Yesterday, the Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology of the U.S. House Committee on Homeland Security held a hearing titled, "Do the Payment Card Industry Data Standards Reduce Cybercrime?" The subject of the hearing was to examine whether data security requirements for businesses that store, process, or transmit personal information during Internet payments provide sufficient protection against data breaches, fraud, and terrorism. The subcommittee invited me to submit a written statement on the use of credit cards by terrorists. My statement quoted from and summarized posts by Contributing Experts Dennis Lormel, Matthew Levitt, and Michael Jacobson, and included information from our panel on February 29, 2008, “Meta-Terror: Terrorism and the Virtual World,” with Contributing Experts Evan Kohlmann and Roderick Jones and the Senior Vice President and Chief Technology Officer of VeriSign. You can download my three-page statement, and here is an excerpt:
Credit cards are extremely vulnerable to fraud and are used extensively by terrorists. The internet not only serves as a learning tool for terrorists but also functions as a mechanism to steal credit card information through hacking, phishing and other means. In many instances, when terrorist operatives are apprehended, they have multiple identifications and credit cards in a variety of names in their possession. The terrorists who executed the devastating 2004 Madrid train bombings, which killed almost 200 people, and who carried out the deadly July 7, 2005, attacks on the transportation system in London were self-financed, in part through credit card fraud.
Younes Tsouli, aka “Terrorist 007,” and his two associates, Waseem Mughal and Tariq al-Daour, used computer viruses and stolen credit card accounts to set up a network of communication forums and web sites that hosted everything from tutorials on computer hacking and bomb making to videos of beheadings and suicide bombing attacks in Iraq. They raised funds through credit card information theft and fraud, which were used to support the communications, propaganda and recruitment for terrorists worldwide, as well as to purchase equipment for Jihadists in the field. One expert described their activities as “operating an online dating service for al-Qaeda.” The three men pled guilty to inciting terrorist murder via the internet.
• Stolen credit card numbers and identities were used to buy web hosting services. At least 72 stolen credit card accounts were used to register more than 180 web site domains at 95 different web hosting companies in the U.S. and Europe. • On one computer seized from al-Daour’s apartment, some 37,000 stolen credit card numbers were found. Alongside each credit card record was other information on the identity theft victims, such as the account holder’s address, date of birth, credit balances and limits.
You can download the testimony by the witnesses from the hearing website. I appreciate this opportunity and thank the subcommittee chairwoman, Rep. Yvette Clarke, for the invitation. April 1, 2009 06:20 AM Print
![Reblog this post [with Zemanta]](https://lh3-testonly.googleusercontent.com/blogger_img_proxy/AEn0k_uUMsVzV6XE_6vuCIhjEvwlgT5hScSU_lIUWMcHwluyjFyi6ot5QU0XQROfsqel1jQEfF45_9fNNmyf_t7ain0ADeuHcPbPTbuZpv-v-7n-ahkDvbilf0ptz8MLDtuwTYzCwxWihw0Rd8X7wE84YZxy=s0-d)
