[ISN] An Indonesian's Prison Memoir Takes Holy War Into Cyberspace

From: InfoSec News (isn@private)
Date: Wed Dec 15 2004 - 23:01:50 PST

Forwarded from: William Knowles <wk@private>


By Alan Sipress
Washington Post Foreign Service
December 14, 2004 

JAKARTA, Indonesia -- After Imam Samudra was charged with engineering 
the devastating Bali nightclub bombings two years ago, he taunted his 
police accusers in court, then greeted his death sentence with the 
cry, "Infidels die!" 

So when Samudra published a jailhouse autobiography this fall, it was 
not surprising that it contained virulent justifications for the Bali 
attacks, which killed 202 people, most of them foreign tourists.

But tucked into the back of the 280-page book is a chapter of an 
entirely different cast titled "Hacking, Why Not?" There, Samudra 
urges fellow Muslim radicals to take the holy war into cyberspace by 
attacking U.S. computers, with the particular aim of committing credit 
card fraud, called "carding." The chapter then provides an outline on 
how to get started.

The primer on carding is rudimentary, according to U.S. and Indonesian 
cybercrime experts, but they said the chapter provides a rare glimpse 
into the mounting threat posed by terrorists using Internet fraud to 
finance their operations.

"The worry is that an army of people doing cybercrime could raise a 
great deal of money for other activities that terrorists are carrying 
out," said Alan Paller, research director of the Sans Institute, a 
U.S. Internet-security training company.

Samudra, 34, is among the most technologically savvy members of Jemaah 
Islamiah, an underground Islamic radical movement in Southeast Asia 
that is linked to al Qaeda. He sought to fund the Bali attacks in part 
through online credit card fraud, according to Indonesian police. They 
said Samudra's laptop computer revealed an attempt at carding, but it 
was unclear whether he had succeeded.

Internet crime experts said Samudra's book seems unprecedented as a 
tool for recruiting radical Muslims into a campaign of online fraud 
and building networks of fundraisers.

"This is exactly the kind of advice you would give someone who wanted 
to get started in cybercrime," said Paller, who reviewed a translation 
of the chapter. "It doesn't focus on a specific technique, but focuses 
on how you find techniques and focuses on connecting with other people 
to act loosely together." 

Titled "Me Against the Terrorist!" the book depicts Samudra on the 
cover in a now-classic pose from his trial last year in Bali. He is 
clad in a white shirt and white Muslim skullcap, with his right arm 
outstretched and a single finger raised as he lectures the judges.

Four thousand copies in Indonesian have been issued by a small 
publisher and are selling for about $4 each in at least seven cities 
across the islands of Java and Sumatra, said Achmad Michdan, Samudra's 
attorney, who wrote the forward. Michdan said the publisher is 
planning a second run and is considering translating the book into 
English, French and Arabic. Profits benefit Samudra's wife and 
children. Samudra remains on death row.

Most of the book is a memoir that tracks Samudra from his early 
schooling in Java, through his arms training in the Afghan mountains, 
his exile in Malaysia and his return to Indonesia. It includes 
arguments for killing Western civilians and bitter critiques of U.S. 
policy in Israel, Afghanistan and Iraq, including photographs of 
Muslim civilian casualties. 

Toward the end, Samudra informs readers that the United States is not 
as invincible as they might think.

"It would not be America if the country were secure. It would not be 
America if its computer network were impenetrable," he writes at the 
beginning of the hacking chapter. He continues by urging fellow 
militants to exploit this opening: "Any man-made product contains 
weakness because man himself is a weak creature. So it is with the 
Americans, who boast they are a strong nation."

The chapter is less a how-to manual than a course of study for 
aspiring hackers and carders. Samudra directs them to specific 
Indonesian-language Web sites that provide instruction. For those who 
find these sites too sophisticated, he counsels first learning 
computer programming languages, in particular Linux, and suggests 
several other Web sites, including one run by young Muslims. Then he 
advises learning about hacking by finding mentors through online 
chats. He lists six chat rooms as sources.

Next, Samudra discusses the process of scanning for Web sites 
vulnerable to hacking, then moves on to a three-page discussion on the 
basics of online credit card fraud and money laundering.

"This is hacking for dummies," said Evan F. Kohlmann, a U.S. 
consultant on international terrorism who also reviewed the chapter. 
"But in this day and age, you don't have to be an expert hacker to 
have a tremendous impact."

Kohlmann and other cyberterrorism experts said the kind of online 
fraud preached by Samudra is becoming increasingly attractive as a 
source of funding for al Qaeda operatives in several regions of the 

One of the chief hazards posed by Samudra's book is that it could 
direct religious extremists into the company of more accomplished 
hackers. Indonesian police assert their country now has more online 
credit card fraud than any other in the world.

"If you succeed at hacking and get into carding, be ready to make more 
money within three to six hours than the income of a policeman in six 
months," Samudra tells his readers. "But don't do it just for the sake 
of money."

He adds, "Remember, the main duty of Muslims is jihad in the name of 
God, to raise arms against the infidels, especially now the United 
States and its allies."

Samudra had first sought to finance the Bali nightclub attacks by 
ordering the robbery of a shop selling gold jewelry in western Java. 
The heist allegedly netted five pounds of gold and $500. Then he 
turned to more lucrative targets on the Internet, police and 
prosecutors said.

At Samudra's trial, police testified that his computer had been used 
to communicate in chat rooms with others involved in online credit 
card fraud and contained information on ways to obtain credit card 

Petrus Reinhard Golose, head of cybercrimes investigations for the 
Indonesian police, said in an interview that Samudra had asked for 
religious permission to conduct carding from Abubakar Baasyir, the 
radical cleric and alleged head of Jemaah Islamiah now on trial in 
Jakarta in connection with terrorist bombings, including the one in 
Bali. Golose said police did not know whether Baasyir had blessed 
Samudra's Internet activities.

Special correspondent Noor Huda Ismail contributed to this report. 

"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
C4I.org - Computer Security, & Intelligence - http://www.c4i.org

Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - http://www.osvdb.org/

This archive was generated by hypermail 2.1.3 : Thu Dec 16 2004 - 00:16:12 PST