Security News > 2001 > September > U.S. could use cybertactics to seize bin Laden's assets

U.S. could use cybertactics to seize bin Laden's assets
2001-09-21 07:40

http://www.computerworld.com/storyba/0,4125,NAV47_STO64072,00.html By DAN VERTON September 20, 2001 WASHINGTON -- U.S. officials mobilizing to freeze the financial assets of international terrorist Osama bin Laden may resort to cybermethods, such as hacking, to cut off the money supply that has been used to finance his terrorist activities, including the Sept. 11 attacks on the World Trade Center and the Pentagon, of which he is the prime suspect. Intelligence and security experts said the U.S. government, using diplomatic channels, doesn't expect to receive cooperation from all of the hundreds of banks, holding companies and other private enterprises and fictitious front companies that bin Laden uses to hide his estimated $300 million personal fortune. As a result, the U.S. intelligence community might use cybermethods to put a virtual stranglehold on bin Laden's global terror organization, Al Qaeda. While acknowledging that the operation could take years, security officials said that such an attempt was possible. Experts recognize that finding bin Laden's money, which is believed hidden in 50 countries in small amounts at hundreds of banks, companies and charitable organizations, will be difficult. Still, if the accounts that store the money can be located, hacking experts said it is well within the technical capabilities of the U.S. intelligence community to make it disappear forever. In the U.S., the Knight-Ridder news service quoted a U.S. Treasury Department official, who spoke anonymously, saying that the government ordered bin Laden's U.S. assets seized in the mid-1990s, but nothing was recovered. However, the government said in January it had seized assets worth $245 million from Taliban, the militant Islamic group running the government of Afghanistan, the news service said. Hacking into the computer systems of banks and other financial institutions around the world raises a number of coordination and legal challenges, said experts. "You'd need a lot of things in place," said Ken Van Wyk, chief technology officer at Para-Protect Services Inc., an IT security firm in Centreville, Va. For example, federal agents would need in-depth knowledge of the bank and how the bank operates, the names and account numbers in question, and at a minimum, access codes, such as personal identification numbers, to the accounts, said Van Wyk. In many instances, inside help, such as a bank employee, would be required to both learn the inner workings of the bank's IT operations and to gain unquestioned access to the accounts. However, if bin Laden's associates who control the account can show that the funds were stolen, the financial institution would be required to simply restore them, said experts. "We have seen theft of money out of banks using electronic means. It has certainly happened," said Van Wyk. For example, in 1994, a 24-year-old Russian programmer hacked into Citibank's systems and made off with $10 million. Likewise, a German bank this week threatened a lawsuit against producers of a local television show for hiring hackers to break into the bank's servers and download customer names, account numbers, PINs and IP addresses, But the bulk of the work that needs to be done to hack bin Laden's money would be nontechnical in nature, Van Wyk said. "I would expect that the name on the account is probably not Osama bin Laden. It's probably extremely well hidden," he said. "To steal it would require some insiders who are sympathetic to the cause," said Winn Schwartau, an information warfare expert and president of security firm Interpact Inc. in Seminole, Fla. "With corporate shells and fast-moving money, it's going to be difficult." But not impossible. Computerworld asked a hacker known as "Gen," the head of a U.S.-based group of more than 100 hackers, how such a sophisticated hacking operation might be carried out. Hacking into the bank and stealing the money would be the easy part, Gen said, in an interview via e-mail. "There would be two possible attacks to bring this to reality: social engineering and old-school hacking," said Gen."Hacking would be accomplished by breaking into the servers of whatever institution he was hiding his funds in. This type of hacking would really be no different then hacking a Web server. It's what you do afterward that would be impressive." Other practical skills would be critical to pull off such a heist, Gen said. You would need "someone who can speak his native tongue, someone who sounds like him [and] possibly someone who looks like him," he said. In addition, a hacking operation should first have knowledge of the subject's account structures and the passwords used to secure his funds, or to alert members of the banks and credit unions of a false withdrawal or redirection, he said.


News URL

http://www.computerworld.com/storyba/0,4125,NAV47_STO64072,00.html