Advertisement
UK markets close in 2 hours 15 minutes
  • FTSE 100

    7,959.80
    +27.82 (+0.35%)
     
  • FTSE 250

    19,888.13
    +77.47 (+0.39%)
     
  • AIM

    743.64
    +1.53 (+0.21%)
     
  • GBP/EUR

    1.1696
    +0.0027 (+0.23%)
     
  • GBP/USD

    1.2640
    +0.0002 (+0.02%)
     
  • Bitcoin GBP

    55,945.12
    +1,365.13 (+2.50%)
     
  • CMC Crypto 200

    885.54
    0.00 (0.00%)
     
  • S&P 500

    5,249.90
    +1.41 (+0.03%)
     
  • DOW

    39,763.56
    +3.48 (+0.01%)
     
  • CRUDE OIL

    82.44
    +1.09 (+1.34%)
     
  • GOLD FUTURES

    2,227.00
    +14.30 (+0.65%)
     
  • NIKKEI 225

    40,168.07
    -594.66 (-1.46%)
     
  • HANG SENG

    16,541.42
    +148.58 (+0.91%)
     
  • DAX

    18,495.37
    +18.28 (+0.10%)
     
  • CAC 40

    8,216.69
    +11.88 (+0.14%)
     

Hackers for hire attempt to destroy hedge fund manager's reputation

hacker Israeli
hacker Israeli

Hackers bombarded a British hedge fund manager with 3,000 emails and fake news stories about his mortgage in an effort to destroy his reputation after being hired by a corporate rival.

Criminals even sought to gain personal information about Matthew Earl by pretending to be his sister in a three-year campaign when he raised concerns over the controversial German payments company Wirecard.

Mr Earl, a former City analyst who runs the hedge fund ShadowFall, said he was targeted by a group called Dark Basin.

This group has been linked to Aviram Azari, who this week pleaded guilty in New York to a conspiracy to target journalists and critics of Wirecard using phishing emails.

ADVERTISEMENT

Mr Earl said the hacking attempts started in 2016 after ShadowFall, nicknamed the “dark destroyer” in the City, criticised the financial performance of Wirecard. The German company was later mired in a series of accounting scandals and went bust.

He said: “I was being sent very targeted emails, which were crafted with personal information about my interests, friends and family’s details. They were very specific.”

Mr Earl received news stories that appeared to be from media outlets such as Reuters and Bloomberg. Another email appeared to be sent by his sister, sharing family photographs, he added.

He said: “There was even one that purported to be an expose on my mortgage.

“Why would anyone be interested in my mortgage, I don’t know. It was a whole range of things, and they came in thick and fast. Some days I would get 3 to 10 targeted emails.”

Mr Earl said he gave evidence to the Federal Bureau of Investigation and the US Department of Justice in 2018 about the hacking attempts, and he was identified as a “possible victim of a crime”.

He also shared emails with Citizen Lab, part of the University of Toronto’s Munk School.

Citizen Lab subsequently published a report about Dark Basin, a hack-for-hire group that targeted thousands of individuals and hundreds of institutions on six continents.

They linked Dark Basin “with high confidence” with Indian company BellTroX InfoTech Services, which is understood to be connected to Mr Azari’s case.


The reign of terror as hackers for hire ramp up corporate espionage

By Helen Cahill

Aviram Azari was this week bussed into one of New York's most notorious prisons.

The former private investigator, turned cyber-criminal, had been freely conducting corporate espionage for high-end, shadowy clients for at least five years. He worked as part of a hacker-for-hire ring that allegedly lent their services to target thousands of companies and individuals, with victims including some of the world’s biggest hedge funds, journalists and eco-activists.

Having lived in the midst of the murky world of corporate espionage, Azari, is now waiting to find out how long he will spend behind bars.

This week he pleaded guilty to three counts of fraud and conspiracy to gain access to private computers, acknowledging his wrongdoing in his role as a middleman in the hacking scheme.

Having admitted to the charges in federal court in Manhattan, the 50-year-old will be held without bail at the Metropolitan Detention Center in Brooklyn - the same institution Ghislane Maxwell was held in before she was found guilty of sex trafficking girls for Jeffrey Epstein - until July 21.

Experts say Azari’s case is just one small part in a growing trend of hiring hackers to obtain information through corporate espionage. The market has been labelled as a growing threat, with clients able to enjoy minimal risk due to the opaque nature of the schemes.

So-called hack-for-hire groups are often approached by private investigators commissioned by anyone from governments, to companies in law or finance industries, for instance, which then use the information to inform takeover attempts and legal cases.

The federal court in Manhattan charged Azari with perpetrating a programme of cyberattacks against hundreds of victims in the Southern District of New York and further afield. It said he sent fake emails to targets to trick them into entering their usernames and passwords of key accounts on websites controlled by Azari and his conspirators. He has also been ordered to hand back any money made from the scheme.

Alan Woodward, a cyber security expert at the University of Surrey, says Azari’s case is just the "tip of the iceberg".

Woodward adds: "He and others are tapping into a trend that has grown in recent years called 'crime as a service'.

"Those commissioning the hacking do not necessarily have the skills to do this, so they hire others to do it for them.

"It is also extremely tempting for private investigators to use these hackers for hire as so much of what they want for corporate espionage comes in electronic form. Can you name a business that still uses paper?"

Azari’s guilty plea is part of a wider investigation into a hacking ring, reportedly New Delhi-based BellTroX InfoTech Services, that has allegedly infiltrated thousands of entities. These have included hedge funds Blue Ridge Capital and Coatue Management, according to cyber-researchers at Citizen Lab.

The group also targeted high-profile London-based hedge fund ShadowFall, run by Matthew Earl, which was shorting the disgraced German company, Wirecard. The payments company collapsed in June 2020 owing creditors $4bn (£3bn) after an investigation by the Financial Times revealed major fraud internally. Azari's lawyer Barry Zone said his client's charges were related to work performed for Wirecard. He added that his client was not cooperating with the US government on the investigation.

According to Citizen Lab, the alleged hacking group, which it has called Dark Basin, are based in India and commissioned by private investigators worldwide. The research group launched an investigation after being contacted by a journalist who was targeted with a phishing email in 2017.

Its report said: "While we initially thought that Dark Basin might be state-sponsored, the range of targets soon made it clear that Dark Basin was likely a hack-for-hire operation. Dark Basin’s targets were often on only one side of a contested legal proceeding, advocacy issue, or business deal."

The finance industry is particularly exposed to hackers-for-hire, argues Woodward, because corporations often want information on transactions, which are largely done electronically.

Europol's most recent assessment of the organised crime taking place on the internet found that crime as a service "continues to proliferate". The problem has now become so acute that the European Union has highlighted the hacker-for-hire market as a growing threat, in its most recent report from the European Union Agency for Cybersecurity (ENISA).

While the report confirmed that the hackers' clients are usually governments, it said corporations and individuals are also fuelling the market's growth.

It warned: "Our assessment is that hacker-for-hire companies will certainly continue targeting any sector based on their sponsors’ requirements.

"The hacker-for-hire industry will likely experience increased state control and oversight (and potentially more attention from cybersecurity companies) due to potential national security risks as well as human rights abuse."

Hackers-for-hire are able to offer a range of services, which are often bundled together depending on the client's commission.

The EU has warned that the clients ordering these attacks get access to advanced cyber offensive technologies with very little risk. They "enjoy plausible deniability" and their targets have little idea who they are - or their ultimate objective.

Another group, named DeathStalker, is alleged to be offering hacking services for profit. It has been accused of targeting financial services firms and law firms for corporate spies.

The methods it had been accused of using, however, are not deemed particularly complicated, highlighting how relatively simple it is for these groups to get confidential information from huge corporations.

ENISA said: "Its [DeathStalker’s] operations are representative of the fact that these threat actors can accomplish their goals without using highly sophisticated tools."

Woodward says the law enforcement agencies could struggle to crack down on these hackers because they are used to adapting quickly. He warns that although individuals such as Azari could be stopped, "the war is never quite over".

Offering a solution, Woodward says: "What the clients need to be shown clearly is that if you commission a crime you will still be held accountable."