Identification of Fraud
China, Ukraine, Kazakhstan
The client had noticed several anomalies in a large acquisition by a significant technology company in China. The belief was that the acquisition was a related party transaction, and that the basis of the deal was fraudulent, even though no such relationships had been declared by either party prior to the acquisition. As such, Black Cube was retained to identify any fraud in the transaction and/or any previously undeclared relationships.
‘The Great Firewall of China’ has made internet-based communication in China difficult, but has had the unintended effect of creating a vibrant community of political dissidents, watchdogs, activists, and journalists in the deep web, who communicate via hidden darknets. This community, unique in its size in China, possesses a wealth of information and knowledge, but is notoriously difficult to penetrate.
In order to overcome this obstacle, Black Cube began with a comprehensive open source investigation, including a search of all relevant company databases in the People’s Republic of China. The investigation also looked into limited access databases that on-the ground associates and contacts in China were able to access, in order to identify the basic structure of the target company and the key players in the company’s operations.
From this, Black Cube were able to map all of the key players’ associations, and to reveal hidden relationships and indicators of undeclared motivations, particularly on the part of the primary shareholder of the acquiring company, who had many undisclosed ties to the acquired company. Furthermore, there were several indicators of fraud on the part of the acquiring company’s primary shareholder.
Using long-established deep web identities and advanced social engineering capabilities, Black Cube were able to reach, recruit and verify several well-placed sources, who claimed to hold relevant information in this case. Two of these sources were able to return verifiable information to Black Cube regarding the fraudulent activity in the target company - including legally obtained company documents which showed that the aforementioned shareholder was using the acquired company as a ‘personal bank account’. The documents also showed that there was a pattern of abuse of employees of a subsidiary company operating in Eastern Europe, and withholding of wages led by the shareholder, as well as evidence of tax evasion, and evidence that the major shareholder was hiding company holdings under the names of family members and close associates.