The security services are running 23 ongoing investigations into the exploitation of gambling websites to finance terrorism.
The revelation shows the online gaming industry is still vulnerable, and a prime target for criminals and terrorists, even after being at the centre of the conviction of the man described as the "godfather of cyber-terrorism for al-Qaida" and two of his associates back in 2007.
The three men convicted, for inciting people to commit murder through their extremist websites - Tariq al-Daour, Waseem Mughal and Younes Tsouli - used Windows-based Trojans to steal information such as credit card numbers, and then laundered them using the gambling sites. Between them they received sentences totalling 38 years (extended from an original 24 by the Court of Appeal).
The convictions were highly publicised, but what was revealed at the 'Combatting Cybercrime in Betting and Gaming 2010 Conference' in London last week was the scale of ongoing investigations into terrorism financing, and that al-Daour had been accessing 17 gaming sites while in Belmarsh prison.
It also came to light that on an unnamed credit card company's database, all three men came up as clients, along with 17 others whose date of birth, nationality and first name matched the convicted three. Together they still had 190 pre-paid credit cards still in circulation, with balances of £10,000 on each card.
Robert Mitchell, director of World Check, gave out the information while warning the audience that the current investigations involved transnational groups mainly across Denmark, Sweden, the Baltic regions, Vietnam and China.
“Those are the particular areas of risk,” he said. “This is huge business.”
World-Check is a private intelligence company which works with 49 of the world's top 50 banks and 200 enforcement and regulatory agencies, sharing its database of known 'heightened-risk individuals and businesses'.
Mitchell added that the FBI and SOCA (the UK's Serious Organised Crime Agency) do “good” presentations on the three terrorists' work and money laundering operation. (Al -Daour was caught making a website in his cell at Belmarsh urging terror attacks. When he refused to hand over his laptop a riot ensued as prison officers clashed with a group of al-Qaeda sympathisers. He got an extra ten years inside.)
All told, investigators said al-Daour and his compatriots made more than $3.5m in fraudulent charges using credit card accounts stolen via online phishing scams and the distribution of Trojans. The group conducted 350 transactions at 43 different online gambling sites, using more than 130 compromised credit cards. ®