How Stolen Credit Cards Are Used to Fund Terrorist Operatives
Sometimes, I'll read a news story that makes me feel both angry and very concerned for our future. The Washington Post published a story (http://www.washingtonpost.com/wp-dyn/content/article/2007/07/05/AR2007070501945_pf.html) on July 6th, 2007 that has shaken my beliefs.
A group of three British residents sympathetic to the global jihadist terrorist movement used a set of tools including computer viruses, phishing (creating fake sites emulating legitimate web sites like Ebay.com, etc.) web sites (they created) to steal credit cards from unsuspecting victims. (For more information on phishing attacks read: http://en.wikipedia.org/wiki/Phishing)
They also used Internet bulletin board forums and underground chat rooms where they shared information including stolen credit card numbers, computer hacking, bomb making, and videos of beheadings and suicide bombings in the current conflict in Iraq.
In an attempt to hide their actions, the men also attempted to launder the money from the stolen credit cards through online gambling operations. The stolen credit cards were also used to fund online purchases of supplies and equipment that the men intended to provide to terrorists in theaters of conflict.
The statistics of their crime are alarming. One of the computers seized as part of the investigation into the activities of these men, has been found to contain 37,000 stolen credit card numbers and detailed information on the legitimate credit card holders including names, dates of birth, credit balances and limits.
The information technology (IT) and security industry have many technical countermeasures for combating the risks of email spam, phishing web sites, and protecting credit card information. However, as technology professionals we know how to combat those issues, but are we missing the bigger picture?
We constantly read news stories of companies that have fallen victim to their own actions and have lost credit card information. Yet, it seems when companies do suffer electronic data breaches for credit card information, the issue is relegated to a technical issue and not one with potential broader implications. Some organizations see those security breaches as a financial problem. But that vision is myopic also.
Over the past 10 years as I have seen the information security profession and industry mature, I've always felt that both the IT and security fields will increasingly play a large role in the safety and security of our communities and countries. In the news story I've shared with you, three men were able to steal credit card numbers and the identities of countless people, many of whom will never truly know how their information could have been used to fund the activities of terrorist and terrorist sympathizers.
But where does the responsibility lie? Is it only up to banks, financial institutions, and companies to protect our personal information? I would challenge anyone who says that 100% of the responsibility lies with banks and financial institutions or businesses to protect your and my personal information.
Consumers must step up to the plate and be proactive. How many of you as consumers know what spam email, phishing attacks, and computer viruses are? How many of you as consumers know what to do to protect yourself from those risks? Education in regards to these risks will help you protect your personal and financial information.
Don't think for a moment that you as an individual consumer cannot have an impact on preventing groups like terrorists and other criminal elements of society from continuing their actions. Yes, you and I can help make it harder for criminal elements of society from harming us all. I challenge each and everyone of you to go ahead protect your personal information and make a valuable contribution to the world in the process.
One final thought for businesses. You too have a responsibility to prevent misuse of the personal and financial information we as consumers, clients, and employees have entrusted to you. Please look beyond the technical and financial impact of ignoring the risks when failing to protect our personal and financial information. Please stop making information security an afterthought.
As consumers and businesses we may never be able to change the mentality of criminal elements of society like terrorists. But we can make a difference.
Comments