SSA/CRA impersonators raided by the CBI (24 call centers shut down!)

SOURCE (VIA @A-TeamandT): CBI Busts Cybercrime Network Targeting Global Citizens: Seizes Rs 2.2 Crore in Cash and Digital Evidence - The420.in

Earlier today, the Central Bureau of Investigation in India conducted a series of raids and seized $263,945.22 in rupees and an undisclosed amount of cryptocurrency from “a significant cybercrime module” by Sushil Sachdeva and multiple associates from 24 separate locations in Delhi, Noida, Gurugram and Gujarat. Among the accused were:

  • E-Sampark Softech Pvt. Ltd (Gaurav Gupta)
  • Achievers A Spirit of BPO Solutions (Manu Chawla)
  • Shivaay Communications Pvt. Ltd. (Gaje Singh Rathore)
  • S.M. Technomine Pvt. Ltd (Sanket Bhadresh Modi)
  • Technomind Info Solutions (Rajiv Solanki)
  • Fintalk Global (Sushil Sachdeva, Nitin Kumar Wadwani & Swarndeep Singh)
  • Global Enterprises (Dinesh Manohar Sachdev)

In addition to tech support scams, the call centers also facilitated government scams claiming your benefits were suspended unless you pay $35,000 in fees through gift cards. Despite having operated as the “Federal Grant Department,” the scammers have impersonated the following government agencies:

Investigations into their fraudulent operations were conducted last year as part of Operation Chakra-I, a collaborative effort with the Federal Bureau of Investigation in the United States of America. The listed companies have been indicted by the United States Department of Justice on fraud and money laundering charges.

4 Likes

Couple of clarifications from the CBI press release.

https://twitter.com/CBIHeadquarters/status/1727359704781996199

First, this was not actually an FBI case. I originally referred this to the Inspector General of the Department of Homeland Security. Based on call records, a Secret Service TFO in Wisconsin, and an alert Asset Protection Officer at Walmart, they arrested two money mules.

However, DHS-OIG then dropped the case saying they didn’t have resources to pursue suspects in India. (The same root cause of all of the problems the scambaiter community has been trying to address for the past seven years.)

I re-referred this several times until finally the Treasury Inspector General for Tax Administration found a willing AUSA in Atlanta to run with it.

Then the Transnational Elder Fraud Strike Force sort of hijacked the case by offering the Atlanta AUSA a TDY on the Strike Force so she could move from Atlanta to DC. The Strike Force then sued TollFreeDeals and Global Voicecom.

The criminal indictment for eSampark therefore didn’t get unsealed until the end of 2020.

Now, here is where things get murky for me. I was told all of the information about the un-indicted co-conspirators in this case were provided to CBI by TIGTA through FBI before the indictment was unsealed in November 2020. However, this above CBI press release says the CBI FIR was received (presumably from FBI) in July 2022. This is why I need to get at the CBI FIRs.

The search warrant for eSampark’s Florida-based VoIP servers was probably executed sometime around January 2020. This is where the 130,000 scam call recording referenced in the first Justice Department press release came from.

The superseding indictments against eSampark’s customers was unsealed in February 2022.

Operation Chakra I happened in October 2022 to coincide with the Interpol General Assembly meeting in New Delhi. Chakra I involved 115 search warrants. The TIGTA case agent told me they believed, based on their meetings with CBI and FBI, that 20 of the 115 targets were related to the eSampark case.

But neither FBI nor CBI ever confirmed this. One of the eSampark defendants was (Sanket Bhadresh Modi) named in Indian news reports as having been arrested in Chakra.

https://indianexpress.com/article/cities/delhi/us-citizens-million-fraud-calls-indias-cbi-delhi-court-8321490/

I never received a list of which eSampark defendants had been chargesheeted in which Indian courts so I could follow the India cases online. I am still not clear whether this is because CBI did not provide the information to FBI or FBI did not provide the information to TIGTA. This is a big deal strategically because the FBI is REQUIRED to provide this information under the Federal Crime Victim Rights Act.

Operation Chakra II involved another 76 search warrants that coincided with an Interpol cybercrimes conference the week of October 18, 2023.

https://twitter.com/CBIHeadquarters/status/1715013667581051219

The CBI press release mentions cooperation with FBI. It also mentions cryptocurrency investment schemes.

At the same time Microsoft’s Digital Crimes Unit put out a press release about their involvement with Chakra II.

Neither press release nor subsequent press coverage gives any indication suspects from the eSampark case were involved. Since both Chakra operations are “sweeps” involving simultaneous actions against multiple crime groups, it is possible all of these different stakeholders’–Microsoft, Amazon, FBI–perspectives are true and accurate.

The additional actions against 26 locations on November 23, 2023 appear to be suspects associated with one of the eSampark defendants (Sushil Sachdeva).

5 Likes

REQUEST FOR ASSISTANCE

Per above, I need the CBI FIR for the above action. A news reporter in India posted an image of another CBI text message notification referencing the FIR number (2212022E0031).

When you Google search the FIR number, a cache record of a public PDF comes up.

https://cbi.gov.in/assets/files/fir/1286881451RC2212022E0031_0001.pdf

But the link will not open. Nor will the Google cache. They both just spin. As does https://cbi.gov.in/view-fir. As does https://cbi.gov.in.

I THINK this is because CBI blocks non-Indian IPs.

REQUEST FOR ASSISTANCE

If anyone has a VPN or proxy with an Indian IP address can you check these links and see if you can download the PDF.

https://cbi.gov.in/assets/files/fir/1286881451RC2212022E0031_0001.pdf
https://cbi.gov.in/view-fir
https://cbi.gov.in

Thanks.

3 Likes

For anyone interested, The CBI FIR is attached as screenshots due to website security (downloaded from their website)




2 Likes

Thanks again.

1 Like