An Israeli private investigator, Aviram Azari, has been sentenced to nearly seven years in federal prison for orchestrating a global hack-for-hire scheme. Azari, who pleaded guilty to wire fraud, hacking conspiracy, and aggravated identity theft, received $4.8 million over five years for coordinating hacking campaigns from 2014 to 2019.
His hired hackers, including a group from India, utilized spearphishing emails to gain access to specific targets’ email accounts. Among Azari’s victims were prominent climate change activists, whose hacked communications were leaked to media outlets to undermine investigations into Exxon’s knowledge about climate change risks.
These leaked communications aimed at influencing state Attorney Generals’ investigations into Exxon and discrediting individuals working for non-profit organizations involved in influencing these investigations. Exxon also incorporated “stolen and leaked” material into court filings related to state investigations, although the company denies prior knowledge of Azari or the hacking campaign.
Investigators are aware of over 100 successful hacking incidents, with around 200 others identified, but the actual number of individuals targeted by Azari and the hired hackers is believed to be in the thousands globally. Azari has refused to disclose his clients, except for a now-defunct German payments company called Wirecard.
While the Indian hacking group Azari worked with remains unnamed by prosecutors, Reuters reported that he had hired BellTroX, a notorious hacking firm. BellTroX’s founder, Sumit Gupta, was indicted in a 2015 scheme in California.
The hack-for-hire industry in India operates with relative impunity, and an investigation into the Indian company Appin, which pioneered the industry, was published by Reuters on Thursday. Azari’s sentencing sheds light on the global scope and impact of such hacking schemes, emphasizing the need for international cooperation to combat cybercrime.