Background and Timeline: The Cyber Centre of Excellence of CID Crime, Gandhinagar, executed a targeted crackdown on Tuesday, January 27, 2026, to dismantle a burgeoning “Cybercrime-as-a-Service” (CaaS) hub. The operation was initiated following a multi-month technical analysis of digital trails left by various extortion and phishing syndicates across Gujarat. Investigators successfully pinpointed the backend infrastructure to a residential area in Gwalior, Madhya Pradesh, leading to coordinated raids and the seizure of critical hardware.

Modus Operandi: The accused operated as service providers for other fraudsters, running at least seven websites hosted on foreign servers to bypass domestic verification and tracking mechanisms. They utilized specialized Telegram channels to supply virtual mobile numbers and one-time passwords (OTPs) to international syndicates, enabling anonymous cyber offenses. This CaaS model mirrors legitimate B2B business structures, providing the essential technical infrastructure for novices to execute large-scale threat calls and online cheating.

Victims and Financial Impact: Analysis of seized banking and digital records revealed that the duo facilitated transactions totaling ₹17.54 lakh through domestic Indian bank accounts within a short period. Furthermore, they managed the siphoning of approximately ₹20 lakh in USDT (cryptocurrency) to obscure the final movement of illicit funds to overseas handlers. The infrastructure supported numerous victims of e-commerce fraud and digital extortion campaigns across India and abroad.

Investigation and Agencies Involved: The Cyber Centre of Excellence of CID Crime, Gandhinagar, led the investigation with critical support from state-level technical intelligence units. The team utilized data from the National Cybercrime Reporting Portal (NCRP) to map the recurring virtual numbers back to the Gwalior-based service providers. Madhya Pradesh police assisted in the local execution of the arrests once the technical surveillance successfully identified the suspects’ physical hideouts.

Arrests and Suspects: Two suspects, identified as Abdesh Singh and Shivam Rawat, were arrested from Gwalior and brought to Gujarat for further legal proceedings. Both individuals allegedly managed the two primary websites used to sell virtual credentials and temporary identities to transnational scam cartels. Authorities are now interrogating the duo to unmask the identity of the “client” syndicates who purchased their services for mass-scale financial crimes.

Broader Implications and Trends: This case highlights a transition toward a highly specialized, modular cybercrime industry where technical skills are sold as a commodity to lower-level operators. It underscores the difficulty in taking down such networks because the infrastructure is often decentralized and hosted on non-cooperative foreign servers. Authorities emphasized that targeting the supply chain of fraud—rather than just individual cases—is now the primary strategy for disrupting national cyber threats.