Search

Fraud at Varian Medical Systems

Makeupbymegs is a hobby that I have been doing for over 5+ years and I have never had the opportunity to create Makeupbymegs as an official business since I was more focused in my career as an engineer. Unfortunately, "Makeupbymegs" was opened as a merchant account at Bank of America without my consent, with the use of my identity. I was at first shocked when I discovered this, knowing that I have never opened it as a business in any county. In order for Bank of America to open this merchant account, there must have been a tax ID linked to the DBA. I visited the Alameda County Clerk in Oakland to see if the DBA existed in their records under the following: Makeupbymegs, Makeupbymeg, Makeup by Megs, and Makeup by Meg and received no results. I then did a search for any business that had been opened under my name and only one business was valid: Executive Coach Limousine, filed on 1/20/2015 but is currently inactive.


I visited Bank of America to do a search for Makeupbymegs in their system, however, Bank of America denies of any ties to this merchant account. When visiting bankofamerica.com I found their merchant account contact information, what was strange was the contact number changed each time. There was a total of three different merchant customer care numbers: (877) 884-2408, (866) 606-0247, and (800) 430-7161. I knew my calls were being redirected to other call centers that were not related to Bank of America. I started to receive promotional rates for balances over $250,000.00 in my Email as a selective client to Bank of America, after reading the terms and conditions for these promo rates it was safe to conclude a "selective" client is someone who deposits a minimum of $20,000.00.

After my investigation, the professional con artists realized my discovery and started to shop for a new merchant account to process their payments. A request was sent to www.buyerzone.com under the contact information, Name: Mejgan Fazil, Phone#: 510-364-7077, and Email (does not belong to me) : Sarajojanalyn185236@my.minbox.email. I'm currently receiving all the callbacks for this request.


Third-Party apps, such as Earnin.com and Meetalbert.com cannot connect to my Bank of America account because they have found an "internal" issue with the bank itself. Also, PayPal has failed to resolve its spoofed app in my phone and website. PayPal is currently connected to my Bank of America account as a linked third party app, but I'm unable to view the "balance" tab that can obviously conclude how much money is in the account. When contacting PayPal customer care with an Email to notify the issue at spoof@paypal.com on 03/25/19 Case ID: KMM94118187V17589L0KM I received two Emails confirmations in response, with a Case ID: KMM94119852V21465L0KM on 03/25/19 and Case ID: KMM94151073V4167L0KM on 03/26/19. I finally got a hold of PayPal through customer care on the phone, and they had confirmed that these Case ID numbers did not exist nor do their case ID numbers start with letters. I informed them that these Emails were sent from spoof@paypal.com and they also confirmed that spoof@paypal.com never Emails a response and that these Emails were fake. With this information, the only valid proof I have is fake Emails and I'm sure it is to cover the stolen financials that have been deposited into my Bank of America Account. However, I have received a tip that there is physical money stashed in my parents property. I have been encouraged to find this money by digging a very deep hole of 6 feet, I have accomplished only 1 feet and decided that I will no longer dig any deeper. I'm aware that if I do so, the harassment and threats will only be greater and finding the money for myself was never my intention to begin with. I have the location of where the money is and would like the appropriate authority to take care of it from here. This money is in fact linked to the same con artists that have framed me with large deposits in my Bank of America account. I have reported this to the Newark Police Department, Officer A. San Pedro #123 Report #19-0331-0100.


I started to notice the crime on the month of October of 2018 at Varian Medical Systems and since then I started my investigation, I received a termination letter in March 18, 2019 from my company due to excessive tardiness and absences but there were reasons why I was unable to show up to work. All my accounts were being compromised: personal and work, I notified Varian with this issue multiple times and I do not feel I received the proper response. Somehow, everything was linked to Varian Medical Systems Wifi Lion Network and ethernet connection: ad.varian.com I noticed my personal laptop, when located in my home in Hayward, Ca., and my fathers laptop located in Newark, Ca., were being "used" under "Netbios" under the network tab of the laptops. To my knowledge this is an internet connectivity where the laptop computer screens were being monitored under a local network.


On my iPhone, I had downloaded an app named "Network Analyzer" (http://tinyurl.com/y68ka8ja) and I had did a search on the "Lion" network while I was on Varian Medical Systems premises, Building 3. All devices that were connected to the network showed up on the app. The devices included my cell phone, my fathers laptop, and my personal laptop, as I mentioned above. These devices were not located at Varian Medical System's premises at the time. Each device had an ID number, and in fact, matched my personal devices. Clearly, my personal devices were connected as "work" devices under Varian Medical Systems supervision, which explains the "Netbios" connectivity.


I started to investigate the issue myself, since Varian failed to do so after I brought this up to their attention. There was a virus downloaded through the "Lion" network in July 2017, I had looked into the logs on our cell computers, this one specifically was cell 13 and found an error message from Norton Virus that there was malware and to report it as soon as possible. This virus was in July 2017, and to my knowledge this virus was ignored.


As employees we were allowed to download some, not all, software applications without administrator rights. I had downloaded Google's Chrome browser in my VMS windows login at every cell computer for my own personal use. These accounts included my personal Emails, bank accounts, phone accounts and regular internet browsing that had nothing to do with work. I had multiple Emails that were automatically logged in to the Google browsers, rarely did I ever sign off since I felt this was secure and only to be accessed with my windows login. The Emails that were saved on Google Chrome at Varian Medical Systems cell computers were the following: Meganfazil@gmail.com, Makeupbymegss@gmail.com, Mejganfazil@gmail.com, ExecutiveCoach01@gmail.com, IsmiInstallations@gmail.com, Ismirentals@gmail.com, fantasticcutssalon@gmail.com. Meganfazil@gmail.com and Makeupbymegss@gmail.com had IP addresses show up under Gmail "detail" when I was home. I traced the IP addresses and it would link to cell 19 IP. This was when I was at home and not at work. IP addresses I can provide for you once I get full access to my Gmail accounts, which Is still in the works. IP addresses were traced to multiple locations, including Varian Medical Systems and the White House.


In Google Chromes browser there is an extension feature, on developer.chrome.com this feature is described as:


"Extensions are small software programs that customize the browsing experience. They enable users to tailor Chrome functionality and behavior to individual needs or preferences. They are built on web technologies such as HTML, JavaScript, and CSS. An extension must fulfill a single purpose that is narrowly defined and easy to understand. A single extension can include multiple components and a range of functionality, as long as everything contributes towards a common purpose. User interfaces should be minimal and have intent. They can range from a simple icon, such as the Google Mail Checker extensionshown on the right, to overridingan entire page. Extension files are zipped into a single .crx package that the user downloads and installs. This means extensions do not depend on content from the web, unlike ordinary web apps."(https://developer.chrome.com/extensions)


This information is vital because I started to notice visible extensions on the corner of my Google Chrome web browser on my work computers, one in particular was Rocketrip (http://tinyurl.com/y5qo4ptw) The reason why this extension caught my intention was because it was new and it was not an extension I added myself. I checked the extension tab for Google Chrome and was unable to disable this extension, it was grayed out and was set to on. My Chrome browser was completely controlled by another user. On my mouse, I right clicked to check the setting of the Google Chrome browser and noticed in order to delete the app itself that it needed administrator rights. I asked management and IT if I was able to download the application without administrator rights, why was I unable to delete it. They’re response was that it was “unusual” and that they “did not know”.

I then logged into my Okta account to see what applications were downloaded and noticed the application “rocketrip” I asked my manager why this application was downloaded on my Okta and he confirmed it was controlled by IT but he himself was not sure why this specific application needed to be downloaded.

Varian Medical Systems uses the software Okta, On Okta's website Okta's software is described as:


"Okta connects any person with any application on any device. It's an enterprise-grade, identity management service, built for the cloud, but compatible with many on-premises applications. With Okta, IT can manage any employee's access to any application or device.Okta runs in the cloud, on a secure, reliable, extensively audited platform, which integrates deeply with on-premises applications, directories, and identity management systems." (http://tinyurl.com/y3pahgzo)


As mentioned above, this software application is managed by the employers IT. Plug ins and extensions were added to Okta and specific ones had caught my interest, Rocketrip (http://tinyurl.com/y5qo4ptw) and Sandbox. Rocketrip is an application to save on business travel, however I believe this application was configured to encrypt my passwords and to monitor my every move on Google Chrome. My position at Varian Medical Systems does not include travel, I was a Final Test Technician working on the machine on site that never required travel. There was no need for this application to be downloaded on my Okta application unless it served a purpose.


My car keys were "found" in the bathroom on November 28th, 2019 by Ramon Cibrian - one of my supervisors, from the girls bathroom, and was turned into the front lobby of building 3 at 10am. Two random keys showed up on my keychain that day and my key that was supposed to be inserted in the key fob went missing. My Citibank credit card also went missing that day.


One day in cell 13 I noticed there were overridden faults for BGM_S and SPV. Configurations on the machine would be set to "modified" meaning faults that we're not supposed to be overridden were overridden. This will allow any technician to test the machine with faults occurring. Data would be saved to the flash drive, in the BGM Node. SPV would indicate that something was wrong with the software, but since the machine faults were modified, "major" faults were treated as "minor" faults and would allow the machine to continue test. PCB boards and flash cards were being copied, I would receive a "watchdog error" (which indicates there was a virus in the BGM Node) and the engineers would respond as if it was a normal technical error. The following faults that indicated this: Watchdog, Pendent Version Incorrect, and PCI Configuration. These configurations made to the machine are illegal. My Hasp key would go missing, I reported this issue to Omar Dunham. However, this issue was taken a little too lightly. When I would come to work, where I was located was orchestrated by Mr. Dunham daily. I would end up in Cell 13, Cell 13 had all the software up to date to encrypt my passwords. You can actually view this in computer logs.


A Hasp key is a usb drive that allows you to access and modify the machine. We had three computers setup on each desk. I created a simple diagram to understand what was going on in each computer. (Image posted in comments)


on Google Chrome, under the websites/password section of Email: Meganfazil@gmail.com, there were fake websites and passwords created for Varian internal use. There was also information under my Google Chrome "addresses" tab on how to locate me when driving into my Hayward condo: "First floor, drive into the parking lot" and also the location of my sons‘ whereabouts: "Ismael Akbar, (included my parents home address)" This is where my son stays since my father is his baby-sitter, I did not and do not need to write this information about myself or my son. This was done in Varian Medical Systems computers.


There is money laundering occuring at Varian Medical Systems, and unfortunately it was happening under my identity. Google Chrome and Internet Explorer was a way to con my identity by creating new websites/passwords for Varian to duplicate its websites and to steal its financials. Money was being laundered from Varian Medical Systems to a merchant account “Makeupbymegs” that was opened by the con artist at Bank of America. Then funds were being disbursed to whomever the employees were for the merchant account "Makeupbymegs". The money was laundered when machines would sell.


Varian SAP documents including blueprints of the machine, were being printed under my employee ID number. There was a security issue for this matter, but not one personnel notified me that it was happening under my employee ID#. I noticed printed documents under my ID# and notified my manager, Mr. Dunham, with this issue and provided the printout.


My work email, Mejgan.Fazil@varian.com, password would change by itself and mfazil@varian.com was created and no one notified me when it happened. Apps were being downloaded from the Microsoft store from a Microsoft email: mfazil@varian.com. I didn't even know the password, when trying to retrieve the password by clicking "forgot password" it would not allow me to retrieve. Other colleagues in final test would use this email to port in and out using “Cisco Meeting” of any test cell computer I was in, to monitor what I was doing on my work computers. The more I got closer to my investigation, I was being stalked, threatened, and even offered money to join the scheme. I have proof.


The internet connectivity between my home in Hayward, my parents’ home in Newark and Varian were all linked together and I finally understood how. It was done through an extreme Airport WDS and the following link explains how that exactly works:

https://support.apple.com/en-us/HT202056


Again, there is physical money that is 6-7 feet deep in my parents front yard. This has everything to do with this case and the money being laundered. Their goal was to frame me for the crime. To be continued.


1 comment