Two hundred two people died in the Bali, Indonesia, disco bombing of October 12, 2002, when a suicide bomber blew himself up on a tourist-bar dance floor, and then, moments later, a second bomber detonated an explosives-filled Mitsubishi van parked outside. Now, the mastermind of the attacks – Imam Samudra, a 35-year-old Islamist militant with links to al-Qaeda – has written a jailhouse memoir that offers a primer on the more sophisticated crime of online credit card fraud, which it promotes as a way for Muslim radicals to fund their activities.
Law enforcement authorities say evidence collected from Samudra’s laptop computer shows he tried to finance the Bali bombing by committing acts of fraud over the Internet. And his new writings suggest that online fraud – which in 2003 cost credit card companies and banks $1.2 billion in the United States alone – might become a key weapon in terrorist arsenals, if it’s not already. “We know that terrorist groups throughout the world have financed themselves through crime,” says Richard Clarke, the former U.S. counterterrorism czar for President Bush and President Clinton. “There is beginning to be a reason to conclude that one of the ways they are financing themselves is through cyber-crime.”
Online fraud would thereby join the other major ways in which terrorist groups exploit the Internet. The September 11 plotters are known to have used the Internet for international communications and information gathering. Hundreds of jihadist websites are used for propaganda and fund-raising purposes and are as easily accessible as the mainstream websites of major news organizations. And in 2004, the Web was awash with raw video of hostage beheadings perpetrated by followers of Abu Musab al-Zarqawi, the Jordanian-born terror leader operating in Iraq. This was no fringe phenomenon. Tens of millions of people downloaded the video files, a kind of vast medieval spectacle enabled by numberless Web hosting companies and Internet service providers, or ISPs. “I don’t know where the line is. But certainly, we have passed it in the abuse of the Internet,” says Gabriel Weimann, a professor of communications at the University of Haifa, who tracks use of the Internet by terrorist groups.
Meeting these myriad challenges will require new technology and, some say, stronger self-regulation by the online industry, if only to ward off the more onerous changes or restrictions that might someday be mandated by legal authorities or by the security demands of business interests. According to Vinton Cerf, a founding father of the Internet who codesigned its protocols, extreme violent content on the Net is “a terribly difficult conundrum to try and resolve in a way that is constructive.” But, he adds, “it does not mean we shouldn’t do anything. The industry has a fair amount of potential input, if it is to try to figure out how on earth to discipline itself. The question is, which parts of the industry can do it?” The roadblocks are myriad, he notes: information can literally come from anywhere, and even if major industry players agree to restrictions, Internet users themselves could obviously go on sharing content. “As always, the difficult question will be, Who decides what is acceptable content and on what basis?”
Some work is already going on in the broader battle against terrorist use of the Internet. Research labs are developing new algorithms aimed at making it easier for investigators to comb through e-mails and chat-room dialogue to uncover criminal plots. Meanwhile, the industry’s anti-spam efforts are providing new tools for authenticating e-mail senders using cryptography and other methods, which will also help to thwart fraud; clearly, terrorist exploitation of the Internet adds a national-security dimension to these efforts. The question going forward is whether the terrorist use of the medium, and the emerging responses, will help usher in an era in which the distribution of online content is more tightly controlled and tracked, for better or worse.