Friday, April 28, 2006

Do Financial Crimes and Internet Fraud Fund Terrorism

Many of us wonder exactly how terrorism is funded. Here is a story from the AP, which might lead some to believe that financial crimes (fraud) is a source of funding.

"Five relatives of a U.S. citizen suspected of being a senior Al Qaida operative were arrested in California and Utah on charges of defrauding banks of hundreds of thousands of dollars."

"The FBI said Omar's relatives netted $327,000 from fraudulent bank loans and bad mortgages in Utah, and Bretzing said some of the money wound up in Jordan with Omar's relatives.

Omar, a 44-year-old Kuwaiti native with U.S. and Jordanian citizenship, has been indicted in Jordan with Iraq insurgent leader Abu Musab al-Zarqawi in an aborted chemical attack on the Jordanian intelligence agency."

Full story by the AP courtesy of MSNBC, here.

Of course, the FBI says the matter is still under investigation and won't speculate. Please note, I can't blame them for not doing so in an ongoing case.

BUT here is evidence that the FBI takes the ties between fraud and terrorism seriously. Here are excerpts from a speech delivered by Grant Ashley, Executive Assistant Director of the FBI to the International Association of Financial Crimes Investigators in 2004:

It has often been said that money is the root of all evil. I don't know if that's the case, but I do know that it is the root of terrorism. Terrorists rely on money to fund their training and operations. They disguise their fundraising activities as legitimate charity organizations. They resort to white-collar crime to raise money. Money laundering is no longer exclusive to sophisticated criminals, but is now routine for terrorists.

Money can also be the fruit of terrorism and crime. Today's terrorists and criminals use sophisticated business practices to achieve their goals, not unlike those of legitimate multinational corporations. Criminals today are not just stealing funds, they are stealing credit card information, social security numbers - entire identities - and selling them for profit. Those who traffic in humans, drugs, or weapons are motivated and rewarded by money.

Link to Assistant Director Ashley's speech, here.

Although it rarely makes it in the news, it appears that the FBI sees a connection between financial crimes (fraud) and terrorism.

If there are some of you out there that are leery of government sources, the Washington Post did a story on Imam Samudra, the terrorist behind the Bali Night Club bombings in Indonesia. Samudra published a book with a chapter entitled "Hacking, Why Not?"

There, Samudra urges fellow Muslim radicals to take the holy war into cyberspace by attacking U.S. computers, with the particular aim of committing credit card fraud, called "carding." The chapter then provides an outline on how to get started.

Samudra, 34, is among the most technologically savvy members of Jemaah Islamiah, an underground Islamic radical movement in Southeast Asia that is linked to al Qaida. He sought to fund the Bali attacks in part through online credit card fraud, according to Indonesian police. They said Samudra's laptop computer revealed an attempt at carding, but it was unclear whether he had succeeded.

Samudra was quoted in the article:

"It would not be America if the country were secure. It would not be America if its computer network were impenetrable," he writes at the beginning of the hacking chapter. He continues by urging fellow militants to exploit this opening: "Any man-made product contains weakness because man himself is a weak creature. So it is with the Americans, who boast they are a strong nation."

Here is a link to the story by the Washington Post.

Interestingly enough, we have seen some major hacking activity in the recent past, where large numbers of credit and debit card numbers have been compromised. There have also been a large number of data breaches, most of which seem never to have been solved.

In testimony before Congress, Dennis M. Lormel, Chief, Financial Crimes Section, FBI said:

Because most of these are never solved, we as average people can only speculate as to what the source of this activity is.

After all, (Terrorist 007) Irhabi 007, the so-called Al Qaida hacker, who was spreading terrorist propaganda on the Internet used stolen credit cards to set up his ISP connections.

In testimony before Congress, Dennis M. Lormel, Chief, Financial Crimes Section, FBI stated:

Another pattern of terrorist financing involves funding of terrorist cell activities through various criminal activity. Al Qaida has been known to encourage and instruct terrorist cells in terrorist training camps in Afghanistan in ways they can fund their terrorist activities through various criminal activity. For example, Ahmed Ressam, the Algerian extremist convicted in the terrorist plot to place bombs at Los Angeles International Airport among other locations, was instructed in these camps to engage in criminal activity such as bank robberies and fraud schemes to fund his terrorist activities. As another example, investigation has identified a terrorist cell based in Spain with ties to Al Qaida that used stolen credit cards in fictitious sales scams and for numerous other purchases for the cell. They kept purchases below amount where identification would be presented. They also used stolen telephone and credit cards for communications back to Pakistan, Afghanistan, Lebanon, etc. Extensive use of false passports and travel documents were used to open bank accounts where money for the mujahadin movement was sent to and from countries such as Pakistan, Afghanistan, etc. In addition, the cell relied upon street crimes such as home burglary, car theft, and car burglary to fund their cell activities.

We live in a new and more dangerous world since the 9-11 attacks. This new world requires that we take another look at issues, such as financial crimes and illegal immigration. These issues, which were not priorities in the past, have become increasingly important in the quest to ensure our safety and security.

Unfortunately, there are too many out there, who want things to remain the same and are now exercising their political voices to prevent the necessary changes.

Perhaps, they should go out and watch "United 93" to refresh their memories of why we can no longer allow tolerate loose financial controls and allow criminals and terrorists easy access to our borders.

Using VoIP to Phish for Victims

The world of Internet fraud is a constantly mutating animal. Phishing in particular is a rapidly growing problem and the latest mutation is the use of VoIP (Voice over IP) technology.

Using VoIP technology, the phishermen are luring the innocent into giving up sensitive personal and financial information by impersonating call centers.

Robert McMillan of IDG News Service reports:

Typically phishers email their victims, trying to lure them into revealing sensitive information on bogus websites. But instead of telling victims to click on a Web link, this attack asks users to verity account information on a phony customer support number.

"Part of the danger here is just the fact that it is novel," senior research scientist with Cloudmark, Adam O'Donnell, said. "Most people are pretty comfortable calling to a phone number that they think is their bank's."

Link to story from IDG News, here.

If you happen to see one of these Phishy e-mails, you can report it to the PIRT Phishing Incident Reporting and Termination Squad. This is a new service (volunteer driven) that actively goes after and takes down phishing sites.

Here is a previous post, I did on PIRT.

Tuesday, April 25, 2006

Do It Yourself Hacker Kits

Not too long ago, you needed some technical expertise to become a Internet criminal. Think again, for about $15.00 you can buy your own do it yourself kit from Russia. This kit downloads a Trojan when someone visits the site it is installed on. It logs keystrokes, (which can give someone access to your personal and financial information), downloads additional cybernasties and opens backdoors to a compromised system.

The Trojan is even smart and can detect what browser is being used via the user agent and customize the exploit based on the browser settings.

Here is the ad, which was translated into English by Websense:

Dear Friends! We would like to offer you multi-component exploit Web-Attacker IE604, that realizes vulnerabilities in the internet browsers Internet Explorer and Mozilla Firefox. With the help of this exploit you will be able to install any programs on the local disks of visitors of your web pages. In the foundation of work of the exploit Web-Attacker IE0604, there are 7 already-known vulnerabilities in the internet browsers: Objective of the Exploit: Hidden drop of the executable from the deleted source to the local hard drive of the site visitor.

-Bypasses all security measures-Is not blocked by Firewalls [Agnitum Outpost, Zone Alarm, Sygate Personal Firewall]

-Tri-level protection -Flexible installation -Updates -Detailed Statistics

For the full alert, with screenshots, click here.

John Leyden of the Register is also covering this story.

trimMail's E-Mail Battles has an interesting story about why some of these kits are so dangerous. Here is an excerpt:

Smart computer users know that once a computer is infected by a rootkit, it's changed forever. And as Windows rootkits go, Hacker Defender is among the most dangerous. The author of Hacker Defender, holy_father, explains why he does what he does, and what you can do to detect his rootkit.

Antivirus companies sell a fake sense of security, but they do not bring real security to your computer. Antivirus just fights programs that are visible to common users. They don't care about the cause.

Do it yourself kits are becoming increasingly common and are making the Internet increasingly dangerous for the common user.

Here is a recent post, I wrote about "how to scam kits" and one that is designed for use in committing fraud on eBay.

Link, here.