'Simple Photoshop': how a Pakistani counterfeiter may have aided Russian trolls

According to US Treasury, Mohsin Raza founder of online fake ID business helped Russian operatives get toehold in US


Reuters April 17, 2021

WASHINGTON:

Amid the cascade of US sanctions imposed on Thursday on Russian cybersecurity companies and officials alleged to be operating on behalf of the Kremlin's intelligence services, one company stood out: the Fresh Air Farm House in Karachi, Pakistan.

The Farm House, whose Facebook page www.facebook.com/FreshAirFarmHouseKarachi shows a waterpark-equipped holiday rental, is run by 34-year-old Mohsin Raza, one of two founders of an online fake ID business that prosecutors say helped Russian operatives get a toehold in the United States.

According to a US Treasury statement and an indictment issued this week by federal prosecutors in New Jersey, Raza operated a digital fake ID mill, churning out images of doctored drivers' licenses, bogus passports and forged utility bills to help rogue clients pass verification checks at US payment companies and tech firms.

The six-count indictment charges Raza with making false documents and aggravated identity theft. Reuters reached Raza in Pakistan at a telephone number provided by the US Treasury's sanctions list.

He confirmed his identity and acknowledged being a digital counterfeiter, saying he used "simple Photoshop" to alter ID cards, bills, and other documents to order.

Raza - who said he's also dabbled in graphic design, e-commerce and cryptocurrency - denied any wrongdoing, saying he was merely helping people access accounts that they'd been frozen out of.

Among his customers, the New Jersey indictment alleges, was an employee of the Internet Research Agency - an infamous Russian troll farm implicated by US investigators, media reports, leaked documents, and former insiders in efforts to interfere in US elections.

The IRA employee used Raza's services in 2017 to procure forged drivers' licences to support the identity of fake accounts on Facebook, according to the indictment.

Facebook Inc did not immediately offer any comment.

Raza said he didn't track who used his service. He said inspiration for his business came several years ago when a PayPal account which he had opened under an alias was locked, trapping hundreds of dollars he'd received for optimising online search results.

Unwilling to forgo what he described as "hard-earned real money", he photoshopped an identity document under his alias' name.

Once PayPal unfroze his account, he realised he had stumbled on a good idea and the business took off from there.

His site, Second Eye Solutions, boasted of "6,000 & more satisfied clients" before Raza pulled it down Thursday morning.

The old website featured scores of customer reviews thanking Second Eye for providing bogus identity documents used to verify accounts — mostly with PayPal.

PayPal Holdings Inc had no immediate comment. Money earned from the fake ID business was poured into the construction of the Fresh Air Farm House, Raza said. The facility, which features three bedrooms, a playing field, a water slide, and a BBQ area, is now on a US list of sanctioned entities alongside Russian oligarchs and defence contractors.

Raza's business is an example of how transnational cybercrime can serve as a springboard for state-sponsored disinformation, said Tom Holt, who directs the School of Criminal Justice at Michigan State University.

The alleged use by Russian operatives of a Pakistani fake ID merchant to circumvent American social media controls "highlights why this globalised cybercrime economy that touches so many areas can be a perfect place to hide -- even for nation-states," he said.

Holt said that the sanctioning of the Farm House appeared to be a signal to the cyber-criminal milieu about steering clear of Russian actors.

"To the extent that you can't deter through direct action, you can get some of these facilitators on notice," Holt said.

COMMENTS

Replying to X

Comments are moderated and generally will be posted if they are on-topic and not abusive.

For more information, please see our Comments FAQ