NEWS FROM THE LAB - Tuesday, August 14, 2007

Trojans, Online Poker and Terrorism Posted by Mikko @ 13:20 GMT

During the summer holidays, many people probably missed news stories about the sentencing of Mr. Tariq al-Daour in London.

According to this article by Brian Krebs, Mr. al-Daour had been running online fraud operations together with Waseem Mughal (aka "Abuthaabit") and Younis Tsouli (aka "IRH007" or "Irhabi007").

The trio used Windows-based trojans to steal information such as credit card numbers from normal net users. These credit card accounts were then used to make purchases at hundreds of online stores.

What kind of purchases were they making? Gear for insurgents in Iraq: plane tickets, GPS devices, night-vision goggles, sleeping bags, survival knives, and tents.

The money was apparently laundered through online poker sites (including AbsolutePoker.com, NoblePoker.com and ParadisePoker.com) as well as betting sites like Canbet.com.

The group was allegedly also planning real-world bomb attacks.

According to Newsweek, Mr. al-Daour and his accomplishes were caught after a Swedish-Bosnian terrorist Mr. Mirsad Bektasevic (aka "Maximus") was caught. Bektasevic had saved one of the men's phone numbers on his personal cell phone.

The concept of Cyberterrorism has been discussed for years, but we've never really seen any concrete examples. Here we have a case where cyber-attacks are being used to fund real-world attacks.

So: It's not always just bits and bytes that get hurt as a result of online attacks.