Tuesday, October 03, 2017

More Offshoots of Operation FLICKER 36

More Offshoots of Operation FLICKER

Documents released via FOIA confirmed that an FBI task force in Calverton, MD targeted members of criminal organizations in Belarus, Ukraine, and Latvia. One Belarus official investigated a criminal organization operating more than 200 commercial child exploitation websites. 

Operation BASKET grew out of the Operation FLICKER investigation. One document states that FLICKER identified 30,000 customers in 132 countries and prosecuted hundreds of Americans, among 16 arrests in Belarus and the Ukraine. 

In 2008, eleven organizers of child porn rings were arrested in Belarus. In 2010, Ukrainian officials arrested 5 more organizers. Operation BASKET is credited with crippling child porn on the dark net. 

Also in 2010, the Pentagon announced that investigations into 264 DOD employees or contractors were reopened. At least 280 convictions resulted. 

FOIA documents state that many images of child porn were recycled from LS and BD studios, “giant Ukrainian producers of child pornography that were broken up by law enforcement in 2004.” 

In 2007, a meeting in Ukraine addressed the international connections of Operation FLICKER, including representatives from ICE, FBI, DEA, Ukraine and Belarus. The Belarus investigation was called Operation TORNADO. 

FOIA documentation confirmed that Project FLICKER identified a criminal organization operating more than 150 member restricted child porn sites. Multiple PayPal accounts were used to process monthly subscription payments. 

Also involved were payment processors like iWest and DA Pay. DA Pay was investigated by the Dutch National Police (DNP) under an enquiry whose name was redacted, though it was stated that the operation fell “under the COSPOL/CIRCAMP work file TWINS.”

Operation ROBIN was an investigation coordinated by the Netherlands supported by the COSPOL Internet Related Child Abusive Material Project (CIRCAMP) and “AWF Twins.” 

A Dutch company was registered with an address in “IJMUIDEN, the Netherlands.” Another 93 businesses registered to the same address all offered electronic payment services. The document states that the DNP received complaints from police forces worldwide about the IJMUIDEN address providing payment services for child porn websites. 

“AWF Twins” received Chamber of Commerce records for all companies registered, finding that directors and shareholders were listed living in 19 different countries. 

Project MYOSIS was associated with Project TORNADO. The DA Pay (or DA Technologies) payment scheme employed merchant accounts connected to “GEO LOCATOR, PRIVATE CONNECT, MULTICARDS.COM, and VPNSERV-CA.COM.  

EBONY ENTERPRISES LC was also implicated. The cover transaction was for the purchase of “TraceWiper Software.” IP addresses pointing to addresses in Brampton, Ontario, Canada, Orlando, FL, Tevosyana 40a-89, Electrostal, Moscow Region, Russia, and Vista, CA were tracked. 

Another registrant was VELDEX, McCoy Corporation at 64 East Main Street, Box 275, Newark, DE, and eNom, Inc, at 15801 NE 21sth Street, Bellevue, WA 98008. Yet another was NB 5627SV, NL, Citrix Systems, Inc., at 751 West Cypress Creek Road, Fort Lauderdale, FL 33309. 

Further registrants were in Delray Beach,. FL, and Tegelen, 5932, NL, McHost.Ru Inc, at 125171, Moscow, u/b 99, Russia. VELDEX was associated with knutov.net, at Kreesanov st. 6, Perm, 614000, Russia. Another was HostDime.com Inc in Humble, TX, also at 189 South Orange Avenue, Suite REDACTED, Orlando, FL 32801. 

The advertising website which redirected customers to purchasing pages stated:

“- real high-quality photo site for those who love pure natural beauty locked in the curves of a child body.” 
“Only real full-scale tasteful nude pics. Innocent but lustful, beautiful and though (sic) provoking, shy but …. naked.” 
“Best galleries of youngest girls chosen from who archive of our studio. We collected big archive of lolita’s photos within last 3 years, and now we bring you selected galleries of youngest of them.” 
“To protect your privacy, your card will formally be billed as a payment for a product or service at some lawful online store. The administration of that store doesn’t know anything about memberships we sold. They really sure that you purchased their product.”

Entities like NETPLACE at Tevosyana 40a-89, Electrostatal, Moscow Region, Russia were displayed, as was one in Vista, CA 92084 for netdirekt e.K. at Kleyer Strasse 79/Tor 14, Frankfurt, DE 60326. Also VELDEX, McCoy Corporation, 64 East Main Street, Box 275, Newark, DE, , and McHost.Ru Inc, Network Redux, LLC, 520 SW 6th Avenue, Portland, OR 97204, and again, VELDEX. 

The report states “On the same date the ICE agent clicked the hyperlink for the advertising website known as Euro Lolas, which redirected” to a page stating, “Inside you will see very special moments of young nymphets.”

“Welcome to REDACTED - very hot website. The Goddess of Beauty and Youth makes us think of Harmony of this wonderful world!” In this case VELDEX was linked to Optynex Telecom, Guillermo Peterkin, Calle 50 y 53, Edificio Plaza 2000, Piso 9, 0832, Panama. 

Later, the documents state that the pornographers “obtained income of $365,768 US dollars.”  

Multiple perpetrators were convicted by the “Court of Central District of Minsk,” most for distribution of child pornography. One “Head of Criminal organization … escaped and are wanted at national (with a view of arrest), CIS countries (with a view of arrest) and international level.”

The case was closed on 02-25-14 on report number 032. 

Later, “$294,028.51 US dollars, and 30 firearms, including one silencer and one hand grenade have been seized.”

A later subscriber for a related email account came from the Central African Republic. An IP address belonged to DTAG Global IP Addressing in Nuernberg, Germany. 

A website, http://wirefreecandy.com was reported, while the Resident Agent in Charge received a compact disk from JUNO ONLINE SERVICES in response to a search warrant. 

A later document referred to “Mail seizure of Bestiality Pornography (Oakland),” with a country of origin in the Netherlands. The subject in this matter had two travel records listed in December, 2004, for St. Thomas, US Virgin Islands, “on a cruise ship.”

In a “Collateral Request to Frankfurt, Germany, the report states, Information developed during the investigation indicates that the operators of the child pornography websites are located in Belarus, Latvia, Russia and the United Kingdom. Those website operators have recruited persons in the United States to receive credit card payments for monthly subscriptions to the websites and to then transfer the proceeds to them (the operators) in Eastern Europe.” 

Warrants for email addresses related to Yahoo, Google, Juno, AOL, PayPal, MSN Hotmail, Charter Communications, Time Warner Cable, Roadrunner, J2 Global, and other operators were issued. 

“All accounts are related to the facilitation of payments received for memberships to several child pornographic websites.”  
“Investigators have obtained PayPal records and banking records for each of the 14 PayPal account owners in the United Staes. They have identified from those records more than 5,000 subscribers to the child pornography websites. 
They have further determined that the PayPal account owners have collected more than $1,500,000 in subscription payments and have transferred most of those proceeds to individual recipients in Belarus, Latvia and Russia.” 
“The investigators have determined from the email messages and interviews that it is likely that most or all of the PayPal account owners in the United States did not know the nature of the funds they were receiving and were therefore unaware of their involvement in facilitating the distribution of child pornography.” 
“Each of them appears to have been recruited through the internet to establish “work at home” businesses involved in processing PayPal payments for ostensibly legitimate products, such as computer anti-virus software packages.” 

“It is respectfully requested that the ICE Attache Frankfurt coordinate with Latvian law enforcement officials to obtain information about the listed bank accounts and individuals.”

“On October 17, 2007, pursuant to Operation FLICKER, Special Agents of the RAC/BI received four checks totaling $70,983.18 from PayPal, resulting from seizure warrants served on September 6, 2007.” 

“Said funds were traced through the above listed PayPal accounts, above listed subject’s bank accounts, and subsequently wired to various locations ultimately directed to Riga, Latvia in Western Europe.” 

“Based on the interviews of approximately 14 PayPal account holders previously interviewed, the subjects were recruited by one of two methods.” 

The methods are wholly redacted, under FOIA provisions (b)(8), (b)(7)(C), (b)(7)(E). 

Some facilitators of PayPal funds were registered sex offenders. “Subject was convicted of Possession of Child Pornography in Wisconsin and sentenced to five years.” 

Another was “convicted of sexual assault and sentenced to ten years. On 4/26/2004, Subject was convicted for endangering the welfare of a child and sentenced to three years probation.” 

Another had an FBI number, and was previously “arrested for Child Molestation in November of 1990 by Spokane Sheriff’s Office.” 

Most suspects were unnamed in these reports, their identities redacted. One exception was Mr. Ken SLATER, of whom ICE agents provided information to the Child Exploitation and Online Protection Center (CEOP) in London. 

The report that mentions Mr. Slater also says that a recruiter for the child porn distributors “recruited these individuals from resumes posted on Monster.com and Careerbuilder.com.” 

The coordinators permitted the PayPal facilitators to retain between 5-10% of the payments. They wired funds to CAPITAL COLLECT, LLC in Connecticut, which was located at 2505 Main Street, Suite 231, Stratford, CT 06615. 

Facilitators also mailed what is described as a “VISA reload card” to an address in St. Petersburg, Russia. 

An address in London used to register one PayPal account was later determined to be a vacant building. 

Another address that cropped up, receiving large sums in increments of $3550 and $7700, was at Bank of Cyprus LTD, 51 Stassinos Street, Ayia, Nicosia, Cyprus and at Bank of Cyprus Public Company LTD, 10, Kyrilacou Matsi Avenue, Ayiol Omoloyites, Nicosia, Cyprus 27072. 

A Russian national in an overstay immigration status in the US registered a business selling software designed to determine the geographical location of an IP address called GEO LOCATOR, at geo-locator.com. This business received funds “concurrent with those of child pornography website membership amounts.” 

“Covert purchases made by agents at C3 were traced through this merchant account as well.” One purchase was “conducted directly to the GEO LOCATOR website.” The report notes, “This purchase was processed, however the undercover agent never received a product.”

The outgoing international wire transfers from this account were sent to the Bank of Cyprus Public Company LTD, 10, Kyrilacou Matsi Avenue, Ayiol, Omoloyites. 

The report continues, “Officers at CEOP are currently requesting bank account information regarding SUBADRA SYSTEMS LIMITED.” An additional business discussed was SMART VPN SERVICES LTD, at 5, Percy Street, Office 4, London, WIT 1DG. 

“This company registered in London is providing server access between the websites hosting the child pornography and the end users, to conceal the connection to these pay for view sites.” 

The report concludes, “In March of 2011, destruction orders were completed on all remaining evidence being stored for this investigation. Line items listed for destruction consisted of email account contents collected by companies such as Yahoo, MSN Hotmail and Time Warner. All compact disks containing the material searched were destroyed by breaking and tearing and burning. 

This investigation is closed.” 

Further reports however mention investigations in Italy and Russia. The Russian hosting company was known as Russian Business Network (RBN). This company changed its physical address from Saint Petersburg to an address in Panama City, Republic of Panama. 

Two new websites came to the attention of investigators containing in excess of 2 GB of child pornography. Another contained more than 5 GB of child pornographic material. “This particular website allows users to upload their own child pornography.”

The following written description was extracted for the individual advertising website REDACTED. 

“Fresh dishy looks and fragrance of sweet fruits brought you to the peaceful place called REDACTED. If you only cast a glance at those absolutely exotic fruits, you’ll be fascinated by spendid and blossoming beauty of these young creatures. Breathtaking pictures and comparable video will capture your attention and your eyes! The rest of the world outside this indisputably splendid garden will mean nothing to you!” 

Drilling in, the following text was extracted: 

“Here you can see two pictures of each young lady. The first presents you an artistic portfolio picture and the other gives you ground for your imagination. When you become a member of our site, you can check whether your imagination was realized in these pictures. Some of them can be a real pleasant surprise for you. Well, you are to decide whether you want to be caught and overwhelmed with beauty!”

Later, the report stated “The Russian Business Network is no longer operational. This investigation is now closed.”

Another report of investigation referred to an unnamed individual in Wayne, NJ, and said, “Subject is a registered sex offender. On 11/08/1985, Subject was convicted of sexual assault and sentenced to ten years. On 4/26/2004, Subject was convicted for endangering the welfare of a child and sentenced to three years probation. He was also arrested in Paterson NJ on 01/14/1976 for a sex offense.” 

“Further investigation by the NJ State Police showed that REDACTED 1976 arrest was for “forcible masturbation of a 14 year old” and that the 1985 arrest was for fondling of 3 young boys. 

This subject was interviewed by State Police officers at his residence. He was married and he also had a daughter REDACTED who was 4 and a half years old at the time of the interview. This subject consented to the officers to examine his computer, during which search images of child pornography were uncovered. 

The subject was arrested and pled guilty to the charge of endangering the welfare of a child. He was sentenced to NJ State prison and served time in prison from June 30, 2006 till his release on March 5, 2007.  

Later, child porn Operations FALCON, PREDATOR, EMISSARY and EMISSARY II, Operation UNDERSCORE and Operation WATCHDOG were conducted. No further information regarding those investigations is included in this tranche of documents. 

Corpus Christi Homeland Security Investigations (HSI) agents later updated the file, mentioning the disposition of several otherwise unnamed subjects. One was sentenced to 120 months in the custody of the Bureau of Prisons, another to 51 months, another to 60 months, another to 240 months, and another to 120 months. Apparently there are many child pornographers in federal prison. 

Interestingly, several suspects were marked for prosecution for “acting as an unregistered money remitter,” for processing PayPal payments. One of them was surnamed “HIGH,” a resident of Birmingham, AL. Later, officials were advised that “criminal charges against REDACTED and the other PayPal subjects have been declined.” 

A Toshiba laptop was returned. “As no further action on this matter is anticipated, this case is being closed at this time.” 

Another suspect was found to be employed at the Sanford Auto & Truck parts store in Sanford, Florida. His earnings are redacted in the report. He is noted to own a Chevrolet Lumina and a Dodge Ram pickup. 

Another suspect, or perhaps the same one, was investigated by the ASAC/Orlando office. Three computers were seized, one of which yielded 25 images of child pornography, found in temporary internet files and in lost/free space. 

An unnamed AUSA declined to proceed with prosecution for reasons that are not explained. All that happened in this case to this subject was the computer that contained child porn was destroyed. 

Operation FLICKER was initially a joint investigation into multiple subjects in the US, the UK, Russia, Belarus and Latvia involved in the distribution of child porn. Eventually it was expanded to identify and prosecute the thousands of subscribers who purchased subscriptions to child porn websites in order to view the images. 

A further interesting comment is that “Some Project FLICKER targets were never completely identified, possibly due to fraudulent purchaser information entered by the user.” 

The file observes that “The information contained in the Project FLICKER umbrella case file has proven useful during several investigations where Project FLICKER targets have been the subject of newer child pornography target lists. This has allowed investigators to use Project FLICKER lead information in addition to the newer lead information to establish a history of “child pornography collector” behavior.”

Three “subjects living in or near the New York City are believed to be the controllers of or are facilitating payments for child pornography websites via the “PayPal” online payment transfer system.” 

The file is interesting in that it stated, “The financial status of these subjects is not yet known. A database search request was submitted to “DynCorp” analyst, REDACTED, on 06-25-2007 in order to obtain preliminary information regarding the identification of forfeitable assets should any or all of the subjects be indicted.” Apparently some law enforcement agencies are looking to seize assets for financial gain. 

The file continued, “The AIRG portion of the “Operation FLICKER” investigation focused upon the financial, address, and property statuses of three individuals.” It continues, “By 07-01-2007, asset profiles were compiled for the following three subjects,” whose names were redacted. 

“The results of the AIRG analyses were shared with the criminal case agent….No further queries were conducted beyond the preliminary profiles.” 

These subjects must have been impoverished, for “On 09-20-2007, case closure was recommended by the criminal case agent as the three individuals above were no longer persons of interest or subjects of the larger, continuing investigation.” The case was closed. 

Other subjects were found to be using the University of Wisconsin’s email services. One of the suspects was employed by the University as a financial advisor. 

Another suspect was believed to reside in Castine, Maine, “possibly at the Maine Maritime Academy.” Operation FLICKER suspects are notable for their relatively high social status. 

The case file notes that in April 2007, ICE presented Project FLICKER to the Attorney Generals Advisory Committee on Child Exploitation, identifying approximately 4,900 domestic subscribers and 3,300 international subscribers to the child porn websites. 

The file states that “leads…will be vetted and set in priority order by the number of purchases the subject has or by prior criminal history. Prior sex offenders being first priority as well as subjects employed by the Department of Defense with high-level clearance.” 

Perhaps erroneously, the file states that “On October 2, 2007, an AutoTrack query was conducted on Andrew EVANS based on the Yahoo! subscriber information.” His Current Address was in Antelope, CA 95843 (as of 04/2007). It is unusual that suspect names are included in these Project FLICKER files. Most of them are redacted. But mistakes do happen. 

Another suspect was “arrested and convicted for unrelated theft, burglary, credit card fraud, and controlled substance charges during the course of the ICE investigation. At the time of this report REDACTED was located at the California Department of Corrections and Rehabilitation Deuel (sic) Vocational Institute (DVI).” The unnamed suspect was “expected to be released from incarceration on July 28, 2010.” 

The case was closed, as “Any evidence of child pornography has long been destroyed, tainted or considered stale.”

Links in order of precedence. 


This is my 36th installment on the pedophilia epidemic. 

Read dispatches 1-35 and forthcoming segments at magickingdomdispatch.com, or on Medium: https://medium.com/@estebantrujillodegutierrez.


Post a Comment

<< Home