Highlights
– Terrorists have used cyber crime to raise and launder money online
– Cyber criminals have developed increasingly sophisticated techniques that could also be adopted by terrorists to raise and launder large amounts of money online
– The use of “bots” to raise and launder funds is both more efficient and more difficult to disrupt
– “Bot” enabled fraud will continue in the near to mid-term
As discussed in previously Total Intelligence Reports and Internet Intelligence Reports many terrorist groups use the virtual sanctuary of the Internet to:
• Communicate with other cell members and other groups (Previous Report)
• Plan long-term strategy (Previous Report)
• Provide tactical training (Previous Report)
• Gather intelligence for proposed attacks (Previous Report)
• Disseminate propaganda (Previous Report)
• Raise funds for operations (Previous Report)
Illicit Fund Raising and Money Laundering
It is now documented that terrorists groups – particularly al-Qaeda affiliated Jihadist groups – also use the Internet to launder illicitly obtained funds.
The trial of convicted terrorists Younis Tsouli (aka Irhabi 007), Tariq al-Daour, and Waseem Mughal shed light onto how al-Qaeda sympathizer use the Internet to both raise and launder funds that are used to aid in the execution of terrorist operations. Specifically, Tsouli, al-Daour, and Mughal stole approximately 37,000 credit card numbers via online identity theft (source). In total authorities believe that the trio raised over $3.5 million dollars.
Authorities claim that al-Daour was the mastermind of the cyber criminal and laundering operation. Al-Daour is alleged to have established accounts on various online gambling websites, including but not limited to AbsolutePoker.com, BetFair.com, BetonBet.com, Canbet.com, Eurobet.com, NoblePoker.com, and ParadisePoker.com. According to evidence gathered, the trio initiated approximately 350 transactions on 43 different online gambling sites with more than 130 stolen credit cards.
While Tsouli, al-Daour, and Mughal’s illegal fundraising and money laundering was effective, it was likely unsophisticated. Cyber security experts have recently noted a trend towards more automated and sophisticated used of “bots” – computers hijacked by cyber criminals – to both raise and launder funds.
Increasing Sophistication
Cyber criminals have previously used “bots” to raise funds by way of identity theft, click fraud, and extortion via the threat of denial of service (DoS) attacks. Each of these tactics could be used by an emergent terrorist cell, similar to Tsouli, al-Daour, and Mughal, to raise large amounts of funds for operations.
According to Zulfikar Ramzan, a senior principal security researcher at Cupertino, California based Symantec, cyber criminals have recently begun to use “bots” to launder money through online gambling sites. Criminals will stack an online table with “bots” under their control. The “bots” will be programmed to intentionally lose to the criminal and will therefore transfers funds to the criminal’s account.
Significance and Outlook
The use of bots to launder money is significant because it automates and greatly improves the efficiency of laundering operations. The clever use of “bots” also makes it more difficult for law enforcement to identify and arrest the source of the money laundering operations.
In the near to mid-term technically savvy and enterprising terrorists could increasingly use “bots” to engineer sophisticated and automated schemes to both raise and launder funds.