Chinese-origin ponzi schemes defrauding ...

Chinese-origin ponzi schemes defrauding Pakistani and Turkish citizens

Aug 03, 2022

Disclaimer: This report has been written with a view to inform, educate and assess developments that impact public well-being. As such, it relies exclusively on open source information collected and analysed by the author while exercising the Right to Freedom of Speech as elaborated in Article 19 of the 1973 Constitution of Pakistan.

Another day, another deceptive app/ platform that deceptively presents itself as a ‘legitimate’ company for Pakistani investors. Speaking as an experienced investigator, duping ordinary Pakistanis in cyberspace is quite easy, especially if you promise big money (“profit”) for little to no effort.

Several Twitter users contacted and asked me to examine NGR Energy, a self-professed solar energy company that claims it is based in Germany and is certified by both DEKRA and the ISO. They claim your money is 'invested' into various solar energy farms operated in rural and urban areas for renewable energy.

Digital Footprints

  1. 19 September 2021: Domain for the website Lucky56789(dot)com is registered through proxy.

  2. 07 December 2021: Facebook page of 'Azure Studio', company behind NGR Energy, is created. A mobile number for correspondence is listed, which is registered in the name of a citizen hailing from Mughalpura in Lahore, Pakistan. It also mentions an email address named after one 'Kinza Ansari' (suspected to be a fake persona); the Twitter handle of 'Kinza Ansari' also promotes the number mentioned on Facebook.

  3. 08 December 2021: Azure Studio promotes the website Lucky56789(dot)com on Facebook and it gains eventual marketing promos on Twitter too.

    image

  4. 13 December 2021: Domain for the website ngr01(dot)com is registered through proxy. An archived copy of the homepage from 17 December 2021 gives a server error message in Chinese language. Another domain ngr01(dot)me is also registered on the same date.

    image

  5. 21 December 2021: A social media influencer from Khairpur Mirs, Sindh named Tasleem Ali Manglo (real name) begins promoting NGR Energy's app on Twitter through his referral code. His screenshot shows the app is hosted on a Chinese website 9pro(dot)cc. More on this later below.

  6. 24 December 2021: Azure Studio formally begins promoting NGR Energy on Facebook, in what appears to be the beta version of their app as it isn't available on Google Play Store at the time.

  7. 25 December 2021: Official page for NGR Energy is created by one of its managers in Pakistan (more on that below).

  8. 26 December 2021: Official Instagram account is launched.

  9. 29 December 2021: A new domain ngrenergy(dot)buzz is registered through proxy.

  10. 31 December 2021: An Android application for NGR Energy is published on Google Play Store. To date, it's been installed in more than 100,000 devices. The publisher's name is mentioned as "Harris O Anthony" but it doesn't lead anywhere. Their shady Privacy Policy is hosted on a free Google webpage (no official website) while emersonybh1(at)gmail(dot)com is mentioned for correspondence.

  11. 06 January 2022: A YouTube channel is setup which has accumulated more than 1,000 subscribers to date.

  12. 16 July 2022: A Facebook page originally named 'OriFlame by HiRaa' (created January 2021) was purchased and rebranded the next day. It is the actual/ 'official' page of NGR Energy.

Marketing Gimmicks

On 06 January 2022, NGR Energy's official YouTube channel published their first video, an 'explainer' showing a redheaded and bespectacled foreigner named 'Wilbert' (no surname mentioned) showing a small office space complete with a female receptionist and male models in formal wear. 'Wilbert' quickly flashes two 'certificates' before walking around toward his room, where he places three of them on the window slab behind him (archived copy here).

image image image

Regarding these 'certificates', a Twitter user sent me a DM with his scrutiny of one such document displayed behind our guy 'Wilbert'. You can see C-grade forgery yourself, exhibiting clear lack of sophistication:

image

I present some other 'certificates' with my scrutiny marked in red below:

image

Here's one fancy (but forged) certificate allegedly issued by Poland's Air Force Institute for Technology. In reality, this Polish institute is only accredited for certification under AC 021, not AC 020.

image

Some more:

image

image

Representatives in Pakistan

A Facebook profile 'Host Mirza' added bio information, claiming to be the Owner/ Founder of NGR Energy. The profile began marketing the page in Facebook Groups. Mirza claims he started the 'studio' in Islamabad in the year 2014, a claim repeated in one of NGR Energy's promo videos published in July 2022.image image

Another stakeholder in Azure Studio was discovered, named Bilal Malik, who calls himself a 'Financial Adviser'. His Facebook profile's cover photo has the logo of Azure Studio with the slogan "Born to hustle" (I kid you not):

image

Bilal created the first official Facebook page for NGR Energy (25 December 2021) and his LinkTree account is branded with the company name.

There may be some other (yet unidentified) persons involved as front-men for NGR Energy in Pakistan.

9Pro.cc Website

image

It is owned by idaxian(dot)cc (see website footer). The latter has an ICP (Internet Content Provider) Number 17007599 dated 15 December 2019. Its parent company is Shanxi Whale Cloud Network Technology Co., Ltd. (see records here).

Shanxi Whale Cloud Network Technology Co., Ltd. was established in 17 September 2017 and has a registered presence in Yuncheng City of Shanxi Province. Its legal representative is Feng Jie, whose LinkedIn profile also lists him as a General Manager; Dong Xiaoyi is mentioned as a capital investor. Another identified associate is Zhang Zhenquan, who calls himself a Manager at the company.

I tried to identify all pages on the 9pro(dot)cc website, which led me to another app called 'SolarVoltaik'. This app has the exact same features, interface and design of NGR Energy but in the Turkish language. The app debuted on Google Play Store on 25 January 2022, a day after it appeared on 9pro(dot)cc. It has already been installed in more than 50,000 devices to date.

9pro(dot)cc is the common host platform for NGR Energy and SolarVoltaik apps, even before they emerged on Google Play Store.

Here's a sample of NGR Energy's app interface:

image

The image below shows the interface for SolarVoltaik:

image

SolarVoltaik's developer details on Play Store mention a randomly-named Gmail address [catherinehorace58(at)gmail(dot)com], similar to NGR Energy. However, its 'Privacy Policy' is hosted on their own website, which is currently offline. SolarVoltaik is linked to two domains namely sv01(dot)cc (registered on 07 December 2021) and solarvoltaik(dot)me (registered on 08 December 2021).

Is it a coincidence these domains were registered around the same time as those for NGR Energy?

The first domain [sv01(dot)cc] was registered through Key-Systems GmbH of Germany. On 04 March 2022, SolarVoltaik registered yet another domain name solarvoltaik(dot)co. This new website mentioned the same address as NGR Energy before it was deactivated i.e. Building 1 in Tulpenfeld.

image

Tulpenfeld or 'Alliance Buildings on the Tulip Field' in Germany is a group of buildings in the Federal District of Bonn, Germany. Once upon a time, the buildings housed officers of the German government including parliamentarians. Today, the main 18-storey building is headquarters of Germany's Federal Network Agency for Electricity, Gas, Telecommunications, Post and Railways or the Federal Network Agency (BNetzA). Other important offices in the premises include the German Institute of Development and Sustainability (IDOS) in Building 6.

There is no mention of NGR Energy or SolarVoltaik in any of the German business records, let alone in an office in Tulpenfeld.

Dissection of NGR Energy's Websites

I opened the cached version of ngr01(dot)me and discovered the following in its source code:

  • Homepage is titled "Smart Gulf Solar" which is a registered firm in the UAE (more on this later below)

  • Several images are directly sourced from the Smart Gulf Solar website

Next I opened the cached version of ngr01(dot)com and discovered the following in its source code:

  • Presence of multiple words in Mandarin Chinese, such as "有效期7天" meaning "Valid for 7 days" (added along side the username and password fields)

  • Inclusion of Chinese iconfonts

When I opened the cached version of ngrenergy(dot)buzz, I noted similar observations as mentioned for ngr01(dot)com.

What is Smart Gulf Solar?

Summary of known details:

  • Apparently established in 2005 with an office in Damac Executive Heights, Dubai, UAE

  • Led by one Mahmood Alsadi since 2011

  • Facebook page was setup in 2016

The company appears legitimate, and I personally suspect their website design codes were used without authorisation by the people behind NGR Energy (Pakistan) and SolarVoltaik (Turkey). There's still a remote possibility that Smart Gulf Solar (UAE) is part of the nexus, but the reason I doubt this is the company's abstention from seeking public investments.

You can compare the websites for similarity: The Smart Gulf Solar (UAE) website mentions site designer name mozom-1(dot)com in the footer while NGR Energy's website removes it during replication.

Ponzi scheme?

NGR Energy works on the referral model, similar to many ponzi schemes that promise bonuses and rewards if more people join using your code. Some examples below:image

image

image

NGR Energy's integration with OKX

NGR Energy made videos encouraging its users to create and link their OKX account with it. One such video details the binding process.

OKX is a cryptocurrency exchange and derivates exchange founded by Chinese entrepreneur Mingxing Xu alias Star Xu. It was headquartered in Beijing, China before being banned by regulators from mainland China altogether. Xu was arrested on multiple occasions, including for fraud in 2018 and again in 2020 (source). The company now operates from Malta and Seychelles.

Assessment

Based on the extensive findings shared above, the following is a personal assessment:

  • NGR Energy (Pakistan) and SolarVoltaik (Turkey) are patronised/ owned by one or more Chinese business persons operating in private capacity. These are a new form of white label apps

  • Ownership of NGR Energy (Pakistan) and SolarVoltaik (Turkey) is common

  • Shanxi Whale Cloud Network Technology Co., Ltd. which operates 9pro(dot)cc might only be hosting both apps on its websites. However, its preferred usage suggests linkages with app developers that need further scrutiny

  • NGR Energy (Pakistan) and SolarVoltaik (Turkey) are not-so-sophisticated ponzi schemes that employ front-men in both countries and even hire white models as 'executives'

  • NGR Energy and SolarVoltaik are neither registered, nor are they accredited by any international certification body

What can be done?

  • The governments of Pakistan and Turkey can work together to take down both apps from Google Play Store and place a ban on the website 9pro(dot)cc. Both countries should also determine whether cash flow was involved between and among accounts associated with NGR Energy and SolarVoltaik

  • Filing of fraud proceedings against NGR Energy and SolarVoltaik representatives in Pakistan and Turkey by respective governments

  • Patrons/ managers of NGR Energy and SolarVoltaik should be identified and blacklisted in both countries. The Government of China should be contacted for necessary law enforcement assistance against patrons or runtime managers of both apps

  • Government of Pakistan should blacklist Azure Studio, which claims to have an office in Blue Area, Islamabad

  • The Embassy of Germany in Pakistan can initiate its own proceedings into the misuse of Tulpenfeld's name and that of DEKRA by NGR Energy's managers in Pakistan

  • The Embassy of Poland in Pakistan can also initiate proceedings into misuse of Air Force Institute for Technology's name for forged certifications by NGR Energy

  • Access to OKX app and associated platforms should be restricted in both countries, especially for Pakistan in view of compliance obligations toward FATF

  • YouTube channels promoting both apps should be reported for deception and facilitation of fraud by authorities in respective countries; imposition of financial penalties should be imposed upon sponsored influencers marketing them

Some may argue that mere presence of Chinese characters in website source codes or 9pro(dot)cc isn't substantial enough to proffer that these ponzi schemes are of Chinese origin. That is why it is imperative that necessary investigations be derived from accumulated OSINT. We've already confirmed that loan shark apps ("NBFCs") like Barwaqt, AiCash, PK Loan etc are operated by Chinese business persons using local front-men in Pakistan.

Ideally, as a long-term measure, the Government of Pakistan (and perhaps their Turkish counterpart) can write to Google and request that stringent evaluation protocols be followed before allowing dubious apps to flourish on Play Store in the future.

If you appreciate the effort I put into this report, you can support me by buying me a cup of coffee. Supporters will get early (and in some cases permanently exclusive) access to future reports.

Vous aimez cette publication ?

Achetez un livre à Zaki Khalid

Plus de Zaki Khalid