Word of the week: third party

The person making financial transactions for illicit purposes isn’t necessarily the person pulling the strings.  If you work for a money services business, you should try to ascertain if your customer is operating under instructions from a third party.  This guidance comes from Canada’s FinTRAC, but it’s useful information for anybody with know-your-customer responsibilities:

Find out if there is a third party

As a money services business (MSB), you have to find out if your client is acting on behalf of a third party when you:

• conduct a large cash transaction and you have to keep a record of it
• have to keep a record about a service agreement

Who is a third party?

A third party is anyone else who gave instructions to your client to request MSB services from you. It is not about who “owns” the money, but rather about who gives the instructions to deal with the money.

How to find out if there is a third party

Ask the individual in front of you if they are acting on someone else’s instructions. If the answer is yes, that someone else is a third party.

Examples of a third party:

1. Tarek wants to send money to his son Roger in Lebanon. He gives his daughter Tara $13,000 in cash and asks her to go to the MSB to send the money. Tara gives the money to the MSB and requests that a money transfer be made to Roger in Lebanon. Tarek is the third party as he is the one who gave the instructions to Tara to request that a money transfer be made.
2. Jacques, a financial officer and employee of Voyages Inc. in Canada, goes to the MSB every month to transfer money to their head office in France. Jacques’ employer, Voyages Inc., is the third party as Jacques is acting on his employer’s instructions.

Records to keep on a third party

You have to keep a record for five years after the day you created it, if you:

• find out that there is a third party
• suspect that there is a third party

You find out that there is a third party

If you find out that there is a third party involved, you have to keep a record with the following information about the third party:

• name, address and job or main business
• if it is an individual, their date of birth
• if it is a corporation, their corporation number and place of incorporation
• the nature of the relationship between the third party and:
  • the individual who gave you the cash if you are doing this because of a large cash transaction or
  • the organization entering into a service agreement.

Examples of how to describe the nature of the relationship include that the third party is your client’s accountant, agent, customer, employee, friend, legal counsel or relative.

You suspect that there is a third party

If you are not able to find out that there is a third party, but you suspect that there are instructions from a third party involved, you have to keep a record to indicate the following:

• why you suspect the individual is acting on a third party’s instructions and in the case of a:
  • large cash transaction, whether or not the individual giving the cash indicated that the transaction was being conducted on behalf of a third party
  • service agreement, whether or not the client indicated that the agreement was being done on behalf of a third party

One Algerian’s financial cyber-crime spree

Hacker Hamza Bendelladj’s malware infected personal computers in order to steal the financial credentials of unsuspecting users and sell the data to third parties.  If one man with a computer and an Internet connection can operate a scheme like this, just think of what an enemy state actor could accomplish.

This press release comes to us from the U.S. Attorney’s Office and the Atlanta Division of the FBI on May 3 (h/t Douglas McNabb):

Algerian National Extradited from Thailand to Face Federal Cyber Crime Charges in Atlanta for SpyEye Virus

ATLANTA—Hamza Bendelladj, an Algerian national also known as Bx1, will be arraigned on federal cyber crime charges for his role in developing, marketing, distributing, and operating the malicious computer virus SpyEye.

“No violence or coercion was used to accomplish this scheme, just a computer and an Internet connection,” said United States Attorney Sally Quillian Yates. “Bendelladj’s alleged criminal reach extended across international borders, directly into victims’ homes. In a cyber netherworld, he allegedly commercialized the wholesale theft of financial and personal information through this virus which he sold to other cyber criminals. Cyber criminals, take note—we will find you. This arrest and extradition demonstrates our determination to bring you to justice.”

“Hamza Bendelladj has been extradited to the United States to face charges of controlling and selling a nefarious computer virus designed to pry into computers and extract personal financial information,” said Acting Assistant Attorney General Mythili Raman. “The indictment charges Bendelladj and his co-conspirators with operating servers designed to control the personal computers of unsuspecting individuals and aggressively marketing their virus to other international cybercriminals intent on stealing sensitive information. The extradition of Bendelladj to face charges in the United States demonstrates our steadfast determination to bring cyber criminals to justice, no matter where they operate.”

“The FBI has expanded its international partnerships to allow for such extraditions of criminals who know no borders,” stated Mark F. Giuliano, Special Agent in Charge, FBI Atlanta Field Office. “The federal indictment and extradition of Bendelladj should send a very clear message to those international cyber criminals who feel safe behind their computers in foreign lands that they are, in fact, within reach.”

Bendelladj, 24, was indicted by a federal grand jury in Atlanta, Georgia on December 20, 2011. The 23-count indictment charges him with one count of conspiring to commit wire and bank fraud, 10 counts of wire fraud, one count of conspiracy to commit computer fraud, and 11 counts of computer fraud. Bendelladj was apprehended at Suvarnabhumi Airport in Bangkok, Thailand, on January 5, 2013, while he was in transit from Malaysia to Egypt. The indictment was unsealed on May 1, 2013. Bendelladj was extradited from Thailand to the United States on May 2, 2013, and was arraigned in United States District Court before United States Magistrate Judge Janet F. King.

According to court documents, the SpyEye virus is malicious computer code, or malware, which is designed to automate the theft of confidential personal and financial information, such as online banking credentials, credit card information, usernames, passwords, PINs, and other personally identifying information. The SpyEye virus facilitates this theft of information by secretly infecting victims’ computers, enabling cyber criminals to remotely control the computers through command and control (C&C) servers. Once a computer is infected and under the cyber criminals’ control, a victim’s personal and financial information can be surreptitiously collected using techniques such as “web injects,” which allow cyber criminals to alter the display of webpages in the victim’s browser in order to trick them into divulging personal information related to their financial accounts. The financial data is then transmitted to the cyber criminals’ C&C servers, where criminals use it to steal money from the victims’ financial accounts.

The indictment alleges that from 2009 to 2011, Bendelladj and others developed, marketed, and sold various versions of the SpyEye virus and component parts on the Internet and allowed cyber criminals to customize their purchases to include tailor-made methods of obtaining victims’ personal and financial information. Bendelladj allegedly advertised the SpyEye virus on Internet forums devoted to cyber crime and other criminal activities. In addition, Bendelladj allegedly operated C&C servers, including a server located in the Northern District of Georgia, which controlled computers infected with the SpyEye virus. One of the files on Bendelladj’s C&C server in the Northern District of Georgia allegedly contained information from approximately 253 unique financial institutions.

If convicted, Bendelladj faces a maximum sentence of up to 30 years in prison for conspiracy to commit wire and bank fraud; up to 20 years for each wire fraud count; up to five years for conspiracy to commit computer fraud; up to five or 10 years for each count of computer fraud; and fines of up to $14 million…

Money jihad news: recommended reading

• “We know that the financial markets are one of the battlefields on which future wars will be fought.”  So what are we doing about it?  More>>

• It’s not just the big boys. Increasing cyber-attacks even have your community bank looking over its shoulder… more>>

• As a thief, it doesn’t get any better than pulling off a $97 million heist. Until you realize you’re stuck with a million pieces of paper weighing half a ton stacked 40 stories high… more>>

• “Lawfare” is used to stifle, intimidate, and discredit those speaking and writing about Islamism, terrorism, and its financing—a fancy way of trying to cut out our tongues… more>>

Word of the week: soft loan

Among the hundreds of requests for zakat or other financial assistance that Money Jihad has received from overseas spammers, a couple have involved requests for a “soft loan.”

In June 2011 through our “Contact us” page, Wisnu Wibowo wrote, “Asalamualaikum… I hope someone can help with soft loan” purportedly to keep him out of jail for a $2,000 debt.  Borrowing from Peter to pay Paul, it would seem.

In January of this year, somebody named Krisna Busana Karya also contacted Money Jihad demanding “grants or soft loan” with a five year term to help with an oyster cultivation business with an eye toward a growing market in Jakarta.  Tempting offer, Krisna, but no thanks.

What is a “soft loan”?

A soft loan is defined as “A loan made on terms lower than or more favourable to the borrower than regular commercial terms”.*

Soft loans are repaid with interest, but it may be at a smaller interest rate or payable over a longer term than conventional loans.  Since interest is involved, soft loans are not sharia-compliant.

Nevertheless, extending a soft loan to a borrower who cannot meet conventional terms suggests that the lender is taking on risk in excess of what the capital markets normally bear.  Therefore, soft loans are somewhat similar to sharia finance in that both deviate from fair market interest rates.  Soft loans, like sharia loans, come with strings attached, such as concessions made by the borrower.

People do not lend for free.  Reduce or eliminate interest rates, and lenders will come up with ways of recouping the costs through fees or other methods.  Is “ethical finance” truly ethical when the actual cost of borrowing is obscured by fees and special conditions, rather than a transparent, market-based interest rate that is known to both parties?

* Food and Agricultural Organization of the United Nations, Glossary of Terms for Agricultural Insurance and Rural Finance (Rome:  FAO, 1992).

Smuggling cash with foreign prepaid cards

ACAMS MoneyLaundering.com is reporting that while know-your-customer requirements and other safeguards are in place to prevent abuse of prepaid, reloadable cards obtained from American financial institutions, the freedom of foreign banks to issue such cards remains a potential area of terror finance vulnerability.

Here is an excerpt from MoneyLaundering.com’s featured article by Colby Adams on Apr. 9:

…Final rules issued by the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) in July 2011 imposed anti-money laundering (AML) program duties on American providers and sellers of certain prepaid products, including customer identification, suspicious activity reporting and transactional recordkeeping requirements.

But reloadable cards that can be acquired in person or over the Internet from foreign financial institutions remain an immediate threat to the United States, according to a senior compliance officer at a major U.S. financial institution linked to the prepaid industry.

“The rules are way too focused on what’s leaving the United States—on bulk cash smuggling on a card,” said the person, who spoke on condition of anonymity. “The giant elephant in the room is that the regulators aren’t checking what’s coming here, and that could mean trouble sooner rather than later.”

In such a scenario, a member of a terrorist organization living in a high-risk jurisdiction could purchase a network branded prepaid card from a non-U.S. bank with little trouble. Should the person travel to the United States, he or she could use the card to withdrawal money from any one of thousands of ATMs, or receive additional funds from another foreign-issued prepaid card holder…

Why would Muhammad Atta need a SunTrust account if he could have just brought a preloaded payment card with him from Hamburg?  Especially when that card is branded with the familiar logo of Visa or Mastercard, such as this product being offered on the website of Cyprus-based Hellenic Bank:

Screenshot of foreign p-card promising anonymity and a Visa logo

So much for know-your-customer provisions when a bank in the EU is encouraging customer anonymity.  Moreover, Mr. Adams notes that “the Visa logo means that it can be used anywhere Visa is accepted – including ATMs.”

Backstabbed: How Iraq helps Iran skirt sanctions

Nobody has been as good at tracking the painful truth of Iraqi-facilitated evasion of international sanctions on Iran as financial crime consultant Kenneth Rijock.  Consider:

• The Kurds in northern Iraq have “allowed both rampant money laundering, and widespread facilitation of global Iran sanctions evasion” though their banks. In central Iraq, U.S. dollars are flowing in bulk from Baghdad to Iran… more>>
• Lebanese banks and Bank Melli, a sanctioned Iranian bank, are operating in northern Iraq.  EU and North American businesses that use Lebanese banks may not be taking sufficient steps to prevent their transactions from benefiting Iranian end-users… more>>
• “Iraq blatantly disregards UN sanctions on Iran” in accepting an Iranian-flagged vessel‘s shipment at its Um Qasr port, for example… more>>
• Five Turkish banks in Iraq may be facilitating Iran’s sanction dodging behavior… more>>
• Iran will reap $16 billion annually from a new natural gas deal with Iraq… more>>

Reading about the dangerous anti-money laundering (AML) and combating the financing of terrorism (CFT) policies of Iraq may be upsetting to those who have made personal sacrifices fighting for Iraqi freedom, but we have to face the current facts.  How does Rijock describe the Iraq invasion?  “Military success, yes; but AML/CFT utter failure.”

Ex-banker: Taliban funded by sharia finance

Muhammad Aamir, a retired Pakistani banker, admits that, “It is true that Taliban militants receive financial support through the Islamic banking system, but there is no proof because these illegal transactions are never properly investigated,” according to an article from Central Asia Online last week.

Muhammad Junaid, a banker currently working in Peshawar, says he is familiar with three account holders who work closely with terrorists receive over $50K monthly from Islamic banks.

Some financial sector employees disagree, but the evidence that sharia banks finance jihad has grown to the point where it is impossible to ignore.  Thanks to meankitteh for sending in this article, which frankly understates the scope of the problem:

Islamic banking: A conduit for terror funding?

Opinions differ on whether the financial network is being misused to funnel support to militants, but the system does have loopholes that would allow for it.

By Ashfaq Yusufzai

2013-03-27

PESHAWAR – Some worry that the Islamic banking model is open to potential misuse by those involved in funding terrorist activities, but opinions differ on whether the financial network is directly involved in such schemes.

The dividing line for the opinions seems to come down to how one is involved in the business.

“It is true that Taliban militants receive financial support through the Islamic banking system, but there is no proof because these illegal transactions are never properly investigated,” Muhammad Aamir, a retired banker, told Central Asia Online.

But Adnan Rasool, an Islamabad-based Islamic banking specialist with a state-owned bank, said it is “totally wrong” to say that the system helps terrorism.

“In Pakistan the share of Islamic banking has risen to 10%, which shows the public confidence in the system,” Adnan said. “We have more than 1,000 dedicated Islamic banks as well as more than 700 Islamic banking counters operated in conventional banks.”

Allegations arose in early 2001 that the system aided terrorism, but authorities couldn’t prove any of them, Adnan said, adding that Islamic banking has come of age worldwide and in Pakistan, where it has financed huge projects that benefit the people.

Why Islamic banking is vulnerable to terrorist misuse

Islamic banking, which began in the early 1970s, is a financial system that involves making loans without charging interest, in accordance with Sharia law. It is worth about US $2 trillion (Rs. 197 trillion) worldwide and has posted an annual growth rate of 15%.

Terrorists have long relied on various channels to finance their activities and Islamic banking is one option that terror supporters have used in the past, Aamir said, describing an example of suspected terror funding.

A resident of Hangu District received “a hefty amount through Islamic banks from different sources in the UAE, Saudi Arabia and other Islamic countries” in 2001, he said. “He was a common man who disappeared after the 9/11 incidents in New York and Washington.”

Police briefly investigated the case, he said, but nothing came of it.

Another banker also has suspicions about the system.

Muhammad Junaid, an employee of a private bank in Peshawar, agreed with the notion that Islamic banking is key to financing terror bids in Pakistan and elsewhere but said these illegal acts aren’t easily traceable.

“For instance, I knew three account-holders in our bank who each received about Rs. 5m (US $50,829) every month from some Muslim countries,” said Junaid. “The men – pretending to be getting the money for construction of mosques and religious seminaries – seemed to be hand-in-glove with terrorists.”

That is indicative of something suspicious, he said, because “one cannot believe that simple people have such frequent financial transactions through banks. But … there are no complaints from any quarter.” But again, proof is scant and Adnan stands by his industry.

“Islam strictly forbids terrorism in all its form and therefore Islamic banking seeks to promote Islamic values,” he said. “We have an internal system in Islamic banking that prevents the illegal investments and transactions; therefore, it is impossible to send the money through this network to terrorists.”

Islamic banking system has loopholes

Islamic banking was designed to follow Islamic values, Junaid said. In accordance with Sharia law, it is expected to avoid interest-based transactions and unethical practices while it helps boost the economy.

However, loopholes make it difficult to identify illegal transactions in the system, he said.

Pakistan began implementing the system in 1978, economist Jalal Khan, at the Institute of Management Studies at the University of Peshawar, said. Early measures included doing away with interest from the operations of specialised financial institutions – including the House Building Finance Co. Ltd., Investment Corporation of Pakistan and National Investment Trust Ltd. in July 1979 – a practice that extended to commercial banks in the 1980s.

The premise of interest-free loans, even though it goes along with Islamic ideals, has not protected the system from suspicion of links to terror funding, Shah Jehan, a banker at a private financial institution, told Central Asia Online.

Hawala, an informal system that allows fund transfers without much regulatory control, also was allegedly linked to terror financing, he said.

“Despite a hue and cry by global leaders spearheading the war against jihadist groups, new legal modes of transactions [including wire transfers] that have now replaced the hawala system are part of the Islamic banking system and have been lifelines for terrorists,” Jehan said…

Revisiting Ghaith Pharaon’s ties to Bin Laden

A French parliamentary report released shortly after 9/11 revealed that Ghaith Pharoan and other Saudi elites were “directly linked to [Osama] Bin Laden through banks, holding companies, foundations and charities…”

This is the same Ghaith Pharoan who was involved with the $1.7 billion savings and loan scandals of Bank of Credit and Commerce International (BCCI) and CenTrust in the 1980s.  Although not officially charged with financing terrorism, Pharoan remains under U.S. indictment for “having been a front man in B.C.C.I.’s secret and unlawful acquisitions of American banks, including the National Bank of Georgia and the Independence Bank of Encino, Calif.”

Like many prominent Saudis, Pharoan peddled influence in the U.S. prior to his indictment without regard to political party, allegedly forming relationships with Henry Kissinger, members of the Carter administration including Bert Lance, and George W. Bush before he became involved in politics—a sign of the great lengths to which the Saudis have gone to curry favor with American officials.

The Guardian examined the French report (h/t History Commons) in this difficult-to-Google article below.  Thanks to Rushette for suggesting more coverage related to this subject.

City ‘haven’ for terrorist money laundering

Report says Bin Laden has extensive interests in UK

Osama bin Laden’s extensive financial interests in Britain are outlined today in a French parliamentary report that says the City is a money laundering haven for billions of pounds of tainted and terrorist money.

Up to 40 companies, banks and individuals based in Britain can legitimately be suspected of maintaining direct or indirect relations with the terrorist, according to a 70-page annexe, The Economic Environment of Osama bin Laden, attached to the French report. Compiled by an independent team of financial experts whose identity the French parliamentarians have undertaken not to reveal, the annexe reveals that the structure of Bin Laden’s financial network bears a striking similarity to that used by the collapsed BCCI bank for its fraudulent operations in the 1980s.

“This document clearly shows the great permeability of the British banking and financial system and the fragility of the controls operated at its points of entry,” write the authors of the French report, a copy of which has been obtained by the Guardian.

The annexe establishes numerous links between Bin Laden with international arms and oil dealers and even members of the Saudi elite.

It also pinpoints the relationship and its subsquent breakdown between Osama bin Laden and his family’s holding company, Saudi BinLadin Group, and its multiple subsidiaries, investments and offshoots in Europe.

Many of the individuals concerned, several with British connections, were also involved in various senior roles with BCCI, the report says. Hundreds of banks and companies are mentioned, from Sudan, Geneva and London to Oxford, the Bahamas and Riyadh.

The names of half a dozen former BCCI clients and officials, including Ghaith Pharaon, wanted by the US authorities for fraud, and Khalid bin Mahfouz, a Saudi banker who was closely involved with the bank before it was closed down by the Bank of England in 1991, recur throughout the annexe and are directly linked to Bin Laden through banks, holding companies, foundations and charities, at least one of which, the International Development Foundation, has its headquarters in London.

“The convergence of financial and terrorist interests, apparent particularly in Great Britain and in Sudan, does not appear to have been an obstacle with regard to the objectives pursued [by Bin Laden],” the annexe concludes. “The conjunction of a terrorist network attached to a vast financing structure is the dominant trait of operations conducted by bin Laden”…

Attacks on banks resume

Despite the track record of the 60-year Arab League economic embargo of Israel, and despite the Arab oil embargo of the 1970s, some Islamic scholars have said that Islam does not permit economic warfare against infidels.

Yet when it comes to infidel banks that charge interest—a concept forbidden in Islam—many Islamists agree that banks are legitimate targets for robbery or attack, especially if the result of the action will ultimately benefit Islam.  Islamists also rationalize their assaults on Western financial institutions because they believe the banks are “controlled” by Jews.

Is it any wonder then that we’re now seeing a third wave of attacks by Islamist hackers against American financial institutions that began last fall.  From the Global Post on Mar. 7:

Muslim hackers target US banks in third round of cyberattacks

In the third round of what they’re calling Operation Ababil, Muslim hackers belonging to the Izz ad-Din al-Qassam Cyber Fighters are attacking US bank websites and demanding that more copies of the “Innocence of Muslims” YouTube video be removed.

Muslim hackers in the Izz ad-Din al-Qassam Cyber Fighters launched the third phase of their Operation Ababil campaign against US-based banks on Wednesday, making further demands that the YouTube video “Innocence of Muslims” be removed from the web.

Known to many as the Muslim world’s Anonymous, Izz ad-Din issued an ultimatum on Tuesday that their distributed denial of service (DDoS) attacks against American banking institutions would continue unless insults against the Prophet Mohammed were removed from YouTube.

“During runnnig [sic] Operation Ababil Phase 3, like previous phases, a number of american [sic] banks will be hit by denial of service attacks three days a week, on Tuesday, Wednesday and Thursday during working hours,” read the group’s latest statement.

Outages have been reported by customers of Bank of America, Capital One, Citibank, PNC Bank, Union Bank and Wells Fargo, according to Site Down, a website that tracks reported online outages. However, no banks have reported experiencing any issues with their online services.

“At this point, we’ve had no issues on our end,” Bank of America spokesman Mark T. Pipitone told Information Week Wednesday.

Unlike Anonymous, the Izz ad-Din Cyber Fighters seem to abide by strict, self-imposed regulations. During phase two of Operation Ababil, YouTube removed the original version of “Innocence of Muslims” from the site — as promised, the hacker collective ceased attacks once their demands were met.

But new copies of the video have reappeared on YouTube, and the Izz ad-Din Cyber Fighters say they will not tolerate more insults levied against Prophet Mohammed.

“Now at the end of one month time it is seen that other copies of the film yet exist in YouTube so we announce the Phase 3 of Operation Ababil will start this week,” read the group’s statement.

For phase three, Izz ad-Din is using a complex calculation to issue banks an exact dollar amount each will lose in the attacks. Using a combination of the video’s traffic statistics, Izz ad-Din determined that US Banks should pay $874.7 million in compensation.

A loss at that levels requires about 11 weeks of DDoS attacks.

Taking their name from a Syrian preacher that fought against French, British and Zionist elements in the Levant in the 1920s and 1930s, the collective has wrapped itself in the rhetoric of anti-imperialism.

However, the goals of the organization are now limited to removing “Innocence of Muslims” from YouTube. The insults made against Prophet Mohammed served as a catalyst for uniting the collective.

The Izz ad-Din al-Qassam Cyber Fighters collective is the first hacker group that acts in defense of Islam.

Since the founding of the Izz ad-Din al-Qassam collective, several other Muslim hacker groups rose to prominence in attacks carried out against Israeli domains during the Israeli Defense Forces’ assault on Gaza late last year. Muslim hackers from Algeria, Morocco and Pakistan, among others, carried out DDoS attacks and defacement of Israeli domains during the cyberattack campaign.

Cyber-terrorists target bank software next

After attacking banks’ websites last fall, hackers “may graduate from crude DDoS attacks to more sophisticated ones that secretly penetrate banks’ systems and then steal or delete data,” reports The Economist.

Furthermore, “If 20,000 machines started hammering British payment gateways on the last weekend before Christmas, people wouldn’t be able to shop except with cash,” warns an information technology security professor quoted in the article.  This is the second prediction or warning we have heard about potential cyber-attacks on financial targets during 2013 holiday season.

Read the full article—“War on terabytes”—here.

Banks have spent centuries perfecting physical security through alarm systems, tamper-proof vaults, armed guards, armored trucks, but they have a lot of catching up to do to guard their networks against the economic warfare being waged by overseas hackers.

Many experts and government officials blame last fall’s digital attacks (depicted in the excellent RivalHost infographic below) on Iran.  That hasn’t been proved yet, but longtime readers may recall that Iranian leaders declared 2011 as “The Year of Economic Jihad,” and that Ahmadinejad said “that economic jihad should be realized in every aspect of all Iranian’s lives.”

Under attack from Iran, banks seek federal help

Having spent millions of dollars to defend themselves from a hostile foreign power, American banks are now asking the federal government for assistance.  U.S. officials say that all options are being weighed including retaliation.  Here’s a two-minute interview on the subject with reporter Siobhan Gorman on the radio program The Wall Street Journal This Morning last month:

Hopefully they won’t have to use it, but the Pentagon would have good reasons for keeping a cyber-counteroffensive plan on its shelf.

View previous Money Jihad coverage of the allegedly Iranian-based technological assaults here, here, and here.