Discussion of malicious cyber activity has mainly focused on criminal activity and countries’ intelligence efforts. Entities other than national governments – particularly terrorist groups – seem to be making their way, if slowly, into the cyber realm through hacking and leaking techniques, and commandeering social media sites. Beyond savvy messaging, terrorist groups remain relatively unsophisticated in disruptive technical attacks. However, terrorist activity is expanding into the virtual arena. The Cipher Brief’s Levi Maxey spoke with Yaya Fanusie, the director of analysis for the Foundation for Defense of Democracies’ Center on Sanctions and Illicit Finance, and a former CIA counterterrorism analyst, about the potential adaption in terrorist financing to using the anonymity of such cryptocurrencies as bitcoin.
The Cipher Brief: Is there significant evidence of terrorist groups turning to virtual currencies for funding? Why do you think that is?
Yaya Fanusie: No, not if by significant you mean signs that multiple terrorist organizations are using virtual currencies as a consistent way to receive or transfer funds. What we can infer from the few data points in the public domain is that, among jihadist groups, some group members or sympathizers with strong technical backgrounds are experimenting with bitcoin transactions. Last year, we investigated a terrorist funding campaign where a group in the Gaza Strip sought bitcoin donations to raise thousands of dollars per fighter. However, the campaign only received a few hundred dollars total, according to analysis of the bitcoin address.
Indonesian authorities earlier this year reported that a Syria-based Indonesian with the Islamic State sent funds to Indonesia for attacks. However, they also said he used PayPal. This person was a former computer science student, so it’s not surprising that he would leverage financial technology.
These are examples of terrorists using virtual currencies, but probably are not indicative of a major push. Right now, virtual currencies are harder to acquire and spend than, say, prepaid cards, or the most anonymous way to fund terrorism – cash. And most terrorists operate in a world where fiat, or government-backed, currency is needed for their expenditures, so a virtual currency where one has to figure out how to cash out without tipping off authorities only complicates a funding scheme.
Bitcoin activity can be tracked because the currency has a public distributed ledger that logs all transactions. So, even if someone is operating seemingly anonymously, transactions analysis might help investigators uncover their identity.
Any terrorist organization seeking to exploit virtual currencies as a major part of its financing would need a high level of technical sophistication to not only use cryptocurrency tools in the first place, but to do so with confidence that their transactions would not lead to their discovery and disruption. This would be risky and it appears that most members of terrorist groups do not currently fit this profile.
TCB: Do you see groups turning to virtual currencies more in the future? Would this be in the form of taking donations or would they turn to cybercrime, such as ransomware, for revenue?
Fanusie: Well, I think you’re onto something by bringing up cybercrime. The threat for terrorists to use virtual currencies might arise in a situation where the worlds of terrorism and cybercrime converge.
Using virtual currencies for donations probably would not make sense from a terrorist’s perspective. Soliciting donations usually means making overtures to a broad, unidentified audience. There’s the risk of the solicitor bringing unwanted attention to their activities. But there’s also the risk to the donor. By sending bitcoin or similar currencies to a terrorist organization, you’d establish a verifiable link between yourself and the group.
Cybercriminals currently use virtual currencies because they’re useful for the cyber realm they exploit. With computer science expertise, cybercriminals build complex methods and schemes to steal in a digital environment. Virtual currencies are the “internet money” of that world. But you probably will not see a shift of terrorist groups towards funding techniques like ransomware attacks unless you see cybercriminals joining or sympathizing with terrorists’ causes. Hypothetical scenarios could be imagined where this could become the case, but typically, motivations between terrorists and cybercriminals are not aligned.
What law enforcement and intelligence officials should be watching out for is terrorist technical adaptation and any converging motivations and allegiances with cybercriminals.
Also, one should consider that young adults are more inclined to use new financing and payment methods, compared to older demographics. Any shifts in use of virtual currencies by terrorist groups probably would come from the influence of younger people in those groups.
TCB: Part of what appears to be inhibiting terrorist groups from turning to virtual currencies is that they often need to convert it back into physical currencies to make purchases and pay salaries. Do you see this changing with terrorist groups ordering equipment online through dark web marketplaces?
Fanusie: The dark web as a resource for various illicit actors is expanding and unfortunately, it probably does provide opportunities for terrorists who may seek purchases in onesies and twosies as opposed to large-scale transactions. Dark web marketplaces often accept a variety of virtual currencies, so most buyers know a bit about transacting in cryptocurrency and possibly also how to use mixers and other anonymizing tools.
But again, a shift would have to happen where terrorists become more cyber-minded and technically oriented for this to be a major way of securing equipment. The terrorist bitcoin fundraising campaign I mentioned earlier was pegging much of its funding solicitation to weapons acquisition. If terrorist groups did successfully raise significant virtual currency donations, purchasing on the dark web might be a logical next step, but such fundraising appears to have been minimal.
TCB: Would this be a major development in how terrorist groups inspire and support lone wolf attacks? Why?
Fanusie: If we did see more terrorist interest in using virtual currency for the dark web, I’m not sure this would create any major developments. For example, in 2014, a Virginia teenager who was an Islamic State supporter posted a white paper he wrote encouraging others to fund IS through bitcoin payments. So, this idea of using virtual currencies as a way to support terrorism has been out there for a few years, without it seeming to play a significant role in inspiring others. And one should also consider that in the case where a lone wolf is already involved in criminal circles, he or she may have relatively easy access to black market weapons in person.
If so-called lone wolf terrorists are adapting in any way, it has been in finding ways to commit atrocities without guns or bombs. Al-Qaeda and IS have already encouraged supporters in the U.S. and Europe to leverage everyday resources like knives and vehicles for attacks. Purchasing weapons on the web would be riskier.
TCB: How could officials concerned with counterterrorism financing disrupt terrorist use of virtual currencies in the future? Could this have a detrimental impact on the growth of virtual currency use for legitimate reasons?
Fanusie: It’s pretty clear. Recruit and retain technically-savvy people to work in counterterrorism (CT), especially people with computer science backgrounds who either already understand virtual currencies or would be quick learners to help agencies adapt in this quickly evolving space.
I wouldn’t frame it as disrupting terrorist use of virtual currencies, but rather that counterterrorism folks need to get be as agile as the terrorists who are experimenting with whatever methods will get them results. Terrorists will not use virtual currencies if they find that intelligence agencies and law enforcement are effective at catching them by it.
For the counterterrorism experts who currently do not have a technical background, all is not lost. I never studied computer science, but as a former CT analyst, I’ve always been intrigued by the thrill of investigative work. This space is stimulating from an analytic perspective. I think if CTers start learning just the basics about how virtual currencies are used and how the blockchain can be analyzed, it will add to their ability to identify how terrorists might innovate. The key to good counterterrorism work is staying ahead of the terrorist curve.
The approaches I’ve described for the CT community shouldn’t negatively impact the licit use of virtual currencies. And even in the midst of the WannaCry ransomware attack and the occasional media story about the illicit use of cryptocurrencies, there appears to be growing legitimate business and public interest in the technology. In fact, legitimate interest does not seem to be ramping down at all.