The BIG short

  • August 13, 2020

Cases are popping up all around the world of companies or groups with vast resources and vendettas targeting individuals, writes Prasad Mani.


The following is a story about a man named Matthew Earl. And so much more.


Matthew Earl is a model of rectitude, a well-behaved citizen, very trusting in the legal and regulatory institutions of modern society. He also moonlights as an anti-hero. He is a short seller. He digs through public records of various companies that he suspects of foul play and uncovers accounting shenanigans deep in the books or well-hidden fraud that he thinks need to see the light of the day. Then, he bets against these companies – when the stock price of these fraudulent companies goes down, he makes money. In short, Matthew’s vocation makes him a heat-seeking missile. He took great pride in exposing the nefarious activities of these companies. He loved to be a part of something that enforced order in this world.


He discovered that this penchant for delivering comeuppance doesn’t always go unpunished. 


One day in December 2016, while reading the newspaper, he received a message from his colleague, asking him to read a 9-page document he had just forwarded. Matthew went ahead and opened it on his phone. The first page contained a photo – of Matthew, standing at the door talking to some person. The photo was from up close, about 3 inches away from where he was standing. Matthew had no clue who took the photo. In the background, the garden and the foliage were in reasonably full bloom, implying it was July, 5-6 months prior to the time he saw the document. The other pages of the document weaved elaborate conspiracy theories placing Matthew at the center of some vast criminal enterprise, with fake text and Skype messages that made it seem like Matthew was arguing with his cronies about who owes who money. The traducing document was posted on the internet and people started retweeting it at an alarming rate.


It destabilized him because this was psychologically disturbing and would besmirch his good name. He felt he was pushed into a world where someone has a panoptic view of the minutiae of his life. He talked to his lawyers about getting the documents taken down. But in the meanwhile, he started becoming worried about his wife and his kids. On guard with gimlet eyes, he second-guessed every handshake from the people he met, every greeting (or lack thereof) from his neighbors. And what to think when someone declines to do business with him? He began to lose his compass. 


It turned out that document was just the beginning. One day, after Matthew dropped his kids off at school, he got a call from his colleague, who claimed that he’d been accosted by two large East European men asking after Matthew. Another day, when Matthew was driving with his children, he noticed a car following him, with someone taking pictures of them.


One night, a car pulled up quite abruptly outside his house. Two men came out of the car and started striding up to the front door. They rang the doorbell. With his wife and kids upstairs and fully aware of what was happening, Matthew opened the door just as much as the chain of the door would permit. On his table, he had a cellphone with its recorder turned on in case things took a bad turn and he needed to inform the authorities. The men started out politely but soon became aggressive in their tone when Matthew refused to talk to them. “You’ve got quite an interest in Wirecard, though, haven’t you?” they asked.


Wirecard is a large German company, part bank, part new technology. Once upon a time, it processed payments for online gambling and pornography. Now it’s on Germany’s stock index of blue-chip companies, listed right up there with old classics like BMW, Siemens, and Deutsche Bank. Matthew had researched Wirecard, and recently published a report alleging that Wirecard had processed illegal money transfers for online gambling companies that had done business in the U.S. And after his report came out, the company’s stock plummeted, and Matthew profited when it did. Companies often accuse short sellers of bad faith and tainted motives and of colluding with journalists to publish unflattering reports.


After the men at the door, Matthew started by calling German authorities in charge of monitoring these companies to inform them about the allegations he’d made in his original report about the illegal activity the company was still involved in. He phoned the whistleblower line. As soon as they heard the word ‘Wirecard’, they pretended they didn’t speak English. Then they hung up and the phone went dead. He later made a presentation to another set of German authorities – a prosecutor and then a policeman. Months passed and nothing. He tried the London police and still, nothing.


Matters reached a fever pitch when he started losing his temper with the kids. He lost a lot of weight. He also discovered some more unsettling facts. A tracker was attached to his car. Strangers on the street were photographing him. He was practically put out of commission.


It had been over two years of unrelenting harassment. And it was not stopping. They moved to a new house in a different place to try and establish normalcy. They wanted to live in a neighborhood where nobody would recognize them. But the fiendish methods of tormenting followed him there too. They came through his email, an endless stream of phishing attacks all day every day for years. They perfectly mimicked the sites Matthew frequented, the headlines that would most catch his eye, fake emails about his own company, about things he’s written about on his blog – fake congratulations, fake invitations.


Matthew had been in conversation with John from Citizen Lab, a cybersecurity watchdog group based in Toronto. Matthew had contacted Citizen Lab to tell them what was happening to him. He forwarded John the hundreds of suspicious emails, diligently day after day for years, which actually allowed Citizen Lab to launch their own investigation, keeping tabs on the hackers over a long period of time. Months later, Citizen Lab went public, ascribing this operation to an Indian company called BellTroX, a Delhi based IT firm, which has been active for years running an absolutely massive hack-for-hire operation of which he was one of the many targets.


Citizen Lab released a report detailing the BellTroX-based global hacking operation this June. And they named many victims – government officials, human rights groups, and journalists. Citizen Lab shared its information with the U.S. Justice Department, which is now conducting its own investigation into cyberhacking – the dark underbelly of the cyberworld. The report did not say that they had established any link yet between the BellTroX and Wirecard. But the report did identify a group of people – mostly investors and journalists – who had written critically about Wirecard and who had all been cyber harassed around the same time. Wirecard has publicly denied having any contact, direct or indirect, with the group in India.


Cases are popping up all around the world of companies or groups with vast resources and vendettas targeting individuals. It can happen to a private citizen. Matthew learned to operate in this new world, to not get paralyzed when a machine much bigger than you feeds you a lie about yourself, and when no one comes to your rescue. He learned to be nimble, almost inured, and stress inoculated.


And how about Indian activists, journalists, and lawyers? In October 2019, Citizen Lab and WhatsApp administrators informed them that they were being surveilled using spyware. Two such activists were thrown in jail this April – Anand Teltumbde and Gautam Navlakha – after being accused by the state of instigating the December 2018 Bhima Koregaon violence. For instance, last October, John described to Anand that the Israeli spyware Pegasus was installed on his phone by taking advantage of WhatsApp security breach. The spyware is licensed only to governments. Other human rights defenders’ phones were infected with similar spyware and malware from emails. Malware is sent through a link and a request to download. Once the malware is installed on your device, the attacker has full visibility and control of your computer: access to all your files, your camera. It can take screenshots, and record everything you type on your keyboard.


This June, Amnesty International and the Citizen Lab discovered that nine human rights defenders, most of whom have been fighting for the release of the Bhima Koregaon 11 (BK 11 activists – Sudha Bharadwaj, Shoma Sen, Surendra Gadling, Mahesh Raut, Arun Ferreira, Sudhir Dhawale, Rona Wilson, Vernon Gonsalves, Varavara Rao, Gautam Navlakha and Anand Teltumbde) through litigation, research, or activism, were unlawfully targeted with a spyware attack.


Prasad Mani is an astrophysicist and writer currently working at the Tata Institute of Fundamental Research.



Further readings:

Details for Bhima Koregaon cyberhacking, in order of quality of information:

John Scott Railton – Citizen Lab

Matthew Earl story sourced from :

Invisibilia – NPR


Share this
Recent Comments
Leave a Comment