Feeds

Operation Ore was based on flawed evidence from the start

Cops raised concerns ahead of national meeting in 2003

Designing a Defense for Mobile Applications

Exclusive Britain’s biggest ever computer crime investigation, Operation Ore, was flawed by a catalogue of “discrepancies, errors and uncertainties”, disclosed reports of two national police conferences seen by The Register reveal.

The police memoranda show that within months of the operation launching in April 2002, detectives who forensically examined computers taken from suspects' homes in dawn raids found files showing that the main evidence used in Operation Ore was wrong. The evidence, it was claimed, showed that over 7,000 British-based subscribers had purchased access to child pornography websites.

At a national police conference held in a Pimlico hotel in February 2003, local police forces warned that claims made by the National Crime Squad (NCS), in control of the operation, had gone "pear-shaped".

According to a former detective inspector and computer forensic specialist who led an Operation Ore team in the north of England, police forces throughout the UK had been "assured from the outset" that it was not possible to subscribe to websites run by a Texas web gateway company, Landslide Inc, without clicking on and agreeing to a "Click Here Child Porn" banner on the "the home page of Landslide.com".

The NCS, he said in a report of the February meeting, were adamant that "it was not possible to enter any websites through the Landslide gateway without going through this procedure and making deliberate choices".

But after examining seized computers and looking at browser history records, two UK police forces told the meeting that the files found showed that "it was possible to ... pay for material ... without making any choices at all and without any warnings that paedophile material was available."

The forensic specialist added: "This has thrown the whole issue of incitement charges into question... I am of the opinion that in those cases where no images have been found ... there is insufficient evidence to proceed ... The NCS and CPS [Crown Prosecution Service] are looking at these issues as a matter of urgency and will be sending out advice in due course," he reported.

At a second meeting in Birmingham in March 2003, NCS retracted two claims it had made about child porn websites. The former DI alerted senior officers and colleagues that "this has serious implications ... [It] is yet another weakness in the NCS investigation which has only just come to light, with obvious consequences. I have serious doubts about the quality and integrity of the evidence supplied by the NCS and will be raising these concerns in the relevant quarter."

Former Merseyside police officer Peter Johnston said he was also concerned about claims in Operation Ore. "I ... asked ... can we have the evidence, can we see the credit card details, can we see the statements ... from the people who recovered this?”

Johnson's requests were turned down, he told ITN in a broadcast interview. He was told "it wasn’t relevant ... we have 7,500 people here ... they must be guilty, let's get out there and get them locked up".

No investigations took place. No advice was sent to police forces about the flaws in the "Click Here Child Porn" claim. Although the real front page of the Landslide website was included in an obscure part of the evidence bundle, it was described as a "front screen" while the fake front page was highlighted and described as the "front page". This sleight of hand meant that the false "front page" was always referred to at the start of court cases, thus purporting to prove that subscribers could only subscribe to Landslide sites for illegal purposes.

CEOP (Child Exploitation and Online Protection), a quasi policy agency, took over Operation Ore in 2006. The Home Office has announced that CEOP will be disbanded later this year.

The former director of CEOP who presided over Operation Ore, James Gamble, retired in October 2010 after disputes with Home Secretary Teresa May, which continue.

Operation Ore police raids continued until 2008. It was not until 2010 that CEOP computer expert Dr Nick Sharples testified in an appeal case that subscribers to Landslide websites could not have seen the "Click Here Child Porn" banner and that it was not part of the Landslide website.

CEOP has refused to comment on his evidence, claiming to The Register that a transcript "should be available" on the internet. It isn't. CEOP said: "We will not be making any further comments on this operation or its various investigations unless required to do so by a court of law or a law enforcement organisation."

The CPS told The Register that it could not provide any record that the mistake had been investigated or corrected.

Application security programs and practises

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
Major problems beset UK ISP filth filters: But it's OK, nobody uses them
It's almost as though pr0n was actually rather popular
UK government officially adopts Open Document Format
Microsoft insurgency fails, earns snarky remark from UK digital services head
ITC: Seagate and LSI can infringe Realtek patents because Realtek isn't in the US
Land of the (get off scot) free, when it's a foreign owner
HP, Microsoft prove it again: Big Business doesn't create jobs
SMEs get lip service - what they need is dinner at the Club
MPs wave through Blighty's 'EMERGENCY' surveillance laws
Only 49 politcos voted against DRIP bill
EU's top data cops to meet Google, Microsoft et al over 'right to be forgotten'
Plan to hammer out 'coherent' guidelines. Good luck chaps!
prev story

Whitepapers

Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.