UPDATE 2014-10-16: turns out one of the stories mentioned in Aldrich’s book is a hoax. Thanks to Nick R for pointing me to this comment left at Bruce Schneier’s blog. I removed the story from the below post and apologize for spreading false information.
I’m reading Richard J. Aldrich’s book GCHQ – The Uncensored Story of Britains Most Secret Intelligence Agency (2010). Earlier I quoted a few of Aldrich’s paragraphs that discuss TEMPEST in the 1960s. I’m currently reading Chapter 24 (“The New Age of Ubiquitous Computing”) and think the following two examples by Aldrich of criminal use of computers in the 1990s are interesting to share here.
Aldrich’s first example is of a drug cartel using an IBM AS400 mainframe to analyze phone records to discover informants:
In the autumn of 1994, elite counter-drugs forces were searching a compound in an affluent neighbourhood of the Colombian city of Cali, home to some of the world’s major cocaine cartels. This time, instead of finding drugs, they uncovered a large computer centre, with six technicians slaving over an IBM AS400 mainframe around the clock. The presumption was that this had something to do with major underworld financial transactions, so the computer was dismantled and taken to the United States for analysis. In fact, the drug cartel had loaded all the office and home telephone numbers of US diplomats and counter-narcotics agents based in Colombia. They had then added the entire regional telephone log containing the call history of the last two years, purchased illegally from the commercial telephone company in Cali. This was being systematically analysed, using ‘data-mining’ software of the kind now commonly used by intelligence agencies, to identify all the people who had been calling the counter-narcotics officers on a regular basis. The drug barons were engaged in sophisticated sigint to uncover informants in their ranks. Chillingly, a dozen had already been assassinated, and this was the machine that had uncovered them. [Footnote 2: P. Kaihla, ‘The Technology Secrets of Cocaine Inc.’, Business2.com, July 2002]
Second and last, Aldrich cites cyber attacks on banks in the City of London by blackmailers:
In 1995 GCHQ also found itself investigating cyber attacks on banks in the City of London. Working with the Department of Trade and Industry and the Bank of England, it began to probe crimes which the banks were extremely anxious to hide. Outwardly, they claimed to be secure, but in fact they had paid out millions of pounds to blackmailers who had gained entry to their systems and threatened to wipe their computer databases. GCHQ was hampered by limited cooperation from the banks, which were reluctant to admit the extent to which they had been damaged, for fear of undermining the confidence of investors. Nevertheless, GCHQ was able to identify forty-six attacks that had taken place over a period of two years, including attacks on three British banks and one American investment house. One of the questions GCHQ was asking was how the blackmailers had gained access to ‘hacking’ technologies that had been developed by military scientists. [Footnote 4: Insight Teilm, ‘Secret DTI Inquiry Into Cyber Terror’, Sunday Times, 09.06.96.]