Israeli private eye gets 80-month sentence for global hack-for-hire scheme

An Israeli private investigator was sentenced in the Southern District of New York to nearly seven years in federal prison on Thursday on charges that he orchestrated a global hack-for-hire scheme.

Aviram Azari pleaded guilty in April to wire fraud, conspiracy to commit hacking and aggravated identity theft for his role in coordinating hacking campaigns on behalf of unnamed parties from 2014 until 2019.

According to the Department of Justice, he was paid $4.8 million over five years for his services.

Azari hired hackers, including a group from India, to get access to specific targets’ email accounts. The hackers used spearphishing emails, which would redirect them to servers mimicking legitimate web pages. When they attempted to log on to those sites, the hackers would harvest their credentials.

Among Azari’s known victims were high-profile climate change activists, including from the Union of Concerned Scientists, Rockefeller Family Foundation, the Conservation Law Foundation and the Climate Investigations Center.

Their hacked communications were leaked to media outlets and published in articles related to investigations into Exxon’s knowledge about climate change risks. “In particular, those news articles appeared designed to undermine the integrity of: (i) the state AGs’ investigations into Exxon; or (ii) individuals working at the non-profit organizations purportedly involved in influencing the state AGs to investigate Exxon,” prosecutors wrote in a sentencing memo.

Exxon also incorporated “stolen and leaked” material into court filings related to state investigations into the company. Exxon has denied having any prior knowledge of Azari or the hacking campaign.

Investigators are aware of the successful hacking of more than 100 of Azari’s victims and have identified around 200 others.

“However, the true volume of individuals and entities who were targeted by Azari and the hackers he hired during the course of the spearphishing and hacking scheme, many of whom have not yet been identified by the Government, numbers in the thousands and spans the globe,” prosecutors wrote.

Azari has refused to say who his clients were, with the exception of a now defunct German payments company called Wirecard.

Although prosecutors did not name the Indian hacking group Azari worked with, Reuters reported last year that he had hired BellTroX, a notorious hacking firm whose founder, Sumit Gupta, was indicted in a 2015 scheme in California.

India has a thriving hack-for-hire industry, which has operated with relative impunity.

On Thursday, Reuters published an investigation into the Indian company Appin, which pioneered India’s hack-for-hire industry and spawned a network of copycats within the country.