Advertisement
Home arrow ITsec News arrow Identity theft: a true story
Saturday, 22 November 2008
  
 
Last week attacks
O.S.  Defs.  %
Linux  8778  71.58%
Win 2003  1950  15.90%
Win 2000  722  5.89%
Solaris 9/10  402  3.28%
FreeBSD  226  1.84%
Other  185  1.51%

Total attacks: 12263 of which 4619 single ip and 7644 mass defacements

Main Menu
Home
Digital Warfare
Geopolitics
ITsec News
ITsec Advisories
Test Drive
360°
Digital Attacks Archive
Zone-H events
Publications
Zone-H Friends/Partners
Contact Us
Search
Download Area
Zone-H forum
About this website
Login Form





Lost Password?
No account yet? Register
Visitors' Map
Identity theft: a true story PDF Print E-mail
User Rating: / 8
PoorBest 
Thursday, 10 May 2007

Zone-H often deals with identity theft. We use to explore methods, vulnerabilities and particular cases that could lead to such frauds in order to inform our audience on the invaluable damages that they could provoke to normal people.

 But maybe, no theory or analysis can be as much effective as the words of people who has been victim of an identity fraud. No technical statistics can be more clear than the rage emerging from the story of an innocent man whose family, job and life were destroyed because his personal details were stolen in 1998,  while he was shopping on-line on a legal and popular website.

The following story was published few days ago in ORE EXPOSED website . Both the website and the story refer to Operation Ore , an enquiry carried out by British Police against digital crime. Operation Ore was launched in the UK in May 2002, when  UK authorities claimed they had the names of 7,272 UK citizens who had paid to view on-line child pornography. Hundreds of people were involved and many of theme were completely innocent, as the enquiry itself demonstrated later  .

But in the meantime, they lost everything, and someone lost his life as well.

The story reported below is told by Simon Bunce of Hampshire, UK, who was accused of buying, viewing and distributing materials about child-pornography. 

“In March 2004 I was arrested, my house was searched, and the Hampshire police seized my Compac handheld computer, numerous flash memory devices, compact disks and floppy disks.

I was arrested because of evidence from the USA that someone, using my name and previous address, subscribed to an Internet pornography website via a gateway site called Landslide Productions Inc. in May 1999. This website was widely reported in the UK media under the name of Operation Ore.


On 9 June 2004, I firmly believe that I was followed to work by officers working for the Hampshire Police. Subsequently, on 23 June 2004 I was sacked without notice or compensation by my employer, Interxion Carried Hotels Limited of London. A breach of contract action has been launched against my former employer because they did not follow the correct procedure.


Prior to this I was earning £120,000 per year plus benefits. Last year (2006), I earned just under £30,000.


My house was searched again in September 2004, and the Hampshire police seized another computer that my wife and I used.


Later in September 2004, I received a letter from the Hampshire police stating that as there was no evidence of any wrongdoing found on any of my computers or on any of the hundreds of flash drives, CD disks or floppy disks they had seized during their two searches they were not taking any further action in my case. They told me to come and collect my property or they would dispose of it.


There have been 39 reported suicides of innocent victims who could not bear the shame and humiliation of similar police accusations under Operation Ore. The unofficial number of suicide deaths of suspects on bail is likely to be in the region of 200.

I appreciate that by now publicising what happened to me in this manner this may cause me more pain and suffering. I take heart in the fact that this further suffering will be nothing compared to the ongoing, lifelong suffering of the bereaved who lost innocent loved ones as a result of similar police actions. If my public stand gives those bereaved families just one crumb of comfort, then I will consider that my job will have been done.


We, as a family, have been financially crippled by the actions of the police. Our family home is on the market because of the financial situation we now find ourselves in and we will be moving shortly.


What the UK media seem not to have been told at the time Operation Ore was launched was that there was evidence of widespread credit card fraud associated with the database from Landslide. Only now is this information starting to come out.


Tesco Stores Limited has confirmed the fraudulent credit card transaction. Furthermore they have confirmed that prior to me registering for their on line shopping service, they linked my Tesco Personal Finance Credit Card, issued by Royal Bank of Scotland plc, to my Tesco Club Card account, allowing me to earn Club Card points whenever I purchased goods or services with my Tesco credit card.


It was only when I visited (the computer forensics expert’s name is removed here for now) that I discovered the true extent of the fraud that was perpetrated in 1999. He has for the past 30 years been the pre-eminent computer forensic expert witness who has trained the police in evidence gathering. He was the expert witness in the Serious Fraud Office prosecution of BCCI in 1995. He was able to give me all the answers to all my unanswered questions. He forensically examined the Landslide database and produced for me a comprehensive report detailing the single entry showing my name that appeared on Landslide Subscriber Database. (Editor. This is the database that was secured by the Operation Ore action group last year and is being used as evidence in the class action against the UK police).


The forensics expert was also able to show me verifiable evidence of credit card fraud and identity theft. From the information that he provided, which revealed the single entry showing my name that appeared on the Landslide Subscriber Database, this personal and financial information is identical to the information which I entered into the Tesco on-line shopping server when I registered with Tesco to shop on-line in 1998. Furthermore, the Tesco.Net email address was registered by me solely to enable my wife and me to log onto the Tesco on-line shopping server and thus enable us to shop on-line at Tesco. It is my belief that this is the route from which my data appears to have been obtained by fraudsters. I do not know how it came to be in the hands of a fraudster who used it on Landslide. I have written to Tesco to ask for information about security standards and leaks.


In view of what happened to me, I fear that my personal information was then sold on to criminals. It ended up in the hands of a man called Michael Yamin who is resident in Jakarta, Indonesia. Mr Yamin is also known as “Miranda” and was indicted in the USA District Court for the Northern District of Texas, Fort Worth Division in April 2000. Mr Yamin’s sealed indictment reference is 4-00CR-056-Y. He is a webmaster. This means that he produces and hosts websites. Some of his websites are pornographic. Yamin registered his websites with Landslide so that members of Landslide, for a monthly fee debited from a credit card, could view his websites, and he would receive commission from Landslide for every subscription.


It appears from research since that Mr Yamin, or someone working for him, then entered my details into the Landslide Subscriber Database, subscribing to one of the websites that he owned, controlled and were active in 1999. Money was then debited unnoticed from my credit card account, and Mr Yamin received commission from Landslide Productions for that transaction. Current information is that Yamin actually owned or controlled a total of eighty-four websites, only twenty-six of which were active during 1999. The forensics expert went on to say that he has clear evidence that in August 1999 alone, it is estimated that Mr Yamin stood to gain in excess of $100,000 from these activities.


These figures are for a period after Landslide’s credit card processing facility had been withdrawn and thus they did not pay any webmasters after 08 August 1999. None of the webmasters (including Yamin) was aware of this and their fraudulent activities continued. This is likely to be on the conservative side because refunds and charge backs were not itemised, neither is it possible to assess the possible effects of multiple renewals.


I do not know whether the police knew of the credit card fraud from the beginning of the Operation Ore investigation. If the police did know of the credit card fraud, then they chose to ignore it. (Editor. The class action will reveal that they did know about the fraud, but went ahead despite this. They also lied to Parliament and the media about it and continued to broadcast these lies until the action group began to publish the new evidence.)”

 


Comments Index (Total Messages: 5)
I don't get it Written by Guest on 2007-05-10 23:01:58
Re: I don Written by Guest on 2007-05-11 11:38:47
Re: I don Written by Guest on 2007-05-23 18:46:20
Re: Re: I don Written by Guest on 2007-06-20 13:42:56
Re: Re: Re: I don Written by Guest on 2008-04-03 21:35:14

Powered by a Zone-H(ified) version of AkoComment 3.0!


DISCLAIMER: Forum postings are the opinion of the posting author alone, and should not be taken as the opinion of Zone-h. The   author is entirely and solely responsible for all content that he/she uploads, posts, or otherwise transmits via the website. Zone-h is not responsible for such content. However, Zone-h shall have the right, but not the obligation, to delete, move, or edit any content that violates this agreement or is otherwise objectionable as determined by Zone-h in its sole discretion and without notice.
 
< Prev   Next >
[ Back ]
Advertisement
 
Top!
© 2008 Zone-H.org - Unrestricted Information
Joomla! is Free Software released under the GNU/GPL License.
 Top!