Feeds

Operation Ore: evidence of massive credit card fraud

Innocent until accused of paedophilia

Next gen security for virtualised datacentres

There are few subjects as emotive as child pornography, and few accusations that can so quickly and permanently tar a reputation. Merely to be accused of a child pornography offence is to be convicted in the public consciousness.

But now it seems that Operation Ore, which saw some 7,272 British residents targeted on suspicion of buying child porn online, might have been based on rather shakier evidence than the police would like to admit.

In The Guardian today, investigative reporter Duncan Campbell says the evidence on which thousands of cases rest is unreliable.

Operation Ore began when US investigators handed a list of more than 7,000 names to British police. Each of the names appeared on a credit card transaction list, detailing card information processed by a portal site called Landslide.com.

Texas-based Landslide was not a pornography site in and of itself. Instead, it processed transactions for others, taking a 35 per cent slice of the sign up fee for its trouble.

That is not to say it was a blameless cash handler. Some of the sites that Landslide provided services to did indeed sell child pornography, and the owner of the company, Thomas Reedy, is currently serving a massive 180 year sentence (reduced from over 1,000 years) for his crimes.

But many of the sites it worked for were run-of-the-mill porn sites, filled with nothing more offensive than images of adult, consensual sex.

Campbell says that in many cases the only evidence brought was the list of credit card details. Now, he says, there is evidence that show massive levels of fraud on the list: many of the details were stolen, many more were used to sign up to perfectly legal sites.

He writes: "Late in 2006, copies of six hard drives seized from Landslide were flown to Britain to be examined by defence computer experts (including myself). They showed that Landslide had been plagued by a range of credit card fraud rackets, known in the industry as Card Not Present (CNP) frauds."

More than half the money taken by Landslide was paid to a trio of credit card fraudsters based in Indonesia. Working under the pseudonym Miranda, this group supplied child pornography over the internet. But Campbell says his new evidence, which was never disclosed by the prosecution, shows the men were also in the business of credit card fraud.

He says the UK police did not allow for the possibility of fraud in their investigations. While prosecution witnesses have testified that there was no evidence of fraud found, one forensic examiner admitted to Campbell that fraud was not specifically looked for, either.

But the levels of fraud were so high that by 1999 they actually sank Landslide. "If someone used a stolen card, Landslide had to bear the loss if there was a chargeback from the card issuer - often for the original amount and a penalty fee," Campbell explains.

There is further evidence that many of those on the list were not in fact buying child porn. Jim Bates, another forensic expert, tells Campbell the Landslide log of web activity clearly shows that many of the alleged porn purchasers never went to the sites to collect their pictures. He adds that many of the so-called porn sites were actually fake, constructed purely for the purposes of perpetrating a fraud.

In the UK, hundreds of men who say they were falsely accused on the basis of the evidence from Landslide have begun collecting names in the hope of launching a class action style lawsuit against the police.

The site these men use to communicate with one another, Inquisition21, has been delisted by Google, but the search giant has never explained why.

Many of those accused (at least 39, although some say the real figure my be much higher) have taken their own lives.

The implication of Campbell's new evidence is clear: thousands of people may have been falsely accused of the one of the most horrible crimes imaginable. Some may have even died as a result. ®

The essential guide to IT transformation

More from The Register

next story
Munich considers dumping Linux for ... GULP ... Windows!
Give a penguinista a hug, the Outlook's not good for open source's poster child
UK fuzz want PINCODES on ALL mobile phones
Met Police calls for mandatory passwords on all new mobes
e-Borders fiasco: Brits stung for £224m after US IT giant sues UK govt
Defeat to Raytheon branded 'catastrophic result'
EU justice chief blasts Google on 'right to be forgotten'
Don't pretend it's a freedom of speech issue – interim commish
Detroit losing MILLIONS because it buys CHEAP BATTERIES – report
Man at hardware store was right: name brands DO last longer
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
UK government accused of hiding TRUTH about Universal Credit fiasco
'Reset rating keeps secrets on one-dole-to-rule-them-all plan', say MPs
Caught red-handed: UK cops, PCSOs, specials behaving badly… on social media
No Mr Fuzz, don't ask a crime victim to be your pal on Facebook
Yes, but what are your plans if a DRAGON attacks?
Local UK gov outs most ridiculous FoI requests...
This'll end well: US govt says car-to-car jibber-jabber will SAVE lives
Department of Transportation starts cogs turning for another wireless comms standard
prev story

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.