Today, February 28, 2008, 7 hours ago | Dennis Lormel
<http://counterterro rismblog. org/2008/ 02/terrorists_ and_credit_ card_fra. php>
Go to full article
http://counterterro rismblog. org/2008/ 02/terrorists_ and_credit_ card_fra. php
A few weeks ago while conducting research for a client; I came across a
newspaper article from Toronto that immediately caught my attention. It
reported the arrest of four men on charges of debit and credit card fraud
for possessing numerous gift cards containing bank account and debit
information from individuals in the United Kingdom (U.K.). Further
investigation found laptop computers and memory sticks containing bank
information for thousands of U.K. bank customers. What resonated was the
fact the four subjects were believed to be associated with the Liberation
Tigers of Tamil Eelam (LTTE) aka, the Tamil Tigers.
In November, I was in Toronto and met with a credit card fraud expert. I
inquired as to whether he observed a nexus between credit card fraud and
terrorists. He stated that Canada had a credit card fraud problem involving
the Tamil Tigers. I knew there was a concern about the Tamil Tigers in
Canada but I hadn’t previously been aware of the apprehensiveness about
their involvement in credit card fraud.
The arrest of the two U.K. subjects above reminded me of the massive credit
and debit card fraud case in the U.K. involving up to 200 British petrol
(gasoline) stations. The subjects in that case were alleged to be Tamil
Tigers. They obtained credit and debit card information at gasoline pumps
through the use of skimming machines. The loss was estimated to be as much
as $72,000,000.
Unfortunately, this problem does not receive the attention it deserves. It’s
reminiscent to the Nigerian credit card fraud problem in the late 1970s.
When I was a young Agent with the FBI, I worked Nigerian frauds. Invariably
whenever an arrest was made the Nigerian subject had stacks of fraudulent
credit cards in their possession. It was a quite epidemic that was never
adequately addressed.
We should be extremely concerned about the scope of the credit card fraud
problem involving terrorists. There is limited or no empirical data to gauge
the extent of the problem. However, there are compelling signs that an
epidemic permeates. Looking back at three specific cases, we get a snapshot
of how serious the problem is.
1. Ali Al Marri was arrested in Illinois in December 2001 for having lied to
FBI Agents about having contact with facilitators of the 9/11 terrorist
attack. At the time of arrest, Al Marri had 36 credit card numbers and
account information in his possession. A subsequent search of his computer
found he had compiled over 1,000 credit card numbers and other identifying
information.
2. Imam Samudra was the mastermind of the Bali bombing. Following his arrest
he wrote an autobiography about his jihadist life. He wrote a chapter
entitled “Hacking, Why Not.” In it, he urged fellow Muslim radicals to take
holy war into cyberspace by attacking U.S. computers. Samudra described
America’s computer network as being vulnerable to hacking, credit card fraud
and money laundering. The chapter did not focus on specific techniques. It
focused on how to find techniques on the internet and how to connect with
people in chat rooms to perfect hacking and carding skills. It was a course
of study for aspiring hackers and carders. Samudra discussed the process of
scanning for websites vulnerable to hacking and then went on to discuss the
basics of online credit card fraud and money laundering. One of the concerns
posed by Samudra’s book was that it could serve as a roadmap leading
terrorists to more accomplished hackers.
3. In the case of Younes Tsouli, aka Terrorist 007, and his two associates,
Waseem Mughal and Tariq al-Daour, investigators in the United States (U.S.)
and the U.K. determined the trio used computer viruses and stolen credit
card accounts to set up a network of communication forums and web sites that
hosted everything from tutorials on computer hacking and bomb making to
videos of beheadings and suicide bombing attacks in Iraq. These individuals
were not murderous terrorists like Samudra, but were facilitators for
individuals who were, making them every bit as despicable. They raised funds
through massive credit card information theft and fraud, which were used to
support the communications, propaganda and recruitment for terrorists
worldwide, as well as to purchase equipment for Jihadists in the field. One
expert described their activities as “operating an online dating service for
al-Qaeda.” The three men pled guilty to inciting terrorist murder via the
internet.
The above cases are particularly troubling because of the upward trend of
terrorists communicating on and using the internet as a learning tool. In
both the Samudra and Terrorist 007 cases, they left their successful
tradecraft on web pages and in chat rooms for aspiring terrorists to learn
and grow from.
Congress should address this issue. There needs to be a series of hearings
to assess the scope of the problem and the potential solutions, including
the development of detective and preventive mechanisms such as enhanced
credit card information security features. As part of this process, Congress
should request the Government Accountability Office to conduct an
investigation to determine the level of vulnerability that can be quantified
concerning terrorist related credit card fraud and credit information theft.
Government agencies possessing investigative and intelligence information
about terrorist related credit card fraud should go back into their open and
closed case files. They should collect, collate and assess all terrorist
related credit card information. For example, when terrorists are arrested,
how many credit cards or how much credit card account information do they
possess? Where and how did they obtain the information? What patterns or
trends can be identified?
Epidemics are not eliminated by inaction or ignorance. The Nigerian credit
card fraud problems of the late 1970s and 1980s attests to this. Epidemics
can only be treated and eliminated through detective and preventive
treatment.
