A new study suggests that certain phishing and spamming operations are filtering their proceeds directly into terrorist cells that plan to attack the United Kingdom and United States.
The men behind the operation in the study used stolen credit cards, obtained via phishing schemes, to purchase necessary materials. The men then used the stolen credit cards to launder money through online gambling sites, including AbsolutePoker.com, BetFair.com, BetonBet.com, Canbet.com, Eurobet.com, NoblePoker.com and ParadisePoker.com and others.
Investigators estimated that the practices led to as much as $3.5 million in fraudulent charges on credit cards obtained through phishing schemes. Other funds were obtained through the distribution of Trojan horses, which are typically sent via spam e-mail and allow the schemers to take control over end-users' computers.
While this is concerning enough, one investigator is quoted in the story as stating:
There is no law enforcement agency in the world that, if this wasn't a terrorism financing case, would follow up on this. They just don't have the resources.
This story brings salience to the largely misguided cybercrime policy in the United States.
First, despite there being numerous private parties capable of tracking and analyzing the patterns of such criminals, the policy of the United States has largely destroyed incentive for private parties to pursue these networks. Proposals for "bounties" paid by government to private investigators have been rejected, and stronger state laws providing statutory damages and incentives for "private attorney generals" have been gutted by inferior laws such as CAN-SPAM. This despite the fact that law enforcement knows that it simply cannot investigate every cyber crime matter alone, as the quoted investigator admits.
Second, the United States' recent decision to effectively ban online gambling for American citizens, in violation of WTO rules, has meant that these online gambling sites have been forced into the proverbial shadows. In addition to rejecting the very large pool of income that would come from regulating and taxing these sites, the U.S. policy means that gambling sites become much more palatable to terrorism because the transactions are unregulated and the sites already actively seek to avoid the auspices of law enforcement.
Bottom Line: While cyber criminals are taking advantage of unregulated technology and underfunded authorities, the United States is letting simple and effective procedures for combating these schemes lie untapped. One can only hope that regulators recognize the easily implemented opportunities to combat such schemes before another major terrorist attack, funded via similar means, strikes the United States or United Kingdom.