// BCG / FORENSIC OPS / OVERVIEW
SECURE LINK● 256-bit
INVESTIGATION DASHBOARD · BCG-2026-001

BCG Corporate Fraud & Insider Threat Investigation

Cross-corpus forensic synthesis of email, Google Chat, WhatsApp, OCR and voice evidence. Findings indicate coordinated SMTP backdoor setup, owner-account sabotage, and shadow infrastructure operating in parallel to BCG.

SMTP BACKDOOR
Active
CREDENTIAL LEAKS
52
ANOMALIES (MAY 9)
26
SCAM DATA CACHE
18 GB
IMRAN HAROON MAILBOX
1.98M
emails
KASHIF WALI GOOGLE TAKEOUT
24.7
GB
GOOGLE CHAT CORPUS
92,289
messages
FLAGGED MESSAGES
8,537
(9.3%)
SHARED FILES
15,537
files
WHATSAPP — VIKASH
1,102
msgs / 214 voice
WHATSAPP — RASHEED
245
msgs / 14 voice
WHATSAPP — JAZZ
56
msgs / 24 voice

Key Findings

All findings →
  • F1CRITICAL

    SMTP Backdoor on noreply@backcheckgroup.com

    Coordinated setup of a persistent SMTP relay bypassing owner control over client notifications.

  • F2CRITICAL

    Account Sabotage — Kashif Wali (May 10–11, 2026)

    Account disabled/re-enabled, password changed, 20 recovery emails purged, 2FA removed, Takeout exported.

  • F3WARNING

    Shadow Operations — x24.io / xcluesiv.com

    Parallel infrastructure actively maintained outside BCG controls; news content automation pipeline.

  • F4WARNING

    Portal Access Resistance

    Systematic denial of SSH, WHM/cPanel, DB, and FTP access to BCG owner.

Evidence categories

  • Portal Access58
  • Shadow Ops53
  • Credentials52
  • SMTP / noreply49
  • Domains46
  • Financial28
  • Clients25
  • Infrastructure21
  • Sabotage19

Recent events

Full timeline →
  • 2026-06-17
    WARNING
    Peak Drive access on Master MIS 2025
    1,516 events from 110.93.244.209 (PK-SD) against ' Team-Master MIS 2025' owned by hassan@backcheckgroup.com.
  • 2026-06-05
    CRITICAL
    Outbound: Stationary Stock Log emailed externally
    'Stationary Stock Log - 2025.xlsx' sent as email attachment to noorbcg1@gmail.com from 72.255.61.202 (PK).
  • 2026-05-12
    CRITICAL
    'Suspicious Activity' Alert
    Google security alert triggered on noreply@backcheckgroup.com.
  • 2026-05-11
    CRITICAL
    App Password Created — 'SMTP of Backcheck Portal'
    Persistent SMTP relay credential generated. OCR: Screenshot 2026-05-11 042313/042708.
  • 2026-05-11
    CRITICAL
    Google Takeout Completed
    Takeout export coincides with account manipulation.