The machinery of cybercrime 2: terror funding via the Internet

Read previous: The machinery of cybercrime: malware infrastructure and ties to terrorism

Continuation of Jeff Bardin’s talk called “The Machinery of Cybercrime” where he gives a special emphasis to terror funding sources, including the peculiarities of money movements via the Internet and stolen credit cards exploiting.

So now you are seeing virtual activities have turned into physical actions because you take night vision goggles and tents and different equipment out there. You start to even the battlefield by providing them night fighting capabilities; prepaid cell phone calls that are once used and thrown away so they can’t be tracked; airline tickets of course, to move their people around; 180 different web sites.

It was announced back in September of last year by Interpol that there were over 10,000 cyber Jihadist sites on the Internet and that’s continuing to grow exponentially. Most of them are located outside the United States but there are still some that pop up periodically in the United States. And if you knock them down, they pop up again very quickly.

And they were laundering a lot of this money that came from the credit cards through online gambling sites as one method.

So total fraudulent charges here, total for this group is 3.5 million dollars – that’s what was able to be tracked – significant amount of money that was made and distributed by this one group.

Terror funding specificities

Terror funding specificities

So, terror funding happens in a lot of different ways (see image). It`s very hard to find. It does not follow the normal banking system. It follows different transfers of money, sometimes through MoneyGram or Western Union which has been traditionally used to send money back and forth. But there is Hawala1 and other ways to do this: we send money back and forth, remittances back home to family members, which is very traditional and goes through the Hawala method.

Also, there is Islamic banking. And in Islamic banking, it’s very strict on what you contribute to, but there is usually some fund that you can contribute to that’s not very clear where the money is going. Not to say that this happens all the time, but it is occurring, where once it goes to one of those funds, it’s distributed kinda blindly behind the scenes based on the discretion of those in charge of the money as it goes down into different layers of distribution in the supply chain of money. And it does make its way back to terrorist activities.

In addition, Saudi Arabia still has over 80% of funding coming out of its country into a lot of these terrorist functions. Those are chargeable statements, but it’s still proven: UN and different law enforcement agencies are tracking this and trying to put pressure on this trying to stop this method of funding.

But there are also interactions with the underground economy, and that’s what we are talking about here today, and they developed these alternative sources of wealth through illegal means: money laundering; even human trafficking where they are buying and selling kids in this case, or basically slavery; arms smuggling and diamond smuggling are also on the rise, as well as counterfeiting of money and identity theft – it’s huge.

And there’s also counterfeit IDs. That’s why there is such a big push to change passports, put new information and new stopgap methods within money as well as in passports.

So terror funding comes from a lot of different ways, most of which though occurs through the Internet.

Opium plantation in Afghanistan

Opium plantation in Afghanistan

Now let’s take a little side here and talk about Afghanistan. And Afghanistan is the capital of world for opium harvesting, production, and then eventually turning into heroin. So, you know, if you track a smuggler you will find a terrorist. For years, this has been a significant funding source for the Taliban and Al-Qaeda, and bin Laden’s forces. Well, there is evidence that back when bin Laden’s group was in Kandahar (in Southern Afghanistan in Helmand province), he invited many princes from the United Arab Emirates and different Gulf States, even Saudi and different places, to come hunting in Southern Afghanistan.

They would fly in with their planes, and they would go on a hunt, bring their hawks to go on a hunt. And the thing is they were also there for other reasons. Their planes were being loaded up with opium and heroin, and many times it is just a quick hop from Afghanistan back across into the Gulf States. One location that has come up many times is called Ras al-Khaimah, or ‘Top of the Tent’, and that’s at one of the Emirates in the Persian Gulf. Most recently there was nearly 20 pounds of opium found embedded inside of wooden toys that came from Pakistan.

There is a lot of movement from Afghanistan to Pakistan and across, as well as these planes coming in. So, embedding 20 pounds of opium in wooden toys – that’s definitely a lot of drugs. So that money goes back into Taliban and different terrorist forces.

But they have to communicate over the Internet, they have to set this up through the Internet, so it’s not just a physical play. Internet and a lot of encryption are being used to send these communications back and forth. So, even though bin Laden is not in Southern Afghanistan, the opium still flows.

Worldwide distribution of Afghan-produced opiates

Worldwide distribution of Afghan-produced opiates

So again, Iran is the main trafficking route for Afghan opiates, as you see on the image here, and this is from UN information. And they do go to Pakistan as well – huge funding model here. And if you look at this raising 600 million dollars between 2005 and 2008, that’s an awful lot of money to fund their activities against U.S. forces and Afghan government forces there. 2.3 billion dollars of the economy (GDP), the opium trade in 2009 – and that’s even with Karzai’s2 government as his brother’s been accused of actually being corrupt and part of this problem.

But the flow of drugs goes out and the money comes in. And they can actually control the price by restricting flow and making it harder to get, which raises the price, or they can drop it. So, it’s a pure supply and demand system here. And again, it flows a lot into the different Gulf States, as well as Saudi and other areas, and then into Europe, and into the infidel elsewhere – again, it’s Halal, it’s permitted.

Credit card validation data

Credit card validation data

Now, getting back into the credit card arena here, it’s very easy to understand what type of credit card you are looking at, this was taken from a social networking site of one of the Jihadist sites (see image).

If you follow it you can look at major industry identifiers where the 1 and 2 are airlines, the 3rd position is travel and entertainment, 4 and 5 numbers are banking and financial, number 6 is merchandizing and so on. And when you look at the first 6 digits you can tell where this credit card information is from.

So if you’re on a carders’ market site and looking to buy, you actually know what you are buying based on understanding this table. You know if it’s a MasterCard or Visa, you know if it’s American Express. You can even take it down to what industry or even align it to organization if you follow this type of information.

So this is the type of information they are putting on their site before you go in: how do you validate this credit card, how do you know who it is and where it’s coming from?

And this is pretty significant because there are different prices aligned to the different types of cards, and you wanna to make sure you know what you are getting.

So, this has been published out there, so it’s “How to break the credit card code”, just a small learning exercise before they go in.

Breakdown of al-Daour's fraud

Breakdown of al-Daour's fraud

Now al-Daour, we go back to three that we talked about initially. You see the breakdown of the types of transactions that he made with all these stolen credit cards and the money: 1.08 million dollars in computers… (see image)

So you know that the use of the Internet is significant: electronic stores, travel agencies we talked about, betting, track and casino, lotto, some of that is probably for money laundering; wire transfers, moving money around out there, and those wire transfer money orders – that’s 156,000 dollars, that’s significant. What is direct marketers? That is probably Internet sites putting up and creating their videos, maybe paying someone to do this.

Then it gets down into more benign things, but this is a breakdown of 2.3 million dollars of what they spent their money on that they acquired through stolen credit cards.

Airline industry losses due to al-Daour's fraud

Airline industry losses due to al-Daour's fraud

They also tied into al-Daour’s, aka Ching Wing (his handle out there), 33,000 credit card accounts and linkages to airline industry fraud, using these credit cards to buy tickets out there (see image). And this is just some of the information here on what organizations suffered fraud with stolen credit cards.

So you say – okay, if it is Alitalia, where they were flying from and to, if it is Air France – from and to, because you can track it and find out maybe some of the movements of some of the people associated with it. So this information at face value looks like these are just some transactions, but you can dig down a little bit deeper and get more information around this, I believe that’s what the FBI did.

Read next: The machinery of cybercrime 3: online card and ID markets

1Hawala (Arabic: transfer), also known as hundi, is an informal value transfer system based on the performance and honor of a huge network of money brokers, which are primarily located in the Middle East, North Africa and South Asia.

2Hamid Karzai (born 24 December 1957) is the 12th and current President of Afghanistan, taking office on 7 December 2004. He became a dominant political figure after the removal of the Taliban regime in late 2001.

Like This Article? Let Others Know!
Related Articles:

Comments are closed.

Comment via Facebook: