From connoisseur to conned: How a Kalyani Group company got hacked

Between March and May 2021, Pune-based KTMS Properties Pvt Ltd would buy art worth Rs 4.49 crore from the Robert Kidd Gallery, which is based in the United States of America – only to discover that they’d been victims of a cyber crime. While the Robert Kidd Gallery does exist, the people that KTMS had been negotiating with had been hackers whom Pune police has been unable to trace till date.

KTMS is part of the Pune-based Kalyani Group, which was established in the mid-1960s. According to Forbes, the group’s revenue is $3 billion USD and its real time net worth is $2.6 billion. Its flagship company is Bharat Forge, one of the largest forging companies in the world. KTMS is one of the smaller companies in the group and handles maintenance, repairs and decoration of the properties owned by the Kalyani Group.

Earlier this year, KTMS got in touch with the Robert Kidd Gallery, based in Michigan, USA, to buy some artworks. Shriniwas Kanade, a director at KTMS, along with Caroline Nicholls, a Pune-based manager at Bharat Forge, negotiated with the owner of the gallery, Gerard Marti, over email.

The email chain shows that KTMS got in touch with the gallery in January 2021 and agreed to buy seven paintings from Robert Kidd Gallery for $52,380 (Rs 39,90,570). On March 25, 2021, KTMS received an email from Marti, with a bill of $48,980 (Rs 37,22,847) for six paintings. By May 2021, KTMS would have received six bills from Marti’s email and transferred the money, as per Marti’s instructions, to what was then called SunTrust Banks, an American commercial bank.

The Robert Kidd Gallery allegedly told KTMS that it would charter a plane in order to not just deliver the paintings, but ensure they were placed properly at the selected Kalyani Group establishments.

Last year, at the end of May, when no paintings had reached Pune from the gallery, KTMS again contacted Marti. This time, Marti wrote back saying he had not received any payment from KTMS and that he didn’t have an account in SunTrust Banks.

KTMS filed a complaint with the Pune police on September 9, 2021.

Newslaundry has seen a copy of the first information report that was filed by the Pune police on September 9, 2021, on the basis of KTMS’s complaint. However, when we contacted inspector Brahma Naikwadi of the Mundhwa police, where the FIR was registered, Naikwadi said, “I don't remember if any such case was registered. I don't know about it.”

In 2020, the Pune police received around 14,000 complaints of cyber crime, which surpassed the number of offline criminal offences reported.

While KTMS’s case has been forgotten by the Pune police, the Kalyani Group carried out its own investigation. The findings are given in the FIR. The group’s IT consultant Kalyani Strategic Management Services Ltd roped in cyber security company Shell Strong consultancy and discovered that the emails that Kanade had received from Nicholls were not actually from the manager. Nicholls’s email had been hacked. The hackers had also impersonated Marti, using the email gerardrobertkidgallery@gmail.com. In one email, Marti allegedly asked for the payment to be made to a different bank from the one to which KTMS was originally going to transfer the money.

However, the initial bill for six paintings, which KTMS received from Robert Kidd Gallery, was from Marti’s official email (gerard@robertkiddgallery.com).

Mumbai-based cyber security expert Ashay Rege said what KTMS has been through is known as a business email compromise, or BEC attack, which is a combination of email spoofing and phishing. “Such attacks can be easily mitigated through good email security and continuous user training and awareness. But unfortunately these incidents are increasing,” said Rege. “Chasing such criminals, in cases of cross-border transfers, is an uphill battle with email service providers from different jurisdictions covered by strong privacy regulations.”

Newslaundry has emailed the Kalyani Group and the Robert Kidd Gallery for their comments on this case. This article will be updated if either responds to our queries.