Kodes, Kards, and Severed Heads

From SANS:

TOP OF THE NEWS

–Terrorist Support Ring Supported Through Stolen Credit Card Data
(July 6, 2007)

The three men who recently entered guilty pleas to charges of using the
Internet to incite murder apparently used fraudulently obtained credit card information to fund their activity. This is the first major case to draw a definitive link between terrorism and cyber crime. The group used phishing attacks and Trojan horse programs to steal the card information and used the data to pay for web hosting services, GPS
devices, night vision goggles, pre-paid cell phones and airplane tickets. The three men charged more than US $3.5 million on the stolen cards.

http://www.washingtonpost.com/wp-dyn/content/article/2007/07/05/AR2007070501945_pf.html

[Editor's Note (Multiple): The authors of GAO's flawed report on the lack of importance of data breaches might do well to read this article.

(Kreitner): I hope people who think credit card fraud is just a matter of personal inconvenience and the credit card industry players who complain about the PCI Data Security Standard will let this information sink in.

(Shpantzer): It's only natural for terrorist networks to adapt to the latest criminal methods to support their activities. This is financial support for terrorists through crime, which is really nothing new at all. The only twist is that phishing and trojan horses are involved on the internet, instead of other types of organized crime like counterfeiting and drug dealing. ]

(((They busted the cyberterrorist hero while he was logged on. Wonder how he got those bruises and scratches all over him – trying to eat his keyboard, maybe?)))

Link: Three Worked the Web to Help Terrorists - washingtonpost.com.

Investigators zeroed in on the three British residents in October 2005, following a tip from Bosnian authorities (((!))) who also were investigating terrorism. British authorities raided Tsouli's basement apartment in West London. He was reportedly arrested while logged on to the Web site "youbombit.r8.org" using the online identity "IRH007."

It wasn't until weeks after his arrest that U.S. and British police learned that Tsouli was the person previously known to counterterrorism officials only as "Irhabi007." As Irhabi – "terrorist" in Arabic – Tsouli was thought to have hacked into dozens of Web sites to host huge computer files, mostly videos of beheadings and suicide bombings recorded in Iraq. Irhabi007 also spent a great deal of time creating and disseminating tutorials on hacking and hiding identities online.

Investigators said Tsouli later began using stolen credit card numbers and identities to buy Web hosting services. According to data gathered by U.S. officials, Tsouli and his two associates used at least 72 stolen credit card accounts to register more than 180 domains at 95 different Web hosting companies in the United States and Europe.

Rita Katz, director and co-founder of the SITE Institute, which gathers information on jihadist activity by monitoring online forums, said the evidence unearthed from items seized from Tsouli's arrest revealed that he had helped to create an online network used by jihadist cells across the world to exchange information, recruit members and plan attacks.

(((Rita and her pals call themselves an "institute," but they're mighty weird online creatures themselves. As the NEW YORKER puts it, "Rita Katz is, in a sense, the natural complement, the engineer of a leaderless counter-resistance to the terrorist groups. 'Some people think that she’s a zealot,' Stern said when I asked her about Katz, 'but only a zealot would provide this kind of service.'"))

http://www.newyorker.com/archive/2006/05/29/060529fa_fact

On Tsouli's laptop, authorities said, they found a folder named "Washington" that contained short video clips of the U.S. Capitol grounds, the World Bank building, a hazardous chemical response vehicle and local fuel storage facilities. Also on the laptop were instant message chat logs and a PowerPoint presentation detailing how to build a car bomb.

On a computer seized from al-Daour's West London apartment, investigators said they found 37,000 stolen credit card numbers. Alongside each credit card record was other information, such as the account holders' addresses, dates of birth, credit balances and credit limits.

Investigators said al-Daour and his compatriots made more than $3.5 million in fraudulent charges using credit card accounts they stole via phishing scams and the distribution of Trojan horses – computer programs embedded in innocent-looking e-mail messages or Web sites that give criminals control over infected computers.

(...)Authorities said both al-Daour and Mughal compiled shopping lists for items that fellow jihadists might need for their battle against U.S. and allied forces in Iraq, including global positioning satellite devices, night-vision goggles, sleeping bags, telephones, survival knives and tents. (((Start bidding on eBay.))) Records show the men purchased other operational resources, including hundreds of prepaid cellphones, and more than 250 airline tickets using 110 different credit cards at 46 airlines and travel agencies....