NEWARK, N.J. – (DOJ / PRESS RELEASE) – Two operators of an illegal e-commerce business engaged in the sale of digital images of false identity documents, such as passports, driver’s licenses, and national identity cards associated with more than 200 countries and territories, were charged in a six-count federal indictment unsealed in the District of New Jersey today, Acting U.S. Attorney Rachael A. Honig announced.
Mohsin Raza, aka “Mohsin Raza Amiri,” 34, and Mujtaba Raza, aka “Mujtaba Ali Lilani,” “Mujtaba Ali,” and “Mujtaba,” 33, both of Karachi, Pakistan, are each charged with conspiracy to produce and transfer in false identification documents, three counts of transferring false identification documents, one count of false use of a passport, and one count of aggravated identity theft.
“The indictment alleges a global scheme to produce fraudulent identity documents that other wrongdoers then used to further additional illegal activity, including activity intended to interfere with U.S. elections,” Acting U.S. Attorney Honig said. “Together with the FBI and our other law enforcement partners around the world, we will continue to identify criminal operations such as these and shut them down.”
“Today’s actions demonstrate the FBI’s commitment to target the entire ecosystem supporting cyber actors, regardless of where those criminals reside, and hold them accountable,” Special Agent in Charge George M. Crouch Jr. of the FBI Newark Division said. “The individuals indicted enabled criminal organizations around the world to perpetuate cyberattacks against Americans and our allies and to bypass anti-fraud measures designed to stop the flow of stolen funds through the financial system. Mohsin Raza and Mujtaba Ali Raza are now fugitives and have been added to the FBI’s White Collar Crimes Most Wanted website. The FBI will never stop pursuing these criminals until justice is served.”
According to the indictment:
From at least 2011, the defendants operated a fraudulent online business based out of Karachi, named, at various times, “SecondEye Solution” and “Forwarderz” (collectively, “SecondEye”). SecondEye, through various versions of its website, electronically produced, sold, and transferred digital versions of false government-issued identity and other documents. The false documents were the types of documents commonly needed and used to create online accounts at banks, payment processors, social media sites, and digital currency platforms.
The defendants advertised SecondEye’s services on at least one well-known cyber hacker forum. SecondEye’s advertisements claimed that SecondEye documents could be used by customers who were “banned” or “suspended” to restore access to their online accounts. The defendants accepted more than $1.5 million in Bitcoin transfers alone from SecondEye customers related to more than 20,000 separate transactions.
SecondEye customers used the false SecondEye documents to commit and facilitate the commission of various cybercrimes and other criminal conduct. Between May 11, 2017, and Sept. 16, 2017, a member of the Internet Research Agency LLC, a Russian organization that engaged in operations to interfere with elections and political processes, including the 2016 U.S. presidential election, purchased multiple false identification documents from SecondEye in the names of real and fictitious U.S. persons. The false identification documents were later used as supporting documents for accounts previously operated by the Internet Research Agency at a social media company.
SecondEye customers used the false SecondEye documents to defraud payment processing companies, e-commerce businesses, social media, and social networking platforms, and virtual currency exchanges, both foreign and domestic, by gaining unauthorized access to online platforms provided by such entities, often to gain access to customer accounts that previously had been revoked or suspended.
As part of its investigation, the United States has seized three domestically-hosted domain names used by SecondEye in furtherance of its fraudulent document business: www.secondeyesolution.com, www.secondeyesolution.biz, and www.forwarderz.com. Visitors to the websites received the following message:
