Wide-scale fraud

Posted on 10 May 2007 at 09:30

Following the launch of the Keyz service, Landslide's revenues soared from $162,000 a month in September 1998 to $824,000 in July 1999, according to financial files stored on the company's computers. But a close look at Landslide's internet records reveals where that 'revenue' was coming from.

Although many webmasters were trading legitimately, the biggest business was being conducted by credit card fraudsters. Topping the league were Indra Imansjah, Arief Dharmawan and Michael Yamin, who traded under the pseudonym 'Miranda'.

They were part of a gang of Indonesian webmasters. More than half of the money Landslide took from card owners was paid to the Indonesian ring. Dharmawan and his colleagues were in the business of supplying extremely unpleasant pornography over the internet, some of it depicting young children being raped and abused. But the undisclosed computer evidence shows they were also in the simpler and less risky business of card fraud.

The number of people signing up for the Indonesians' child porn websites shows a strikingly common pattern. Yamin had a dozen websites signed up to the Keyz service (in different names) in January 1999, but by March he had only two paying customers. By May, that figure had suddenly shot up to 7,000 subscribers, earning him $137,000 in fees. Other websites run by the trio showed similar traffic surges.

Had the world suddenly woken up to child porn? 'I dont think so,' says Ross Anderson, Professor of Security Engineering at Cambridge University and an expert in banking frauds. 'The Indonesians could simply have bought in lists of credit card numbers to exploit'. Doing this on sites that contained child pornography was a 'clever twist', Professor Anderson adds.

Whereas legitimate sites tend to receive steady levels of new members, crooked sites only received subscriptions when the webmasters or their accomplices feed in new credit card numbers. Sign-ups to these Indonesian sites happened only in clusters on scattered days.
The consequences of the many frauds soon became obvious in Texas. According to a post mortem study in August 1999 by Landslide's chief financial officer Kean Songy, the level of repayments and chargebacks prompted by unauthorised fraudulent transactions rose steadily, reaching nearly 10% in July 1999.

On Landslide websites that computer records show were simply vehicles for fraud, 90% of the people cheated never complained. The true level of card fraud involved in Landslide and Operation Ore can never be known. But it suggests that only one in ten victims complained about the fraud, and the likely total level of fraud was well over 50%.

Computer expert Jim Bates spotted an obvious way of separating frauds from genuine porn purchases on the Landslide website. One important evidential file is a giant 424MB container simply called 'Access'. This was a complete log of all recent internet activity. It recorded when credit cards were signed up and charged.

Critically, it also showed whether the person putting in the card details had gone on to visit the porn site their card had paid for. Bates' analyses found that not only did thousands of the supposed porn buyers not go to get their porn, many Keyz sites had been set up purely for fraud.

Click here to continue to part seven

Part 1: Fatal flaws in Operation Ore - the full story
Part 2: The secret videotape
Part 3: Carding rackets