With the arrest of three persons involved in hacking and unauthorized access to competitive exams conducted online, the intelligence fusion and strategic operations (IFSO) Unit of Special Cell has busted an organized module. The three arrested persons, which include the masterminds from Ahmedabad, Gujarat and the technical expert, who used to work as solver from Delhi.

The Online Certification is being offered by a large number of companies regarding various courses which the job aspirants need to get good placements. The utility of online examination had seen a spurt after the outburst of COVID-19 and the closure of educational institutes during the lock-down.

IT companies select candidates through certifications

These certifications are being provided by various reputed organisations in various fields, like CISCO Certifications, CompTIA Certifications, EC- Council certifications, which play a crucial role in the selection and pay grade of a candidate in IT as well in other industries. The score achieved in these competitive exams charts out the career progress of these IT experts in their professional world.

The institutions which get the online tests conducted undertake various steps to safeguard the overall sanctity of the examination. Artificial intelligence is deployed to keep a check and balance on the pupil movement of the candidate.

In this way, the institution ensures that the exam is being attempted only by the candidate himself and no outside help is being taken. IFSO received information from a reliable source that several services are available on the Dark Web in which some hackers claim to hack and get the desired score through their access to the device used by the examinee. They charge hefty amounts from the aspirants for the same.

Gang’s Modus operandi

A decoy was arranged to crack a deal for an online certification exam. The decoy generated the requirement for the CompTIA A+ Certification (Core1) examination. The hacker was contacted over VoIP communication and the desired sum of money was transferred to the account provided by the alleged person.

The alleged person asked the decoy candidate to download a Software Iperius Remote through which he gained control of the participant’s laptop and attempted the exam on October 25. The decoy candidate was declared passed in the exam with a score of 736. This decoy deal has established that online certification exams are being manipulated by hacking and, accordingly, a case was registered in a Special Cell under appropriate sections of law and an investigation was taken up.

During the investigation, the phone number, bank account and internet usage of the alleged person was tracked to Ahmedabad and he was identified as D. Shah, who was arrested from Ahmedabad, Gujarat on November 24. His mobile phone and laptop were seized.

Accused assured 100 per cent guarantee to candidates

The father of the accused owns an institute by the name of Grass Solutions in Ahmedabad for Providing IT Courses. After detailed interrogation and analysis of the devices of the accused Shah, it was found that his father R. Kumar was also involved in this racket and the duo was assuring a 100% guarantee to candidates for getting online certification exams cleared against consideration.

It was found that through the Training Center at Ahmedabad and Gujarat, they approached those applicants who want to get these certifications without having the required knowledge and skills for the domain.

Professional hired for running the racket

They assured them to get the desired score and for that, they charged money. It was revealed by the duo that for attempting the exam they had further hired one professional, A. Allam, a resident of Shaheen Bagh, Delhi, who hacked the sites of the various exams such as Amazon Web Services (AWS), Azure, Comptia A+, PMP, CISM, CEH(Cyber Ethical Hacking), etc by getting remote access with the help of apps.

The online certification exams of the candidates were cleared through this exam solver, A. Alam, who attempted the exam remotely after getting access of the laptop/PC of the candidate, which is extended to him remotely through the internet. The father of accused D. Shah was also arrested on November 25.

Accused holds top-level IT certifications in networking

It was further learnt that Alam owns a centre by the name of 7networkservices in Noida. Further analysis shows that Alam used to work with the same MO. He contacts aspirants through various modes like WhatsApp, Telegram or from his institute and attempts various certification exams by hacking into the secure modes of certification procedures. A.

Alam holds top-level IT certifications in networking, is Cisco CCNP certified, has more than twelve years of experience as a top-class Network Implementation and Design Engineer. Alam was expertised in understanding, developing and reverse engineering core complex software as well as hardware. Alam runs seven Network Services which trains students for top IT certifications to get placed in top IT companies and provides services for installation and configuration of network devices like firewall, routers, etc, along with routing protocols like EIGRP, OSPF, BGP, ODR, VTP etc.

Company also runs a YouTube channel

The company also runs a YouTube channel that is focused on to-the-date latest configuration and implementation of core networking components. Alam also provides 100% passing assurance to students on top IT certifications. From the investigation conducted so far, it has been revealed that they had facilitated/bypassed more than 200 aspirants in attempting such online competitive examinations.

What did the confession reveal?

The interrogation of the accused and the investigation conducted has revealed the methods used by them. First, they used to ask the candidate to download remote access software like ultra-viewer, Anydesk, Iperius Remote etc.

Using the remote desktop, they used to install various software into the client system which was not being detected by the security software of the exam conducting company. To evade detection from the Proctor or other checks and balances, the institutes used the software, which can disguise as the genuine operating system process/files. They were able to view the screen of the candidate and they could control the device using this software. Then the exam was attempted by any domain expert as per the requirements and the desired score.