Evidence record and news analysis updated for publication.
Case 02 / MeitY Digital Governance
Final update · By Nitish Kumar (thenitishkr)
Follow the Data
India under critical surveillance: Article 12 Infected, citizen not found, 2015-2026.
A forensic case study of India's digital dacoity and the data dimension the State is alleged not to have investigated.
Built on W.P. (Crl.) No. 163/2026 and the Digital Arrest root-cause intervention in Suo Motu W.P. (Crl.) No. 3/2025. The page separates public record, petitioner contention, accused-person allegations, and proposed remedies.
Documented digital-fraud losses referred to in the Supreme Court digital-arrest context.
KYC-linked citizen records alleged to have circulated through dark-web and criminal data channels.
Money dimension pursued through attachments, arrests, and prosecution complaints.
Operational arrests recorded in the money-laundering and cyber-fraud enforcement path.
Thesis
The money is the symptom. The data is the crime scene.
The petitioner's central argument is direct: a digital-fraud system cannot be solved only by freezing accounts after money leaves. If identity data, KYC files, call signals, location patterns, device permissions, and behavioural metadata have already escaped into foreign or criminal infrastructure, the same citizens can be targeted again and again.
You cannot SOP your way out of a data breach that has already happened. Follow the data, or the citizen remains invisible.
That is why this case treats data recovery, data destruction, victim notification, extradition of alleged architects, and audit of the surveillance layer as root-cause remedies, not side issues.
Profile
Person on record.
Researcher profile / petitioner-in-person
Nitish Kumar (thenitishkr)
Independent researcher, author, National Cyber Security Scholar, and inventor of DISHA, working at the intersection of constitutional law, cyber forensics, public records, artificial intelligence, cybersecurity, and digital governance in India.
This profile refers to Nitish Kumar (thenitishkr), researcher and author. He is not the politician of the same name.
Cyber forensicsArticle 12Digital personhoodDISHAPublic records
Interim questions
Six sworn answers the record asks for.
| Affidavit | From | Question forced |
|---|---|---|
| Extradition | MeitY + MHA | Was Extradition Act Section 3(4) read with UNCAC Article 44 ever invoked against any named Chinese accused? If not, who decided against it and where are the written reasons? |
| Data | MHA + ED | Is seized citizen data in government custody? Were victims notified? Was any court asked for a data-destruction order? |
| Root cause | MHA | Did Mule AI Hunter, Telecom SOP, CNAP, I4C-1930, or any SOP identify the three-layer data architecture as the proximate cause? |
| Victim profiling | MHA | How did fraudsters know whether a victim was alone, financially vulnerable, or recently disconnected from family communication? |
| AdTech | MeitY | Was any inquiry or penalty started under IT Act Section 43A for FTC-documented InMobi or SilverPush conduct? |
| Absconders | MHA + ED | What is the LOC date, confirmed location, extradition status, and Red Corner Notice status for each named accused or absconder? |
Criminal-analysis profile
Named accused and absconders, not convicted persons.
The filings focus on an asymmetry: Indian operational workers were arrested, while alleged foreign architects identified in prosecution materials were not brought back through the legal bridge the petitioner says was available.
| Name / alias | Alleged role in record | Status alleged in filing |
|---|---|---|
| Zhu Wei / Jeffrey Zhu | Alleged apex financial controller, data-pipeline architect, and master-database custodian. | Believed abroad; extradition request alleged not filed. |
| Liu Yang / Michael Yang | Alleged beneficial owner and operator of app networks. | Absconded; follow-through and MLAT path questioned. |
| Zhuang Wei / David Zhuang | Alleged fund-routing controller through India, UAE, China, and USDT channels. | Believed in Dubai; extradition bridge questioned. |
| Wang Xin / Sunny Wang | Alleged second-tier app cluster operator. | Diffusion notice noted; extradition request questioned. |
| Chen Wei / James Chen | Alleged IT infrastructure and command-backend manager. | Believed abroad; no trial in India alleged. |
| Wang Fang | Alleged call-centre setup and coordination role. | Deported without prosecution, according to the filing. |
Legal-safe reading: this page reports the petitioner's record-based allegation and the official accused/absconder framing. It does not state that any named person has been convicted.
Public-record corroboration
Named-person source matrix.
This matrix does not assert conviction. It records how people were described in publicly accessible reporting about Indian digital-loan-app investigations: arrested, booked, reported abroad, or made subject to a Look Out Circular or proposed Interpol route. Different investigations and transliterations must not be merged without a matching agency record.
| Person / alias | Public record located | Authority named | Source trail |
|---|---|---|---|
| Zhu Wei / Lambo | Reported arrested at Delhi airport in the Hyderabad illegal instant-loan-app investigation; reporting connected the operation with approximately 1.4 crore transactions worth about ₹21,000 crore. | Hyderabad Police / Telangana Police | NDTV report · The Hindu report |
| Yi Bai / Dennis | Reported arrested in the Telangana loan-app investigation and described in reporting as an executive connected with Xikai Holding PTE Ltd and Skyline Innovation Technology India Pvt Ltd. | Cyberabad Police / Telangana Police | The News Minute report · ET Telecom overview |
| Liang Tiantian | Reported among Chinese nationals arrested or booked in Telangana instant-loan-app investigations. | Telangana Police | The News Minute report · The Hindu report |
| Shen Zhenhua / Tony | Reported as a prime accused in Odisha EOW's Kredit Gold case; Look Out Circular and proposed Red Corner Notice route were publicly reported. | Odisha EOW / Bureau of Immigration / CBI-Interpol route | New Indian Express report · Times of India report |
| Quan Hongwei / Paul | Reported as a prime accused in the Kredit Gold matter and subject to a Look Out Circular. | Odisha EOW / Bureau of Immigration | New Indian Express report |
| Yang Haiying / Doris | Reported as a prime accused in the Kredit Gold matter and subject to a Look Out Circular. | Odisha EOW / Bureau of Immigration | New Indian Express report |
| Liu Yi | Reported subject to a Bureau of Immigration Look Out Circular in an Odisha EOW illegal-loan-app matter involving Koko Loan and related apps; reporting also described a proposed CBI/Interpol route. | Odisha EOW / Bureau of Immigration / CBI-Interpol route | New Indian Express report · The Hindu report |
| He Jian | Reported arrested by Rachakonda Police in the continuing instant-loan-app investigation. | Rachakonda Police | The Hindu report |
Verification queue: Yuan Yuan / Sissi / Jennifer, Wang Jian Shee, Xin Peng, Xiao/Xioa Yamao, and Wu Yuanlun remain outside the authoritative matrix until an exact agency record or independently resolvable publication page is matched to the name, alias, case, and jurisdiction.
Government authority bridge
The legal and technical route already exists.
| Authority | Why it matters | Official path |
|---|---|---|
| MHA / I4C | National cybercrime coordination, analysis, reporting and the 1930 response channel. | I4C · National Cyber Crime Reporting Portal |
| CERT-In | Cyber-incident reporting, clock synchronization, log retention and intermediary/service-provider obligations relevant to app and server evidence. | CERT-In directions of 28 April 2022 |
| MEA / Extradition Act | Explains India's extradition framework and the statutory convention/treaty bridge raised in the petition. | MEA extradition guidance · India Code |
| CBI / Interpol NCB India | International police-cooperation channel relevant where an investigating agency seeks notices or overseas coordination. | CBI India in Interpol |
| Enforcement Directorate | PMLA investigation, attachment and payment-gateway/account action form part of the money trail; the page asks whether the data trail received equivalent treatment. | Enforcement Directorate |
This submission does not assert conviction. It requests official verification of publicly reported records showing that multiple Chinese nationals were named, arrested, booked, shown as absconding, or made subject to Look Out Circular / Interpol-route action in Indian digital loan-app investigations by Hyderabad Police, Cyberabad Police, Rachakonda Police, Odisha EOW, Bureau of Immigration, ED, and related agencies.
Root cause
The alleged three-layer data architecture.
- Android permission exploitation: loan apps allegedly demanded contacts, precise location, call logs, accounts, and device access unrelated to lending.
- Shell-NBFC KYC layer: formal finance surfaces allegedly collected Aadhaar, PAN, bank, face, address, and phone records under the appearance of compliance.
- AdTech SDK surveillance layer: the uninvestigated layer alleged to explain live victim profiling, behavioural timing, and high-pressure targeting.
The case does not claim every listed technology company ran the fraud. The sharper claim is that documented surveillance technologies and SDK behaviour should have been investigated under Indian law where they may have enabled profiling.
AdTech layer
The second body of the crime.
- InMobi: FTC settlement, June 2016, federal court docket No. 3:16-cv-03474, involving WiFi/BSSID-based geolocation concerns, child-privacy findings, a USD 950,000 payment, and a 20-year privacy program.
- SilverPush: FTC warning letters, March 2016, concerning ultrasonic audio-beacon technology and cross-device tracking through device microphones.
- MeitY question: the petition asks whether India opened any inquiry under IT Act Section 43A after these public foreign regulatory records.
ED audit fault
What was pursued, and what the petition says was missed.
| Record shows | Petitioner allegation | Why it matters |
|---|---|---|
| Money laundering arrests, attachments, LOCs, notices, and PMLA complaints. | Data was not treated as a separate proceed of crime to recover, destroy, or notify. | Money can be frozen; compromised identity can regenerate fraud. |
| Chinese alleged principals named in prosecution materials. | The legal bridge of Section 3(4) plus UNCAC Article 44 was not used. | Identifying an architect is not the same as bringing the architect into Indian proceedings. |
| Operational Indian arrests across digital loan and digital-arrest networks. | Workers were prosecuted while alleged architects and database custodians remained outside reach. | Root-cause deterrence depends on the architecture, not only the call centre. |
Primary sources
Court and root-cause source files.
The public-facing case study is backed by the uploaded source files. Readers can open the source record directly and compare this summary against the PDF trail.
Source PDF 1: WRIT_P_CRL_163_2026_REDACTED.pdf
Source PDF 2: Digital_Arrest_root_cause_REDACTED.pdf
Cyber Crime evidence 1: APUS Android Performance Manager.pdf
Cyber Crime evidence 2: Digital Dacoit How India Was Looted.pdf
Cyber Crime evidence 3: DIGITAL DACOITY - NATIONAL IMPORTANCE.pdf
Cyber Crime evidence 4: FORENSIC INTELLIGENCE REPORT.pdf
Cyber Crime evidence 5: SilverPush, Silveredge Technologies Pvt. Ltd. and InMobi Pte. Ltd..pdf
Verification backlinks
External authority trail for journalists and researchers.
These outbound citations are used as verification links, not decoration. They separate confirmed public records from petitioner argument and unresolved claims.
| Verified issue | Authority link | Use on this page |
|---|---|---|
| InMobi FTC settlement, geolocation, COPPA and 20-year privacy program. | FTC official record | Supports the public regulatory-record trail; correct docket reference is No. 3:16-cv-03474. |
| SilverPush warning letters, ultrasonic beacons and microphone-access concern. | FTC official record | Supports the AdTech surveillance layer as a documented regulatory concern. |
| Extradition Act, Section 3(4), treaty/convention bridge. | MEA extradition note / India Code | Supports the legal bridge discussed for foreign actors and cross-border accountability. |
| UNCAC treaty status and international cooperation context. | UNODC treaty status | Supports the treaty-status background; it does not by itself prove extradition in a specific case. |
| Digital-arrest loss reporting and MHA/I4C public figures. | India TV report citing MHA | Uses the verified figure of about Rs 2,140 crore in reported digital-arrest losses in the first ten months of 2024. |
| Cyber-fraud loss scale in 2024. | Scroll report citing Lok Sabha data | Uses the verified 2024 cyber-loss frame instead of unsupported larger complaint figures. |
| Chinese loan-app enforcement actions and payment-gateway freezes. | Tribune enforcement report | Supports the enforcement-record background while keeping unresolved ED aggregates separate. |
Correction discipline: unsupported or mismatched figures are not treated as final facts here. Where the verification note found a mismatch, this page uses the verified number or frames the item as requiring a primary citation.