$2m AT&T hack funded terrorists

Cash scooped from hacked AT&T business accounts was used to fund terrorist attacks in Asia, local law enforcement has revealed, with four recently arrested hackers believed to have connections to Al Qaeda and the 2002 Bali bombing. The scheme has been operating since 2009, the Philippines Criminal Investigation and Detection Group (CIDG) believe, while the FBI told the New York Times this weekend that it is cooperating with local police. Although AT&T has not confirmed any figures, reports suggest it has cost the carrier almost $2m to refund affected customers.

The four suspects – three men and a woman – were arrested in a joint effort between the CIDG and the FBI in Metro Manilla on November 23. At the same time, telecoms equipment believed to be used in the hack was confiscated.

Although the FBI only requested CIDG support in March 2011, after discovering that AT&T’s network had been a target, the latest hacking attempts are believed to be the continuation of an operation dating back to 1999. A Saudi terrorist cell is said to have been funding the group, which covertly gained access to the PBX trunks of AT&T business clients and used that to call premium telephone numbers. Funds collected by those numbers were then channeled back to the terrorists, the CIDG claims, with the hackers receiving a cut of the proceeds.

The FBI has identified the cell as Jemaah Islamiyah, a group seeking to establish a regional Islamic caliphate across Southeast Asia. Suicide bombers from the group were responsible for the 2002 Bali bombing that saw 202 killed, while the cell is also believed to have been involved in hotel, embassy and other attacks in subsequent years.