Cigarette Smuggling and Cyber Security: Low-Tech Crimes Fund High-Tech Threats

By Bruce Levinson

You may not connect the cheap cigarettes sold under the counter (or out of a trunk, bodega or by a street vendor) with the mysterious charges on your credit card that you don't remember making or the cash that has, somehow, just disappeared from your bank account. You also may not connect that website selling cheap cigarettes made in second and third world countries with Shellshock or whatever the fashionably scary cyber-threat of the day is when you're reading this. But the Russian mafia and other Transnational Criminal Organizations and Foreign Terrorist Organizations understand the connections quite well. Criminals around the world know that tobacco trafficking is a lucrative, low risk way of raising cash that can be used to fund narcotics deals, arms smuggling, human trafficking and, more recently, the theft of credit card and banking data.

Stated simply, the same organizations which smuggle cigarettes also commit sophisticated cybercrimes ranging from identity theft to terrorism. Although hacking lore is filled with stories of kids who break into computer networks, major cybercrimes are committed by sophisticated criminals who often enjoy tacit or direct government support.

Federal law enforcement officials have long recognized that cigarette smuggling is used by various global crime organizations as a "starter" crime to raise seed money for other illicit activities. A decade ago the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) explained that "Russian, Armenian, Ukrainian, Chinese, Taiwanese, and Middle Eastern (mainly Pakistani, Lebanese, and Syrian) organized crime groups are highly involved in the trafficking of contraband and counterfeit cigarettes and counterfeit tax stamps for profit."

The ATF further explained that "the funds received from the trafficking of illicit cigarettes, terrorist groups can purchase more arms, ammunition and explosives and use them against the United States and its interests, putting U.S. citizens at risk, as well as providing for a climate of fear around the world. Law enforcement intelligence, as well as credible open source information points to a definite benefit to terrorist groups from the illicit sale of tobacco."

More recently, these tobacco trafficking organizations have expanded into cybercrimes. North Korea is one example of a state actor which 1) engages in the extensive counterfeiting and smuggling of cigarettes, and 2) poses a serious terrorist threat to America's electrical grid. The Department of Energy-sponsored study which discusses the North Korean threat also cites China, the world's largest producer of counterfeit cigarettes, as another actor posing a terrorist cyber-threat to the grid.

It's not just groups known for their use modern technology that travel the cyber-road from tobacco trafficking to terrorism. For example, the group currently calling itself Islamic State not only smuggles cigarettes, they also received assistance from one of the world's most notorious tobacco traffickers, and now pose a cyber-threat to US security. USCYBERCOM Commander Admiral Michael Rogers recently stated that the "U.S. needs to be prepared for digital attacks" from IS and other terrorist groups.

Cigarette smuggling has long been perceived by the public as a low priority concern and this has translated into cigarette smuggling being a relatively low priority for federal law enforcement authorities. This needs to change. Just as it's now recognized that cybercrimes cause physical harms, so too it should to be recognized that superficially low-level crimes are funding high-tech threats. Thus, counter-smuggling enforcement actions should be integrated into the Comprehensive National Cybersecurity Initiative and eligible for receiving CNCI funds as it makes no sense to target a terrorist group's cyber activities while ignoring the physical crimes that finance them.

By Bruce Levinson, SVP, Regulatory Intervention - Center for Regulatory Effectiveness

Related topics: Cyberattack, Cybercrime, Cybersecurity, Law, Policy & Regulation

Comments