
Dark Basin: Uncovering a Hack-for-Hire Operation - secfirstmd
https://citizenlab.ca/2020/06/dark-basin-uncovering-a-massive-hack-for-hire-operation/
======
tschwimmer
It's a shame that the CFAA is used to prosecute people who bulk download
articles from JSTOR instead of crimes like this. The DOJ should work with
Indian law enforcement to track down this firm and get information on their
customers. It's clearly being run as a legitimate business and I suspect it
would be trivial to recover records.

Activity like this makes everyone poorer in terms of the actual damage done by
the breach as well as all the extra security work that has to be done by
Gmail, Dropbox, etc to prevent further abuses like this. It's exactly the type
of activity the government needs to protect us from.

------
albntomat0
Per the article, they did a bunch of well crafted phishing at a large scale.

Key takeaways:

\- Phishing continues to be highly successful (not a shocker)

\- Phishing as a Service has significant demand

\- The researchers enumerated the targets via poor operational security of the
attackers, including one who apparently used their CV as a test document.

~~~
badrabbit
That said, there has been a recent trend moving away from phishing. Exposed
services are gaining more popularity,especially for cloud vms.

~~~
albntomat0
In that phishing is happening less, or more folks are not properly securing
their cloud services?

~~~
badrabbit
In that, phishing for malware delivery is getting harder so some gangs try
unsecured cloud/onprem assets for initial access. Phishing levels have not
changed overall from my perspective but how targeted attacks happen seems to
be tilting slightly to other initial access tactics.

------
xVedun
If this is what a single company can accomplish with a moderate amount of
funding. It makes me worried about what a military force could accomplish
given 100x resources.

~~~
kryogen1c
worry no more! not in ignorance, anyway. worry is warranted in erudition.

stuxnet is attributed to the US and Israel and is regarded as one of the most
advanced pieces of malware documented.

furthermore, there is lots of evidence of china absolutely ravaging the
intellectual property from other countries, presumed by cyber intrusions. no
need to invest decades in people, culture, and research equipment when you can
just steal the result from others.

~~~
tikititaki
> no need to invest decades in people, culture, and research equipment when
> you can just steal the result from others.

This isn't really a new phenomena. The USSR had spies in the Manhattan project
and was able to create a nuclear bomb a few short years after the USA. Or the
classic story of the British cracking the German radio communications in WW2
(with the help of the Poles, certainly).

I wonder if we're going to get interesting stories about what's happening
right now in the future if it ever becomes declassified. Also, I'd imagine
there's just as much cyber intrusions by the American government / American
companies as there are by Chinese companies although I will admit I have seen
no evidence to point to this. I just think we wouldn't hear about it.

~~~
secfirstmd
Don't forget Echelon revelations about the US spying on European companies.
[https://en.wikipedia.org/wiki/ECHELON](https://en.wikipedia.org/wiki/ECHELON).
Of course European companies, esp France have done the same.

------
sloshnmosh
I’ve been tracking some highly targeted phishing operations that use a third-
party service to identify and fingerprint their victim(s) using
“handsetdetection(.)com”. Spoofing the browsers useragent string is not enough
to trigger exploitation because of this “service”.

------
downvoteme1
At the end of the day , this is a common operation done by state governments
and private entities all across the world . The US does it, so does Israel,
China, North Korea and I assume all other countries do it to their
adversaries. Usually this kind of work is farmed out and if it happens in a US
jurisdiction, then US laws should apply.

------
abbracadabbra
It would be interesting to know the middleman involved in hiring BellTroX;
surely Exxon didn’t hire them directly but were working with a “public
relations” company that took initiative to hire this shady firm. Knowing the
middleman might help connect the loose threads

