• Home
  • About RSIS
    • Introduction
    • Building the Foundations
    • Welcome Message
    • Board of Governors
    • Staff Profiles
      • Executive Deputy Chairman’s Office
      • Dean’s Office
      • Management
      • Distinguished Fellows
      • Faculty and Research
      • Associate Research Fellows, Senior Analysts and Research Analysts
      • Visiting Fellows
      • Adjunct Fellows
      • Administrative Staff
    • Honours and Awards for RSIS Staff and Students
    • RSIS Endowment Fund
    • Endowed Professorships
    • Career Opportunities
    • Getting to RSIS
  • Research
    • Research Centres
      • Centre for Multilateralism Studies (CMS)
      • Centre for Non-Traditional Security Studies (NTS Centre)
      • Centre of Excellence for National Security (CENS)
      • Institute of Defence and Strategic Studies (IDSS)
      • International Centre for Political Violence and Terrorism Research (ICPVTR)
    • Research Programmes
      • National Security Studies Programme (NSSP)
      • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
    • Future Issues and Technology Cluster
    • [email protected] Newsletter
    • Other Research
      • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
    • Graduate Programmes Office
    • Overview
    • MSc (Asian Studies)
    • MSc (International Political Economy)
    • MSc (International Relations)
    • MSc (Strategic Studies)
    • NTU-Warwick Double Masters Programme
    • PhD Programme
    • Exchange Partners and Programmes
    • How to Apply
    • Financial Assistance
    • Meet the Admissions Team: Information Sessions and other events
    • RSIS Alumni
  • Alumni & Networks
    • Alumni
    • Asia-Pacific Programme for Senior Military Officers (APPSMO)
    • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
    • International Strategy Forum-Asia (ISF-Asia)
    • SRP Executive Programme
    • Terrorism Analyst Training Course (TATC)
  • Publications
    • RSIS Publications
      • Annual Reviews
      • Books
      • Bulletins and Newsletters
      • Commentaries
      • Counter Terrorist Trends and Analyses
      • Commemorative / Event Reports
      • IDSS Paper
      • Interreligious Relations
      • Monographs
      • NTS Insight
      • Policy Reports
      • Working Papers
      • RSIS Publications for the Year
    • Glossary of Abbreviations
    • External Publications
      • Authored Books
      • Journal Articles
      • Edited Books
      • Chapters in Edited Books
      • Policy Reports
      • Working Papers
      • Op-Eds
      • External Publications for the Year
    • Policy-relevant Articles Given RSIS Award
  • Media
    • Great Powers
    • Sustainable Security
    • Other Resource Pages
    • Media Highlights
    • News Releases
    • Speeches
    • Vidcast Channel
    • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
Facebook
Twitter
YouTube
RSISVideoCast RSISVideoCast rsis.sg
Linkedin
instagram instagram rsis.sg
RSS
  • Home
  • About RSIS
      • Introduction
      • Building the Foundations
      • Welcome Message
      • Board of Governors
      • Staff Profiles
        • Executive Deputy Chairman’s Office
        • Dean’s Office
        • Management
        • Distinguished Fellows
        • Faculty and Research
        • Associate Research Fellows, Senior Analysts and Research Analysts
        • Visiting Fellows
        • Adjunct Fellows
        • Administrative Staff
      • Honours and Awards for RSIS Staff and Students
      • RSIS Endowment Fund
      • Endowed Professorships
      • Career Opportunities
      • Getting to RSIS
  • Research
      • Research Centres
        • Centre for Multilateralism Studies (CMS)
        • Centre for Non-Traditional Security Studies (NTS Centre)
        • Centre of Excellence for National Security (CENS)
        • Institute of Defence and Strategic Studies (IDSS)
        • International Centre for Political Violence and Terrorism Research (ICPVTR)
      • Research Programmes
        • National Security Studies Programme (NSSP)
        • Studies in Inter-Religious Relations in Plural Societies (SRP) Programme
      • Future Issues and Technology Cluster
      • [email protected] Newsletter
      • Other Research
        • Science and Technology Studies Programme (STSP) (2017-2020)
  • Graduate Education
      • Graduate Programmes Office
      • Overview
      • MSc (Asian Studies)
      • MSc (International Political Economy)
      • MSc (International Relations)
      • MSc (Strategic Studies)
      • NTU-Warwick Double Masters Programme
      • PhD Programme
      • Exchange Partners and Programmes
      • How to Apply
      • Financial Assistance
      • Meet the Admissions Team: Information Sessions and other events
      • RSIS Alumni
  • Alumni & Networks
      • Alumni
      • Asia-Pacific Programme for Senior Military Officers (APPSMO)
      • Asia-Pacific Programme for Senior National Security Officers (APPSNO)
      • International Strategy Forum-Asia (ISF-Asia)
      • SRP Executive Programme
      • Terrorism Analyst Training Course (TATC)
  • Publications
      • RSIS Publications
        • Annual Reviews
        • Books
        • Bulletins and Newsletters
        • Commentaries
        • Counter Terrorist Trends and Analyses
        • Commemorative / Event Reports
        • IDSS Paper
        • Interreligious Relations
        • Monographs
        • NTS Insight
        • Policy Reports
        • Working Papers
        • RSIS Publications for the Year
      • Glossary of Abbreviations
      • External Publications
        • Authored Books
        • Journal Articles
        • Edited Books
        • Chapters in Edited Books
        • Policy Reports
        • Working Papers
        • Op-Eds
        • External Publications for the Year
      • Policy-relevant Articles Given RSIS Award
  • Media
      • Great Powers
      • Sustainable Security
      • Other Resource Pages
      • Media Highlights
      • News Releases
      • Speeches
      • Vidcast Channel
      • Audio/Video Forums
  • Events
  • Giving
  • Contact Us
  • instagram instagram rsis.sg
Connect

Getting to RSIS

Map

Address

Nanyang Technological University
Block S4, Level B3,
50 Nanyang Avenue,
Singapore 639798

View location on Google maps Click here for directions to RSIS

Get in Touch

    Connect with Us

      rsis.ntu
      rsis_ntu
      rsisntu
    RSISVideoCast RSISVideoCast rsisvideocast
      school/rsis-ntu
    instagram instagram rsis.sg
      RSS
    Subscribe to RSIS Publications
    Subscribe to RSIS Events

    RSIS Intranet

    S. Rajaratnam School of International Studies Think Tank and Graduate School Ponder The Improbable Since 1966
    Nanyang Technological University Nanyang Technological University

    Skip to content

     
    • RSIS
    • Publication
    • RSIS Publications
    • Cybercrime: Financing Terrorism in Indonesia
    • Annual Reviews
    • Books
    • Bulletins and Newsletters
    • Commentaries
    • Counter Terrorist Trends and Analyses
    • Commemorative / Event Reports
    • IDSS Paper
    • Interreligious Relations
    • Monographs
    • NTS Insight
    • Policy Reports
    • Working Papers
    • RSIS Publications for the Year

    CO19159 | Cybercrime: Financing Terrorism in Indonesia
    Vidia Arianti

    15 August 2019

    download pdf
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    SYNOPSIS

    Indonesian terrorist groups could resort to cybercrime, specifically hacking, to finance terrorism in the future. The encouragement and guidance by each generation of terrorists is coupled with possible money-laundering paths using virtual payments. This poses a challenge for the authorities to disrupt terrorism financing in the country.

    COMMENTARY

    TERRORISM FINANCING typically comprises three stages: fund-raising, fund-moving, and fund-using. In the fund-raising stage, terrorist groups have resorted to criminal activities online such as hacking – defined by US cyber security expert Dorothy E. Denning as “activities conducted online and covertly that seek to reveal, manipulate, or otherwise exploit vulnerabilities in computer operating systems and other software” – to finance terrorism.

    Is there a propensity for Indonesian terrorist groups to resort to hacking? How do the terrorists move and use the proceeds from their hacking activities? Events in the past point to signs of a potential capability.

    History of Hacking

    The first successful hacking incident to fund terrorism in Indonesia was reported in 2012, when terrorist group Mujahidin Indonesia Timur (MIT) trainees Rizky Gunawan and Cahya Fitriyanta worked with an extremist hacker, Mawan Kurniawan, to hack a Multi-Level Marketing (MLM) currency trading website by penetrating members’ accounts and selling the members’ “currency” in 2011.

    Of the approximately Rp 6 billion (around US$428,500) proceeds, around Rp 667 million (about US$47,600) was allocated to MIT’s military training, including weapons procurement; a tiny amount of Rp 250,000 (around US$17) was used for the September 2011 suicide bombing of a church in Solo, Central Java.

    Since then, there has been no reported incident of Indonesian terrorist groups committing fund-raising through hacking to finance terrorist operations, although that they may have attempted to do so – successful or otherwise – undetected.

    The Terrorist Hacking Manual

    Each generation of Indonesian extremists has produced a hacking manual – with extremist ideological justification – to fund their operations that cater to their era. A Washington Post article mentioned that Imam Samudra, one of the perpetrators of the 2002 Jemaah Islamiyah (JI) Bali Bombings, devoted a chapter in his infamous 280-page book published in 2004, Aku Melawan Teroris (I Fight the Terrorists), which encouraged readers to commit cybercrime.

    The chapter, titled “Hacking, Why Not”, urged his fellow extremists to conduct “carding” (credit card fraud). The chapter outlined a rudimentary carding manual, by first learning computer programming systems and scanning websites vulnerable to hacking. He advised his followers to find mentors and build networks with potential extremist hackers, listing six chat rooms as sources.

    Manuals on hacking and carding, including those from non-extremist sources, continue to circulate among the extremist community online. The subsequent generation, namely Bahrun Naim, one of the most tech-savvy Indonesian fighters with the Islamic State (IS) who was killed in 2018 in Syria, had written manuals on his websites on the basics of hacking and carding.

    He incorporated those topics in a chapter titled “technology” in his 335-page “manifesto” written in 2016. Some sections in the 96-page chapter on technology provided technical details on hacking and carding, including methods to launder the proceeds using various virtual payments such as PayPal, Western Union, and virtual currency Bitcoin, or cashing them out by purchasing other items online. He specifically provided an example, complete with a picture, on how to hack a PayPal account, one of which was using a scam webpage.  

    Bahrun’s manual on hacking suggested that he himself had attempted to conduct carding and was consulted on the matter. Bahrun Naim’s protégé group in Batam, namely Katibah Gonggong Rebus (KGR) led by Gigih Rahmat Dewa, was instructed in 2016 to learn how to hack a PayPal account. KGR was the group which, in 2015, plotted to launch a rocket targeting Singapore.

    Money Laundering

    Due to the technical expertise required for hacking, a majority of the younger generation of Indonesian extremists may not be savvy enough to do so. Nevertheless, they may aid terrorist groups with fund-moving – laundering the money obtained from the hacking activities, or at least assisting them in transferring funds.

    While Bahrun Naim used to have difficulties finding operatives who had PayPal accounts that enabled him to transfer money, this may not be the case for current and future operations, as increasing numbers of individuals become more familiar with virtual payments such as e-money.

    The last stage of terrorism financing, fund-using from the cybercrime’s proceeds for terrorist operational expenses – i.e. accommodation, transportation, and other logistic items including bomb-making ingredients – can also be performed entirely through virtual payment, without the need to transit the money via a bank account. More e-marketplaces provide options for buyers to make payment via virtual payment providers, rather than the usual bank transfers.

    This poses a great challenge as police, in cooperation with the Indonesian Financial Transaction Reports and Analysis Centre (PPATK), are thus far only able to track transactions when the intended recipient cashes out the virtual money into their own, friends’ or relatives’ bank accounts. This becomes more complicated if the recipients use the funds for their living expenses, rather than for plotting an attack.

    Mitigation Efforts

    To address terrorist fund-raising, authorities should beef up their surveillance of sympathisers and members of terrorist groups who have the technical expertise to conduct hacking, typically those who are trained or work in the field of information technology. 

    Most of the cybercrime perpetrators in Indonesia were graduates in computer science or information and technology. A Preventing Violent Extremism (PVE) initiative in universities that is specifically catered to students of those field may be considered, as groups such as JI have specifically targeted students from these fields for recruitment.

    On the fund-moving and fund-using end, the Indonesian central bank’s policies on licensing virtual payment companies operating in the country and forbidding conventional banks and other non-bank payment companies from processing payments in virtual currencies such as Bitcoin, can further be strengthened.

    This can be done by extending cooperation between law enforcement agencies and virtual payment companies that do not have offices in Indonesia. This could assist the former in detecting, investigating and charging terrorist suspects who have committed cybercrime to finance terrorism.

    About the Author

    V. Arianti is an Associate Research Fellow at the International Centre for Political Violence and Terrorism Research (ICPVTR), a constituent unit in the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore.

    Categories: Commentaries / Country and Region Studies / International Politics and Security / Terrorism Studies / South Asia / Southeast Asia and ASEAN

    Last updated on 15/08/2019

    comments powered by Disqus
    RSIS Commentary is a platform to provide timely and, where appropriate, policy-relevant commentary and analysis of topical and contemporary issues. The authors’ views are their own and do not represent the official position of the S. Rajaratnam School of International Studies (RSIS), NTU. These commentaries may be reproduced with prior permission from RSIS and due credit to the author(s) and RSIS. Please email to Editor RSIS Commentary at [email protected].

    SYNOPSIS

    Indonesian terrorist groups could resort to cybercrime, specifically hacking, to finance terrorism in the future. The encouragement and guidance by each generation of terrorists is coupled with possible money-laundering paths using virtual payments. This poses a challenge for the authorities to disrupt terrorism financing in the country.

    COMMENTARY

    TERRORISM FINANCING typically comprises three stages: fund-raising, fund-moving, and fund-using. In the fund-raising stage, terrorist groups have resorted to criminal activities online such as hacking – defined by US cyber security expert Dorothy E. Denning as “activities conducted online and covertly that seek to reveal, manipulate, or otherwise exploit vulnerabilities in computer operating systems and other software” – to finance terrorism.

    Is there a propensity for Indonesian terrorist groups to resort to hacking? How do the terrorists move and use the proceeds from their hacking activities? Events in the past point to signs of a potential capability.

    History of Hacking

    The first successful hacking incident to fund terrorism in Indonesia was reported in 2012, when terrorist group Mujahidin Indonesia Timur (MIT) trainees Rizky Gunawan and Cahya Fitriyanta worked with an extremist hacker, Mawan Kurniawan, to hack a Multi-Level Marketing (MLM) currency trading website by penetrating members’ accounts and selling the members’ “currency” in 2011.

    Of the approximately Rp 6 billion (around US$428,500) proceeds, around Rp 667 million (about US$47,600) was allocated to MIT’s military training, including weapons procurement; a tiny amount of Rp 250,000 (around US$17) was used for the September 2011 suicide bombing of a church in Solo, Central Java.

    Since then, there has been no reported incident of Indonesian terrorist groups committing fund-raising through hacking to finance terrorist operations, although that they may have attempted to do so – successful or otherwise – undetected.

    The Terrorist Hacking Manual

    Each generation of Indonesian extremists has produced a hacking manual – with extremist ideological justification – to fund their operations that cater to their era. A Washington Post article mentioned that Imam Samudra, one of the perpetrators of the 2002 Jemaah Islamiyah (JI) Bali Bombings, devoted a chapter in his infamous 280-page book published in 2004, Aku Melawan Teroris (I Fight the Terrorists), which encouraged readers to commit cybercrime.

    The chapter, titled “Hacking, Why Not”, urged his fellow extremists to conduct “carding” (credit card fraud). The chapter outlined a rudimentary carding manual, by first learning computer programming systems and scanning websites vulnerable to hacking. He advised his followers to find mentors and build networks with potential extremist hackers, listing six chat rooms as sources.

    Manuals on hacking and carding, including those from non-extremist sources, continue to circulate among the extremist community online. The subsequent generation, namely Bahrun Naim, one of the most tech-savvy Indonesian fighters with the Islamic State (IS) who was killed in 2018 in Syria, had written manuals on his websites on the basics of hacking and carding.

    He incorporated those topics in a chapter titled “technology” in his 335-page “manifesto” written in 2016. Some sections in the 96-page chapter on technology provided technical details on hacking and carding, including methods to launder the proceeds using various virtual payments such as PayPal, Western Union, and virtual currency Bitcoin, or cashing them out by purchasing other items online. He specifically provided an example, complete with a picture, on how to hack a PayPal account, one of which was using a scam webpage.  

    Bahrun’s manual on hacking suggested that he himself had attempted to conduct carding and was consulted on the matter. Bahrun Naim’s protégé group in Batam, namely Katibah Gonggong Rebus (KGR) led by Gigih Rahmat Dewa, was instructed in 2016 to learn how to hack a PayPal account. KGR was the group which, in 2015, plotted to launch a rocket targeting Singapore.

    Money Laundering

    Due to the technical expertise required for hacking, a majority of the younger generation of Indonesian extremists may not be savvy enough to do so. Nevertheless, they may aid terrorist groups with fund-moving – laundering the money obtained from the hacking activities, or at least assisting them in transferring funds.

    While Bahrun Naim used to have difficulties finding operatives who had PayPal accounts that enabled him to transfer money, this may not be the case for current and future operations, as increasing numbers of individuals become more familiar with virtual payments such as e-money.

    The last stage of terrorism financing, fund-using from the cybercrime’s proceeds for terrorist operational expenses – i.e. accommodation, transportation, and other logistic items including bomb-making ingredients – can also be performed entirely through virtual payment, without the need to transit the money via a bank account. More e-marketplaces provide options for buyers to make payment via virtual payment providers, rather than the usual bank transfers.

    This poses a great challenge as police, in cooperation with the Indonesian Financial Transaction Reports and Analysis Centre (PPATK), are thus far only able to track transactions when the intended recipient cashes out the virtual money into their own, friends’ or relatives’ bank accounts. This becomes more complicated if the recipients use the funds for their living expenses, rather than for plotting an attack.

    Mitigation Efforts

    To address terrorist fund-raising, authorities should beef up their surveillance of sympathisers and members of terrorist groups who have the technical expertise to conduct hacking, typically those who are trained or work in the field of information technology. 

    Most of the cybercrime perpetrators in Indonesia were graduates in computer science or information and technology. A Preventing Violent Extremism (PVE) initiative in universities that is specifically catered to students of those field may be considered, as groups such as JI have specifically targeted students from these fields for recruitment.

    On the fund-moving and fund-using end, the Indonesian central bank’s policies on licensing virtual payment companies operating in the country and forbidding conventional banks and other non-bank payment companies from processing payments in virtual currencies such as Bitcoin, can further be strengthened.

    This can be done by extending cooperation between law enforcement agencies and virtual payment companies that do not have offices in Indonesia. This could assist the former in detecting, investigating and charging terrorist suspects who have committed cybercrime to finance terrorism.

    About the Author

    V. Arianti is an Associate Research Fellow at the International Centre for Political Violence and Terrorism Research (ICPVTR), a constituent unit in the S. Rajaratnam School of International Studies (RSIS), Nanyang Technological University (NTU), Singapore.

    Categories: Commentaries / Country and Region Studies / International Politics and Security / Terrorism Studies

    Last updated on 15/08/2019

    Back to top

    Terms of Use | Privacy Statement
    Copyright © S. Rajaratnam School of International Studies. All rights reserved.
    This site uses cookies to offer you a better browsing experience. By continuing, you are agreeing to the use of cookies on your device as described in our privacy policy. Learn more
    OK
    Latest Book
    Cybercrime: Financing Terrorism in Indonesia

    SYNOPSIS

    Indonesian terrorist groups could resort to cybercrime, specifically hacking, to finance ...
    more info