Security and Crime News
Terrorists' use of Internet spreads
By Jon Swartz, USA TODAY
In dozens of incidents the past few months, groups linked to terrorism have stolen credit card numbers over the Internet, laundered money and hijacked Web sites, security experts say.
The recent surge in activity has given counterterrorism specialists, already concerned with threats to physical structures, another worry. Like their colleagues in the FBI, Secret Service, the Treasury Department and elsewhere, they must bone up on Internet technology to match wits with the criminals.
For several years, groups including al-Qaeda have used cyberspace for communications, recruiting and propaganda. Now they've branched into other areas. Credit card numbers are often swiped through hacking attacks and phishing, fraudulent e-mails that trick consumers into surrendering personal information.
There are indications terrorists may next steal trade secrets from U.S. companies as their computer skills improve and they begin to work with organized crime in Eastern Europe. The stolen documents could then be sold to rogue foreign businesses or held for ransom, security experts say.
A few months ago, Imam Samudra, convicted of masterminding the bombing that killed 202 in Bali, Indonesia, in 2002, wrote a jailhouse manifesto on the funding of terrorism through cyberfraud.
A chapter in his obscure autobiography titled "Hacking, Why Not?" directs fellow Muslim radicals to Indonesian-language Web sites and chat rooms for instructions on online credit card fraud and money laundering. "Any man-made product contains weakness because man himself is a weak creature," Samudra writes. "So it is with the Americans, who boast they are a strong nation."
Evidence collected from Samudra's laptop showed he tried to finance the bombing through cyberfraud, law-enforcement officials say.
In October, a suspected Palestinian supporter of Middle Eastern terrorist groups posted several credit card numbers online and instructions for stealing databases of other active credit card numbers from the Web sites of U.S. businesses.
Internet use by terrorists mirrors that of criminals. While some security experts fear a cyberstrike could disrupt power supplies to millions of homes, disrupt air traffic control systems and shut down water supplies, most agree terror groups are more likely to exploit the Internet for financial gain and to spread propaganda. The number of terrorist-related Web sites has rocketed to 4,350 from a dozen in 1997.
Terrorist organizations have graduated to the Internet to steal because it reaches more potential victims and is harder to trace, says Evan Kohlmann, an international terrorism consultant who runs the Web site Globalterroralert.com.
Previously, militants used more conventional ways for funding, Kohlmann says. The Roubaix gang in France robbed armored cars to help fund terrorist activities in the mid-1990s. And the group behind the abortive millennium attack on the Los Angeles airport robbed supermarkets in Canada and engaged in traditional credit card fraud, he says.
"It is a paradox: Those movements who criticize Western technology and modernity are using the West's most advanced communication technology, the Internet, to spread their message," Gabriel Weimann, a professor in Israel who follows cyberterrorism, said in an e-mail.
But the U.S. government should not dismiss the possibility of a large-scale electronic attack by terrorists against the nation's computer systems, says Richard Clarke, the former White House head of counterterrorism. He made the comments at the RSA security conference in San Francisco last week.
Digital cat and mouse
Federal investigators are locked in an escalating game of digital cat-and-mouse with cyberterrorists. "The FBI understands that some terrorist organizations, like criminals, could exploit the Internet to further their goals," FBI spokeswoman Megan Baroska says. FBI policy prohibits it from discussing ongoing investigations, she says.
The departments of Justice, State, Treasury and Homeland Security and intelligence agencies have identified a broad range of potential Internet vulnerabilities and are constantly developing policies. They compare the fight against terrorist financing to the war against money-laundering drug traffickers.
"As Internet technologies become more advanced, so do those who use them for illicit and illegal activities," says Dexter Ingram, director of information-security policy for the Business Software Alliance and a former analyst for the House Committee on Homeland Security's cybersecurity subcommittee. "Security must remain a continuous process. It's a never-ending cycle."
Still, the feds' ranks are in flux. Robert Liscouski, assistant director of the Department of Homeland Security, resigned in January after the Bush administration nominated a federal judge to head the department.
In October, Amit Yoran, director of the department's cybersecurity division, resigned amid criticism from the tech community that he lacked clout.
Clarke has called for the appointment of a cybersecurity czar in the White House to coordinate actions between the FBI, CIA and other government agencies.
"After 9/11, the emphasis has clearly been on physical infrastructure rather than cybersecurity," says Paul Kurtz, executive director of the Cyber Security Industry Alliance, a non-profit trade group of software and hardware companies. "That's understandable. But cyberspace is where the bad guys are going."
© J. R. Roberts, Security Strategies