“Dark Basin: Uncovering a Massive Hack-For-Hire Operation,” a report from Citizen Lab, an initiative of the University of Toronto’s Munk School of Global Affairs, concludes that the hacker group engaged in targeted phishing attacks against hundreds of institutions on six continents.
Why it matters
While this operation had not targeted the media and entertainment industry, it is instructive to understand the Dark Basin case because pirates use similar techniques and tactics to penetrate premium content and services, and to endanger consumers.
Dark Basin sets up Web sites and social media pages that resemble legitimate services. URL shorterers are used to disguise the actual URLs of phishing sites. Citizen Lab’s research uncovered nearly 28.000 different URLs, “each of which led to a Dark Basin credential phishing Web site… Often, the email address of the target was included in the URL”
Dark Basin has “a remarkable portfolio of targets, from senior government officials and candidates in multiple countries, to financial services firms such as hedge funds and banks, to pharmaceutical companies. (It) has extensively targeted American advocacy organizations working on domestic and global issues. These targets include climate advocacy organizations and net neutrality campaigners.” One of Dark Basin’s initiatives in 2017 was to expose Exxon’s knowledge of climate change. Another was to target the US Federal Communications Commission to preserve Net Neutrality.
Based on the roles of individuals and associates targeted by Dark Basin, the operation appears to have a deep understanding of its targets and their relationships, which can come from being baited by phishing campaigns.
The larger threat is that attacks by operations like Dark Basin undermine organizations that provide the foundations of civil society, many of which are not prepared to resist such attacks – which is the focus of another initiative by Citizen Lab, dalled “Communities @ Risk”