The cybersecurity community has watched the rise of businesses that take money to do inappropriate things for years. Now new expositions by inteligence and security professionals at Google and seasoned journalists at Reuters shed new light on how this activity has evolved.
From Reuters:
Bodyguard Carlo Pacileo was under mounting pressure. His boss, a direct sales entrepreneur named Ryan Blair, wanted compromising material against a business rival amid a flurry of lawsuits, Pacileo said. Nothing was turning up. So he turned to a Silicon Valley detective he knew from his days in Afghanistan with the U.S. mercenary firm Blackwater. Nathan Moser, a former North Carolina sheriff’s deputy, arrived days later at Pacileo’s Hollywood apartment with a duffel bag full of surveillance equipment. Moser showed Pacileo several gadgets, including Israeli-made listening devices that could be hidden in ceilings or behind television sets. One particular service stood out: Moser said he knew an Indian hacker who could break into emails. “My ears perked up,” Pacileo told Reuters recently. “I didn’t know you could do that type of stuff.” Moser, who confirmed Pacileo’s account, got the job and a $10,000 per month retainer. He went to work for Blair’s company, diet shake distributor ViSalus, as it filed a series of lawsuits against sellers who had jumped ship to go with a competitor named Ocean Avenue. Starting around February 2013, the Indian hacker – a young computer security expert named Sumit Gupta – broke into the email accounts of Ocean Avenue executives, sending screenshots and passwords back to his ViSalus handlers on the West Coast.
Read the full special report of How mercenary hackers sway litigation battles.
From Google:
TAG has observed Indian hack-for-hire firms work with third party private investigative services — intermediaries that reach out for services when a client requires them — and provide data exfiltrated from a successful operation. This is detailed in depth in today’s Reuters investigation into the Indian hack-for-hire ecosystem. We have also observed Indian hack-for-hire firms work with freelance actors not directly employed by the firms themselves.
The breadth of targets in hack-for-hire campaigns stands in contrast to many government-backed operations, which often have a clearer delineation of mission and targets. A recent campaign from an Indian hack-for-hire operator was observed targeting an IT company in Cyprus, an education institution in Nigeria, a fintech company in the Balkans and a shopping company in Israel.
Read more from Google at: Countering hack-for-hire groups
Related Reading:
Explore OODA Research and Analysis
Use OODA Loop to improve your decision making in any competitive endeavor. Explore OODA Loop
Decision Intelligence
The greatest determinant of your success will be the quality of your decisions. We examine frameworks for understanding and reducing risk while enabling opportunities. Topics include Black Swans, Gray Rhinos, Foresight, Strategy, Stratigames, Business Intelligence and Intelligent Enterprises. Leadership in the modern age is also a key topic in this domain. Explore Decision Intelligence
Disruptive/Exponential Technology
We track the rapidly changing world of technology with a focus on what leaders need to know to improve decision-making. The future of tech is being created now and we provide insights that enable optimized action based on the future of tech. We provide deep insights into Artificial Intelligence, Machine Learning, Cloud Computing, Quantum Computing, Security Technology, Space Technology. Explore Disruptive/Exponential Tech
Security and Resiliency
Security and resiliency topics include geopolitical and cyber risk, cyber conflict, cyber diplomacy, cybersecurity, nation state conflict, non-nation state conflict, global health, international crime, supply chain and terrorism. Explore Security and Resiliency
Community
The OODA community includes a broad group of decision-makers, analysts, entrepreneurs, government leaders and tech creators. Interact with and learn from your peers via online monthly meetings, OODA Salons, the OODAcast, in-person conferences and an online forum. For the most sensitive discussions interact with executive leaders via a closed Wickr channel. The community also has access to a member only video library. Explore The OODA Community