The Firm

Show Timings:

Friday: 10.30 pm, Saturday: 11.30 am

Sunday: 9:30am & 11.00pm

CNBC TV18
Network18

Corporate Hijacking!

Published on Fri, May 15,2015 | 22:16, Updated at Mon, May 18 at 23:07Source : CNBC-TV18 |   Watch Video :

Menaka Doshi: This week, The Firm investigates 3 instances of companies being taken over by absolute strangers using illegally obtained digital signatures. In March this year, 2 Mumbai based companies DDPL & Unicorn found that their directors had been replaced by 3 strangers, who were attempting a digital takeover of the companies. At stake, was a 150 acre land plot of land in Naigaon.  

DDPL Global Infrastructure and Unicorn Infra Projects are associate companies registered in Kandivali, Mumbai. Both are in the real estate business. They share the same promoter, Dharmesh Shah and the same three directors, Hemant Patil, CP Khandelwal and Sunil Sarda. On March 9, DDPL’s company secretary discovered on the MCA website that these four directors and signatories had been replaced by three strangers. Alok Mishra, Abhishek Tripathy and Zameer Shaikh.

Dharmesh Shah, Promoter & Director, DDPL & Unicorn
“Originally in DDPL and Unicorn there are four directors. Dharmesh Shah, Hemant Patil, CP Khandelwal and Mr Sunil Sarda; these are the four directors. All four were sacked and two new directors were there on the portal. The company secretary was shocked at that time. They informed me that had we changed the board or something? Immediately I told them that these things are not possible. Without board meeting all these things are not possible. There maybe some mistake, you check that thing. They checked thoroughly and they came to know that there is some fraud that had happened in the company. On that day we filed complaint at Kandivali Police Station immediately when we came to know that somebody had used forged digital signature of Mr Sunil Sarda. Using his digital signatures, they had appointed some new director which we are not aware.”

By law every company director must have a director identification number or DIN issued by the government. Each DIN is to be accompanied by a digital signature. But digital signatures can be changed. So fraudster Alok Mishra, used a fake pan card and MTNL bill to obtain a digital signature certificate on DDPL director, Sunil Sarda’s name. Mishra then replaced Sunil Sarda’s authentic digital signature on the MCA website, with this fake digital signature. Using this fake signature of Sunil Sarda, Alok Mishra then appointed himself as a DDPL director. Mishra then appointed two others to the Board - Abhishek Tripathy and Zameer Shaikh. Mishra resigned thereafter, but Tripathy and Shaikh made fraudulent filings to show that the four authentic directors of DDPL had been removed. That left only Tripathy and Shaikh on the DDPL board. The two fraudsters then attempted to increase DDPL’s share capital from Rs 5 cr to Rs 45 cr.  

Dharmesh Shah, Promoter & Director, DDPL & Unicorn
“First of all these people had obtained forged digital signatures of Sunil Sarda. After that they had shown that there were board meetings held in my office, this office only, which had never happened. And they appointed one director; Alok Mishra. He had been appointed by Sunil Sarda using his fraudulent signature. After that these gentlemen again, Alok Mishra had appointed two new directors on the board, by conducting one more board meeting in this office only. Unknown to us.

Doshi: Did you know them? Was this a dispute over the land? Maybe that’s why they attempted this?

Dharmesh Shah, Promoter & Director, DDPL & Unicorn
“We are holding 99 percent equity in one of the company and other company we are holding 97 percent equity. There are no outside persons. In 99 and 97 percent equity when we are holding and somebody wants to deprive our rights or wants to take some control on the property by doing all this forged documents or wants to create third party rights or whatever in their mind.”

Doshi: What do you think they were trying to do, because even after you filed a police complaint you found that they were attempting to increase your authorised share capital from Rs 5 crore to Rs 45 crore, and allot themselves extra shares..

Dharmesh Shah, Promoter & Director, DDPL & Unicorn
“I understand that these people must be having an eye on the property because it is a very lucrative project. Just now we got the award that this is the best upcoming project of the year, township project of the year.”

The same modus operandi was also used to hijack DDPL’s associate company, Unicorn Infraprojects.  

Dharmesh Shah, Promoter & Director, DDPL & Unicorn
“What I understand that two or three or five people cannot work or they cannot do these things up to this level. Company secretaries are definitely involved because all these forms are getting filed by company secretaries, and wherever these people had filed that is E-Mudhra, E-Mudhra is also there. I understand there is a complete combination of all these people and they have done everything.”  

Ashish Parwani, Partner, Rajani Singhania & Partners (Lawyer to DDPL & Unicorn)
“We also went immediately to Bombay High Court, filed the case, we went to Registrar of Companies (ROC), filed a complaint out there, told them that all the filings should be blocked immediately. Thankfully, even Ministry of Corporate Affairs (MCA), regional director of ROC helped us. Immediately they blocked these sites. We went to Bombay High Court, immediately moved the matter we served the mother site. Thankfully Justice Patel immediately understood the gravity of this matter, gave the restraining order immediately.”

Doshi: What progress has been made by the Cyber Crime Cell?

Dharmesh Shah, Promoter & Director, DDPL & Unicorn
“Cyber crime had done investigation at Delhi. Cyber crime met Zameer Shaik…they are doing the needful, they are saying it will take much time I understand.”  

Doshi: But no one has been apprehended as yet?

Dharmesh Shah, Promoter & Director, DDPL & Unicorn
“No.”

Doshi: Did this incident scare you?

Dharmesh Shah, Promoter & Director, DDPL & Unicorn
"Definitely, yes. I understand that I have to go into the all old system of partnership firm. Why I have to go in this digital world? It is better to be in the old way of books of accounts and all that things, Panditji used to do everything on books. It is better to go on that fashion only. Because of these digital things, things are difficult for me today.”
 
Just a few months before DDPL and Unicorn were being hijacked, not far away, in Bandra, another company was also a victim of a clandestine and illicit takeover.

The Sheth family incorporated Maneklal Mansukhbhai Private Limited or MMPL in 1923. In 1934, MMPL acquired a 13,233 square meter property in Bandra. Over the years, the property was tenanted and then a redevelopment agreement signed. In January this year, MMPL’s two shareholders, who were also its only two directors, were shocked to find that a complete stranger claimed to have acquired MMPL’s Bandra property. On further investigation, MMPL’s two owners found that they had been replaced by an Ajay Harinath Singh who now owned 96 percent of the company.

A series of filings all made in December, 2014 show an influx of new directors and the company’s registered office, which has been in Kalbadevi for decades, was shown as shifted to Kandivali and then to Andheri East. These fraudulent filings made in December, 2014 were facilitated by a fake affidavit and a fake digital signature of Rajendrakumar Sheth, a former director of MMPL who had in fact died in 2010.  

This case too of the corporate hijacking of Maneklal Mansukhbhai Private Limited or MMPL as we have been calling it, landed up in the courtroom of Justice Gautam Patel. In his order he said and I quote, “The fact that this is the third such case in less than a month in itself, should alert the Ministry of Corporate Affairs and the Registrar of Companies to the clear and present danger posed by the present e-filing practices, requirements and protocols to the entire corporate sector. Not a single corporate entity in any sector is today safe from these marauders. All of this is entirely because of slipshod, ill-conceived, ill-informed and indifferent approach to digital security.”

A digital signature serves as identity confirmation in digital communication and transactions. The Information Technology Act, 2000 legitimised the use of digital signatures in India. It provides that certifying authorities issue digital signature certificates under the supervision of the Controller of Certifying Authorities, the CCA. The six certifying authorities in India, including e-Mudhra, all issue three classes of personal digital signature certificates. Class 1 has the lowest security standard and is often used to secure e-mail messages. Class 2 has a higher standard of verification, it requires identity and address proofs and Class 3 offers the highest security due to physical verification of the applicant.

The Ministry of Corporate Affairs mandates e-filing for all companies and accepts Class 2 certificates for all such corporate filings. V Srinivasan, the Chairman of certifying authority, e-Mudhra says, with the increase in the use of digital signatures, security standards have also evolved.  

V Srinivasan, Founder Chairman, eMudhra (the certifying agency that issued digital signatures in the DDPL, Unicorn & MMPL cases)
“If you see up to 2013, just based on a scanned copy of the application and scanned copy of the KYC documents certifying authority can issue a digital signature, so that was the position. Then around 2013 third quarter or fourth quarter, they revised the guidelines and said that just based on scanned copy it should not be issued, you have to receive the physical copy of the application and also a Xerox copy duly physically signed by the applicant and also attested by the appropriate person. That has to be received in the office of the certifying authority before issuance of digital signature.”  

Currently a Class 2 digital signature certificate can be obtained by providing attested copies of a government issued photo identification and address proof. The certifying authority is not required to check originals or physically verify the identity of the applicant and that made it very easy for the fraudsters hijacking DDPL and Unicorn to obtain a digital signature certificate for the company’s authentic director, Sunil Sarda.  

Dharmesh Shah, Promoter & Director, DDPL & Unicorn (Showing fraudulent documents) “Billing date is of Jan 31, 2014 and the bill date is Jan 31, 2015, after one year! What certification this Company Secretary had done and what this agency had done. Next the photograph of Sunil Sarda has been changed, signatures are completely different.”
 
Doshi: They have given a fictitious pan card of Sunil Sarda.

Dharmesh Shah, Promoter & Director, DDPL & Unicorn
“Yes! As well as on this telephone bill, the address is of Mr. Sunil Sarda, but the photograph is something else, phone number is something else, email id is fake.”
 
V Srinivasan, Founder Chairman, eMudhra (the certifying agency that issued digital signatures in the DDPL, Unicorn & MMPL cases)
“Generally in verification as per guideline what needs to be verified, only the address of the applicant has to be verified and the other thing we have to ensure is that the bill is not three months old, so for that what is verified is the bill date. Everyday when you see some 2,000-10,000 certificates are being issued, the clerical person who is at the verification desk what he does is he routinely verifies the address and routinely verifies the date of the bill and ensures that it is not more than 3 months old.”  

Rahul Matthan, Partner & Head – TMT Practice, Trilegal
“The purpose of the certifying authority is to certify, that the person who is applying for digital signature is actually the person he purports to be in the context of the telephone bill that he uses, the address proof that he gives and things like that. I don't think it is acceptable for the certifying authority to rubber stamp a digital signature because that would completely defeat the purpose.”
 
The fraudsters at Maneklal Mansukhbhai Private Limited (MMPL) were able to reappoint former director Rajendrakumar Sheth and obtain a fake digital signature on his name in December, 2014, even though he died in 2010.  

V Srinivasan, Founder Chairman, eMudhra (the certifying agency that issued digital signatures in the DDPL, Unicorn & MMPL cases)
“We won’t know that the person is dead as long as the pan card is there and in the pan card there is no validity date for the pan card, there is no provision every two year you have to take a new pan card. So if his pan card, what he has taken in 2010, is available with somebody and on his address some bill is coming then what we are verifying is only the copy of the pan card and copy of the bill. So that is why there is no way for us to know that the person is dead or not.”   

Rahul Matthan, Partner & Head – TMT Practice, Trilegal
“The process of verifying of whether a person is dead or alive would be in many ways like looking for a needle in a haystack. Once we have a more robust national identity which is linked to the registrar for births and deaths things like that it may be possible. However, today I would say it is very difficult for anyone to go to a single registry and check to see if this person is alive or dead.”
 
Having dealt with three instances of corporate hijacking in as many months, Justice Gautam Patel of the Bombay High Court observes that “There is a storm coming and unless the Ministries of Corporate Affairs and of Information Technology batten these digital security hatches immediately, there will be a catastrophe.”

Some 90 lakh digital signature certificates have been issued in India so far, 25 lakh in the last year alone. A few cases of fraud may seem inevitable as in any other system but there is no denying that verification standards need to be tightened for digital signature certificates.

New guidelines issued in April this year propose that for all digital signature certificates, the PAN number, email address and mobile number provided on the application be verified and that attestation of documents be done by a Gazetted officer, Bank Manager or Post Master.

V Srinivasan, Founder Chairman, eMudhra (the certifying agency that issued digital signatures in the DDPL, Unicorn & MMPL cases)
“They say the attestation has to be done by only certain authorities and they should also mention their name and telephone number and address before the attestation. That will ensure that some amount of accountability is there on the attestation. Then one more thing what they are bringing is the certifying authority has to call the other people, the applicant on the cell phone and then ask some few, five or six questions which are there in the form, so that the person who is concerned, once that is verified, then only the certificate, even class two can be issued.”

Rahul Matthan, Partner & Head – TMT Practice, Trilegal
“We have got the best identity system in the world right now in this country and that is the Aadhar system. It uses 10-finger biometrics and iris and that is very difficult to duplicate or replicate. If you want, you could link the entire DIN and digital signature certificate (DSC) system to the Aadhar for identity. But of course the challenge with that is that foreign directors do not have access to Aadhar and it could be cumbersome. A middle path would be to use more effective notorial services.”

The Mumbai office of the Registrar of Companies refused to comment on these cases of corporate hijacking. But the hijackers have demonstrated how easy it is to replace legitimate digital signatures on the MCA website with fakes and use fraudulent filings to take over a company.

V Srinivasan, Founder Chairman, eMudhra (the certifying agency that issued digital signatures in the DDPL, Unicorn & MMPL cases)
“Now, maybe they might have to introduce some more guidelines.. or if a digital signature certificate is changed, some one time password they have to send through mobile phone or through some other means. Some more tightening of those maybe required.”  

Rahul Matthan, Partner & Head – TMT Practice, Trilegal
“The digital signature is linked to your email address and whenever filings are made with the digital signature an email is sent to you from the MCA. If you are a director of many companies, you may tend to start ignoring these many requests or emails that you get from the MCA. Please do not because one of them may actually carry evidence and information that your digital signature is being used for something that it is not authorised to be used for, even as in this case to replace you as the director of a company and put some other people into the company.”

V Srinivasan, Founder Chairman, eMudhra (the certifying agency that issued digital signatures in the DDPL, Unicorn & MMPL cases)
“Practically if you see, in my opinion, even some 30 percent of the digital signatures may not be with the owner of the signature; those maybe with the Company Secretary or those maybe with their personal assistants (PA) and all this. And even several government department, though the government guideline clearly says that nobody else should download the certificate and give it, but if you see all the government tenders says you download the signature and then handover in some government purchase department. So, these are the kind of things have to change.”
 
Rahul Matthan, Partner & Head – TMT Practice, Trilegal
“Around the world digital signatures are issued in various different categories. The simplest category would require next to no verification at all. The most secure category would require quite a bit of verification. The Indian government for MCA filings has chosen the middle path and they have balanced the need to have some strong security with the practicality of needing to get a process that is not too cumbersome.”
 
Fraudulent creation of a digital signature certificate is a crime punishable with up to two years of imprisonment and a Rs one lakh fine. But, finding fraudsters like Alok Mishra and Ajay Singh is like chasing ghosts.

Dharmesh Shah, Promoter & Director, DDPL & Unicorn
“These people are like a terrorist to the corporate world, I will say. I maybe using this harsh word, reason is this because today the things are happened with us, tomorrow these things may be happen with Reliance or with Tatas.

 
Twitter


 
Copyright © e-Eighteen.com Ltd. All rights reserved. Reproduction of news articles, photos, videos or any other content in whole or in part in any form or medium without express written permission of moneycontrol.com is prohibited.