According to a weekend report in the New York Times, “four people in the Philippines hacked into the accounts of AT&T business customers in the US and diverted money to a group that financed terrorist attacks across Asia.”
“A statement from the Philippines Criminal Investigation and Detection Group, a law enforcement agency, said three men and one woman had been arrested in raids across the capital, Manila, last week”, says the paper.
The New York Times says that the men were working with a group called Jemaah Islamiyah, a terrorist group linked to Al Qaeda and which, as well as carrying out the Bali atrocities, “has been held responsible for several other terrorist attacks in Southeast Asia, mostly in Indonesia but including the Philippines.”
Infosecurity understands that the hackers carried out PBX attacks on a number of AT&T clients – possibly after gaining access to AT&T systems – and then used their PBX access to generate calls to premium rate numbers.
Some newswires are saying that the saga may have cost AT&T as much as $2 million, which the telecoms giant will have passed on to third-party telcos.
CNET says that arrested gang allegedly worked for a group originally run by Muhammad Zamir, a Pakistani arrested by the FBI in 2007 who was associated with Jemaah Islamiah, a Southeast Asian militant group with links to Al Qaeda.
"Zamir's group, later tagged by the FBI to be the financial source of the terrorist attack in Mumbai, India, on November 26, 2008, is also the same group that paid Kwan's group of hackers in Manila," Police Senior Superintendent Gilbert Sosa reportedly said in the statement.
Commenting on the weekend reports, Philip Lieberman, president of Lieberman Software, said that the saga should act as a wake-up call for IT security professionals everywhere.
“What I find incredibly worrying is that a terrorist group is reported to have funded the hack. This is one of the first times that terrorists have been directly linked to hackers and it is of great concern - especially since their activities reportedly date back to 2009”, he said.
Lieberman added that IT security professionals have known for some time that well-executed cybercrime can generate big money for those involved, but – to date at least – the cybercriminal gangs have been stereotypical East European criminals who spent their money on drugs and fast cars.
But here, he explained, we appear to have direct evidence that terrorists are funding cybercriminal activities, presumably in order to generate illegal profits to plough back into their politically motivated crimes.
The bad news, he says, is that these crimes often involve physical damage to property – and perhaps worse – people. Money, he adds, is a replaceable item, but people’s lives are a far more precious commodity.
“My first reaction is that they probably gained access to an account which allowed them access to some – or all – client credentials. I also suspect that simple privileged account management could have helped to prevent this crime from taking place”, he said.
“Whilst it’s good to hear that AT&T has soaked up the reported $2 million financial losses, this sizeable sum could have found its way into criminal and possibly terrorist pockets. This is why this saga needs to act as a wake-up call to all security professionals on the need to raise the bar on cybersecurity”, he added.