Feeds

Operation Ore: evidence of massive credit card fraud

Innocent until accused of paedophilia

3 Big data security analytics techniques

There are few subjects as emotive as child pornography, and few accusations that can so quickly and permanently tar a reputation. Merely to be accused of a child pornography offence is to be convicted in the public consciousness.

But now it seems that Operation Ore, which saw some 7,272 British residents targeted on suspicion of buying child porn online, might have been based on rather shakier evidence than the police would like to admit.

In The Guardian today, investigative reporter Duncan Campbell says the evidence on which thousands of cases rest is unreliable.

Operation Ore began when US investigators handed a list of more than 7,000 names to British police. Each of the names appeared on a credit card transaction list, detailing card information processed by a portal site called Landslide.com.

Texas-based Landslide was not a pornography site in and of itself. Instead, it processed transactions for others, taking a 35 per cent slice of the sign up fee for its trouble.

That is not to say it was a blameless cash handler. Some of the sites that Landslide provided services to did indeed sell child pornography, and the owner of the company, Thomas Reedy, is currently serving a massive 180 year sentence (reduced from over 1,000 years) for his crimes.

But many of the sites it worked for were run-of-the-mill porn sites, filled with nothing more offensive than images of adult, consensual sex.

Campbell says that in many cases the only evidence brought was the list of credit card details. Now, he says, there is evidence that show massive levels of fraud on the list: many of the details were stolen, many more were used to sign up to perfectly legal sites.

He writes: "Late in 2006, copies of six hard drives seized from Landslide were flown to Britain to be examined by defence computer experts (including myself). They showed that Landslide had been plagued by a range of credit card fraud rackets, known in the industry as Card Not Present (CNP) frauds."

More than half the money taken by Landslide was paid to a trio of credit card fraudsters based in Indonesia. Working under the pseudonym Miranda, this group supplied child pornography over the internet. But Campbell says his new evidence, which was never disclosed by the prosecution, shows the men were also in the business of credit card fraud.

He says the UK police did not allow for the possibility of fraud in their investigations. While prosecution witnesses have testified that there was no evidence of fraud found, one forensic examiner admitted to Campbell that fraud was not specifically looked for, either.

But the levels of fraud were so high that by 1999 they actually sank Landslide. "If someone used a stolen card, Landslide had to bear the loss if there was a chargeback from the card issuer - often for the original amount and a penalty fee," Campbell explains.

There is further evidence that many of those on the list were not in fact buying child porn. Jim Bates, another forensic expert, tells Campbell the Landslide log of web activity clearly shows that many of the alleged porn purchasers never went to the sites to collect their pictures. He adds that many of the so-called porn sites were actually fake, constructed purely for the purposes of perpetrating a fraud.

In the UK, hundreds of men who say they were falsely accused on the basis of the evidence from Landslide have begun collecting names in the hope of launching a class action style lawsuit against the police.

The site these men use to communicate with one another, Inquisition21, has been delisted by Google, but the search giant has never explained why.

Many of those accused (at least 39, although some say the real figure my be much higher) have taken their own lives.

The implication of Campbell's new evidence is clear: thousands of people may have been falsely accused of the one of the most horrible crimes imaginable. Some may have even died as a result. ®

SANS - Survey on application security programs

More from The Register

next story
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
Record labels sue Pandora over vintage song royalties
Companies want payout on recordings made before 1972
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Edward Snowden on his Putin TV appearance: 'Why all the criticism?'
Denies Q&A cameo was meant to slam US, big-up Russia
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Judge halts spread of zombie Nortel patents to Texas in Google trial
Epic Rockstar patent war to be waged in California
German space centre endures cyber attack
Chinese code retrieved but NSA hack not ruled out
APPLE FAILS to ditch class action suit over ebook PRICE-FIX fiasco
Do not pass go, do cough (up to) $840m in damages
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.