Dark Basin: Global Hack-For-Hire Organization That Targeted Thousands Over The Years Federal prosecutors made public Tuesday they are looking into a global hack for hire operation that has targeted thousands of advocacy groups, journalists and government officials.
NPR logo

Dark Basin: Global Hack-For-Hire Organization That Targeted Thousands Over The Years

  • Download
  • <iframe src="https://www.npr.org/player/embed/873349773/873377569" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript
Dark Basin: Global Hack-For-Hire Organization That Targeted Thousands Over The Years

Dark Basin: Global Hack-For-Hire Organization That Targeted Thousands Over The Years

Dark Basin: Global Hack-For-Hire Organization That Targeted Thousands Over The Years

  • Download
  • <iframe src="https://www.npr.org/player/embed/873349773/873377569" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Federal prosecutors made public Tuesday they are looking into a global hack for hire operation that has targeted thousands of advocacy groups, journalists and government officials.

MARY LOUISE KELLY, HOST:

We're all familiar with email scams, phishing, attempts to steal passwords. We know less about who's behind them. We learned today, federal prosecutors are looking into a global hack-for-hire organization. It has targeted journalists, activists and government officials and thousands of others. Here's NPR's Hanna Rosin.

HANNA ROSIN, BYLINE: Like most stealth operations, this one has a code name, Dark Basin. And it started with a tip.

JOHN SCOTT-RAILTON: A journalist got in touch with us and shared some suspicious messages.

ROSIN: That's John Scott-Railton, a researcher with Citizen Lab, a cybersecurity watchdog group. In a report released today, Citizen Lab tracked those messages back to a group based in India.

SCOTT-RAILTON: A sprawling operation that has hundreds of clients around the world who seem to pay these people to target hundreds and thousands of people at a time.

ROSIN: Among the targets were environmental activists who were involved with a campaign called #ExxonKnew. These activists have accused the oil company of keeping the public and shareholders in the dark about climate damage they knew they were causing. Kert Davies of the Climate Investigations Center was one of the activists who were targeted.

KERT DAVIES: Out of the blue, you start getting these freaky emails, and you think, what - you know, who's behind it? The story is not this company in India. The story is who hires them.

ROSIN: A spokesman for Exxon Mobil said the company has no knowledge of or involvement in the hacking activities outlined in Citizen Lab's report. And as Scott-Railton put it, it is in fact devilishly difficult to connect the hackers directly with the people who use their services. It's all done through middlemen. And federal prosecutors have arrested one middleman. An Israeli private investigator named Aviram Azari was charged in New York with wire fraud, identity theft and conspiracy to commit computer hacking. The indictment said he'd been invited to India to meet with senior managers of the hacking group. He's pleaded not guilty.

Citizen Lab has started to connect those dots, and Scott-Railton says they're sharing their information with federal investigators.

SCOTT-RAILTON: The people who were targeted were often on the other side of some kind of a pitched battle, maybe with a company, maybe with an individual.

ROSIN: Perhaps the scariest cases involve individuals, like a man named Matthew Earl, who woke up one morning three years ago to a document online supposedly written by a former employee of his.

MATTHEW EARL: I mean, it was accusing me of being a criminal.

ROSIN: Earl knew it was all fiction. He had no former employees. But still, it affected him.

EARL: I felt shame that that's the impression that people would see.

ROSIN: Scott-Railton described Earl to me as the most targeted man he's ever met. Earl had PIs come to his door, he was followed and photographed on the street, and for years, Earl received phishing emails, which if he fell for the trap, would have allowed the hackers to harvest his passwords and wreak havoc on his life.

EARL: Because you're paranoid of clicking on anything, and so you kind of retrench a bit from life.

ROSIN: The Citizen Lab report connects Earl's case to a number of other journalists and investors. What they had in common was publishing damaging information about a German company called Wirecard. This week, police in Munich raided Wirecard's headquarters, and German prosecutors launched a criminal investigation into accounting irregularities and disclosure violations by certain executive board members of Wirecard.

As for Matthew Earl, as of last week, he was still getting suspicious emails, so he was happy to hear from Scott-Railton that Citizen Lab had at least honed in on his hackers, if not yet the people who hired them.

SCOTT-RAILTON: It'll be nice to have a little celebratory victory lap tomorrow or the next day.

EARL: Well, we could get a drink organized on Zoom or something (laughter).

SCOTT-RAILTON: Oh, yeah.

ROSIN: Now it's up to the prosecutors in the U.S. and Germany to do the difficult work of finding out definitively who the corporate clients are.

Hanna Rosin, NPR News.

(SOUNDBITE OF MUSIC)

Copyright © 2020 NPR. All rights reserved. Visit our website terms of use and permissions pages at www.npr.org for further information.

NPR transcripts are created on a rush deadline by Verb8tm, Inc., an NPR contractor, and produced using a proprietary transcription process developed with NPR. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.