http://news.tbo.com/news/metro/MGB47AQ4WJE.html By HOWARD ALTMAN haltman @ tampatrib.com Feb 20, 2006 When Stacey Turmel placed an order online with Davida, an English motorcycle accessory company, she was looking for protective gear with style and comfort. But after plunking down $255 for a two-tone Deluxe Jet helmet, she found herself dragged into the shadowy world of global jihad. Turmel, a St. Petersburg lawyer, has learned that she was among several Davida customers whose personal and credit information was placed on a public Web site - 3asfh.net. The site, hosted temporarily by a Tampa-based Web-hosting company, has been used to exchange information on hacking by people waging war in the name of Islam. "It was scary to find out that jihadis had my personal information," Turmel said. Her loss was modest. After checking records in the spring of 2002, she found several small charges she did not make - none more than $40, but other victims discovered attempts to charge more than $1,000. Investigators and Internet security experts say much more is at stake. Computer hackers - from wayward teens to organized crime syndicates to groups associated with al-Qaida - steal hundreds of billions of dollars every year. Hack attacks such as the one against Turmel are a key weapon of global jihad, experts say. One example is the 2002 explosion that killed more than 200 people at a nightclub in Bali, Indonesia. Computer security experts say Imam Samudra, the man behind the attack, financed it through credit card fraud. Turmel's experience tells the "central story" of jihadi hackers, said Alan Paller, director of research at the SANS Institute, a cybersecurity firm based near Washington that works with the National Security Agency, financial institutions and governments around the world. In a book Samudra wrote in jail, he "exhorts followers to 'learn to hack,'" Paller said. The book continues, "Not just because it makes more money in three to six hours than a policeman makes in six months, because it is how we can bring America and its cronies to its knees." Fragile Web Like Turmel and other customers, Davida's owner, David Fiddaman, was unaware of the jihadi activity. Sellers and buyers need to be more vigilant, say those charged with securing the Internet. Realizing the scope of the problem, the U.S. government is scrambling to catch up. The 2003 Information Operations Roadmap, a recently declassified, 74-page Department of Defense report, outlines methods for government agencies and military units - including Special Operations Command in Tampa - to attack enemy computer networks and deal with hacking attempts on U.S. systems. The Slammer worm, an intrusive computer program introduced in 2003 by unknown hackers, is an example of the Internet's vulnerability, according to a 2004 World Bank report. The report says, "Within 15 minutes after the Slammer was introduced, 27 million people in South Korea were left without cell phone or Internet access, five of the Internet's 13 root servers crashed, 300,000 cables in Portugal went dark, Continental Airlines had to cancel flights because it had no Internet access, the world's largest telecommunications provider was shut off, and 911 service in Seattle" was disrupted. The convenience of the Internet makes consumers prime targets, experts say. "Because of the porous nature of security in commerce and finance, and the prevalence of anonymity, it is very easy to siphon and steal funds," said Tom Kellerman, former senior risk management specialist for the World Bank and author of the 2004 report. Kellerman rattles off statistics driving home his point: $400 billion in losses around the world last year from cybercrime, nine out of 10 businesses affected, identity theft hitting 19.3 million people in the United States. A good chunk of that theft - though no one knows how much - is by jihadi hackers, said Kellerman, who is chief knowledge officer and co-founder of the cybersecurity firm Cybrith LLC. Cybercrime is safer and easier than selling drugs, dealing in black market diamonds or robbing banks, he said. "In the underground and in chat rooms, these people are sharing information," Kellerman said. "The Internet is the wild, wild West. There is a community that shares tricks of the trade very freely." The Internet is "almost like a giant arms bazaar," said Kellerman, where users can download weapons to hack into financial institutions. "In this unregulated and wide-open space, they are facilitating the financing of terrorist acts," he said. The government and business communities are aware of the problems, but their solutions are lacking, Kellerman said. "A lot of people don't realize that until we build better castles and control cyberspace in a better fashion, we are not going to defeat terrorists' financing," he said. "The lack of security contributes to cybercrime, which contributes to terrorism. There is a direct link." Emotional Toll Kellerman's dour assessment is bad news for potential hacking victims. So, too, is a January report from the Javelin Strategy and Research firm, which concludes that although federal laws and credit card companies have done a good job of protecting consumers for out-of-pocket losses, it takes about 40 hours to clear up credit problems after they are discovered. "I don't think there is any question that we all lose when there is fraudulent use of this information," said Gerri Detwiler, president of the Sarasota-based Ultimate Credit Solutions Inc. "The new Harrison Ford movie, 'Firewall,' about a guy whose identity is stolen by thieves, will only add to the concern." Cybercrime is the FBI's third priority, behind counterterrorism and counterintelligence. "The network of cyberhackers is extensive, and we are working with our partners, international, state and local, every day," said FBI spokeswoman Cathy Milhoan, who could not comment specifically about problems faced by Turmel and other victims of 3asfh. Echoing advice from credit experts, Turmel urged consumer caution. "Look at your balances," she said. "Check those statements on a monthly basis. If there is anything you don't recognize, you need to follow up on it right away." _________________________________ InfoSec News v2.0 - Coming Soon! http://www.infosecnews.org
This archive was generated by hypermail 2.1.3 : Mon Feb 20 2006 - 22:18:44 PST