Hacking & Malware Attack on Tekzilver
Hacking & Malware Attack on Tekzilver

CYBERCRIME IN NOIDA, (UTTAR PRADESH), INDIA

UTTAR PRADESH POLICE FIR#:432/22. NEW FIR#:15/23-nSEO ATTACK. ACCUSED CRIMINALS: SUDHANSHU SHARMA (Phone:+91 95402 81586) & BUDHESH CHOPRA (Phone: +91 98912 64697) OF DIGIVERSAL CONSULTANTS, NOIDA (ALONG WITH TUTORVERSAL & WRITOVERSAL); SSSI ONLINE TUTORING SERVICES, SECTOR 6, NOIDA AND BRIJENDRA SIAL (Phone:+91 97522 55794) OF BULLTEN WEB HOSTING SOLUTIONS, INDORE (MADHYA PRADESH) INDIA

Our decision to publish personally identifiable details of the criminals involved is in line with our policy to publicly name and shame the cyber criminals who attacked our websites in Nov 2021. Though there is an active FIR (no:432/22 & 15/23) pending against these individuals, the UP police in India have done NOTHING so far for over 20 months in spite of irrefutable evidence shared.

In November 2021, we were hit by a hacking and malware attack, which we eventually identified as a Negative SEO attack (nSEO attack) after an extended internal investigation. That attack not only took down 12 of our websites but also, 5 to 6 years of our hard work and all the progress we had made. This is what happened:

  • The attackers gained access to the hosting area on Godaddy where all our websites were hosted.
  • They injected malware that rendered our files unusable (like the image above).  Other screenshots provided later in this article.
  • Modified urls by injecting parameters and redirecting the web pages. Check the screenshot later in this article.
  • Generated thousands of junk html pages and got them indexed by Google. Screenshot provided later in this article.
  • Created backlinks to their own website, which was called assignmentshelplite.com (screenshot provided later in this article) using which we identified them in no time.
  • Analysis of the web server access logs showed heavy traffic mostly from the OVH network (among others), along with bots of well known SEO applications like Ahrefs and Majestic SEO.

Though we lost no time in reporting the matter to the "cyber" police in sector 108, Noida, Police Commissionerate, Gautam Budh Nagar, Uttar Pradesh (UP), in India, the police simply did nothing. For months. We decided that we will not let this crime to be another one shoved under the carpet by the Uttar Pradesh police. We decided to write this article to document in minute detail, what transpired after we were hit by that nSEO attack in Nov 2021 and who did & didn't do what. Our struggle brought to light many uncomfortable truths and the failures of our system.

To start with, Uttar Pradesh (UP) police took 8 months to just register our FIR (#432/22) against the complaint we filed with them on 19th Nov 2021. Eighteen months later, that FIR has a new number, #15/2023 because we got it transferred from sector 39 police station to sector 36 "cyber" police station (both in Noida). Other than that, the police investigation has not moved beyond them sending a couple of emails to Godaddy. We had also shared a copies of the malware/infected files which is still "under analysis" in some FSL in Lucknow for over a year now!

For all their pomp and grandeur, we found that the top IPS officers in the UP police were no different from their junior counterparts-thoroughly incompetent and unprofessional, with zero sense of accountability to anybody. These junior officers, in many cases, cover-up for their bosses, who in return, give them a free hand. The only thing these guys care about is their own positions, perks, publicity and their political masters. The way these police officers treat their sub-ordinates is directly reflected in how these sub-ordinates treat the general public.

Picture this: our complaint was filed in sector 108, Noida. The FIR was registered in sector 39, Noida. The investigating officer (I/O) Inspector Rakesh Gautam, was from sector 24, Noida who had no idea about anything in IT. The poor man was put in the cyber cell because he had completed some small course in Jetking somewhere! Not surprisingly, nothing happened for more than 14 months. It was then transferred to sector 36, Noida in March 2023, because apparently this was where all the punters of cybercrime investigation in Uttar Pradesh were and apparently the reported "directly" to their super "cybercrime" investigators who were based in Lucknow.

ALL THE KINGS MEN, DID NOTHING

For the record, we met with almost ALL the senior police officials in Noida starting with the CP (Commissioner of Police) Noida, Laxmi Singh, DIG (L & O) Noida, Ravi Shankar Chabi,  DCP Noida, Harischander, ADCP Noida, Rajnish Verma. (Note: The designation of the officers mentioned here might have changed since we last met them.)   

We also met with ACP Varnika Singh in sector 108 Police Commissionerate, Noida. She heard our case, but like her colleagues we had met before her, she did nothing much else. Her reaction to our tweets reflected typical police arrogance and inability to understand the fact that an untrained, unequipped (cyber) police force will be in no position to serve the public, instead, they will only be another thorn for the aam aadmi to deal with. You can't beat cyber crime with lathis, sticks, guns, or even bulldozers, for that matter. 

For that, you need the right people, serious training (that is, industry level training & certification, not the primary-school level sham(e) handed-out by MeITy & Cert-in), software, equipment and most of all, computers. And lots of them. She said we were trying to show the UP police in "bad light". The UP police didn't do their job for over a year and half now, in a crime where the criminals have been clearly identified and solid evidence is available. But this cop didn't want anybody to talk about it because it would show them in "bad light"!

That begs another question: Do the police have a good reputation among the general population in the country? Unfortunately, the answer is a big and emphatic NO. Nobody even likes to have them as neighbours, and for that matter, would not like to have anything to do with them unless absolutely necessary. Something that's already in bad light, will only be viewed in bad light.

On a rare occassion in late 2022, we even spoke to ADG (cyber crime) Subhash Chandra in Lucknow, who later could never be reached by phone or email. Prof. Triveni Singh (a.k.a "cyber singham" & "kaptaan saab") could never be reached by phone or email. Then we approached the UP CMO/Secretariat, Cybercrime.gov.in, Cert-in.gov.in, CPGRAMS. Nothing happened.

After that, we contacted the Ministry of E & IT (MeITy) and even wrote to the MoS for Electronics & IT, Rajeev Chandrashekar. We not only got a response from his office, but they also instructed Cert-in to look into the matter. ACP Jitender Singh was sent by Cert-in met us in Jan 2023 to gather information about the case. We believe ACP Jitender Singh was instrumental in getting our case was transferred to sector 36, "cyber" cell, Noida in March 2023 and we acknowledge and appreciate that effort. 

Irrespective of which police station we went or the level of officers we interacted with, we noticed that none of them had any knowledge of even the basics of IT. Officers in UP cybercrime police stations have no idea about IP addressing, DNS, Virtualization, Hosting, OSINT tools etc. They lack knowledge of even the most fundamental of IT  concepts. Some blamed their own UP government and told us that they even had to bring their own laptops to work! 

These guys have no business to be anywhere near cybercrime investigation: with zero knowledge, no equipment, no computers, no software, no desire to learn and worse, zero capacity to accquire any new knowledge! These was basically that fatally "unemployable" bunch and would never get any job anywhere in the private sector.

Another quick anlaysis found that the DG (Cybercrime) was an individual with a Masters degree in veterinary seience. So, basically their top "cop" is a veterinarian. The other senior officer was a man who likes to call himself "Cyber Singham". He is also referred to as "kaptaan saab". Interestingly, this man holds an honorary title given to him by a private university and is actively engaged in the production a web series about his "exploits" in fighing cyber crime. Note this, none of these senior officer are ever reachable on their phones or email. They neither answer phone calls nor respond to emails. So, the UP cyber police are basically a headless, clueless and aimless bunch, left each man for himself.

Interacting with these pompous, arrogant police officers was and is still quite a harrowing experience. They sat in their grand government-provided offices with the national flag in the background and spewed nothing but incompetence, arrogance, lies and sheer apathy. The bureaucrats were no different. The junior police office officers sometimes appeared much more willing to help, but eventually followed the example set by their seniors when they realized that they had no idea how to proceed.

Hacking incidents going on at godaddy from 2019

That left us with no other option but to investigate on our own. And what we found later was shocking. Our investigation found that this was not just an isolated case of some stupid cyber criminals hackng other people's websites and leaving backlinks to their own websites. It turns out that these hacking incidents have been going on repeatedly, since sometime in 2019 and cybersecurity researchers have found that millions of Godaddy's customers could have been impacted, and many could have even shut down. Godaddy, far from reaching out to the impacted customers and offering help, did nothing. Knowingly or unknowingly, they simply allowed the hacking incidents to take place and when customers approached them, they tried to sell malware protection, SSL and backup services (as they did to us). 

Is this an insider job at Godaddy to generate more sales? Was there some kind of criminal nexus between the hackers and Godaddy at some level or any level, for that matter? We don't know at this time. But what we know now, is that these hacking incidents have been going on even until as recently as Dec 2022 and we have no idea if they (Godaddy) have done anything to stop it for good and protect their customers data and businesses. When we pinged Godaddy CEO (Aman Bhutani) on Linkedin and asked for more information on these threat actors, we got blocked right away. When we pinged their customer service handle on Twitter, they decided not to respond!

We will continue to raise this matter in all possible platforms, forums and institutions until, at the very least:

  • The criminals who hacked our websites are apprehended and punished.
  • Appropriate action is taken against Godaddy for deficient services.
  • Appropriate action is taken against police & other government officials for not doing their jobs.
  • Damages recovered for the losses we sufferred as a result of this hacking incident.

QUESTIONS FOR THE UP POLICE & UP GOVERNMENT

  • 1. Why did it take 8 months for the police to just register the FIR?
  • 2. Why NO action has been taken even after 20 months, after the criminals have been positively identified with clear evidence?
  • 3. How can individuals with ZERO tech knowledge be assigned to investigate cyber crime?

See the image on the top? That's what our web pages looked like when we checked them in early November 2021. In what could have been a crime that could have even been solved by a school kid in like a couple of days, it's already almost a year and half since we filed a complaint with the "cyber" police in Noida, sector 108, Uttar Pradesh, India and sadly, the cops are still completely clueless. 17 months on, their official version is "they are in the process of gathering evidence". We will not get into the specifics of how these guys actually go about it because it's plain disgusting. Unlike what happens in a professional, corporate setup, there is no "management oversight" or guidance. 

If you happen to be the unfortunate individual who has been assigned to investigate a cyber crime and you have no idea about anything even remotely connected to the topic, it's still your responsibility to "investigate" it. And, mind you, these cops are not even allowed to close the case saying they don't know how to proceed or transfer it to a more competent authority! The senior officers really have no sense of responsibility or accountabilty, they just shout out the orders and the subordinates are only "expected to" do it. But, generally, they don't. The same individual who, only a few minutes ago was seen nodding his head vigourously in front of his superior officer, would casually come out of his cabin and say he won't do it! And, the best part: all of them get away with doing nothing about anything! And the common man, or "aam aadmi" is simply left in the lurch.

SEQUENCE OF EVENTS so far

  • 04 Nov 2021 - Detection of the hacking incident.
  • 19 Nov 2021 - Reported to UP police, sec 108, culprits & attack type identified  as a "Negative SEO Attack" and the criminals were identified as Sudhanshu Sharma & Budhesh Chopra, "Directors" of an agency called "Digiversal Consultants" in Noida, U.P, India). Budhesh Chopra is also the "CEO" of another company called "SSSI Online Tutoring Services", also in Noida.
  • 20 July 2022 - FIR (#:0432) Registered against the culprits, Sudhanshu Sharma & Budhesh Chopra. The investigating officer, Insp. Rakesh Gautam, has zero tech knowledge.
  • 21 Nov 2022 - After following up with DCP Harishchander for many weeks we were asked to meet ACP Rajnish Verma, who called for a meeting with the culprit, Sudhanshu Sharma, in sec 6, Noida. Insp. Rakesh Gautam was instructed to send the malware to FSL for analysis and wait for the report. He knew that report would never come in the near future.
  • End Dec 2022 - We are told they have sent the malware for analysis to FSL, Lucknow.
  • 10 Jan 2023 - We were met by ACP Jitender Singh, from Cert-in to collect all details.
  • 13 Feb 2023 - We were informed the case has been transferred to sec 36, "cyber" police station for "better" investigation.
  • 20 Feb2023 - Got to know about the multiple hacking incidents at Godaddy (links shared later in this article), including the one that impacted us in Nov 2021.
  • 12 Mar 2023 - Our case was transferred to sector 36, "cyber" police station, Noida, (new FIR number: 15/2023) under SHO Rita Yadav, where none of the officers had any technical knowledge. Even worse, these officers were not only incompetent, but they were also thoroughly corrupt and did not hesitate to create a false narrative to suit their ends (whatever that was).
  • 19 Apr 2023 - The new I/O, SI Ajit Saxena, an arrogant & corrupt B.Tech fresher, with no tech knowledge whatsover, called us and the accused party to sector 36. PS  for a "meeting". Then he started actually taking instructions from the accused part(ies) and stopped short of accusing us about putting the backlinks of the hackers in our own websites.
  • 21 Apr 2023 - The SHO at sector 36 Noida police station, Rita Yadav, called us for a meeting but never showed up and could not be reached on her phone as well. SI Ajit Saxena was also not available in the police station.
  • We realized we were wasting our time expecting these cops to do their jobs and decided to pursue other approaches.
  • 17 May 2023 - We got to know from SHO Rita Yadav that our case was transferred to another investigating officer, Inspector Lakshman Verma, in sector 36, Noida. But he didn't have any details of our case because the previous investigating officer (SI Ajit Saxena) was on leave.
  • 20 May 2023 - The SHO of sector 36 "cyber" police station, Rita Yadav, informed us that the previous I/O, SI Ajit Saxena, was only a "technical assistant" and the "original" investigating officer was actually  Insp. Lakshman Verma, the latest entrant into the scene, as mentioned in the previous point! She was lying through her teeth because she was the one who introduced SI Ajit Saxena as the new I/O.
  • 22 May 2023 - On the suggestion of ACP Jitender Singh, we met with Addnl. SP Cyber Crime, Saroj, in sector 82, Noida. He put us in touch with SI Bhagwan Singh.  It was a horrible waste of time.
  • 03 Jun 2023 - We spent that week, until 26 May 2023, explaining the case to SI Bhagwan Singh, we were asked to contact him the following week. The next Monday, he said he was in training for the next three days and we had to contact him on Friday, 02 June 2023. When called 2nd June, 2023, we were asked to contact the same set of folks in sector 36, Noida! During all this time, Addl. SP K. K. K. Saroj could not be contacted on his phone. UP cyber police!
  • 3 Jun 2023 - We had started a separate communication with the DGP UP, Vijaya Kumar. They had no idea about our emails that we had sent on 3 June 2023. So we had to repeat the exercise multiple times after gaps of a couple of days. So, after many times of resending our emails and tens of calls later, they sent a directive to CP Noida for "prompt action". We wonder what that "prompt and necessry" action could be because we have not seen any of it till date, as we write this update on 18 Sep 2023! So, basically it was a waste of time. We were put on to DIG Amit Pathak for a brief period but that yeilded no results. And we were not at all surprised. We decided to keep going and looking for that one person in the UP police force of over 2.50 lakh personnel, who would take up this challenging incident.
  • 7 Jun 2023 - After we had reached out to DG, UP, Vijaya Kumar and some of his colleagues. We are also reaching out to the press and media. Meanwhile, one of the accused fellows, Budhesh Chopra, now CEO of SSSI online tutoring service tried to convey to us that all the criminal activities that happened in Digiversal Consultants, were only done by Sudhanshu Sharma & Brijendra Sial. It took him almost 2 years to suddenly wake up to that!
  • 8 Jul 2023 - We were called to sector 36 "cyber" police station, Noida, by the SHO, Rita Yadav to meet with "one of the top cyber security experts in India" but she wouldn't reveal his name. We went for the meeting in the pouring rain and realized that the "top cyber expert" had little or no understanding of our case. Far from trying to understand what happened, he only wanted the server access logs, which had little or no value in this case. Meanwhile, SI Ajit Saxena intervened, and again, tried to undermine the evidence we had provided. Talking to this SI Ajit Saxena was like wrestling with a pig. We decided to leave because it was clearly a total waste of time. It turned out that their "cyber expert" was an individual called Rakshit Tandon. Our experience with this person was similar to our interaction with another "cyber expert" we met earlier, by the name of Amit Dubey. It's still difficult to understand the criteria on which UP police decides how people become "cybersecurity experts" for them. We'll leave that topic for another day. (Two months later, in September 2023, we got to know that neither the cops in sector 36 cyber police station, nor their "cyber expert", Rakshit Tandon bothered to see the server log files we sent to them!)
  • 26 Aug 2023 - We got in touch with another senior officer in the UP police.
  • 14 Sep 2023 - We met with the old team again and reviewed the case. We cannot publish more details about that meeting at this time. Let's see how it goes.
  • 22 Sep 2023 - We did not publish any more details earlier due to a specific reqest from the I/O, Inspector Lakshman Verma. But we decided to do so now because nothing changed after that review. The team, led by ASP (cyber) K. K. Saroj of Sec 82 cyber police station, under who came others like Inspector Lakshman Verma, SHO Rita Yadav and SI Ajit Saxena of sector 36 cyber police station, now told us that none of them had any technical expertise and now they want an "expert" to help them! The ASP (cyber) went as far as to even say that he was not a "Ph.D in IT"! It took the UP police close to 2 years to finally accept that nobody in their "cyber crime" police stations had any technical knowledge.  This is heights of incompetence and irresponsibility and a waste of tax-payers money to pay salaries to such individuals.
  • 22 Sep 2023 - The "cyber" cops in UP have been a big disappointment so far. But what next? Of course, courts. We will pursue this in a court because now, we not only have clear evidence but we also have the full sequence of events of what happened in Nov 2021 and the days leading up to it. So, for the criminals, it's some more time of picnic, but the long arm of the law will catch up with them sooner than later.
  • 26 Sep 2023 - Tekzilver has offered to provide training to UP "cyber" police on web security managment. For free. We have conveyed this to DG UP Vijaya Kumar as well as to DIG L. R. Kumar. Of course, we've not heard back from them. They'll have to swallow their pride first and we will give them sufficient time for that.
  • 07 Oct 2023 - Still following up with UP "cyber" police. We wanted to share more information with them and were asked by ASP (Cyber) KK Saroj to meet him in his sector 82 office. We reached there on the dot but the Investigating Officer, Inspector Lakshman Verma wasn't there. He arrived about an hour later. We were glad we didn't have to wait any longer. But again, there was a problem:as there always is. Both Inspector Lakshman Verma and ASP (Cyber) KK Saroj were computer illiterate. Their only "technical assistant", SI Ajeet Saxena was on leave. (This SI Ajit Saxena was their proverbial "one-eyed" man, in a kingdom of the blind) But we still wanted to try and asked for a computer. They got a laptop from one of their staff. But it was running a pirated copy of Windows 10. We decided not to pursue the matter there any further. They were supposed to meet us the next day, but as was expected, never turned up or answered our calls.
  • 20 Oct 2023 - Another day, another team, another meeting.  At this time, we aren't naming names, for now. But these folks were brimming with confidence, (or was it overconfidence? We don't know.) and glowing with arrogance. Our confidence levels with such people were low because government employees we've met thus far, have hardly displayed any competence, responsibility or accountability in spite of their big titles and designations. The initial interest they usually showed, somehow mysteriously disappeared after a while! One of the things that stood out today was that they tried to convey to us how so blessed we were that they decided to grant us an audience, otherwise, they never meet people, "no matter how big they were"! They were apparently so "busy" that we couldn't call, but only text them! We were amused, because these guys didn't realize they were talking to people who literally worked 24/7, across multiple geographies & time zones. Let's see what they do, if  at all.  As far as we are concerned, we will continue to do whatever we have to, in order to get the cyber criminals in jail. We were not out to make friends. Instead, we're just interested in getting the job done. 

As is evident from the above sequence of events, and for reasons best known to them, the UP police have shown little or no interest in acting against the criminals who, we identified on 19 Nov 2021 itself, in our  complaint. Their investigating officers, with their zero tech knowledge, have actually undermined the investigation itself because they neither understood the significance of the evidence provided nor knew how to interpret it. Post the 'meeting' they had called for on 21 Nov 2022,  in sector 6, Noida, they even 'advised' us to not write anything against the culprits who engineered the attack!  Then, in the meeting on 19 Apr 2023, they barely stopped short of accusing us of putting the backlinks to the hackers websites from our own websites!  The UP police now appear to be handing out a long rope to the culprits and  giving them more than sufficient time to cover their tracks.  

DELIBERATE DELAY TACTICS BY UP POLICE OFFICERS

If they can't solve it, they will delay it. And who knows better than the top cops in the UP police? When we followed up with the DCP, Noida, Harishchandra for months, there was no progress. The officer assigned by him, by the name of Sannath (in sector 6, Noida) plainly refused to investigate and told us in clear terms that he will not investigate the case.  DCP Harishchandra then told Sannath to get in touch with a "cyber expert", by the name of Amit Dubey for help. 

Amit Dubey of course did nothing. When we called him, he said he was "very busy" but he could put one of his assistants to make a report (like the one we had already made months ago) but wanted a payment of Rs.10,000 per day. We saw no point in paying somebody for something we had already done and decided against it. 

DCP Noida, Harischandra then had a brilliant idea. He referred our case to another officer by the name of ACP Rajnish Verma. This officer called us for a meeting on 21 Nov 2022 in his office, along with the I/O (at that time, Inspector Rakesh Gautam) and the accused individual, Sudhanshu Sharma, Director at Digiversal Consutants, Noida. That meeting lasted for probably five minutes. ACP Rajnish Verma simply asked the I/O to send the malware sample we had (& submitted to the police many weeks ago) to FSL for analysis. Any further work was to be done only after FSL provided their report. ACP Rajnish Verma and Inspector Rakesh Gautam, both knew very well that anything sent to FSL could take many months, and in some cases, even years to be analysed. Incidently, that was November 2022. It's May 2023 now and that FSL report has not yet arrived and it doesn't look like it will be comming any time soon.  Meanwhile, we have even transferred our case to a different police station!

TOTAL INCOMPETENCE & FAILURE OF UP CYBER POLICE

The total incompetence and failure of investigation at the local "cyber" police level is a big blow to those who have suffered the crime. And this is entirely the reason why the cyber criminals have been having a free run in Uttar Pradesh. Of course, the cops do get active at times, but only in instances where there are crores of rupees involved, like someone hacking into a bank or like what happened recently in a well-known government run hospital. They eventually call in the private players who do all the hard work and even solve the case. The cyber singhams then come in at the end for the optics, claim all the credit and declare to the world that they have solved the case. How brilliant! And then social media is flooded with memes on the topic!

In other cases, like ours for example, they simply don't care. During our many trips, I've seen panic stricken citizens, in tears, coming to the cyber police station in sector 6, Noida and saying they had lost huge amounts of money due to some cyber crime and that they had already filed a complaint. The cops who listen to them don't even bother to take their eyes off their phones and  look at the victims or at least offer them a word of reassurance and tell them that they would look into their complaints. 

Instead, they just tell them "80 to 90% chances are you will not get back your money. The rest, we can only try!" That's how brilliantly "digital India" is heading into the G20 leadership! With this reality, one can only look on and wonder what's going on with all the hype and tall talk about "digital this " and "digital that"! There is an absolute and blatant lack of genuine concern for the welfare of the citizens or protection of small & medium businesses in the country.

NON-FUNCTIONAL CM HELPLINE IN UTTAR PRADESH

Our politicians claim to have many processes that are made to help the common citizen. But the reality is, nothing works. Like the UP CM Helpline, 1076 and even worse is their "Jansunwai portal". Nothing works. Of course they will take your complaint and send you a SMS with the complaint number. And then one fine day you will get another SMS saying your complaint has been "resolved" and closed! Then they will call you for a feedback without doing anything about your complaint! Heights of incompetence. Find below the number of complaints we had raised to the UP CM:

COMPLAINTS RAISED TO UP STATE GOVERNMENT AGENCIES

COMLAINT NUMBERRAISED TOACTION TAKENCURRENT STATUSCOMMENTS
FIR 0432UP PoliceNothingNothingZero action till date.
92214100008851UP CM HelplineNothingClosedClosed with zero action.
60000220168935UP Jansunwai PortalNothingClosedClosed with zero action.
60000220168868UP Jansunwai PortalNothingClosedClosed with zero action.
60000220188377UP Jansunwai PortalNothingClosedClosed with zero action.
92314100003218UP Jansunwai PortalNothingClosedThey closed it because they were unable to assign our complaint to sector 36 police station which does not show up in their application!
60000230089864UP Jansunwai PortalNothingClosedThey uploaded our investigation document we shared with the police and tried to show it as their work!

ZERO ACTION ON COMPLAINTS RAISED ON CPGRAMS

We found out something interesting: the "public grievance" portals in India are simply a sad joke on the citizens of the country. And guess how they "resolve" complaints? By simply transferring it to somebody else. So, if they transferred your complaint to somebody else, they think they have resolved your complaint! 

In our case, every single complaint we raised in CPGRAMS were transferred to an individual named Bhaskar Pandey, Jt. Secretary in the UP Government. And this man, far from doing anything in over a year, simply recycled the same status document for months and is still at it!

The UP police are even worse, in the complaints that we had raised on their Jansunwai portal, the UP police took our investigation report and uploaded it in the complaints to falsely show it as "work" done by them!

COMPLAINT NUMBERRAISED TOACTION TAKENCURRENT STATUSCOMMENTS
23109220069408Cybercrime.gov.inNothingNo action. No update.This complaint is lying in limbo. Zero action.
No complaint numberCert-in.gov.inNothingNoneAsked to follow up with Cybercrime.gov.in
GOVUP/E/2022/47420CPGRAMSThe FIR was created after 8 monthsZero action on FIR.Zero action by UP cyber police.
MINIT/E/2022/03921 CPGRAMSNothingClosedThe complaint was quietly "disposed of"
PMOPG/E/2022/0250924CPGRAMSNothingClosedThe complaint was quietly "disposed of"
PMOPG/E/2022/0264176CPGRAMSNothingClosedThe complaint was quietly "disposed of"
PMOPG/E/2022/0275551 CPGRAMSNothingClosedThe complaint was quietly "disposed of"
MINIT/E/2023/0000048CPGRAMSNothingClosedThey transferred to UP govt. and closed the case without doing anything.
MINHA/E/2023/0009532CPGRAMSNothingClosedThey transferred it to UP govt and closed the complaint without doing anything.

HOW WE DETECTED THE MALWARE & HACKING ATTACK ON TEKZILVER?

We may have to omit or generalize some of the specifics because of the sensitive nature of the information and because we don't want the Noida cyber crooks to know what we know. We rightly feel that the cyber crooks as well as the government authorities deserve to be named and shamed for what they did, well, actually what they DID NOT! 

The cyber crooks are low-life individuals who cannot make a straight living in a fair competition, whereas the government authorities are individuals who are blinded by power and authority and have lost any sense of responsibiity towards the citizens of this country, who they swore to serve. Now, they only listen to HNV (His Neta's Voice)!

This is how it all started-on the 4th of Nov 2021, we suddenly noticed a sudden & sharp drop in the organic traffic to our websites. We initially thought it was just one of those regular dips in traffic but then, it persisted and we had to investigate. Our initial investigation found that many of our top performing pages were not even loading and it was not an issue with the hosting server. Now, this called for a full-scale investigation.

SYMPTOMS of the HACKING AND MALWARE attack on Tekzilver

We started looking into each and every page of our websites and found that many of the pages were infected and filled with junk code (like the one in the main image for this post) just before the start of the html code. Different pages were in different stages of infection. In some pages, the junk code had almost overwritten our code and in some, it was partial. But the end result was the same-our pages were not loading and we were losing traffic and customers and sales. But that was not all the cyber crooks did. They did a lot more damage:

Thousands of Junk Html Pages Generated AND INDEXED ON GOOGLE

Junk pages generated by the cyber attack

The cyber attack also generated thousands of junk html pages in order to make our websites appear to be spammy to search engines.

Screenshot from Google Search Console Showing Thousands of Junk Pages Generated by The Cyber Attack.

The cyber attack also created a fake CSS folders and created fake index.php and .tmp files which could not be removed. They kept appearing back even after we deleted it. Obviously, these crooks had placed their code in other areas of our hosting area which kept regenerating these malicious files & folders. We had no other option but to shut down our websites, format the whole hosting area and relaunch the websites one by one, after cleaning up the code.

Parameterized URLs/redirects

They also created parameterized versions of urls:

Parameterized versions of URLs After The Cyber Attack on Tekzilver.com

HOW WE IDENTIFIED THE STUPID CYBER CRIMINALS?

We all heard of the saying that no matter how smart crooks are, they always make mistakes. In our case, they did exactly that and it did not take more than a couple of days for us to track them down after that. These guys were so confident of themselves that they left backlinks from our websites to their own website. Check the image below:

Backlinks created by hackers from Tekzilver.com

These guys created backlinks to their own website from our websites and used some elementary html & CSS code to hide it. These stupid cyber crooks did not realize that people will start looking at the backend code when something goes wrong. It was like these hackers left their business card after committing a cyber crime. Reminded me of the Wet Bandits in the popular movie Home Alone. Having privacy protection is good but nobody will be sympathetic to hackers and criminals and conceal their identity when they have sufficient evidence of their criminal activities.

Wet Bandits from the movie Home Alone

MISTAKES MADE BY THE CYBER CRIMINALS THAT IDENTIFIED THEM

After we saw the backlinks to their website, it did not take us long to find out more details. Next, we found the email id of one of the crooks. Take a look at the screenshot below:

Exposed Email id of Cyber Crook Sudhanshu Sharma, Digiversal Consultants, Noida

So, from the backlinks left by the hackers, we zeroed in on their email id - the email we found was '"[email protected]" which belonged to an individual called Sudhanshu Sharma, who was one of the owners of a firm in Noida, called Digiversal Consultants. A simple Google search on this firm and we got to know that Digiversal Consultants was owned by two individuals called Sudhanshu Sharma (a.k.a Narmadeshwar Nath Sudhanshu) & Budhesh Chopra as seen in the screenshot below:  (we'll call them cyber crooks from hereon)

The Cyber Crooks: Owners of Digiversal Consultants, Noida, UP (India)

Now we got to know who was behind the attack, the company and the people who owned and ran that company. We were finally able to put a face to their names. We got their pictures from their company's website. This is what these two cyber crooks, our 'Wet Cyber Bandits' look like:

MEET THE STUPID CYBECRIMINALS OF NOIDA: THE REAL WET BANDITS

Budhesh Chopra & Sudhanshu Sharma-Owners of Digiversal Consultants, Noida

And the crooked duo claim to be runnng some kind of "education first technology company"! Who would have ever thought that evil lurks behind those warm smiles and folded arms. 

ZERO INVESTIGATION BY UTTAR PRADESH POLICE

 

Well, what happened after we identified the crooks is an ordeal by itself and is still ongoing. We filed a police complaint with the cyber cell in Noida, sector 108, and the police have even registered a FIR agaist the culprits. Unfortunately, it took the UP cops over 8 months to just register the FIR!. The FIR number is 0432 dated 20 July 2022. The new FIR number is 15/2023, after it got transferred to sector 36, cyber police station, Noida  in March 2023, from sector 39, Noida.

FIR against owers of M/s Digiversal Consultants, Noida

The opening of an FIR against the Sudhanshu Sharma & Budhesh Chopra of M/s Digiversal Consultants, Noida was just the first step. The challenge we faced was that the police simply refused to take any responsibility. The senior officers would simply call the I/O to ask what happened, just to show they did something.  Whether it was at the Police Commissionerate in sector 108 Noida or DCP Noida, sector 6 or sector 36, it was the same story. None of these "cyber" police had even the basic IT knowledge. They did not hesitate to try to cover up facts or try to blatantly false updates or simply try to wear us down by doing nothing nothing about the complaint. 

We continued to follow up with the UP police, UP government and the Indian Central government. Nothing happened though we had shared all the relevant details and evidence, including access logs, malware samples, host names, IP addresss, hosting history, names, addresses, phone numbers and physical locations. The UP police resorted to delay tatics and lies because they had nothing to show in terms of investigation. We decided to keep going no matter what happend, until the criminals are apprehended. It could take a while, but we will also make sure that the criminals feel the full force of the Indian law no mater how long it takes. We will hold them accountable for the damages we suffered and the financial losses we incurred.

 

INCOMPETENCE, LIES & COVER-UP BY UP "CYBER" POLICE AT ALL LEVELS

The UP "cyber" police, (Inspector Rakesh Gautam), in over a year after our complaint, had only approached our web hosting service provider, Godaddy and asked for the access log files. Godaddy refused and referred the cops to a different hosting provider who was not connected with this case in any way. Now the Up police have declared that they are "waiting for information", that will never come! Hence, their status updates always reads "evidence gathering in progress"! 

There are other agencies who were supposed to provide more information, like FSL for example. But they didn't have a turnaround time. "Yeh sab bahut time lagta hai" is what the cops are saying now (after more than one year of doing nothing!). This is how our cyber police "gather evidence". They don't that the evidence  they seek is already right under their very noses!

The crooks, in the meantime, are laughing their backsides off, looking this colossal incompetence. This is just what they wanted, and probably, even expected. For all the big talk, the UP "cyber" police had only sent 2 emails: one to Godaddy and another to Contabo. Well, actually 3 emails, one was sent to me! 

SECTOR 36, CYBER POLICE STATION, NOIDA: AMONG THE WORST & MOST CORRUPT CYBER CRIME POLICE STATIONS IN INDIA

Things were even worse after we transferred the case to the "main" cyber crime fighting police station, in sector 36, in Noida. We were told by the SHO of that PS (police station), Rita Yadav that one SI Ajit Saxena would investigate our case now. SI Ajit Saxena openly declared that he was just a recent B.Tech passout and had no idea about cyber crime investigation. We had to start all over again and explain to him what happend and literally walk him through the sequence of events.

On, 19 April 2023, SI Ajit Saxena of sector 36, cyber police station, Noida called the accused for a meeting. We were also asked to be present. We were surprised when the accused party, Sudhanshu Sharma, Director of Digiversal Consultants, Noida came along with the owner of his web hosting service provider, an individual called Brijendra Sial, of Bullten Hosting Solutions, Indore, to answer questions by the police on his behalf!

The Uttar Pradesh "cyber" police in sector 36 police station, Noida, actually allowed an accused individual, Sudhanshu Sharma of Digiversal Conultants, Noida to bring another criminal (Brijendra Sial, owner of Bullten Hosting Solutions, Indore) to defend him in the police station! In this police station, criminals are treated like royalty.

Brijendra Sial, as expected, sensed that the SI was totally clueless about the case and did everything to mislead him. SI Ajit Saxena was so impressed with Brijendra Sial that he decided our complaint had no value and all the evidence we had shared was no good! He started openly supporting the criminals without understanding anything about the case.

We were even more surprised when we were told by Inspector Rita Yadav, SHO of sector 36, cyber police station , a.k.a Singham Lady, a few days later that SI Ajit Saxena was only a "technical assistant" and that the "actual" Investigating Officer was an individual called Inspector Lakshman Verma. When we spoke to Inspector Lakshman Verma of sector 36 police station, he simply said he had no information about the facts of our case and had to check with SI Ajit Saxena!

Now we were more convinced than ever that Sector 36, Cyber Police Station in Noida, Uttar Pradesh was probably among the worst and most corrupt police stations in the state. The police officers there, apart from being thoroughly incompetent, simply tried to spin a false narrative, one that suited them. If an entry level SI like Ajit Saxena could be so incompetent & corrupt right at the start of his career, what kind of police officer would he evolve into as he reaches higher positions?

CYBER CRIME IS UNACCEPTABLE AND WE WILL NOT TOLERATE IT

The hacking and malware attack on our company is unacceptable & we will not tolerate it, or forget about it and move on just because the cops and other agencies have not done anything so far. But it is a life-changing event for us. We are not even a small company. We are just a tiny startup with a handful of people who worked from different places. The last thing we expected was somebody to attack our business and take down our websites. In fact, all our websites. All our struggle and toil of over five years went down the drain for no reason.

But this has only strenghtened our resolve to fight back. It took us almost a year to relaunch all our websites. Many lessons learnt:

  • Spread out the risks: when operating online.
  • Lesson number 1: No company is too small to be targetted by cyber criminals.
  • Lesson number 2: NEVER host all your mission-critical websites in one location.
  • Lesson number 3: DO NOT use Godaddy's hosting services, if you can, because your websites can get hacked any time.

We will also offer cyber-security & related services because we have felt the pain of the attack first-hand and understand how crucial it is to move fast and collect all the evidence so that the criminals can be quickly apprehended. In our case, the police have not acted even after more than one year from the date of our complaint, which is giving the cyber criminals more than sufficient time to try and cover their tracks and destroy evidence. But, in tech, as the saying goes, "you can run, but you can't hide". Cyber criminals always leave a trail and we are already on it.

We will also be happy to work with cyber crime prevention agencies and organizations to prevent cyber crime in all forms and bring criminals to justice at the earliest. We will also be actively working to bring about awareness about cybercrime in the society.

UPDATE ON 26TH MARCH 2023

We got to know, from multiple reports that Godaddy itself was hit by multiple hacking attacks on their hosting servers. Some of the links are provided below:

However, it is difficult to imagine that what we thought was a "reputed" company such as Godaddy, could actually have allowed its servers to be hacked, not just once but over and over again for many years, by the same or multiple threat actors. These guys probably got in touch with some of their customers in the US, due to the stringent laws there and let them know what happened. But Godaddy never informed any of their customers in India. At least we were not informed about hacking attacks even though we were severely impacted.

That's not all: they did nothing to help when we reached out to them for help after the hacking attack. Instead, they were trying to sell us more of their products, such as malware protection, backup service et. al. According to their own statement, over 1.2 million customers were impacted by the hacking attack. We want to know how many of them were Indian? Why were they not informed? Why were they not helped to restore services? Why were they (Godaddy) trying to take advantage of the situation and make more money out of such a huge disaster such as this? Did they deliberately allow the hacking attacks to happen so that they could sell more security related services?

We now know what happened and who did it. We ask that the Indian government  also act against companies such as Godaddy who could neither provide a secure service nor get things under control when they realized there was a breach. By allowing the same incident to happen multiple times, they are directly responsible to have caused huge financial losses to many companies and may have even put them at risk of closure.

UPDATE ON 04TH APRIL 2023

Dainik Jagran Report 30 Mar 2023

That report was carried by Dainik Jagran of 30 Mar 2023 after our complaint (against Sudhanshu Sharma & Budhesh Chopra of Digiversal Consultants, Noida) was formally transferred to the main cybercrime investigating unit at sector 36, Noida on 27th Mar 2023. Our efforts continue. 

UPDATE ON 20TH APRIL 2023-ANOTHER CRIMINAL IDENTIFIED!

19th April 2023 was an important day and we spent days without sleep preparing for the meeting with the cyber police and the new I/O (investigating officer) who was supposed to confront the accused party with the evidence. But the opposite happnened. The cybercrook accused in our FIR 0432/22 (Sudhanshu Sharma), actually brought his friend (Brijendra Sial), who said he was the owner of a hosting company in India called Bullten.com, to answer questions for him! The absurdity of this, by itself is undeniable. Think about it - an individual accused in a cyber crime brings the owner of his hosting company to answer questions to the police on his behalf! 

Brijendra Sial - Bullten Hosting (Bullten.com)

From some basic research we did on this individual, Brijendra Sial, we found that he is actively involved in black hat techniques. That apart, by virtue of what he does for a living and the evidence we have so far,  we believe he has intricate knowledge of the working of servers, virtualization, routing etc. 

Putting two and two together, we know now, that our cyber crook, Sudhanshu Sharma of Digiversal Consultants, Noida sought and received black hat services, which included spamming, reverse/negative SEO & hacking, from the said owner of Bullten.com, Brijendra Sial. This now solves the puzzle of the incidents that happened when our websites were hacked back in Nov 2021.

Another interesting fact is that for the entire duration of our meeting with the police in sector 36, Noida, yesterday, Brijendra Sial made sure his face was fully covered and nobody saw what he looked like. The image published above is based from images available online, in this case his Github profile.

Brijendra Sial - Bullten Hosting (Bullten.com)
Brijendra Sial Linux Globe

We watched as the criminals misled the I/O and played down the relevance of the evidence that we had presented to the police so far.  The crooks even had the audacity to suggest that the access logs we had could have been manipulated and that the backlinks to the accused party's website (assignmentshelplite.com) could have been placed by us due to business rivalry!  They now wanted the I/O to find a company or individual to confirm that the access logs we had were infact not manipulated and were really from Godaddy! And these are access logs that we got and shared with the police over 15 months ago, which they never bothered to analyse till date! 

  • Apache web server access logs at the time of the hacking incident
  • Screenshots of IP address, name servers and email ids of the hackers
  • Communication with the hackers domain registrar
  • Specific details of information confirming the involvement of the accused party.

We will now want this individual, Brijendra Sial, as well as the co-owner of Digiversal Consultants, Noida, Budhesh Chopra, to be also named as accused in our FIR0432/22 for criminal activities.

UPDATE ON 22TH APRIL 2023

DAY NO:521: Another trip to the police station. Another wasted day. We were called for a review meeting with the SHO and the I/O but on reaching the police station, we found neither of them were there. The SHO could not be reached on her phone.

We took two important decisions today:

  • We decided not to waste our time anymore following up with these cops. Far from conducting an investigation, they've now started taking instructions from the accused party themselves and are trying to close the FIR on some flimsy pretext.
  • We decided  to pursue this in an appropriate court of law from now on.

In 17 months till date, we've seen that the investigation in this case has not moved an inch from where it was in Nov 2021 when we filed our complaint. The best these ace "cybercrime" cops could do is to send a couple of emails to Godaddy. Every single one of these cops we met,  had no clue of even the basics of what this case was all about. They could neither understand the relevance of the evidence presented to them nor could they interpret it in any meaningful way. The worse part, these guys made no attempt to even try to understand what they did not know! With such zero knowledge, they're the best thing that's happened to the scammers who missed no opportunity to happily mislead them.  

This story is far from over and still has a long way to go before hitting 'The End'. We will continue to pursue it until we take it to it's logical conclusion.

UPDATE ON 22nd MAY 2023

The story is getting more and more curious, with each passing day. Last week, 17th May 2023, we were shocked to learn that our case was assigned to a new investigating officer (i/o).  We are not mentioning his name for privacy.  So, this new I/O told us he had no idea about what is happening in our case and had to wait for the previous i/o to come back from his vacation to update him.  Strangely, the SHO of sector 36 police station, under whom these two individuals work, told us that the second i/o was only a "technical assistant", and the original i/o was in fact the third guy who recently waded into the picture. All in all a pathetic case of colossal incompetence. Makes me wonder, how on earth do these people get employed in government jobs? And why do they get paid with public money for doing nothing?

So, as things stand today, in May 2023, the UP government boasts of the largest police force in the country with roughly 2.5 lakh employees. But there is not one single individual who is competent enough to handle a simple case of hacking, where there is an open FIR, gethering dust for over 18 months now and the criminals have been clearly identified with undisputable digital evidence. It's not with just the UP police, but its the same story with all other "cyber crime" investigating agencies, such as Cert-in, Cybercrime.gov.in and thers. These organizations are simply filled with incompetent individuals, who get fat on public money. At least that is the story so far. We will keep updating this article, as things unfold.

The kind of training these guys seem to be getting is pathetic. Aparently, all these local police are trained by Cert-in.gov.in and the level of training they provide is directly reflected in the quality of investigation the police become capable of. What they're doing is like a blind man trying to teach something to a deaf man in a dark room! I can't believe this is the India of 2023. Seems more like some remote, primitive banana republic to me, with all these criminals running freely and police clueless to act against them.

UPDATE ON 23rd MAY 2023

Another trip to the police station and another wasted day. Seriously, they should stop calling these "cyber" police stations because nobody inside of these "police" stations knows anything about cyber security. Not even the basics.

From our experience today, we can safely say that the so-called "cyber" police station in Sector 36 Noida, is manned by some of the most incompetent and corrupt UP police in the state. And we met two of them: an entry level SI, Ajit Saxena who called himself the I/O for our case and his boss, Inspector Lakshman Verma, who declared himself the I/O for our case only last week, but had no idea what our case was all about! These guys have no qualms about lying through their teeth or playing down the relevance of evidence presented, or simply twist facts to suit their narrative or even worse, to please the criminals and accused parties. This inspector had the gall to suggest that we should now ask for some other agency to investigate our case because they had no idea what to do. We told him to give that to us in writing, he refused. The man even tried to intimidate us with statements like "we know what you did...!" etc. Wonder how the UP government manages to appoint these kind if individuals in such positions!

SI Ajit Saxena took his incompetence to an entirely new dimension by saying that if anyone hacks your websites and plants malware and backlinks to their own website, it does not quantify as evidence and does not mean they actually did it! It was rather unbelievable and more so, because they were saying all of this in front of an SP level officer!

Any hope of the UP "cyber" police acting against the criminals is now fast receding in spite of our best efforts. But if we could follow up on this for 18 months, we can do it for another whatever it takes. We wonder what the next meeting (if it happens) will be like.  Cybercrime investigation in Uttar Pradesh is a sad joke.

UPDATE ON 24rd MAY 2023

Yesterday, we were in a meeting with a SP level police officer in the UP cyber crime department in Noida. The I/O was summoned to provide his update. Strangely, in the two months that our case was in Sector 36, cyber police station, the SHO of that PS, Rita Yadav had introduced SI Ajit Saxena as the I/O. Then abruptly, everything changed and she told us last week that Inspector Lakshman Verma was the "actual" I/O.

Now, this SI Ajit Saxena, with his zero tech knowledge was openly supporting the criminals and trying to cover up for them, Inspector Lakshman Verma has no clue about the case because he was never ever involved in any investigation or discussion. That man actually dared us to "solve" this case ourselves or ask for a different agency to investigate it! He had no idea that I had solved this case 1.5 years ago, and shared all the details plus evidence with literally all police officers in Noida. 

Below is the summary of this crime which was actually a Negative SEO Attack on us. But they did not do anything about it. Now that we have given them the solution to this crime, we now demand that the accused and his acomplices be arrested without any further delay and damages recovered.

Tekzilver's Report on FIR0432 of 20 July 2022

HOW TO READ AN APACHE WEB SERVER ACCESS LOG FILE?

Actually, we fould a nice video on how to read an Apache web server access log file.  This will be required for anyone investigating this case, or anybody who needs to read and understand an Apache log file.

UPDATE ON 26 MAY 2023. NEW FIR NUMBER

Another long trip to the PS. We got to know today that our FIR (0432/22) now has a new number, which is: 15/2023. We have to contact SI Bhagwan Singh again on Monday, 29 May 2023.

UPDATE ON 03 Jun 2023 

During one of our conversations with ACP Jitender Singh (who was sent by Cert-in), he had asked us to contact Addl. SP Cyber Crime, K.K. Saroj. His office was in sector 82, Noida & we met him on 22 May 2023. The man put us in touch with one SI Bhagwan Singh. After spending the entire week explaining the case to SI Bhagwan Singh, he wanted to continue following week, as we were heading into the weekend. Then, when we called him on Monday, 29th May, he said he was in a training  in Delhi for the next three days and we had to contact him on Friday, 2nd Jun 2023.  

We decided to continue pursuing this case through other channels. We will continue reaching out to other individuals as necessary. We just have to find that ONE elusive honest police officer, in the huge  UP police force of over 2.50 lakh individuals. It's only a matter of time. 

When we called him on Friday, he said we had to contact the same set of folks in sector 36, Noida! During all this time, Addl. SP Saroj could not be contacted on his phone. From our interactions with these cops, we could sense that the direction to send the case back to sector 36 could only have come from Addl. SP Saroj and SI Bhagwan Singh simply had to carry out his orders. Such low level behaviour from individuals in reasonably high offices in the IPS in Uttar Pradesh was not a surprise anymore. These guys have all been the same so far, no matter which level you contacted them at and for some reason, they have simply refused to investigate the case even when the solution and evidence were handed over to them on a platter.

ANOTHER CRIMINAL ENTERPRISE IS BORN-SSSI ONLINE TUTORING SERVICE, NOIDA. BEWARE

Criminal Venture SSSI Online Tutoring Service, Noida

Meanwhile, we got to know from our sources that there was trouble brewing between the two crooks, Sudhanshu Sharma and Budhesh Chopra at Digiversal Consultants, Noida, with each of them trying to grab as many money sites as possible. Budhesh Chopra apparently kicked out Sudhanshu  Sharma and opened a new company and a new office in Noida called "SSSI Online Tutoring Service" which was some "Unit of Simran Shri Shri International".  Wonder what they are going to tutor people at? How to commit a crime and get away with it? Or how to hoodwink the UP police? Or how to dump your partner after you make enough money?

The other crook, Sudhanshu Sharma branched out into selling some Ayurveda products through his spouse. Well, this is what happens to criminals and criminal enterprises. These guys try to make money as fast as possible and don't hesitate to stab each other in their backs.

In between all of these, monkeys like Brijendra Sial of Bullten Hosting Solutions, Indore will try to get business from both these companies to run their black-hat SEO business. And, without realizing it, their poor employees will be getting deeper and deeper into criminal activities. What will happen to them when the long arm of the law eventually catches up with their bosses? Party in jail!

UPDATE ON 18 SEP 2023

No update about the malware sample the UP police had sent to FSL Lucknow in December '22/January '23. No progress in the "investigation". The "cyber" cops are yet to understand what exactly they're investigating. We might have more on this at a later point of time. Meanwhile, these crooks started a DDoS attack on one of our websites on the night of 8 Sep 2023. 

UPDATE ON 08 OCT 2023

So here were are, logging our experiences with the UP police/UP "cyber" police. In a few days, it will be exactly 2 years since we faced that cyber attack and filed a complaint with the UP police. Surprisingly, they've done nothing till date other than writing to our erstwhile hosting services provider, Godaddy. The reason was clear: the entire UP so-called "cyber" cops are simply computer illiterate. This should immediately raise red flags about the kind of training that is being provided to these cops by CERT-in. But, this is India, and more specifically, Uttar Pradesh where nobody bothers about anything. It's always "chalta hai"!

As far as we are concerned, we are trying to understand what kind of cyber security is being provided by the BJP's UP government, under the incumbent CM Yogi Adityanath , with people with zero idea of computers? This government and the entire police administration are only taking the public for a ride by setting up "cyber" police stations but filling them with incompetent, untrained and worse, computer-illiterate people. For us, this is nothing short of a scam by the police and the UP govt. It is their responsibility to hire competent people and provide adequate security to all in the state, but they have clearly failed. We will hold all these people accountable in court, sooner rather than later.

Note: Do you want to get in touch with us? Drop us an email at [email protected].

This is the story of the cyber attack on Tekzilver.com and other websites owned by us. We tracked down the cyber criminals to a Noida (Uttar Pradesh, India) based criminal enterprise called M/S Digiversal Consultants, run by two individuals, Budhesh Chopra and Sudhanshu Sharma. These guys apparently somehow managed to hack into our websites which were ALL hosted with Godaddy. They hit 12 of our websites, injected malware, generated junk pages, parameterized urls etc. AND being the brilliant cyber crooks they were, they even left backlinks to their own website (which called assignmentshelplite.com), which was almost like these two "gentlemen" literally left behind their business card and we tracked them down in no time! This story took a weird twist later in the course of our investigation when we found out that these hacking events were all a part of what has been going on at Godaddy since 2019! It turns out that cyber criminals had gained access to Godaddy's hosting servers and were carrying out their nefarious activities almost at will. Hacking incidents at Godaddy's hosting servers were reported even until as recently as December 2022. Why? How? We don't know at this time. But we hope to have the answers soon.

20 April 2023: It looks like we now have the answers to the "why" and "how" questions we were asking earlier: from our own research so far, we have more than good reason to believe that our websites were hacked by the owners of Digiversal Consultants, Noida who pursued black-hat SEO techniques through Brijendra Sial, owner of Bullten Hosting (Bullten.com), Indore. Almost all the IP addresses we identified  in our access logs have been reported for hacking, phishing, port-scanning and other malicious activies since 2021 in AbuseIPdb.

This article has been updated in September 2023. We will keep updating this story as it progresses. Please note, the designations of some of the UP police officers could have changed since the time we have mentioned them in this article.