News 

As soon as the hard drive copies were opened, it was obvious that Landslides activities had been riddled with fraud. Independent computer expert Jim Bates, of Computer Investigations, said 'the scale of the fraud, especially hacking, just leapt off the screen'.

The previously undisclosed computer files showed that Landslide had been plagued by a range of credit card fraud rackets, known in the industry as Card Not Present (CNP) frauds. CNP transactions occur when the cardholder, or someone pretending to be them, provide their card and personal details over the internet, or by phone.

The people who do it call it 'carding'. CNP fraud has increased exponentially over the past decade to become the largest type of card fraud in the UK.

'Carding' has been carried out over the internet in international black markets since the mid-1990s. Organised groups with closed websites and chat groups, such as CardersMarket, DarkMarket, TalkCash or TheVouched, trade stolen credit card data in bulk 'dumps', pricing it according to its potential fraud value. Prices advertised in their net postings range from $30 for a single 'virgin' (unexploited) Visa Gold card to $10,000 for a bumper file of 4,000 stolen American Express card and user details just $2.50 each.

A typical dump of British credit card holders' stolen data contains not only card numbers and expiry dates, but name, address, date of birth, email, personal password and even mothers' maiden names - everything needed for complete and convincing frauds.

'Phishing' was a word nobody had heard of in 1999, and the way the carders harvested data from their victims was simpler than today's carefully crafted and deceptive spam emails.

They advertised cheap adult sex

ADVERTISEMENT

sites on the internet, and offered access in return for a credit card payment, perhaps as little as $1.95. A customer who signed up had to provide his or her name, address, card details, and email address and password. That was all the carders needed. The data collected could then be reused or traded online with other fraudsters.

Carding through phoney (or real) porn sites is a simple way to earn millions because nothing has to be delivered. Operating out of Indonesia, Russia or Brazil, many of Landslide's webmasters appeared to have obtained and swapped lists of stolen cards and charged them up through different portals. Transactions were usually for repeated small amounts of less than $50.

Many victims were charged numerous times by websites they'd never heard of. Some noticed, and applied for 'chargebacks' - refunds provided by the bank when unauthorised transactions have taken place. Most people didn't notice or couldn't find out how to get refunds.

Under British law and the Human Rights Act, lawyers and experts are supposed to have the right to check all the evidence that might be relevant to a defence case. But since Operation Ore began, the police unit responsible has refused to allow full checks on the computer evidence by independent experts, and has sought to restrict access to police-approved experts only.

The CPS insists this statement is 'incorrect' and that 'it is always open to the defence to apply to the court for access to any exhibit or any item of unused material'.

Computer experts employed by the police have claimed in court cases they could find no evidence of hacking or fraud. 'Did you actually go looking for fraud?' Dr Sam Type of Geek Ltd was asked during one case held at Northampton Crown Court. 'No I didn't, no... I havent specifically looked for it,' she replied.

Click here to continue to part four

Part 1: Fatal flaws in Operation Ore - the full story
Part 2: The secret videotape
Part 3: Carding rackets
Part 4: The Soprano Connection
Part 5: The minister and the FBI
Part 6: Wide-scale fraud
Part 7: The rockstar fraudster