Over the past few weeks, Noti.Group uncovered the operation of an lnternational organized crime group that manages cloned internet websites of legitimate banks and fake customer service websites to perform phishing activities against its victims, four cloned or illegal financial intermediaries and forex brokers, an Illuminati group that offers financial freedom in exchange for a subscription fee, the illegal sale of private and government databases as well as a network of websites designed to carry out identity theft, with a level of detail never seen before. These obscure facts provide us a window into the internal workings of a criminal group with international coverage.
A source provided Noti.Group’s investigative team with unprecedented access to an ongoing investigation of entities operating behind the scenes, creating a world that seeks to separate their victims from their money, who unwillingly and without suspicion provide their documents, credit cards and their personal data on sites that at first glance seem legitimate.
Today we are going to dig deeper into the activities of this criminal group that manages multiple extortion and defamation schemes against public figures, we will explore the use given to some of the stolen data in order to better understand their modus operandi and get a glimpse into a world that we rarely have access to.
Extortion against Public Figures.
The Noti.Group investigation team was able to review dozens of illegal websites being investigated by authorities and controlled by the criminal group, we previously reported a website specifically related with a fake “fan club” of the Mexican singer “Thalia” which was built to appear legitimate with similar graphic design, sections of the code and various details that were copied from the official Thalia’s website.
The website was specifically designed to mislead fans into registering into what is an apparent elaborated phishing scheme while appearing to be the legitimate fan club.
The U.S. Federal Trade Commission issued a warning regarding scammers impersonating Artists in social media, previusly the Australian Competition and Consumer Comission also issued a similar notice warning Australian consumers to be wary of these activities.
Among the extorsion sites that are part of the investigation, our team found other six additional websites related with the fan club that were designed for extortion and defamation activities specifically directed against Mexican Entrepreneur and Activist Teodoro Ernesto Lavin Sodi one of the Artist’s nephews with residence in Mexico City.
The sites were quickly taken down shortly after we published our article Phishing, Extortion and Defamation, however Noti.Group was able to obtain electronic copies of its content in cooperation with authorities close to the case.
Following the money trail.
According to the investigation documents, the sites were hosted in two different groups of servers in Hosts mainly doing business with bitcoin, trading under the names of Bitcoin Webhosting and Domains4Bitcoins. In our previous investigation we uncovered how these entities operate and we delved into more than 54 sites hosted in both locations all engaging in criminal activities.
Noti.Group found that the seven related domains were all linked by transactions made in Bitcoin and by the digital fingerprint found on the images used.
According to the investigation, the sites were deployed in two distinct dates ( June 6th and 7th 2018 and in October 2020) using different providers with independent Bitcoin transfers during the registration process as to try to obscure the origin of the funds.
The first batch of sites investigated include the domains http://denunciasmexico.com, http://teodorolavinsodi.net, http://denunciasbancarias.net, and http://apestan.net, documents show that all of them were registered using the same computer which paid a shared subscription on a server that is controlled by a subsidiary of the company PDR Solutions (US) LLC registered in Massachusetts USA.
The company in question is the parent company of the website selling the services and is doing business as “Public Domain Registry”, the subsidiary reselling the domains and hosting the sites is a company named “75 Global LLC”, which sold the websites using their e-commerce site https://www.domains4bitcoins.com/ which as their name suggests only accepts bitcoins for payment, the company also provides its users with a privacy solution as to avoid the client’s data being “disclosed”. This company is included on the investigation the Trail of Illegality published by Noti.Group in recent weeks.
The sites were registered in June 2018 simulating or copying real complaint sites on the internet; the site denunciasmexico.com was registered on June 6th 2018 using a first bitcoin payment, later three other domains were registered; teodorolavinsodi.net, denunciasbancarias.net, and apestan.net, all three registered on June 7th 2018 using a second Bitcoin payment that is included in the details of the investigation.
The 2nd batch of sites investigated http://lavidadeteodorolavin.com/ http://mexicotopceo.com/ and the fraudulent fan club https://clubdefansdethalia.com/ were registered on the same day (2020-10-09), the three domains were configured for use on October 11th using the same computer and the Bitcoin Webhosting infrastructure, all three were sold by the same company with a single Bitcoin payment.
Ghost Hosting Company.
“Bitcoin Webhosting” also under investigation sells sites in exchange for various Cryptocurrencies including Bitcoin since April 25, 2013, as per our previous report the website openly allows illegal content to be hosted on their servers.
According to the information that Noti.Group had access to Bitcoin Webhosting is registered under an alias, the registration information shows an address at 1712 Pioneer Ave. St 1774 in the city of Cheyenne in the State of Wyoming and provides the telephone number that routes to a third party, Noti.Group found that the address was not in use and that the organization was in fact a branch of US based entity.
Furthermore the investigation shows that the website https://apestan.net is an apparent clone of the real site with the address https://www.apestan.com dedicated to posting and publication of comments in Spanish about complaints against cell phone operators, cable companies and local supermarkets.
Mr. Lavin Sodi’s lawyers, published three independent documents in which they condemn the use of their client’s name, clarifying that the information disclosed is false, adding that:
“there is currently no investigation against our Client” … “nor any of
[our Client’s] Companies”
Although the Entrepreneur’s press offices seems to have prioritized other activities such as the launching of an international radio station, on his official website https://teodorolavin.com Noti.Group collected documents claiming that an identity theft case against his Client was identified using a cloned Mexican voting card that was “illegally extracted from the Mexican electoral register”, which was later confirmed by Noti.Group and that according to our investigation occurred in February of 2017.
Noti.Group reported in previous articles related with criminal actions made by the same group specifically regarding the theft and illegal sale of various Mexican databases such as the whole user base of the Mexican fixed phone operator “Telmex”, we also reported the commercialization of various government databases that include; the databases of the Ministry of Finance and Public Credit or “Hacienda”, and a complete copy of the Mexico voter’s registry containing more than 87 million Mexican voters’ cards, all of which are offered for sale by the criminal group.
Mexican Government Data Breach
Noti.Group approached an Authority familiarized with the database cases which informed us that they have been tracking the use of the Electoral Databases and that the Mexican National Electoral Institute or Instituto Nacional Electoral (INE) issued in October 2018 a press release informing the public that they were acting against the illegal distribution and use of the Mexican Electoral Registry, events also covered by the local media.
In our next instalment..
We will delve into how fake customer service sites and false service policies are sold on the web, we will see unprecedented information from this criminal sphere that has created websites with the sole objective of separating you from your money.
You can read our next delivery on this subject here
We continue to receive information on regards to this case, if you have information related to the contents of this note, please contact the investigative team at Noti.Group at [email protected]
[This article may have been written with information from various sources.]
Credit: Notigroup Newsroom.