They claim to have 34 people in 10 countries who have hacked the
computer systems of banks they say may be linked to accused
terrorist Osama bin Laden. They also say they've shared information
with the FBI.
But the FBI refuses to comment, the banks have not noted any
disruption of their services, and other hackers say the team is
really just a bunch of self-promoters.
Whether they've done any damage at all — or whether they even
exist — they have touched off a debate online about the propriety of
what the group's leader, Kim Schmitz, says it is trying to do.
YIHAT's Their Name
The group, which calls itself YIHAT, for Young Intelligent
Hackers Against Terror, says that last week a team of U.K.-based
members gained access to accounts at the Sudanese AlShamal Islamic
Bank worth as much as $50 million belonging to bin Laden and the al
Qaeda organization he heads. Schmitz said no harm was done to the
accounts and said the group passed on the information to the FBI.
Tuesday, the group claimed to have hacked the Arab National Bank
in Riyadh, Saudi Arabia, but said that no information on suspected
terrorists had been found. A hacker calling himself Splices told
ABCNEWS.com that he gained access to the bank's records and "had
access to anything we wanted: corporate profiles, stock deals,
financial statements, customer bank accounts."
Splices provided ABCNEWS.com with copies of some of those files,
which appeared to contain financial information associated with
Arabic names, but could not be further verified as belonging to
actual customers or even the bank.
When asked why he targeted the Arab National Bank, Splices
replied, "It has been confirmed that terrorists had done banking
there in the past. We don't just choose targets at random."
Splices would not say whether the names on any of the accounts
appear on the recently released list of 22 terrorists most wanted by
the FBI, but he did say the information he found had been turned
over to U.S. law enforcement.
Neither bank is on a U.S. list of 27 groups whose assets have
been frozen for alleged links to bin Laden.
An FBI spokesman refused to comment on whether it had received
information from YIHAT, but did say the FBI would not condone
efforts to acquire information related to terrorism that fall
outside the law.
Attempts to reach AlShamal Islamic Bank's in Khartoum via phone
and e-mail were unsuccessful. Its Web site contained no information
on any hacks.
A spokesperson for the Arab National Bank said it was unaware of
any computer intrusion.
The founder of YIHAT, Schmitz, is a 27-year-old former hacker
turned high-tech tycoon who lives in Munich, Germany. He said he
started the group as a result of receiving scores of leads from
people around the world who responded to his posting of a $10
million reward for information leading to the capture of Osama bin
He says he intends to pay the reward largely from his personal
fortune that is estimated to be about $200 million.
He also said the loss of two associates who worked in the World
Trade Center affected him personally.
"We wanted to do something," Schmitz said. "The FBI is very busy
working on their own leads. We decided to build a contact network
that will be useful in the fight against terrorism."
The name YIHAT is meant to be a play on the Arabic term
jihad, meaning holy war, Schmitz says. "If they're calling for a
jihad against our modern civilization, then we want to do the same,
to react with a fiber war against this holy war," he said.
The group's Web site, launched Sunday as the first U.S. and
British attacks against Afghanistan were getting under way, can be
found at kill.net, a name Schmitz says was chosen because it is easy
to remember, and because "we are focused on killing the money
sources of terrorist organizations."
Hacker sites on the Web brimmed with admiration and disgust for
the professed hacks.
"This is just a sad attempt to get a bunch of hackers together
and act stupid," one message said.
"I don't like the idea of a millionaire starting his own private
war," said another.
Skepticism was strong enough, in fact, that the kill.net site was
itself hacked Wednesday night by a hacker calling himself "Fluffi
Bunni" who defaced the site by posting a picture of Osama bin Laden
and a doctored version of YIHAT's logo that read "Young Idiotic
HaxOrz and Terrorists."
FBI Warned of Potential Damage
Concerns about the potential damage caused by vigilante hacker
groups has been widespread since the Sept. 11 attacks. The FBI
issued warnings last month about the appearance of such groups,
suggesting there might be "significant collateral damage" if they
attack sites purported to be associated with Islamic or terrorist
groups by causing damage across a server or network.
Commenting on the alleged attack on AlShamal Islamic Bank, David
Endler, practice manager at iDefense, a security intelligence
company said: "What legitimate customers, whose bank accounts were
not related to terrorism, might have been compromised as well? No
Schmitz says that YIHAT has issued a set of rules he says will
prevent the unlawful damage to information. "Our rules are very
clear. We don't want any sort of manipulation of data. We're not
trying to harm."
According to U.S. law, gaining unauthorized access to
computerized financial systems is illegal. Hackers who are caught
can be charged with a felony and, if convicted, sentenced to up to
five years in prison.