unless you were running a very professional well-financed and targeted operation. The subdomains are also well designed, especially for mobile users. The URL shorteners, the 5 and a half-hour time zone difference, and the different email address which tie back to BellTroX are all very interesting.
The most striking part of the Dark Basin operation is how it was able to openly advertise its services without consequence. It clearly didn\’t fear any legal consequences that might arise despite much of its activity being blatantly illegal. I have to wonder, even after Citizen Lab\’s report, if authorities will go after Dark Basin. India is home to many phishing and scam operations that go about their business in broad daylight. Even if Dark Basin is shut down, another hack-for-hire business could replace it. So perhaps the best course of action is further investigation to reveal its clients and take legal action against them.\”