UK police hunting down thousands who bought identity fraud packages from Confidential Access website

Scotland YardAmong its many products and services, Confidential Access offered to show customers how to build “a perfectly legal” new credit file.

London’s Metropolitan Police, however, was less convinced that the site’s activities were legal, and arrested the website’s staff for selling fake IDs, darn-real-looking documents, and tips on how to commit fraud.

The police are now tracking down 11,000 customers of the company, which they claim specialised in selling fake IDs.

Seven of the gang’s top brass were arrested following a two-and-a-half year investigation. Six of them were sentenced on Friday at Southwark Crown Court, while one escaped prosecution because he’s terminally ill.

Jason Place and Barry Sales ran the business from what police call “comfortable villas” in Alicante, Spain, while UK employees monitored the site and cooked up counterfeit documents for committing fraud.

According to the Met Police, many of these documents were bundled together and sold as full credit profiles that included wage slips, print-outs of credit histories, and a postal address.

Other documents billed as “novelty items” to “impress your friends” included false bank statements, wage slips, driving licences and utility bills.

These fraudulent documents, along with coaching on how to carry out scams, enabled Confidential Access’s customers to defraud companies of thousands of pounds.

Some customers spent a total of more than £20,000 on fraudulent documentation, while others committed their own fraud – in some cases, totaling more than £1 million – with the materials.

Authorities broke the case by analysing servers seized from Hong Kong.
The “painstaking” analysis eventually led to officers breaking what they called “highly sophisticated” encryption codes.

Playing cat and mouse, Confidential Access responded by setting up servers in Holland. The police eventually got their hands on these servers as well.

While news reports are using past tense verbs to speak of the company’s activities, publicly accessible portions of the site are still, actually, up and running, though the company does note that “CA no longer print any documents” (all caveman-esque dropping of verbs is sic):

Everything you need in a downloadable file to create your novelty document at home. CA no longer print any documents. You can print these home design kits to impress friends and family, or to create a fake alibi or perhaps you just have a hobby at home replicating legal documents. We have also heard that people are creating their own fantasy collectors document. It's funny but a driving licence with Beckham on it or a Jenson Button log book actually look quite impressive framed. The F1 Cafe has used our documents to create some famous replica names.

Hmmm, swap driving licence or log book for an arrest warrant with your name on it and it might not look so impressive.

One of the company’s big-ticket items was the Platinum Profile. It cost £5,500 and came complete with instructions on how to commit identity fraud.

Handcuffs on keyboard, courtesy of ShutterstockAnother product was a profile they called the 100% Creditmaster profile, exclusive to VIP members, that typically sold for £2000.

Some of these goodies came with a catch (beyond a potential prison sentence): if a customer managed to pull off a fraud with the Creditmaster profile, Confidential Access demanded 50% of the customer’s first fraud – otherwise, the company would threaten to wreck the credit profile.

Police said that the company used chat forums to coach clients on how to use the profiles and commit fraud. Some of these forums were free, but not all.

Here’s how the detectives described the specifics:

A monthly subscription fee bought members access to forums where they could discuss how to use the identity documents to commit fraud and seek other tips and advice. Access to the forums was graded and some were only open to those members who had spent a specific amount of money and had gained a specific level of trust. The top-tier member was classed as a VIP member and had access to a forum called "The Black Marketplace". This is where serious incriminating topics were discussed and hidden from the general public and non-VIP members.

Nautical terms reminiscent of Spongebob Squarepants were used to distinguish levels of trust within forums. All new paying members began as “deckhands”.

From there, they climbed the fraud hierarchy ranking ladder to “Skylarker”, then “Shore Patrol”, on up to “Ship’s Surgeon”, who was evidently in charge.

Detective Tim Dowdeswell said in the Met Police’s release that many of Confidential Access’s “students in crime” have been arrested, and authorities are working on more arrests to come:

This was a sophisticated operation which has netted millions of pounds over the years. These cyber criminals not only provided the tools to commit fraud they instructed their clients in how to use them to make the maximum amount of money, whilst ruining real people's credit histories into the bargain.

We have already brought many of their students in crime to court and will continue to work with other police forces and partners to bring those people who bought and used these identities in their own frauds to justice.

All six of those sentenced on Friday pleaded guilty at earlier hearings.

Jason Place, credit: Metropolitan Police Jason Place, 42, of Kent, was sentenced to 6 years 9 months for conspiracy to defraud.

The Crown Prosecution Service decided not to prosecute Barry Sales because of his terminal illness.

Mark Powell-Richards, 59, a credit broker and antiques dealer from Kent, was sentenced to 2 years 3 months for conspiracy to defraud.

Allen Stringer, 57, of Leeds, was sentenced to 2 years 3 months for conspiracy to defraud.

Michael Daly, 68, a former chauffeur from Kent, was sentenced to 12 months, suspended for 2 years, plus 250 hours of unpaid community service for conspiracy to defraud.

Jaipal Singh, 31, the director of a telecom company from the West Midlands, was sentenced to 18 months for conspiracy to defraud.

Arun Thear, 22, a student also from the West Midlands, was sentenced to 6 months, suspended for 2 years, plus 150 hours unpaid community service for forgery.

As for the 11,000 customers who’ve either been arrested are now have cyber bloodhounds hot on their trails, a word of advice: when a company says they’re legal but does so without proper punctuation or capitalisation, there’s a good chance they’re fictionalising.

To wit:

We can hear you saying "Are You Legal" The answer is of course. [CA] and the Caxess Corporation contracted both UK and US Corporate Lawyers to draft a legal foundation we could legally trade upon. [CA] observes and obey's ICAAN rules. Our infrastructure is now offshore in a jurisdiction which doesn't suffer Western intimidation; this is in order to offer true privacy and protection to our ever growing list of international clients.

Good luck with that there “Western intimidation,” and please keep shopping at online venues that make it easy for the authorities to track you down and round you up.

Image of handcuffs on keyboard, courtesy of Shutterstock. Image of Jason Place courtesy of Metropolitan Police.