Paper Edition | Page: 7
Recently, the National Police’s Densus 88 counterterrorism unit arrested five suspects in the case of the Surakarta church bombing. Among them was an Information Technology (IT) expert, Rizki Gunawan, who used his skills to illegally gather funds from the Internet. According to the police, Rizki was able to hack into, among others, a Multi Level Marketing (MLM) company website and reaped around Rp. 5.9 billion (US$625,400). The police believed that part of the funds were used to support the church bombing attack in 2011.
According to the National Police, there have been many indications that terrorists are very resourceful in funding their activities through the use of IT. Hacking for money is now considered as a common method of obtaining funds for terrorist financing. In fact, police investigations have revealed that the 2002 Bali bombings were allegedly funded at least in part by online credit card fraud.
It is worrying to see that what at first seems to be a mere financial crime may turn into a life threatening offense such as terrorist attack. In some terrorist attacks, fraud is a predicate offense to other crimes world wide. A report on the global money laundering and terrorist financing threat by the Financial Action Task Force on Money Laundering (FATF) suggested that in many jurisdictions there seems to be an increase in Internet–based fraud and other uses of Internet technologies in fraudulent activities.
The FATF’s survey also revealed that fraud, trafficking in narcotics, cigarettes, weapons, human beings or diamonds and petty crime are the most common sources of terrorist financing. Additionally, according to the FATF, legitimate sources of funds such as charities, non–profit organizations and small cash intensive businesses are also commonly used for supporting terrorism.
A recent report from PricewaterhouseCoopers’s (PwC) Global Economic Crime Survey (November 2011) revealed that cybercrime is one of the top four types of reported economic crime. The results from this offense include financial loss, reputational damage and loss of personal identifiable information, just to name a few. On the other hand, PwC also found that most senior people in organizations are not placing enough emphasis on the importance of managing cyber-crime threats.
Rizki’s success in hacking the websites from which he stole funds may also be put down to the victim’s lack of awareness regarding cybercrime threats in the country. Many of the seemingly harmless facilities such as social media sites on the Internet may provide loopholes to be exploited by cyber criminals. Unfortunately many organizations’ security policies do not cover these areas. PwC’s global survey, for example, established that 60 percent of respondents said that their organizations did not monitor the use of social media sites, or that they are not aware of any policies regarding such matters.
To add to the problems of fraud-supported terrorist activities, the existence of the so–called “underground economy” has made obtaining illegal funds easier. Just as with the real economy, the underground economy is made primarily of buyers, sellers and markets. According to a study on the underground economy by the Symantec Corp. a few years ago, for example, credit card information is the most requested “product” in underground economy servers, with 31 percent of total requests in the study period. Other most demanded “products” include financial accounts, spam and phishing information, withdrawal services, identity theft information, server accounts, compromised computers, website accounts, malicious applications and retail accounts.
These “products” are commonly used by criminals to steal money from the real economy, such as by using stolen bank account passwords to make unauthorized transfers to the offender. Organized criminals may then use the proceeds to finance other offenses such as terrorist attacks.
According to a report from the FATF on terrorist financing, perpetrating a terrorist attack, for example, is considered to be “cheap” when compared to the devastating effects that it can deliver. According to the FATF’s report, for example, the cost of the 2002 Bali bombings was $50,000, the cost for the 2003 JW Marriott Hotel bombing was $30,000, the 2004 Madrid train bombings cost $10,000 and the 2005 London bombings cost $15,673. The use of the Internet by criminals has increased the difficulty of investigating crimes and prosecuting the offenders. This includes difficulties in identifying the perpetrators as well as a number of jurisdiction problems during investigation and prosecution stages.
The fact that financial crime can be a predicate offense to more dangerous offenses signifies the need to invest more in crime prevention measures. However, for organizations, investing in crime prevention measures such as security technology can be expensive and thus many are reluctant to do so.
For this matter, an organization should consider the long term benefits of what currently may look like a waste of money in terms of prevention measures. In practice, as suggested by PwC’s global survey, larger organizations are more likely to suffer fraud due to the fact that they have more employees and more assets, and deal with more vendors and operate in more areas.
Many experts believe that investing in crime prevention measures is similar to many other investments for improving the company’s efficiency by reducing the risk of incurring loss from, for example, cybercrime attack. This in fact can also be used to attract more customers with, for example, the latest security features to ensure their transactions. Many studies have concluded that an organization’s high level of security positively influences customers’ willingness to make transactions with that organization.
The writer is the director of the Center for Forensic Accounting Studies in the Accounting Program of the Islamic University of Indonesia, Yogyakarta. He obtained his Masters and PhD in forensic accounting from the University of Wollongong, Australia.