[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[infowar.de] Hacken in Al-Quaedas Konten?
Ein wenig zu Kim Schmitz und ein wenig zu möglichen
US-Regierungsaktivitäten in diesem Bereich. Leider überwiegend
Dirty tricks of hunt for al-Qaida cash
Will government agents hack their way to bin Laden?s money?
By Bob Sullivan
Oct. 5 ? It would be every computer hacker?s dream. Working from home,
playing the usual games, except this time breaking into computers
alongside U.S. intelligence forces ? hunting down Osama bin Laden?s
money through cyberspace. A German hacker claims his pals have done just
that. And while most experts are skeptical of his claim, they concede
that finding al-Qaida funds tucked away in banks around the world might
require a few dirty digital tricks ? either from inside the government
or by ?free-lancers.?
IT WOULDN?T be the first time the U.S. government has undertaken covert
computer attacks to track enemy money. In 1998, Newsweek raised the
possibility of electronic banking warfare, speculating U.S. government
agents had been authorized to ?diddle? with funds belonging to Slobodan
Milosevic. But at least in that case, the action required a ?finding?
signed by President Clinton to initiate the high-level spying.
Last week, a well-known flamboyant German hacker named Kim
Schmitz said he was diddling on his own. A group of hackers he runs with
had succeeded in finding accounts linked to al-Qaida, Schmitz said, and
he forwarded the information to the FBI. In an e-mail interview, Schmitz
stood by his story but refused to provide any evidence of his claims.
Not many experts think it really happened, but most agree it has
probably been attempted ? by hackers both inside and outside the
government. However, there is plenty of disagreement on just how
effective such a campaign would be.
TERRORIST ORGANIZATIONS TARGETED
On Sept. 24, President Bush initiated a financial war on bin
Laden, announcing a worldwide effort to lock up money connected to 27
suspected terrorists and terrorist organizations. So far, the
administration has touted its successes, with banks in places as
far-flung as Pakistan and China agreeing to freeze suspected terrorism
money. Britain alone says it has trapped $68 million.
But bin Laden, through releases to Afghan newspapers, claims his
financial operations remain unaffected, bragging that his money will
elude the U.S. army of prying forensic accountants.
Chasing money is often a question of time, which is rarely on an
investigator?s side. By the time a hunting forensic accountant can sort
through a paper trail and receive whatever legal permission is required,
the huntee usually has ample time to play financial hopscotch with the
funds. Adding to the complexity, some international banks are less
cooperative ? or just less capable ? than others. Says one bank
investigating consultant, despite press conferences touting global
cooperation: ?A large number of banks are not cooperating and never
will. Most of the non-U.S./U.K.-chartered offshore banks/fund/investment
groups are clammed up.?
To a frustrated paper chaser, that might make outright hacking
?Let?s put it this way. If I was in a different job working in
government, I?d be doing what I could to help my country,? said Tom
Talleur, former director of security at NASA and now a consultant with
BANK HACKING: NOT CHILD?S PLAY
Hacking into banking systems is nothing like hacking computers
attached to the Internet. Mainframe systems were designed to be digital
fortresses and generally must be accessed ?physically? ? hacker
techniques and tools that reach through cyberspace just don?t work.
In fact, the skills are so specific ? and valuable in the
commercial world ? that many security experts don?t think government
agencies like the CIA have employees capable of pulling off such a
?It definitely is a lot harder than anyone thinks,? said one bank
security specialist who asked not to be identified. ?The ?shady? banks
are much more security-conscious than the legit ones,? the specialist
?And there is also the following little problem: The accounts
aren?t going to be in (bin Laden?s) name. You would have to have a large
pool of data, almost a complete financial record of transactions, in
order to find a connection, and that?s just not something the average
hacker is going to be able to accomplish. You don?t just log in and
download the complete bank database without somebody figuring out what
is going on,? he added.
SETTLEMENT BUREAUS KEY
Even with access to a foreign bank?s transaction data, hunting down
oft-transferred bin Laden funds without knowing exactly what to look for
would be nearly impossible, according to another bank fraud investigator
who requested anonymity. That?s why any such government attack would be
focused on central payment facilities, like a nation?s ?clearing and
settlement bureau,? the investigator said.
These bureaus settle payments made between banks, and each nation
usually has only one. This is the place, the investigator said, where
U.S. spies could get an overview of money moving inside a country and
then have a fighting chance of detecting patterns that suggest a
connection to terrorism.
?You could see every single transaction involving two banks,? he
said. ?Including payee and payer. And you could see the transactions
However, most offices don?t keep transaction logs for long, since
the records are enormous. So such a tactic would only catch contemporary
movements of money, the source said. Still, he said, ?t would be very
easy for them to do. They should do it if they have not.?
DON?T FOOL WITH BANKS
Even if they can, they shouldn?t, argues Kawika Daguio, vice president
of the Financial Information Protection Association. Daguio?s was one of
the loudest voices of opposition during the 1998 speculation over
?diddling? with Milosevic funds. He says any demonstration that the U.S.
government is willing to alter financial records could severely undercut
public trust in banking systems ? which are built entirely on public
?Information attacks are poorly understood and are terribly
frightening and can cause unmanageable repercussions,? he warned. ?The
two last things you should use are information warfare or bombs.?
Besides, notes Daguio, old-fashioned strong-arm tactics will be
more effective than distant cybersnooping.
?It?s far more effective to compromise someone than a system.
It?s easy to buy loyalty or create disloyalty. That?s a better way for
intelligence,? he said.
THERE?S NO HACKING HAWALA
Even if investigators forced their way in, digitally or
otherwise, to every financial institution in the world, most experts
think a great deal of bin Laden?s funds would still be elusive. Using an
ancient trust-based system called ?hawala,? bin Laden operatives are
able to move money around the world outside the banking system ?
essentially using a set of oral, paper or e-mailed IOUs.
There is never any record of a hawala transfer, making it the
ideal way to launder funds and entirely separate them from terrorist
Still, the notion of successful digital oversight of global
financial transactions endures. One of the Internet?s most famous and
persistent conspiracy theories involves a back door placed in bank
back-end software during the 1980s by U.S. government agents. The back
door was designed specifically to track terrorism money, according to
some of the rumors, which appear even less valid at the moment.
HACKERS AT RISK?
Schmitz, once jailed in Germany for hacking, has enough of a
reputation that some hackers think there might be truth to his claims.
Asked how he positively identified account information he found as
connected to bin Laden, he provided the following explanation (Spelling
and syntax from the Schmitz e-mail have been maintained.):
?The U.K. hackers found transactions from this account to a Lybian
carpet dealer in Germany who was recently accused for being the German
moneystation for the sleepers (like Mohammed Atta). So if one plus one
is two then this is an al-Qaida account. Triple digit millions USD have
been on these accounts.?
Other experts have noted that Schmitz?s explanation of the
group?s break-in tactic, through a poorly configured computer firewall
on a PC, are hard to believe ? since most banks don?t run critical
systems on PCs.
Asked to substantiate his claims, Schmitz wrote, ?You won?t get
any evidence from us.?
Even if Schmitz were somehow successful, other security experts
warn against any kind of hacker call to arms. Says one: ?A lot of the
saner people are laying low, what with the ?any hacking is terrorism?
law/mentality currently prevalent.? Random attacks could simply muddy
the trail professional investigators are following, for example.
And there?s this warning, considerably more ominous, from
terrorism expert Ben Venzke of IntelCenter.com: ?In the terrorism game,
those running around advertising their activity don?t last long, on
either side of the fence.? If Schmitz?s cohorts, or any free-lance
hackers, do manage to make any kind of headway in a wartime
investigation, the consequences could be severe, he said.
?On the slight chance his group really did do something, he is
beyond stupid for publicly announcing it,? Venzke said. ?I also somewhat
doubt he grasps the consequences of having someone really out to kill
Mail an infowar -
- infopeace -
de mit "unsubscribe" im Text.