Who Commits Fraud: Toerags or Terrorists?

The people who fight fraud in the communications sector offer two distinct narratives. One says that telecoms fraud is a multi-billion dollar industry, exploited by terrorists and sophisticated gangsters who work across borders. The other says telecoms fraud is committed by low-grade criminals using petty schemes that may net them a few million dollars before they are caught. For simplicity, let us refer to these two depictions of crime as the terrorist narrative, and the toerag narrative, where toerag is English slang for a lowly criminal, stemming from the 19th century practice of convicts tying pieces of torn clothing around their feet for want of proper socks.

The real world is obviously more complicated, but the simple divergence between the terrorist narrative and the toerag narrative is found repeatedly in the messages presented to the public. This was confirmed again at last week’s RAG meeting in London. One speaker presented a slide where the fraudster was represented by the photograph of a shadowy figure carrying an assault rifle. Another participant observed that the terrorist narrative is not believed by British police officers. The police experience of telecoms fraud is better characterized by the toerag gang who made a few million by persuading students to use their real names to order fancy handsets that were then resold. It is wrong to lie and to set up a fake business, and there is no sympathy for tricksters who buy themselves fast cars and fancy apartments. However, there is a moral gulf between the selfish con artist and the terrorist. One is a cost to society, whilst the other poses a threat to human lives.

The RAG meeting mulled the ‘chicken and egg’ conundrum that the police will not undertake the investigative work necessary to link frauds to terrorists because there have not been prior cases where telecoms frauds have been proven to raise money for terrorists. The telco industry may complain that law enforcement agencies should do more, but I sympathize with the police. Why do telco professionals state there is a link between fraud and terrorism if they cannot show evidence to support it? If proven, the link between fraud and terror would be used to lobby the government to do more to tackle telecoms fraud. If not proven, then anyone claiming the link invites skepticism. Real fraud managers often identify toerag fraudsters, but never share stories about finding terrorists. We work in a discipline that is prone to exaggeration. It is understandable that any budget holder – whether a CEO or a senior police officer – will be wary of throwing money at a problem where the scale of the issue is not well supported by objective evidence and data.

On the other hand, police officers are not always so careful to distinguish the toerags from more serious gangsters. Earlier this year an operation by Police Scotland and various telcos resulted in the conviction of Gavin Gray for enabling encrypted television broadcasts to be seen by people who were not paying subscribers. Gray was a technologically capable toerag, and he was sentenced to 300 hours of community service. That is not the kind of punishment given to somebody who is a genuine threat to the public. But that did not discourage Chief Inspector Mark Leonard from making the following claim in the official Police Scotland statement about Gray’s case:

It’s obviously very tempting for people to think they are getting a bargain but it’s important to remember that there are organised criminals behind these fraudulent schemes, often supporting and funding other more serious crime, such as human trafficking and drugs, so people need to be aware of that.

If Gray was involved in human trafficking and the supply of drugs then he should have been given a more appropriate sentence. Police Scotland described Gray’s case as “the first conviction of its type in Scotland”. If Gray’s wrongdoing was the first proven case of its type, what justifies the assertion that cases like these are linked to much more damaging crimes?

Telecoms fraud has been going on for a long time, and so has the piracy of copyrighted audio-visual content like music albums and films. Improved technology is leading to a convergence of the two; people will not buy a pirated DVD if they can stream many films for free. The continued willingness of the police to link intellectual property fraud to serious crimes, whilst denying any link between the same serious criminals and the perpetration of more traditional telephony frauds, reflects a historical bias. The film industry persuaded others, including law enforcement agents, to make generalizations because some film piracy was persuasively linked to the financing of terrorism in a relatively small number of historical cases. As a result, the film industry could then spread videos that stated “piracy funds terrorism” even though this claim was based on examples that were increasingly out of date. For example, it was estimated that terrorists in Northern Ireland made several millions of pounds from pirated CDs, DVDs and video games. Obviously the extent of that link between piracy and violence diminished as the Irish terrorists laid down their weapons.

There is an historical, though limited connection between the piracy of audio-visual content and terrorism. This link is still being used to fuel public concern through alarmingly-titled reports like “IP Piracy & Developing Nations: A Recipe for Terrorism Funding” as published by the internet journal of Rutgers School of Law. This report is then jumped upon by other copyright advocates, like the Copyright Officer of Nova Southeastern University who warned his readers that:

The next time you think about using BitTorrent to get an illegal copy of a movie, you might want to think twice about who is behind it, how they are profiting, and where that money is going.

This begs the question of how much thought the author had put into his own words. The report that he drew upon gave several examples of terrorists profiting from the piracy of DVDs, but not a single example of them being associated with pirate torrents.

There is a kind of elastic thinking which allows any connection between intellectual property fraud and serious crime to be used to justify a horror story where all intellectual property fraud is supposedly funding terrorism. In contrast, we find nobody but telcos are willing to claim that telephony fraud is linked to terrorism. In terms of motive and methods, this distinction no longer makes any sense. If a terrorist is willing to make money from the violation of copyright, surely the terrorist would be willing to make money from telephony fraud too. If the terrorist has the capability to engage in crimes which require a degree of technological skill and abuse of communications networks, why would they draw a line between the crimes that cause losses for filmmakers and IP lawyers, and the similar crimes that cause losses for telcos but not for filmmakers and IP lawyers? Why would terrorists be interested in the distribution of cheap Chinese Kodi boxes but not the distribution of cheap Chinese simboxes? And what kind of organized criminal is happy to hack your laptop or your set-top box but refuses to hack your phone?

The narratives of the toerags and the terrorists are informative because we know much more about the former than the latter, but when one leap of imagination can be justified, it can also become permanent. Toerags are engaged in making money by pirating DVDs, and stealing SIM cards, and working around encryption, and phishing for passwords, and all sorts of other crimes too. Most conspiracies are modest, though some achieve a greater scale. If nobody had ever done the research necessary to link a specific kind of crime to some of Northern Ireland’s terrorist factions that would not mean that those terrorists never committed the crime.

Having done some work that links terror to fraud, the specific lesson that was learned has since been repeated and generalized to such an extent that it has become the stuff of legend. The original kernel of truth remains unknown to most of the people repeating the slogans and the scare stories extrapolated from that kernel. Meanwhile, nobody is doing the work necessary to create a second kernel, by linking telephony fraud to terror. Unless they do, we will never learn a second lesson, even when this requires us to believe in schizophrenic terrorists who refuse to steal from the telephony revenues of telcos, but do steal from the media revenues of the same business.

Terrorists want money just like toerags do. And if toerags can steal billions more from telephony fraud than from streaming piracy, then the terrorists will follow the lead of the toerags. Put simply, the global film industry is small compared to the global telecoms industry. Phones are everywhere; if people can use them to steal, then they will use them to steal. The way the criminal profits will be spent is irrelevant, and terrorists are unlikely to be choosy. That we have two distinct narratives about toerags and terrorists is proof of how little we really know. If we knew the full story, there would only be one story, with no room for gaps between the toerags and terrorists, because we would have the complete inventory of every scumbag and subversive with the skill to use electronic networks to steal.

Eric Priezkalns
Eric Priezkalns
Eric is the Editor of Commsrisk. Look here for more about the history of Commsrisk and the role played by Eric.

Eric is also the Director of the Risk & Assurance Group (RAG), a global association of professionals working in risk management and business assurance for communications providers.

Previously Eric was Director of Risk Management for Qatar Telecom and he has worked with Cable & Wireless, T‑Mobile, Sky, Worldcom and other telcos. He was lead author of Revenue Assurance: Expert Opinions for Communications Providers, published by CRC Press. He is a qualified chartered accountant, with degrees in information systems, and in mathematics and philosophy.