Terrorist financing in the new era: what are risks and the responses on the use of virtual currencies by terrorist actors?
In May 2018, a study exploring the terrorist financing (TF) risks of virtual currencies (VCs), including cryptocurrencies such as the most famous Bitcoin, was commissioned by the European Parliament’s Policy Department for Citizens’ Rights and Constitutional Affairs at the request of the Special Committee on Terrorism (TERR). The study seeks to describe the features of VCs that actually present TF risks, and to review the open source literature on terrorist use of virtual currencies in order to understand the current state and possible future manifestation of the risk. Being supported by a review of the current regulatory and law enforcement implemented by the European Union (EU), it also provides a clear assessment on the effectiveness of measures taken to date. Finally, it provides recommendations for EU policymakers and other relevant stakeholders for ensuring the TF risks of VCs are adequately mitigated. By following the same path marked out by Policy Department for Citizens’ Rights and Constitutional Affairs, the present article will seek to disclose the most important results reported by the study and to offer more insights thanks to an interview released by Marco Conoscenti, PhD candidate at the Nexa Center for Internet & Society of the Polytechnic University of Turin.
What are virtual currencies?
Virtual currencies are innovative new technologies that enable digital transactions and the delivery of financial products and services in new online networks, environments and marketplaces.
The Bitcoin Blockchain ecosystem for instance is quite a “complex system due to its dual aims”: the first is that anyone should be able to write to the Bitcoin Blockchain, while the second one concerns the lack of “any centralised power or control”. The Bitcoin Blockchain ecosystem acts ultimately like a network of replicated databases, each containing the same list of past bitcoin transactions. Important members of the network are called validators or nodes. Their role is to pass around transaction data, namely payments, and shared block data that are contained in the main ledger. Each validator independently checks the payment and block data that are passed around.
The complexity of Bitcoin’s systems has been built against its primary aims that are decentalisation and anonymity. Bitcoin belongs indeed to the public blockchains, where anyone, “without permission granted by another authority, can write […] and read data”. This has certainly influenced the development of bitcoin which is now considered an “anyone-can-write blockchain”.
As for distribution of data in a network, peer to peer is the main way. In peer-to-peer models, each peer has 100% of the data and updates are shared around. All peers are independent from one another and this makes the peer-to-peer networks more robust as there is no central server that can be controlled.
Nonetheless, as participants are not vetted and can add to the ledger without any need for approval, defence mechanisms are necessary in order to counter attacks and misbehaviour.
Malicious attacker can affect the network in many ways, for example by:
Refusing to relay valid transactions to other nodes;
Attempting to create blocks that include or exclude specific transactions of his choosing;
Attempting to create a ‘longer chain’ of blocks that make previously accepted blocks become ‘orphans’ and not part of the main chain.
However, it is certain that an attacker can’t:
Steal bitcoins from other accounts;
Make payments on behalf of other accounts.
To which extent are VCs involved in terrorist activities?
Although well-documented, the use of VCs in cybercrime and in money laundering only features in a small number of confirmed cases of TF. However, instead of wondering why terrorists don’t use VCs as much as other illicit actors, special attention should be given to the different kinds of terrorist actors that generally include:
lone wolves, inspired or possibly connected to a central terrorist group;
small-cells and facilitation networks, which may be either inspired or connected to, a main group;
control organisations without a base (e.g. Al-Qaeda);
territory controlling group (e.g. ISIS).
As for methods of TF, these usually include:
funds raising, e.g. through donations or criminal activity;
funds transfer, e.g. by transferring funds through banks or by carrying cash;
funds storage, e.g. by maintaining reserves of cash that can be spent on attacks, military operations or other activities on a later stage.
Taking into accounts these peculiarities, rather than considering the use of VCs in the broader context of terrorist activities “as a uniform block”, it seems important to focus on how terrorist actors may seek to exploit VCs for specific different purposes. With regard to lone wolves and small cells, deadly recent attacks in Europe have been essentially inexpensive. For example, in the 2016 Bastille Day attack in Nice, France, the attacker only required sufficient funds to hire a truck. That is why VCs may not offer any substantial advantages to lone wolves and small cells that can just use conventional methods, such as cash or credit cards, to fund their attacks.
However, lone actors and small cells operating online may take advantage of VCs on an occasional basis. For instance, in June 2015, a Virginia teenager, Ali Shukri Amin, was convicted in the US of providing material support to ISIS over social media. “Amin admitted to using Twitter to advise others on how Bitcoin could be used to mask the provision of funds in support of ISIS”.
When it comes to funding the ongoing operations of larger groups, such as al-Qaeda and ISIS, VCs are unlikely to be necessary or useful as ISIS’s financing of its activities in Syria and Iraq mainly draw from the following sources: (1) illicit proceeds from occupation of territory; (2) kidnapping for ransom; (3) fundraising; (4) donations including by or through non-profit organisations; (5) material support associated with foreign terrorist fighters. Terrorist groups may therefore resort to VCs for occasional and ad hoc international peer-to-peer transfers among members of a group as a method of moving funds or to raise funds online through social campaigns. Terrorist crowdfunding efforts may be used for a wide variety of purposes, such as procuring weapons, facilitating travel, paying for propaganda campaigns or procuring everyday supplies and services.
TF risk feature of VCs
“There are no simple ways to control the illicit use of cryptocurrencies”. As remarked by Marco Conoscenti, “neither software developers, nor users, nor any institution have control on the use of cryptocurrencies that people do […]. Such lack of control in cryptocurrencies is an explicit design choice, as users of cryptocurrency believe that this provides freedom and prevents censorship”. As mentioned in the first paragraph, Bitcoin essential features are decentalisation and anonymity. Extremist actors may thus find this kind of VCs particularly useful for their select purposes. The following paragraph will focus on those risk features, including the cross-border transfer and portability of Bitcoin.
Anonymity: Instead of labeling Bitcoin as ‘anonymous’ and ‘untraceable’, it would be more appropriate to describe it as ‘pseudonymous’. Bitcoin users are indeed associated with an alphanumeric address linked to their Bitcoin wallet. This means that although the user’s actual identity is not visible on the blockchain, information about their transactions – such as dates, values, and the Bitcoin addresses of counterparties – are all recorded publicly. Moreover, because all transactions in the blockchain are recorded chronologically, it is possible to derive a reliable picture of the movement of Bitcoin. It follows that “where an individual or entity is known to be the owner of a public Bitcoin address, substantial amounts of information can be gleaned about their activity conducted within the network”. However, how anonymity can be guaranteed “is currently an open research question”. As emphasised by Marco Conoscenti, “some cryptocurrencies, like Bitcoin, only guarantee pseudonimity, and it is still possible to link users pseudonymous identity to their real life identity”.
Recent years have seen substantial innovation in the use of new privacy-focused alt-coins that feature greater anonymity than Bitcoin. As they operate using open-source, the same set of identifying details as explained above are not visible. Some of them are Monero, created in 2014, Dash, also created in 2014 and Zcash, released in 2016. The utility of privacy-focused cryptocurrencies has become apparent to several terrorist actors. For example, far-right extremists are expanding their use of Monero to overcome Bitcoin’s traceability features. Just on 1st April 2018, al-Sadaqah solicited donations via Twitter, calling on followers to ‘support the Mujihideen in Syria with your wealth 100% anonymous and completely untraceable’.
Decentralisation: Access to cryptocurrencies cannot be restricted. As stated by Marco Conoscenti, “there is no single point of control over the cryptocurrency system: the creation of currency is done by cryptographic algorithms and the correct functioning of the system is guaranteed by the effort of all the system users themselves”. Thus, there is no single, central authority that can prevent an individual from accessing the Bitcoin network. Cryptocurrencies can enable “digital marketplaces where users can exchange all types of goods and services, without the fear of being censored, having their accounts frozen or interfered with in any way”. This open, resilient, “censorship resistant” feature is a Bitcoin’s unique innovation that obviously appeals those actors who seek uninhibited access to methods for raising or moving funds. However, cryptocurrency networks are populated by centralised intermediaries: indeed, two users can trade Bitcoin peer-to-peer relatively simply, moving between the Bitcoin network to other cryptocurrencies but they often need a thirdparty assistance. Especially beginners require a simple manner to exchange their fiat currency for cryptocurrency. “Cryptocurrency exchanges fill this void. Large exchanges such as Binance, Bitstamp, Bitfinex, Coinbase and Kraken facilitate large volumes of Bitcoin trading and provide users with custodial wallets”. This centralised aspect of an otherwise decentralised ecosystem creates natural “chokepoints” for regulation and oversight.
Cross-border transfer and portability: Last but not least, cross-border transfer is yet another essential feature of VCs that may attract terrorist actors and enable them to transfer value internationally while avoiding regulated intermediaries. Cryptocurrencies thus provide a relatively effective means for transferring value peer-to-peer across borders. This feature is especially attractive to criminals, such as ransomware attackers, who receive payments from victims located anywhere in the world. A small number of anecdotal cases suggest terrorist actors may be attempting to exploit this feature to move funds. For example, in early 2017, “Indonesia’s financial intelligence unit (FIU) reported that Bahrun Naim, a jihadist who planned 2016 attacks in Jakarta, used PayPal and Bitcoin to transfer funds from the Middle East to support Indonesia-based terror cells across Java”. VCs have also proved to be readily and easily portable, overcoming the limitations of carrying physical cash. One can carry cryptocurrencies across borders simply by carrying a paper or hardware wallet, or keeping a software wallet application on a phone, tablet or other portable device. Pre-paid cryptocurrency cards can serve a similar function, as they can be loaded with the underlying online cryptocurrency wallet and carried from place to place. So far, cryptcurrency debit cards have been mostly used by general criminal organisations but it is likely that “terrorist actors will eventually use them too”. It follows that the use of VCs to facilitate international transfers between terrorist actors could accelerate “under the right conditions”.
EU’s VC regulatory framework
The EU Member States bring VC exchange platforms and custodial wallet providers within the scope of their anti-money laundering regulation. Despite the lack of full implementation of the Fifth Anti-Money Laundering Directive (AMLD5) by Member States, this provision marks an important step in bringing transparency to VC networks across the EU and is consistent with guidance issued by the Financial Action Task Force (FATF). However, in order to ensure its effectiveness, Member States should clarify the scope and purpose of regulation once they are transposed and undertake meaningful enforcement. Because VCs are a new and constantly evolving technology, it is essential that during the AMLD5 transposition period Member States clarify the intent of their national regulations and ensure that it is clear to the private sector exactly who will be covered (e.g. Bitcoin, Bitcoin ATMs, pre-paid cryptocurrency cards and so on). In addition, the EU should play a leadership role in advocating for a coordinated anti-money laundering/terrorism financing global regulatory framework towards VCs, building on efforts it has undertaken at the G20. The EU-wide VC sector can indeed play a role by forming “credible self-regulatory bodies to help the sector build resiliency against a range of illicit threats, including TF”.
When fully implemented, AMLD5 will bring much-needed transparency to the VC sector across the EU. It will ensure that custodial wallet providers and those VC users engaged in exchanges between fiat currency and VCs will:
apply enhanced due diligence to high risk customers;
file suspicious transaction reports (STRs) where they suspect illicit activity.
EU law enforcement agencies (LEAs) have already demonstrated significant progress in tackling illicit activity involving VCs and disrupting related criminal activity. As the main EU’s law enforcement agency, Europol has been “the focal point for information gathering and intelligence analysis on criminal activity involving VCs across Europe, and has supported related law enforcement action across the EU”. In particular, Europol’s European Cybercrime Centre (EC3) has been central to this mission since its establishment in 2013. “EC3 provides strategic direction to Europe’s counter-cybercrime efforts, supports counter-cybercrime operations across the EU, generates intelligence and develops digital forensic capabilities”. EC3 also conducts research into what it is referred to as ‘cross-cutting enablers of cybercrime’, such as cryptocurrencies. Along with the development of these products, Europol has developed a practical set of capabilities to enhance support for Member States in investigations involving VCs.
In addition to Europol’s ongoing work, the EU has sponsored other efforts to mitigate the risks of criminal and terrorist use of VCs. For example, in May 2017, “a consortium of research institutes and LEAs from seven EU countries formed the TITANIUM project with European funds. TITANIUM aims ‘to curtail criminals and attackers from using blockchain technology to avoid law detection, while at the same time respecting the privacy rights of legitimate users.’ The project seeks to develop open-source tools to enable the detection of money laundering typologies and other criminal use of VCs, and to train law enforcement in the use of these tools. This includes facilitating ‘cross-ledger analysis’, or the development of tools for analysing information from alt-coin blockchains”. Another EU-funded project is the project on Detecting and analysing terrorist-related online contents and financing activities (DANTE). As the name suggests, its purpose is to detect terrorist online fundraising activities as well as terrorist activity on the dark web. It is also closely coordinated with the PROTON project, which seeks to better understand organised criminal and terrorist recruitment behaviour and their intersection with cybercrime.
As mentioned above, there is still work to do with regard to the effective implementation of AMLD5 in order to build the EU’s VC regulatory framework.
In this regard, the study commissioned by the European Parliament has stressed the importance to comply with a set of key recommendation for stakeholders across the EU that are as follows:
The EU should convene an expert working group to assess whether further measures may be required to supplement AMLD5.
This should include exploring how future regulatory regimes can respond to the emergence of increasingly complex P2P, decentralised financial products and ecosystems.
The EU should consider regulating the exchange of VCs for other VCs, as the current scope of AMLD5 covers only the exchange of VCs for fiat currency – a factor which may limit AMLD5’s ability to address the full range of risks.
In addition, despite the efforts of Europol, VCs demand that LEAs develop new skills and acquire new resources. “Important technical and skills gaps remain across the EU” and in order to fill these the “EU should prioritise formal, strategic and sustained law enforcement training to enhance the capacity of LEA’s for investigating illicit activity involving VCs; Member States should ensure LEAs are appropriately staffed with dedicated technical experts and that they are able to access to essential resources, such as forensic tools for analysis of illicit activity on cryptocurrency blockchains; a priority for the EU should be to develop a comprehensive intelligence framework for
assessing VCs’ use across a range of risks, including TF, cybercrime and other illicit finance activity; to this end, Member States should develop interagency VC intelligence task forces staffed with dedicated experts focused on developing a coherent local picture of VC risks”.
For further information:
Angela S.M. Irwin, George Milad, The use of crypto-currencies in funding violent jihad,
Emerald Group Publishing Limited, Journal of Money Laundering Control, Vol. 19 Issue (2016)
Antony Lewis, A Gentle Introduction To Blockchain Technology, BraveNewCoin, September 2015
European Parliament, Virtual Currencies and terrorist financing: assessing the risks and evaluating responses, May 2018
Zachary K. Goldman, Ellie Maruyama, Elizabeth Rosenberg, Edoardo Saravalle, and Julia Solomon-Strauss, Terrorist use of virtual currencies – Containing the potential threat, CNAS, May 2017
Allerin, Blockchain and its link to terrorism < https://allerin.com/blog/blockchain-and-its-link-to-terrorism >