[UP FIR#:0432/22] NEW FIR#:15/2023-nSEO ATTACK
In November 2021, we were hit by a hacking and malware attack, which we eventually identified as a Negative SEO attack after an extended internal investigation. That attack not only took down 12 of our websites but also, 5 to 6 years of our hard work and all the progress we had made. This is what happened:
Though we lost no time in reporting the matter to the "cyber" police in sector 108, Noida, Police Commissionerate, Gautam Budh Nagar, Uttar Pradesh (UP), in India, the police simply did nothing. For months. We decided that we will not let this case to be another one shoved under the carpet by the UP police. We decided to write this article to clearly document what happened after we were hit by that attack in Nov 2021 and who did what. Our struggle brought to light many uncomfortable truths and the failures of our system.
To start with, Uttar Pradesh (UP) police took 8 months to just register our FIR (#432/22) against the complaint we filed with them on 19th Nov 2021. Eighteen months later, that FIR has a new number, #15/2023 because we got it transferred from sector 39 police station to sector 36 "cyber" police station (both in Noida). Other than that, the police investigation has not moved beyond them sending a couple of emails to Godaddy. We had also shared a copies of the malware/infected files which is still "under analysis" in some FSL in Lucknow for over a year now!
For all their pomp and grandeur, we found that the top IPS officers in the UP police were no different from their junior counterparts-thoroughly incompetent and unprofessional, with zero sense of accountability to anybody. These junior officers, in many cases, cover-up for their bosses, who in return, give them a free hand. The only thing these guys care about is their own positions, perks, publicity and their political masters. The way these police officers treat their sub-ordinates is directly reflected in how these sub-ordinates treat the general public.
Picture this: our complaint was filed in sector 108, Noida. The FIR was registered in sector 39, Noida. The investigating officer (I/O) Inspector Rakesh Gautam, was an individual from sector 24, Noida who had no idea about anything in IT. The poor man was put in the cyber cell because he had completed some small course in Jetking somewhere! Not surprisingly, nothing happened for more than 14 months. It was then transferred to sector 36, Noida in March 2023, because apparently this was where all the punters of cybercrime investigation in Uttar Pradesh were and apparently the reported "directly" to their super "cybercrime" investigators who were based in Lucknow.
ALL THE KINGS MEN, DID NOTHING
For the record, we met with almost ALL the senior police officials in Noida starting with the CP (Commissioner of Police) Noida, Laxmi Singh, DIG (L & O) Noida, Ravi Shankar Chabi, DCP Noida, Harischander, ACP Noida, Rajnish Verma. (Note: The designation of the officers mentioned here might have changed since we last met them.)
We also met with ACP Varnika Singh in sector 108 Police Commissionerate, Noida. She heard our case patiently but did nothing much else. In fact, she was very upset when we tweeted status updates everytime we went to meet or spoke to someone regarding our case. She said we were trying to show the UP police in "bad light". That begs the question: the UP police did nothing till date, for over a year and half now, in a crime where the criminals are clearly identified and solid evidence is available. Should we just keep quiet about it?
On a rare occassion, we even spoke to ADG (Cybercrime) Subhash Chandra in Lucknow, who later could never be reached by phone or email. Prof. Triveni Singh could never be reached by phone or email. Then we approached the UP CMO/Secretariat, Cybercrime.gov.in, Cert-in.gov.in, CPGRAMS. Nothing happened.
After that, we contacted the Ministry of E & IT (MeITy) and even wrote to the MoS for Electronics & IT, Rajeev Chandrashekar. We not only got a response from his office, but they also instructed Cert-in to look into the matter. ACP Jitender Singh was sent by Cert-in met us in Jan 2023 to gather information about the case. We believe ACP Jitender Singh was instrumental in getting our case was transferred to sector 36, "cyber" cell, Noida in March 2023 and we acknowledge and appreciate that effort.
Irrespective of which police station we went or the level of officers we interacted with, we noticed that none of them had any knowledge of even the basics of IT. Officers in UP cybercrime police stations have no idea about IP addressing, DNS, Virtualization, Hosting, OSINT tools etc. They lack knowledge of even the most fundamental of IT concepts. Some blamed their own UP government and told us that they even had to bring their own laptops to work!
These guys have no business to be anywhere near cybercrime investigation: with zero knowledge, no equipment, no computers, no desire to learn and worse no capacity to accquire any new knowledge! These are basically those fatally "unemployable" bunch and would never get any job anywhere in the private sector.
Another quick anlaysis found that the DG (Cybercrime) was an individual with a Masters degree in veterinary seience. So, basically their top "cop" is a veterinarian. The other senior officer was a man who likes to call himself "Cyber Singham". Interestingly, this man holds an honorary title given to him by a private university and is actively engaged in the production a web series about his "exploits" in fighing cyber crime. Note this, none of these senior officer are ever reachable on their phones or email. They neither answer phone calls nor respond to emails. So, the UP cyber police are basically a headless, clueless and aimless bunch, left each man for himself.
Interacting with these pompous, arrogant police officers was quite a harrowing experience. They sat in grand government offices with the national flag in the background and spewed nothing but lies, incompetence and sheer apathy. The bureaucrats were no different. The junior police office officers sometimes appeared much more willing to help, but eventually followed the example set by their seniors when they realized that they had no idea how to proceed.
Hacking incidents going on at godaddy from 2019
That left us with no other option but to investigate on our own. And what we found later was shocking. Our investigation found that this was not just an isolated case of some stupid cyber criminals hackng other people's websites and leaving backlinks to their own websites. It turns out that these hacking incidents have been going on repeatedly, since sometime in 2019 and cybersecurity researchers have found that millions of Godaddy's customers could have been impacted, and many could have even shut down. Godaddy, far from reaching out to the impacted customers and offering help, did nothing. Knowingly or unknowingly, they simply allowed the hacking incidents to take place and when customers approached them, they tried to sell malware protection, SSL and backup services (as they did to us).
Is this an insider job at Godaddy to generate more sales? Was there some kind of criminal nexus between the hackers and Godaddy at some level or any level, for that matter? We don't know at this time. But what we know now, is that these hacking incidents have been going on even until as recently as Dec 2022 and we have no idea if they (Godaddy) have done anything to stop it for good and protect their customers data and businesses. When we pinged Godaddy CEO (Aman Bhutani) on Linkedin and asked for more information on these threat actors, we got blocked right away. When we pinged their customer service handle on Twitter, they decided not to respond!
We will continue to raise this matter in all possible platforms, forums and institutions until, at the very least:
QUESTIONS FOR THE UP POLICE
See the image on the top? That's what our web pages looked like when we checked them in early November 2021. In what could have been a crime that could have even been solved by a school kid in like a couple of days, it's already almost a year and half since we filed a complaint with the "cyber" police in Noida, sector 108, Uttar Pradesh, India and sadly, the cops are still completely clueless. 17 months on, their official version is "they are in the process of gathering evidence". We will not get into the specifics of how these guys actually go about it because it's plain disgusting. Unlike what happens in a professional, corporate setup, there is no "management oversight" or guidance.
If you happen to be the unfortunate individual who has been assigned to investigate a cyber crime and you have no idea about anything even remotely connected to the topic, it's still your responsibility to "investigate" it. And, mind you, these cops are not even allowed to close the case saying they don't know how to proceed or transfer it to a more competent authority! The senior officers really have no sense of responsibility or accountabilty, they just shout out the orders and the subordinates are only "expected to" do it. But, generally, they don't. The same individual who, only a few minutes ago was seen nodding his head vigourously in front of his superior officer, would casually come out of his cabin and say he won't do it! And, the best part: all of them get away with doing nothing about anything! And the common man, or "aam aadmi" is simply left in the lurch.
SEQUENCE OF EVENTS so far
As is evident from the above sequence of events, and for reasons best known to them, the UP police have shown little or no interest in acting against the criminals who, we identified on 19 Nov 2021 itself, in our complaint. Their investigating officers, with their zero tech knowledge, have actually undermined the investigation itself because they neither understood the significance of the evidence provided nor knew how to interpret it. Post the 'meeting' they had called for on 21 Nov 2022, in sector 6, Noida, they even 'advised' us to not write anything against the culprits who engineered the attack! Then, in the meeting on 19 Apr 2023, they barely stopped short of accusing us of putting the backlinks to the hackers websites from our own websites! The UP police now appear to be handing out a long rope to the culprits and giving them more than sufficient time to cover their tracks.
DELIBERATE DELAY TACTICS BY UP POLICE OFFICERS
If they can't solve it, they will delay it. And who knows better than the top cops in the UP police? When we followed up with the DCP, Noida, Harishchandra for months, there was no progress. The officer assigned by him, by the name of Sannath (in sector 6, Noida) plainly refused to investigate and told us in clear terms that he will not investigate the case. DCP Harishchandra then told Sannath to get in touch with a "cyber expert", by the name of Amit Dubey for help.
Amit Dubey of course did nothing. When we called him, he said he was "very busy" but he could put one of his assistants to make a report (like the one we had already made months ago) but wanted a payment of Rs.10,000 per day. We saw no point in paying somebody for something we had already done and decided against it.
DCP Noida, Harischandra then had a brilliant idea. He referred our case to another officer by the name of ACP Rajnish Verma. This officer called us for a meeting on 21 Nov 2022 in his office, along with the I/O (at that time, Inspector Rakesh Gautam) and the accused individual, Sudhanshu Sharma, Director at Digiversal Consutants, Noida. That meeting lasted for probably five minutes. ACP Rajnish Verma simply asked the I/O to send the malware sample we had (& submitted to the police many weeks ago) to FSL for analysis. Any further work was to be done only after FSL provided their report. ACP Rajnish Verma and Inspector Rakesh Gautam, both knew very well that anything sent to FSL could take many months, and in some cases, even years to be analysed. Incidently, that was November 2022. It's May 2023 now and that FSL report has not yet arrived and it doesn't look like it will be comming any time soon. Meanwhile, we have even transferred our case to a different police station!
TOTAL INCOMPETENCE & FAILURE OF UP CYBER POLICE
The total incompetence and failure of investigation at the local "cyber" police level is a big blow to those who have suffered the crime. And this is entirely the reason why the cyber criminals have been having a free run in Uttar Pradesh. Of course, the cops do get active at times, but only in instances where there are crores of rupees involved, like someone hacking into a bank or like what happened recently in a well-known government run hospital. They eventually call in the private players who do all the hard work and even solve the case. The cyber singhams then come in at the end for the optics, claim all the credit and declare to the world that they have solved the case. How brilliant! And then social media is flooded with memes on the topic!
In other cases, like ours for example, they simply don't care. During our many trips, I've seen panic stricken citizens, in tears, coming to the cyber police station in sector 6, Noida and saying they had lost huge amounts of money due to some cyber crime and that they had already filed a complaint. The cops who listen to them don't even bother to take their eyes off their phones and look at the victims or at least offer them a word of reassurance and tell them that they would look into their complaints.
Instead, they just tell them "80 to 90% chances are you will not get back your money. The rest, we can only try!" That's how brilliantly "digital India" is heading into the G20 leadership! With this reality, one can only look on and wonder what's going on with all the hype and tall talk about "digital this " and "digital that"! There is an absolute and blatant lack of genuine concern for the welfare of the citizens or protection of small & medium businesses in the country.
NON-FUNCTIONAL CM HELPLINE IN UTTAR PRADESH
Our politicians claim to have many processes that are made to help the common citizen. But the reality is, nothing works. Like the UP CM Helpline, 1076 and even worse is their "Jansunwai portal". Nothing works. Of course they will take your complaint and send you a SMS with the complaint number. And then one fine day you will get another SMS saying your complaint has been "resolved" and closed! Then they will call you for a feedback without doing anything about your complaint! Heights of incompetence. Find below the number of complaints we had raised to the UP CM:
COMPLAINTS RAISED TO UP STATE GOVERNMENT AGENCIES
| COMLAINT NUMBER | RAISED TO | ACTION TAKEN | CURRENT STATUS | COMMENTS |
|---|---|---|---|---|
| FIR 0432 | UP Police | Nothing | Nothing | Zero action till date. |
| 92214100008851 | UP CM Helpline | Nothing | Closed | Closed with zero action. |
| 60000220168935 | UP Jansunwai Portal | Nothing | Closed | Closed with zero action. |
| 60000220168868 | UP Jansunwai Portal | Nothing | Closed | Closed with zero action. |
| 60000220188377 | UP Jansunwai Portal | Nothing | Closed | Closed with zero action. |
| 92314100003218 | UP Jansunwai Portal | Nothing | Closed | They closed it because they were unable to assign our complaint to sector 36 police station which does not show up in their application! |
| 60000230089864 | UP Jansunwai Portal | Nothing | Closed | They uploaded our investigation document we shared with the police and tried to show it as their work! |
ZERO ACTION ON COMPLAINTS RAISED ON CPGRAMS
We found out something interesting: the "public grievance" portals in India are simply a sad joke on the citizens of the country. And guess how they "resolve" complaints? By simply transferring it to somebody else. So, if they transferred your complaint to somebody else, they think they have resolved your complaint!
In our case, every single complaint we raised in CPGRAMS were transferred to an individual named Bhaskar Pandey, Jt. Secretary in the UP Government. And this man, far from doing anything in over a year, simply recycled the same status document for months and is still at it!
The UP police are even worse, in the complaints that we had raised on their Jansunwai portal, the UP police took our investigation report and uploaded it in the complaints to falsely show it as "work" done by them!
| COMPLAINT NUMBER | RAISED TO | ACTION TAKEN | CURRENT STATUS | COMMENTS |
|---|---|---|---|---|
| 23109220069408 | Cybercrime.gov.in | Nothing | No action. No update. | This complaint is lying in limbo. Zero action. |
| No complaint number | Cert-in.gov.in | Nothing | None | Asked to follow up with Cybercrime.gov.in |
| GOVUP/E/2022/47420 | CPGRAMS | The FIR was created after 8 months | Zero action on FIR. | Zero action by UP cyber police. |
| MINIT/E/2022/03921 | CPGRAMS | Nothing | Closed | The complaint was quietly "disposed of" |
| PMOPG/E/2022/0250924 | CPGRAMS | Nothing | Closed | The complaint was quietly "disposed of" |
| PMOPG/E/2022/0264176 | CPGRAMS | Nothing | Closed | The complaint was quietly "disposed of" |
| PMOPG/E/2022/0275551 | CPGRAMS | Nothing | Closed | The complaint was quietly "disposed of" |
| MINIT/E/2023/0000048 | CPGRAMS | Nothing | Closed | They transferred to UP govt. and closed the case without doing anything. |
| MINHA/E/2023/0009532 | CPGRAMS | Nothing | Closed | They transferred it to UP govt and closed the complaint without doing anything. |
HOW WE DETECTED THE MALWARE & HACKING ATTACK ON TEKZILVER?
We may have to omit or generalize some of the specifics because of the sensitive nature of the information and because we don't want the Noida cyber crooks to know what we know. We rightly feel that the cyber crooks as well as the government authorities deserve to be named and shamed for what they did, well, actually what they DID NOT!
The cyber crooks are low-life individuals who cannot make a straight living in a fair competition, whereas the government authorities are individuals who are blinded by power and authority and have lost any sense of responsibiity towards the citizens of this country, who they swore to serve. Now, they only listen to HNV (His Neta's Voice)!
This is how it all started-on the 4th of Nov 2021, we suddenly noticed a sudden & sharp drop in the organic traffic to our websites. We initially thought it was just one of those regular dips in traffic but then, it persisted and we had to investigate. Our initial investigation found that many of our top performing pages were not even loading and it was not an issue with the hosting server. Now, this called for a full-scale investigation.
SYMPTOMS of the HACKING AND MALWARE attack on Tekzilver
We started looking into each and every page of our websites and found that many of the pages were infected and filled with junk code (like the one in the main image for this post) just before the start of the html code. Different pages were in different stages of infection. In some pages, the junk code had almost overwritten our code and in some, it was partial. But the end result was the same-our pages were not loading and we were losing traffic and customers and sales. But that was not all the cyber crooks did. They did a lot more damage:
Thousands of Junk Html Pages Generated AND INDEXED ON GOOGLE
The cyber attack also generated thousands of junk html pages in order to make our websites appear to be spammy to search engines.
The cyber attack also created a fake CSS folders and created fake index.php and .tmp files which could not be removed. They kept appearing back even after we deleted it. Obviously, these crooks had placed their code in other areas of our hosting area which kept regenerating these malicious files & folders. We had no other option but to shut down our websites, format the whole hosting area and relaunch the websites one by one, after cleaning up the code.
Parameterized URLs/redirects
They also created parameterized versions of urls:
HOW WE IDENTIFIED THE STUPID CYBER CRIMINALS?
We all heard of the saying that no matter how smart crooks are, they always make mistakes. In our case, they did exactly that and it did not take more than a couple of days for us to track them down after that. These guys were so confident of themselves that they left backlinks from our websites to their own website. Check the image below:
These guys created backlinks to their own website from our websites and used some elementary html & CSS code to hide it. These stupid cyber crooks did not realize that people will start looking at the backend code when something goes wrong. It was like these hackers left their business card after committing a cyber crime. Reminded me of the Wet Bandits in the popular movie Home Alone. Having privacy protection is good but nobody will be sympathetic to hackers and criminals and conceal their identity when they have sufficient evidence of their criminal activities.
MISTAKES MADE BY THE CYBER CRIMINALS THAT IDENTIFIED THEM
After we saw the backlinks to their website, it did not take us long to find out more details. Next, we found the email id of one of the crooks. Take a look at the screenshot below:
So, from the backlinks left by the hackers, we zeroed in on their email id - the email we found was '"[email protected]" which belonged to an individual called Sudhanshu Sharma, who was one of the owners of a firm in Noida, called Digiversal Consultants. A simple Google search on this firm and we got to know that Digiversal Consultants was owned by two individuals called Sudhanshu Sharma (a.k.a Narmadeshwar Nath Sudhanshu) & Budhesh Chopra as seen in the screenshot below: (we'll call them cyber crooks from hereon)
Now we got to know who was behind the attack, the company and the people who owned and ran that company. We were finally able to put a face to their names. We got their pictures from their company's website. This is what these two cyber crooks, our 'Wet Cyber Bandits' look like:
MEET THE STUPID CYBECRIMINALS OF NOIDA: THE REAL WET BANDITS
And the crooked duo claim to be runnng some kind of "education first technology company"! Who would have ever thought that evil lurks behind those warm smiles and folded arms.
ZERO INVESTIGATION BY UTTAR PRADESH POLICE
Well, what happened after we identified the crooks is an ordeal by itself and is still ongoing. We filed a police complaint with the cyber cell in Noida, sector 108, and the police have even registered a FIR agaist the culprits. Unfortunately, it took the UP cops over 8 months to just register the FIR!. The FIR number is 0432 dated 20 July 2022. The new FIR number is 15/2023, after it got transferred to sector 36, cyber police station, Noida in March 2023, from sector 39, Noida.
The opening of an FIR against the Sudhanshu Sharma & Budhesh Chopra of M/s Digiversal Consultants, Noida was just the first step. The challenge we faced was that the police simply refused to take any responsibility. The senior officers would simply call the I/O to ask what happened, just to show they did something. Whether it was at the Police Commissionerate in sector 108 Noida or DCP Noida, sector 6 or sector 36, it was the same story. None of these "cyber" police had even the basic IT knowledge. They did not hesitate to try to cover up facts or try to blatantly false updates or simply try to wear us down by doing nothing nothing about the complaint.
We continued to follow up with the UP police, UP government and the Indian Central government. Nothing happened though we had shared all the relevant details and evidence, including access logs, malware samples, host names, IP addresss, hosting history, names, addresses, phone numbers and physical locations. The UP police resorted to delay tatics and lies because they had nothing to show in terms of investigation. We decided to keep going no matter what happend, until the criminals are apprehended. It could take a while, but we will also make sure that the criminals feel the full force of the Indian law no mater how long it takes. We will hold them accountable for the damages we suffered and the financial losses we incurred.
INCOMPETENCE, LIES & COVER-UP BY UP "CYBER" POLICE AT ALL LEVELS
The UP "cyber" police, (Inspector Rakesh Gautam), in over a year after our complaint, had only approached our web hosting service provider, Godaddy and asked for the access log files. Godaddy refused and referred the cops to a different hosting provider who was not connected with this case in any way. Now the Up police have declared that they are "waiting for information", that will never come! Hence, their status updates always reads "evidence gathering in progress"!
There are other agencies who were supposed to provide more information, like FSL for example. But they didn't have a turnaround time. "Yeh sab bahut time lagta hai" is what the cops are saying now (after more than one year of doing nothing!). This is how our cyber police "gather evidence". They don't that the evidence they seek is already right under their very noses!
The crooks, in the meantime, are laughing their backsides off, looking this colossal incompetence. This is just what they wanted, and probably, even expected. For all the big talk, the UP "cyber" police had only sent 2 emails: one to Godaddy and another to Contabo. Well, actually 3 emails, one was sent to me!
SECTOR 36, NOIDA: WORST & MOST CORRUPT CYBER CRIME POLICE STATION
Things were even worse after we transferred the case to the "main" cyber crime fighting police station, in sector 36, in Noida. We were told by the SHO of that PS (police station), Rita Yadav that one SI Ajit Saxena would investigate our case now. SI Ajit Saxena openly declared that he was just a recent B.Tech passout and had no idea about cyber crime investigation. We had to start all over again and explain to him what happend and literally walk him through the sequence of events.
On, 19 April 2023, SI Ajit Saxena of sector 36, cyber police station, Noida called the accused for a meeting. We were also asked to be present. We were surprised when the accused party, Sudhanshu Sharma, Director of Digiversal Consultants, Noida came along with the owner of his web hosting service provider, an individual called Brijendra Sial, of Bullten Hosting Solutions, Indore, to answer questions by the police on his behalf!
The Uttar Pradesh "cyber" police in sector 36 police station, Noida, actually allowed an accused individual, Sudhanshu Sharma of Digiversal Conultants, Noida to bring another criminal (Brijendra Sial, owner of Bullten Hosting Solutions, Indore) to defend him in the police station!
Brijendra Sial, as expected, sensed that the SI was totally clueless about the case and did everything to mislead him. SI Ajit Saxena was so impressed with Brijendra Sial that he decided our complaint had no value and all the evidence we had shared was no good! He started openly supporting the criminals without understanding anything about the case.
We were even more surprised when we were told by Inspector Rita Yadav, SHO of sector 36, cyber police station , a.k.a Singham Lady, a few days later that SI Ajit Saxena was only a "technical assistant" and that the "actual" Investigating Officer was an individual called Inspector Lakshman Verma. When we spoke to Inspector Lakshman Verma of sector 36 police station, he simply said he had no information about the facts of our case and had to check with SI Ajit Saxena!
Now we were more convinced than ever that Sector 36, Cyber Police Station in Noida, Uttar Pradesh was probably among the worst and most corrupt police stations in the state. The police officers there, apart from being thoroughly incompetent, simply tried to spin a false narrative, one that suited them. If an entry level SI like Ajit Saxena could be so incompetent & corrupt right at the start of his career, what kind of police officer would he evolve into as he reaches higher positions?
CYBER CRIME IS UNACCEPTABLE AND WE WILL NOT TOLERATE IT
The hacking and malware attack on our company is unacceptable & we will not tolerate it, or forget about it and move on just because the cops and other agencies have not done anything so far. But it is a life-changing event for us. We are not even a small company. We are just a tiny startup with a handful of people who worked from different places. The last thing we expected was somebody to attack our business and take down our websites. In fact, all our websites. All our struggle and toil of over five years went down the drain for no reason.
But this has only strenghtened our resolve to fight back. It took us almost a year to relaunch all our websites. Many lessons learnt:
We will also offer cyber-security & related services because we have felt the pain of the attack first-hand and understand how crucial it is to move fast and collect all the evidence so that the criminals can be quickly apprehended. In our case, the police have not acted even after more than one year from the date of our complaint, which is giving the cyber criminals more than sufficient time to try and cover their tracks and destroy evidence. But, in tech, as the saying goes, "you can run, but you can't hide". Cyber criminals always leave a trail and we are already on it.
We will also be happy to work with cyber crime prevention agencies and organizations to prevent cyber crime in all forms and bring criminals to justice at the earliest. We will also be actively working to bring about awareness about cybercrime in the society.
UPDATE ON 26TH MARCH 2023
We got to know, from multiple reports that Godaddy itself was hit by multiple hacking attacks on their hosting servers. Some of the links are provided below:
However, it is difficult to imagine that what we thought was a "reputed" company such as Godaddy, could actually have allowed its servers to be hacked, not just once but over and over again for many years, by the same or multiple threat actors. These guys probably got in touch with some of their customers in the US, due to the stringent laws there and let them know what happened. But Godaddy never informed any of their customers in India. At least we were not informed about hacking attacks even though we were severely impacted.
That's not all: they did nothing to help when we reached out to them for help after the hacking attack. Instead, they were trying to sell us more of their products, such as malware protection, backup service et. al. According to their own statement, over 1.2 million customers were impacted by the hacking attack. We want to know how many of them were Indian? Why were they not informed? Why were they not helped to restore services? Why were they (Godaddy) trying to take advantage of the situation and make more money out of such a huge disaster such as this? Did they deliberately allow the hacking attacks to happen so that they could sell more security related services?
We now know what happened and who did it. We ask that the Indian government also act against companies such as Godaddy who could neither provide a secure service nor get things under control when they realized there was a breach. By allowing the same incident to happen multiple times, they are directly responsible to have caused huge financial losses to many companies and may have even put them at risk of closure.
UPDATE ON 04TH APRIL 2023
That report was carried by Dainik Jagran of 30 Mar 2023 after our complaint (against Sudhanshu Sharma & Budhesh Chopra of Digiversal Consultants, Noida) was formally transferred to the main cybercrime investigating unit at sector 36, Noida on 27th Mar 2023. Our efforts continue.
UPDATE ON 20TH APRIL 2023-ANOTHER CRIMINAL IDENTIFIED!
19th April 2023 was an important day and we spent days without sleep preparing for the meeting with the cyber police and the new I/O (investigating officer) who was supposed to confront the accused party with the evidence. But the opposite happnened. The cybercrook accused in our FIR 0432/22 (Sudhanshu Sharma), actually brought his friend (Brijendra Sial), who said he was the owner of a hosting company in India called Bullten.com, to answer questions for him! The absurdity of this, by itself is undeniable. Think about it - an individual accused in a cyber crime brings the owner of his hosting company to answer questions to the police on his behalf!
From some basic research we did on this individual, Brijendra Sial, we found that he is actively involved in black hat techniques. That apart, by virtue of what he does for a living and the evidence we have so far, we believe he has intricate knowledge of the working of servers, virtualization, routing etc.
Putting two and two together, we know now, that our cyber crook, Sudhanshu Sharma of Digiversal Consultants, Noida sought and received black hat services, which included spamming, reverse/negative SEO & hacking, from the said owner of Bullten.com, Brijendra Sial. This now solves the puzzle of the incidents that happened when our websites were hacked back in Nov 2021.
Another interesting fact is that for the entire duration of our meeting with the police in sector 36, Noida, yesterday, Brijendra Sial made sure his face was fully covered and nobody saw what he looked like. The image published above is based from images available online, in this case his Github profile.
We watched as the criminals misled the I/O and played down the relevance of the evidence that we had presented to the police so far. The crooks even had the audacity to suggest that the access logs we had could have been manipulated and that the backlinks to the accused party's website (assignmentshelplite.com) could have been placed by us due to business rivalry! They now wanted the I/O to find a company or individual to confirm that the access logs we had were infact not manipulated and were really from Godaddy! And these are access logs that we got and shared with the police over 15 months ago, which they never bothered to analyse till date!
We will now want this individual, Brijendra Sial, as well as the co-owner of Digiversal Consultants, Noida, Budhesh Chopra, to be also named as accused in our FIR0432/22 for criminal activities.
UPDATE ON 22TH APRIL 2023
DAY NO:521: Another trip to the police station. Another wasted day. We were called for a review meeting with the SHO and the I/O but on reaching the police station, we found neither of them were there. The SHO could not be reached on her phone.
We took two important decisions today:
In 17 months till date, we've seen that the investigation in this case has not moved an inch from where it was in Nov 2021 when we filed our complaint. The best these ace "cybercrime" cops could do is to send a couple of emails to Godaddy. Every single one of these cops we met, had no clue of even the basics of what this case was all about. They could neither understand the relevance of the evidence presented to them nor could they interpret it in any meaningful way. The worse part, these guys made no attempt to even try to understand what they did not know! With such zero knowledge, they're the best thing that's happened to the scammers who missed no opportunity to happily mislead them.
This story is far from over and still has a long way to go before hitting 'The End'. We will continue to pursue it until we take it to it's logical conclusion.
UPDATE ON 22nd MAY 2023
The story is getting more and more curious, with each passing day. Last week, 17th May 2023, we were shocked to learn that our case was assigned to a new investigating officer (i/o). We are not mentioning his name for privacy. So, this new I/O told us he had no idea about what is happening in our case and had to wait for the previous i/o to come back from his vacation to update him. Strangely, the SHO of sector 36 police station, under whom these two individuals work, told us that the second i/o was only a "technical assistant", and the original i/o was in fact the third guy who recently waded into the picture. All in all a pathetic case of colossal incompetence. Makes me wonder, how on earth do these people get employed in government jobs? And why do they get paid with public money for doing nothing?
So, as things stand today, in May 2023, the UP government boasts of the largest police force in the country with roughly 2.5 lakh employees. But there is not one single individual who is competent enough to handle a simple case of hacking, where there is an open FIR, gethering dust for over 18 months now and the criminals have been clearly identified with undisputable digital evidence. It's not with just the UP police, but its the same story with all other "cyber crime" investigating agencies, such as Cert-in, Cybercrime.gov.in and thers. These organizations are simply filled with incompetent individuals, who get fat on public money. At least that is the story so far. We will keep updating this article, as things unfold.
The kind of training these guys seem to be getting is pathetic. Aparently, all these local police are trained by Cert-in.gov.in and the level of training they provide is directly reflected in the quality of investigation the police become capable of. What they're doing is like a blind man trying to teach something to a deaf man in a dark room! I can't believe this is the India of 2023. Seems more like some remote, primitive banana republic to me, with all these criminals running freely and police clueless to act against them.
UPDATE ON 23rd MAY 2023
Another trip to the police station and another wasted day. Seriously, they should stop calling these "cyber" police stations because nobody inside of these "police" stations knows anything about cyber security. Not even the basics.
From our experience today, we can safely say that the so-called "cyber" police station in Sector 36 Noida, is manned by some of the most incompetent and corrupt UP police in the state. And we met two of them: an entry level SI, Ajit Saxena who called himself the I/O for our case and his boss, Inspector Lakshman Verma, who declared himself the I/O for our case only last week, but had no idea what our case was all about! These guys have no qualms about lying through their teeth or playing down the relevance of evidence presented, or simply twist facts to suit their narrative or even worse, to please the criminals and accused parties. This inspector had the gall to suggest that we should now ask for some other agency to investigate our case because they had no idea what to do. We told him to give that to us in writing, he refused. The man even tried to intimidate us with statements like "we know what you did...!" etc. Wonder how the UP government manages to appoint these kind if individuals in such positions!
SI Ajit Saxena took his incompetence to an entirely new dimension by saying that if anyone hacks your websites and plants malware and backlinks to their own website, it does not quantify as evidence and does not mean they actually did it! It was rather unbelievable and more so, because they were saying all of this in front of an SP level officer!
Any hope of the UP "cyber" police acting against the criminals is now fast receding in spite of our best efforts. But if we could follow up on this for 18 months, we can do it for another whatever it takes. We wonder what the next meeting (if it happens) will be like. Cybercrime investigation in Uttar Pradesh is a sad joke.
UPDATE ON 24rd MAY 2023
Yesterday, we were in a meeting with a SP level police officer in the UP cyber crime department in Noida. The I/O was summoned to provide his update. Strangely, in the two months that our case was in Sector 36, cyber police station, the SHO of that PS, Rita Yadav had introduced SI Ajit Saxena as the I/O. Then abruptly, everything changed and she told us last week that Inspector Lakshman Verma was the "actual" I/O.
Now, this SI Ajit Saxena, with his zero tech knowledge was openly supporting the criminals and trying to cover up for them, Inspector Lakshman Verma has no clue about the case because he was never ever involved in any investigation or discussion. That man actually dared us to "solve" this case ourselves or ask for a different agency to investigate it! He had no idea that I had solved this case 1.5 years ago, and shared all the details plus evidence with literally all police officers in Noida.
Below is the summary of this crime which was actually a Negative SEO Attack on us. But they did not do anything about it. Now that we have given them the solution to this crime, we now demand that the accused and his acomplices be arrested without any further delay and damages recovered.
HOW TO READ AN APACHE WEB SERVER ACCESS LOG FILE?
Actually, we fould a nice video on how to read an Apache web server access log file. This will be required for anyone investigating this case, or anybody who needs to read and understand an Apache log file.
UPDATE ON 26 MAY 2023. NEW FIR NUMBER
Another long trip to the PS. We got to know today that our FIR (0432/22) now has a new number, which is: 15/2023. We have to contact SI Bhagwan Singh again on Monday, 29 May 2023.
UPDATE ON 03 Jun 2023
During one of our conversations with ACP Jitender Singh (who was sent by Cert-in), he had asked us to contact Addl. SP Cyber Crime, K.K. Saroj. His office was in sector 82, Noida & we met him on 22 May 2023. The man put us in touch with one SI Bhagwan Singh. After spending the entire week explaining the case to SI Bhagwan Singh, he wanted to continue following week, as we were heading into the weekend. Then, when we called him on Monday, 29th May, he said he was in a training in Delhi for the next three days and we had to contact him on Friday, 2nd Jun 2023.
We decided to continue pursuing this case through other channels. We will continue reaching out to other individuals as necessary. We just have to find that ONE elusive honest police officer, in the huge UP police force of over 2.50 lakh individuals. It's only a matter of time.
When we called him on Friday, he said we had to contact the same set of folks in sector 36, Noida! During all this time, Addl. SP Saroj could not be contacted on his phone. From our interactions with these cops, we could sense that the direction to send the case back to sector 36 could only have come from Addl. SP Saroj and SI Bhagwan Singh simply had to carry out his orders. Such low level behaviour from individuals in reasonably high offices in the IPS in Uttar Pradesh was not a surprise anymore. These guys have all been the same so far, no matter which level you contacted them at and for some reason, they have simply refused to investigate the case even when the solution and evidence were handed over to them on a platter.
ANOTHER CRIMINAL ENTERPRISE IS BORN-SSSI ONLINE TUTORING SERVICE, NOIDA. BEWARE
Meanwhile, we got to know from our sources that there was trouble brewing between the two crooks, Sudhanshu Sharma and Budhesh Chopra at Digiversal Consultants, Noida, with each of them trying to grab as many money sites as possible. Budhesh Chopra apparently kicked out Sudhanshu Sharma and opened a new company and a new office in Noida called "SSSI Online Tutoring Service" which was some "Unit of Simran Shri Shri International". Wonder what they are going to tutor people at? How to commit cyber crime and get away with it? Or how to hoodwink the UP police? Or how to dump your partner after you make enough money?
Meanwhile, the other crook, Sudhanshu Sharma branched out into selling some Ayurveda products through his spouse. Well, this is what happens to criminals and criminal enterprises. These guys try to make money as fast as possible and don't hesitate to stab each other in their backs.
In between all of these, monkeys like Brijendra Sial of Bullten Hosting Solutions, Indore will try to get business from both these companies to run their black-hat SEO business. And, without realizing it, their poor employees will be getting deeper and deeper into criminal activities. What will happen to them when the long arm of the law eventually catches up with their bosses? Party in jail!
Note: Do you want to get in touch with us? Drop us an email at [email protected].
This is the story of the cyber attack on Tekzilver.com and other websites owned by us. We tracked down the cyber criminals to a Noida (Uttar Pradesh, India) based criminal enterprise called M/S Digiversal Consultants, run by two individuals, Budhesh Chopra and Sudhanshu Sharma. These guys apparently somehow managed to hack into our websites which were ALL hosted with Godaddy. They hit 12 of our websites, injected malware, generated junk pages, parameterized urls etc. AND being the brilliant cyber crooks they were, they even left backlinks to their own website (which called assignmentshelplite.com), which was almost like these two "gentlemen" literally left behind their business card and we tracked them down in no time! This story took a weird twist later in the course of our investigation when we found out that these hacking events were all a part of what has been going on at Godaddy since 2019! It turns out that cyber criminals had gained access to Godaddy's hosting servers and were carrying out their nefarious activities almost at will. Hacking incidents at Godaddy's hosting servers were reported even until as recently as December 2022. Why? How? We don't know at this time. But we hope to have the answers soon.
20 April 2023: It looks like we now have the answers to the "why" and "how" questions we were asking earlier: from our own research so far, we have more than good reason to believe that our websites were hacked by the owners of Digiversal Consultants, Noida who pursued black-hat SEO techniques through Brijendra Sial, owner of Bullten Hosting (Bullten.com), Indore. Almost all the IP addresses we identified in our access logs have been reported for hacking, phishing, port-scanning and other malicious activies since 2021 in AbuseIPdb.
This article has been updated in May 2023. We will keep updating this story as it progresses. Please note, the designations of some of the UP police officers could have changed since the time we have mentioned them in this article.