Police in the Philippines say they and the FBI have broken up a cybercriminal ring with ties to a multinational Islamic terrorist group, and say there are links between that group and the Mumbai attacks of November 2008.
But closer analysis of the Filipino police claims raises questions about the case.
A press release by the Philippines' Criminal Investigation and Detection Group (CIDG) said four people, including alleged ringleader Paul Michael Kwan, were arrested in metropolitan Manila last week on suspicion of hacking into the private branch exchange (PBX) telephone system of AT&T and other companies, causing $2 million in losses.
FBI spokeswoman Jenny Shearer confirmed to SecurityNewsDaily that the arrests were part of an ongoing investigation, but could not comment further.
PBXs are internal telephone exchanges common in large companies. If a company's office phone numbers all begin with the same three-digit prefix, the company is probably running a PBX. Large companies often pay land-line operators reduced or flat rates for long-distance and international calls.
Outsiders who illegally tapped into PBXs would pay nothing for long-distance calls, and could resell that access at a significant profit. (Steve Jobs and Steve Wozniak made money with similar schemes before they founded Apple.)
The press release said Kwan's group was tied to a Pakistani man named Muhammad Zamir, who was arrested in Italy in 2007 on suspicion of running a similar hacking ring based in that country, and that Kwan was arrested at that time as well.
The Filipino police say Zamir is a member of Jemaah Islamiah, an Indonesian Islamist militant group thought to be behind the Bali nightclub bombings in October 2002, which killed 202 people, most of them Western tourists.
"Kwan and the other hackers in Manila were being used by the Zamir's terrorists group to hack the trunk-line (PBX) of different telecommunication companies including the AT&T (sic)," read the CIDG press release. "Revenues derived from the hacking activities of the Filipino-based hackers were diverted to the account of the terrorists, who paid the Filipino hackers on a commission basis via local banks."
The CIDG press release also cited the FBI as stating that Jemaah Islamiah helped fund the Mumbai terrorist attacks, which killed 164 people. It said the money flowed from a Saudi-based Jemaah Islamiah cell to Kwan's Manila-based group.
However, many of the details in the press release don't add up.
An AT&T spokeswoman denied that the company itself had been hacked into, or that it had lost money, according to a Reuters report.
"AT&T and its network were neither targeted nor breached by the hackers," AT&T spokeswoman Jan Rasmussen told Reuters. "AT&T only assisted law enforcement in the investigation that led to the arrest of a group of hackers."
The case does not seem to be related to a thwarted phishing attack on AT&T Wireless customers earlier this month.
Kwan and Zamir were both indicted in U.S. federal court in June 2009, charged with a very similar scam in which they allegedly tapped into corporate PBX servers and sold access to the networks to a Italian call center that provided cheap international calls.
The June 2009 indictment mentions no ties to international Islamist terrorist organizations, but an Italian-language Reuters story from the same month quoted Italian police as saying Zamir had ties to unnamed Southeast Asian Islamic fundamentalists.
That story mentioned the arrest of Zamir, four other Pakistanis and a Filipino, but did not mention the 2007 arrests cited by the CIDG.
It's also not clear how the alleged phone hacking was linked to the Mumbai terrorist attacks, which were carried out by a Pakistani Islamic militant group called Lashkar e-Taiba, itself thought to be backed by elements of the Pakistani intelligence services.
It may be that the CIDG is confusing Indonesia's Jemaah Islamiah with Pakistan's Jemaat e-Islami, a long-established hard-line Islamist political party.
Nor is it clear what became of the 2009 U.S. indictments of Kwan and Zamir, why Kwan needed to be arrested a second time or whether his arrest was a continuation of the 2009 case.
Despite being a majority-Roman Catholic country, the Philippines has had problems with Islamic terrorism for decades. After the botched February 1993 World Trade Center bombings, which killed six people, two of the attack's planners, both Pakistani in origin, met again in Manila.
From there, the pair plotted to blow up a dozen trans-Pacific airliners in mid-flight — a plot that was allegedly funded by both Al Qaeda leader Osama bin Laden and the then-leader of Indonesia's Jemaah Islamiah.
That plot was thwarted by the 1995 arrest of one plotter. The other plotter, Khalid Sheikh Mohammed, went on to plan and execute the Sept. 11, 2001 terrorist attacks in the United States.
More recently, the Indonesian Jemaah Islamiah has been accused of supporting two Islamic guerrilla groups in the majority-Muslim southern Philippines.