The CEO of Maryland-based server systems company AiNET, Deepak Jain, has been indicted on six charges alleging he defrauded the US government by falsifying the certification status of servers used on a contract with the Securities and Exchange Commission (SEC). The SEC awarded AiNET its contract based, in part, on the claim of certification made by AiNET, which later earned over $10.7 million from the contract.
Deepak Jain
Department of Justice investigators allege that Jain falsified the TIA-942 certification status of its servers, claiming an auditing firm known as Uptime Council had audited the services and granted them a Tier IV certification level. The DoJ indictment claims that Jain created the Uptime Council company himself and worked to produce the fake server certifications.
The SEC noticed significant problems with AiNET’s performance, including “issues with security, cooling, and power, all of which were subjects of the TIA-942 standards.”
Now, Oxebridge has learned that other claims made by AiNET appear to be equally dubious. The company has claimed to hold third-party certificates for ISO 9001 (for quality management), ISO 20000 (for IT service management), ISO 27001 (for information security management), and ISO 14001 (for environmental management). In addition, AiNET claims to hold certification of its servers to ISO 22237, which also purports to “prove that your data center meets comprehensive requirements for availability, security, energy efficiency & sustainability.”
Oxebridge could not verify any of the certificates, and none appeared in the IAF CertSearch database. When asked by Oxebridge for copies of the certificates, AiNET representative Neha Jamil did not supply any copies, but instead pointed Oxebridge to the website of the certification body Inspection Board, out of Cairo. That CB granted AiNET all of its ISO certificates in 2024, according to the Inspection Board website:
Ms. Jamil claimed, “You’re correct that the IAF CertSearch database is a relatively new platform, and not all certification bodies have fully transitioned to using it,” and that, “we are currently working on making sure that AiNET is included in the official list of the IAF database.”
Companies often seek third-world ISO certifications to buy them “under the table,” often without any audits at all. The certificates are then branded with many official-looking logos, but they lack actual accreditation traceable to the International Accreditation Forum (IAF). Such fake certification bodies are referred to as “certificate mills.”
Oxebridge investigated the Inspection Board and found that it is not accredited to ISO 17021-1, making it a fake certificate mill. Therefore, none of IB’s certifications would be included in the IAF CertSearch database.
The Inspection Board is run by Mohamed Ellethey out of Cairo, raising questions as to why AiNET—which operates out of Beltsville, MD—had to contact an Egyptian certificate mill for its ISO certificates when dozens of accredited certification bodies provide valid certificates right in the Maryland area. Oxebridge founder Christopher Paris spoke with Ellethey on LinkedIn, who admitted that the Inspection Board is not accredited, as they are still “looking for the cheapest accreditation body.“ This means the certificates issued to AiNET were fake and wholly unaccredited.
When asked how Inspection Board performed audits of AiNET from Cairo, Ellethey first said that the audits were performed using “online audits.” ISO 17021-1 and IAF rules prohibit 100% remote auditing for some of the certification schemes involved, and most certainly that of ISO 22237, which requires a physical assessment of a client’s data facility. When asked about this, Ellethey changed his comment and insisted the AiNET servers were audited “through onsite audit,” but admitted it was not done by Inspection Board, but “through subcontracting.” When asked to provide the name of the subcontractor, Ellethy refused, ironically citing the ISO 17021 standard for which Inspection Board does not comply:
In accordance with ISO 17021 clause 8.4, we are unable to share or communicate any information exchanged between us and our clients. As such, I kindly ask that we discontinue this conversation.
The subcontract auditing firm Inspection Board used to carry out audits would not be covered under that clause, and it is supposed to be an open part of the accreditation information provided by the certification body.
When asked if Jain had any ownership role in Inspection Board, Ellethy reported, “No.”
Nevertheless, AiNET continues to market its multiple “ISO certifications,” saying that such certificates are the “secret of its success.” Likewise, AiNET continues to market its allegedly fraudulent TIA-942 server certifications. The following screenshots were taken from the AiNET website on 17 October 2024:
Jain’s attorney, Steve McCool, issued a statement claiming, “Deepak Jain and his company performed fully under the SEC contract. There is no evidence that any data was lost or compromised in any way.” The statement is curious in that the DoJ indictment accuses Jain of attempts to defraud the government over the use of the allegedly fake server certifications and does not focus on data breaches.
If convicted, Jain faces over 60 years in prison the current charges; if AiNET also made claims to the SEC related to the false ISO certificates in order to get the contract, that may add charges to those already filed.
The LinkedIn profile for Jain was updated yesterday to indicate that he no longer works at AiNET. No formal announcement of his departure has yet been made.
UPDATE 8 November 2024: Wtihin 48 hours of this post, accredited certificates for ISO 9001, 14001 and 27001 were uploaded to IAF CertSearch by the EGAC-accredited body OSS Middle East Certifications. We’ve file a complaint with OSS and the other bodies alleging that this is impossible, and that OSS is clearly producing its own fake certificates — but with accreditation marks — to help cover up the AINet alleged crimes. Read more here.
