Source: By Reghu Balakrishnan, ET Bureau
BENGALURU: Sumit Gupta, founder of BellTrox InfoTech Services, would exhort young recruits to hack into servers of targeted entities in return for more money, former employees of the Delhi-based company told ET. BellTrox was cited as a spy-for-hire firm by an internet watchdog group investigating an international espionage network.
Gupta would challenge the recruits to breach firewalls and explore loopholes in systems they were hired to penetrate, said sources who worked for the company founded by Gupta in 2013.
“The incentives were always project based. The more information (we) gathered, the more money we were paid,” said a former employee, who now works for an information security company that offers ethical hacking services to businesses. “We were never told who the clients were,” the person said.
“Around 4-5 overseas clients offer a monthly retainer for its (BellTrox’s) services,” said a second person who worked for the company.
Gupta kept his team small to around 15 people, providing hacking-for-hire services – sending phishing mails, penetrating firewalls and exploiting servers, the person said. The company was also active on the dark web – the internet not accessed by search engines such as Google – and would trade breached data using cryptocurrencies, according to the people cited above.
BellTrox saw its revenue drop to Rs 45.4 lakh in fiscal year 2019 from Rs 1.08 crore in the previous fiscal, according to regulatory filings.
Gupta did not reply to multiple email queries, text messages and phone calls from ET.
On Tuesday, Citizen Lab, a University of Toronto unit, identified BellTrox as the technology provider for a worldwide espionage campaign with targets ranging from government officials in Europe to US private equity investor KKR.
‘Many such companies in India’
In an investigation spanning nearly two years, the unit looked at digital signatures involved in collecting information of over 12,000 emails of targeted organizations.
A Reuters report on Tuesday said Gupta was charged in a hacking case in the US in 2015. As of now, there are no reported cases against Gupta in India.
Experts are of the view that hacking is a global phenomenon and non-state actors look to breach vulnerabilities and exploit data for money.
“The underground ecosystem runs into billions of dollars. There are always a few who do this for the lure of money,” said Gulshan Rai, former cyber security chief for the Indian government. The government always looks out for such nefarious activities and if they find people, they can prosecute them under the IT Act which has tough provisions, he added.
Cyber security professionals estimate there are scores of such companies offering hacking-for-hire services in India. “There are over 100 hacking-for-hire companies across India.”