Ride the Lightning

Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.

Cyber Spies Sway Litigations Battles and Break into Attorney Emails

July 13, 2022

Reuters reported on June 30 that thousands of email records it had uncovered showed Indian cyber mercenaries hacking parties involved in lawsuits around the world. Apparently, hired spies have become a weapon of litigants looking for an advantage.

Be forewarned that the article is long, but it is chock full of true stories about these cyber spies – particularly at risk are larger law firms.

Apparently, Sumit Gupta, a cybersecurity expert, worked with a group of Indian colleagues to build an underground hacking operation that would become a center for private investigators who were looking for an advantage for clients in lawsuits.

Gupta was never apprehended by U.S. authorities. Reuters has not been able to reach him since 2020, when he told the news agency that while he did work for private investigators, “I have not done all these attacks.” Recent attempts to speak with or locate him were unsuccessful.

Reuters has identified 35 legal cases since 2013 in which Indian hackers attempted to obtain documents from one side or another of a courtroom contest by sending them password-stealing emails.

The messages often looked like innocuous communications from clients, colleagues, friends or family. They were aimed at getting the hackers access to targets’ inboxes and then private or attorney-client privileged information. Examples are provided in the article of the initial emails from the hackers.

At least 75 U.S. and European companies, three dozen advocacy and media groups and numerous Western business executives were the subjects of these hacking attempts, Reuters found.

The Reuters report is based on interviews with victims, researchers, investigators, former U.S. government officials, lawyers and hackers, plus a review of court records from seven countries. It draws on a unique database of more than 80,000 emails sent by Indian hackers to 13,000 targets over a seven-year period. The database is effectively the hackers’ hit list, and it offers a look at who the cyber mercenaries sent phishing emails to between 2013 and 2020.

The data comes from two providers of email services the spies used to carry out their espionage campaigns. The providers gave Reuters access to the material after it asked about the hackers’ use of their services; they offered the sensitive data on condition of anonymity.

Reuters then vetted the authenticity of the email data with six sets of experts. Scylla Intel, a boutique cyber investigations firm, analyzed the emails, as did researchers from British defense contractor BAE, U.S. cybersecurity firm Mandiant, and technology companies LinkedIn, Microsoft and Google.

Each firm independently confirmed the database showed Indian hacking-for-hire activity by comparing it against data they had previously gathered about the hackers’ techniques. Three of the teams, at Mandiant, Google and LinkedIn, provided a closer analysis, finding the spying was linked to three Indian companies – one that Gupta founded, one that used to employ him and one he collaborated with.

“We assess with high confidence that this data set represents a good picture of the ongoing operations of Indian hack-for-hire firms,” said Shane Huntley, head of Google’s cyber threat analysis team.

Reuters communicated with every person in the database – sending requests for comment to each email address – and spoke to more than 250 individuals. Most of the respondents said the attempted hacks revealed in the email database occurred either ahead of anticipated lawsuits or as litigation was under way.

The targets’ lawyers were often targeted too. The Indian hackers tried to break into the inboxes of some 1,000 attorneys at 108 different law firms, Reuters found.

Among the law firms targeted were global practices, including U.S.-based Baker McKenzie, Cooley and Cleary Gottlieb. Major European firms, including London’s Clyde & Co. and Geneva-based arbitration specialist LALIVE, were also hit.

Cleary declined comment. The five other law firms did not return messages.

The legal cases identified by Reuters varied in profile and importance. Some involved personal disputes. Others involved multinational companies with a lot of money at stake.

From London to Lagos, at least 11 separate groups of victims had their emails leaked publicly or entered into evidence in the middle of their trials. In several cases, stolen documents affected the verdict, court records show.

“It is an open secret that there are some private investigators who use Indian hacker groups to target opposition in litigation battles,” said Anthony Upward, managing director of Cognition Intelligence, a UK-based countersurveillance firm.

You’ll want to check out Reuters’ Hacker Hit List, which shows you how Indian mercenary hackers hunted lawyers’ inboxes. The far left hand column shows when malicious emails were sent; the left hand column shows who the emails were sent to; the middle column shows the services – such as LinkedIn or YouPorn – that the hackers were imitating; the right hand column shows the subject lines the hackers used to entice their targets.

Techniques for breaking into attorneys’ emails varied. Sometimes the hackers tried to pique attorneys’ interest in news about their colleagues. Sometimes the hackers impersonated social media services. In other cases, the hackers posed as porn sites. Finally, there were weird or scandalous news subject lines to get their targets to click.

Gupta  could charge from a few thousand dollars per account to up to $20,000 for “priority” targets, said Chirag Goyal, a former BellTroX executive who split from Gupta in 2013 and has since launched several tech startups in India.

Goyal said repeat customers comprised much of BellTroX’s income. “In this industry, genuine work comes only from recommendations,” Goyal said. Reuters was unable to determine the total annual revenue of Gupta’s firm.

Among the many stories contained in the article, there is one in which a lawyer was alleged to have commissioned a hack. Think THAT might interest the disciplinary folks?

Sharon D. Nelson, Esq., PresidentSensei Enterprises, Inc.
3975 University Drive, Suite 225Fairfax, VA 22030
Email:   Phone: 703-359-0700
Digital Forensics/Cybersecurity/Information Technology