Feeds

Manila AT&T hackers linked to Mumbai terror attack - cops

Four alleged line-jackers cuffed with aid from FBI

High performance access to file storage

Police in the Philippines have arrested a group of four suspected hackers accused of funnelling profits from attacking corporate telephone networks to an Islamic terrorist group blamed for the attacks on Mumbai three years ago.

The four suspects allegedly targeted PBX systems maintained by AT&T and gained access to corporate phone lines that they resold at a profit to call centres. The low-level scam resulted in estimated losses of $2m and ran between at least October 2005 and December 2008, and possibly earlier.

The operation was allegedly financed by Jemaah Islamiyah, a proscribed Pakistani terrorist organisation blamed for the terrorist attack in Mumbai, India, in November 2008.

"Revenues derived from the hacking activities of the Filipino-based hackers were diverted to the account of the terrorists, who paid the Filipino hackers on a commission basis via local banks," according to a statement on the arrests by the Philippine National Police's Criminal Investigation and Detection Group (CIDG), which added that the type of scam involved had been running since 1999.

Members of the CIDG’s Anti-Transnational and Cyber-Crime Division (ATCCD) and FBI agents raided the homes of the suspects, who all live in Greater Manila, seizing computer and telecoms equipment. The agents made four arrests on Wednesday, 23 November. The suspects were named as: Macnell Gracilla, 31, a resident of Quezon City; Francisco Manalac, 25, and his live-in partner Regina Balura, 21, of Calooocan City, and Paul Michael Kwan, 29, who also lives Caloocan City.

Kwan was previously arrested four years ago in 2007 on suspicion of helping to finance terrorist activities* but was apparently released only to - allegedly - resume his involvement in the long-running phone phreaking scam. He and his alleged cohorts continued to act as commission-only hacking contractors, albeit for a different boss.

Following the arrest of Pakistani Jemaah Islamiyah member Muhammad Zamir in Italy, also in 2007, an unnamed Saudi Jihadist took control of running the phone phreaking scam. Banking records linked the Philippines hackers to their alleged Saudi terrorist funding boss.

"FBI agents who have been investigating incessant hacking of telecommunication companies in the US since 1999 uncovered paper trail of various bank transactions linking the local hackers to the Saudi-based cell whose activities include financing terrorist activities," according to CIDG.

The FBI requested the assistance of Philippines authorities in March 2011 but arrests were only made last week, some eight months after the request for help.

The scam involved was almost certainly neither technically complicated nor lucrative. $2m-worth of calls, most probably fenced for much less, is a drop in the ocean compared to the hundreds of millions of dollars scareware vendors rake in every year. In addition there must be some doubt whether the alleged hackers knew they were working for a terrorist funding mastermind or were doing low paid work who whoever bankrolled them on a no-questions-asked basis. ®

Bootnote

Kwan's 2007 indictment here only talks about a phone phreaking plot run through Italian and Spanish call centres. It makes no mention of terrorist implications unless the source of some named payments, referred to only as J.I., is actually Jemaah Islamiyah.

High performance access to file storage

More from The Register

next story
Parent gabfest Mumsnet hit by SSL bug: My heart bleeds, grins hacker
Natter-board tells middle-class Britain to purée its passwords
Samsung Galaxy S5 fingerprint scanner hacked in just 4 DAYS
Sammy's newbie cooked slower than iPhone, also costs more to build
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Web data BLEEDOUT: Users to feel the pain as Heartbleed bug revealed
Vendors and ISPs have work to do updating firmware - if it's possible to fix this
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Call of Duty 'fragged using OpenSSL's Heartbleed exploit'
So it begins ... or maybe not, says one analyst
NSA denies it knew about and USED Heartbleed encryption flaw for TWO YEARS
Agency forgets it exists to protect communications, not just spy on them
prev story

Whitepapers

Securing web applications made simple and scalable
In this whitepaper learn how automated security testing can provide a simple and scalable way to protect your web applications.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
HP ArcSight ESM solution helps Finansbank
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Mobile application security study
Download this report to see the alarming realities regarding the sheer number of applications vulnerable to attack, as well as the most common and easily addressable vulnerability errors.