The New Era in Cyber-Enabled Terrorist Financing

In the 19 years since the September 11 attacks, the United States has made major progress in fighting the financing of terrorism. At the same time, terrorists continue to find new methods and avenues to finance their activities and threaten U.S. interests. One important method to which terrorist groups are increasingly turning is fundraising via cryptocurrency and other cyber-enabled means. In a landmark case in August, the Department of Justice (DOJ) announced a series of three forfeiture complaints targeting numerous cryptocurrency accounts linked to terrorist financing. The cases represent a major law enforcement success and are the largest cryptocurrency seizure in a terrorism-related case. Terrorist financing via cryptocurrency is not the leading means for raising and moving this form of illicit cash, but it is a worrying trend that U.S. policymakers will increasingly need to monitor.

Some of the most notorious and threatening modern global terrorist groups have become savvy digital actors, and they are increasingly turning to cryptocurrency to fund their efforts. The three complaints filed by the U.S. Department of Justice relate to fundraising campaigns by the al-Qassam Brigades (the military wing of Hamas), Al-Qaeda and affiliated groups in Syria, and ISIS. Collectively, the three cases provide important details about the evolving nature of terrorist financing.

In the al-Qassam Brigades case, they began the fundraising effort by publicly encouraging donations to a cryptocurrency address publicly listed on their social media accounts and hosted at a virtual currency exchange. They then shifted the publicity effort to several of their official websites where they encouraged donations to an address they controlled directly, before finally moving to using software that generated unique addresses for each donor’s transaction, rather than having them donate to a specific, publicized address. The money raised through these donations was then sent to an unregistered money transmitter to exchange the cryptocurrency donations into fiat currency and gift cards that could be used to support their activities. Notably, law enforcement officials were able to trace the accounts being used to pay for web hosting services for the al-Qassam Brigades websites, take over one of the U.S.-hosted sites, and covertly operate it to redirect and seize additional donations.

In the second DOJ case, targeting Al-Qaeda fundraising activities, Al-Qaeda and a number of affiliated groups used Telegram channels and other social media sites to solicit donations of bitcoin. Similar to the al-Qassam Brigades case, they used software to generate unique addresses for each donation in an attempt to make transactions more difficult to trace. However, they also publicly advertised addresses for donations in several instances, allowing law enforcement officials to trace activity to those and see associated addresses. The bitcoin received via these campaigns was then laundered by routing transactions through a series of clustered wallet addresses in an attempt to disguise the source of funds.

In the final case, law enforcement officials seized a fraudulent site and several social media pages, operated by a money launderer known to be affiliated with ISIS, that claimed to offer large amounts of personal protective equipment (PPE) for sale during the early period of the coronavirus pandemic. The site offered a variety of ways to pay for the fraudulent supplies. While in this case the payment options did not include cryptocurrency, the money launderer managing the site used social media sites extensively, similar to the other two cases.

Broadly speaking, cyber-enabled terrorist financing is a serious concern but its present limitations mean that law enforcement efforts have a decent chance to discover and thwart malign activities. Terrorist groups are increasingly turning to cryptocurrency as a means to finance their activities, but their laundering methods remain less sophisticated than actors like North Korea, who have initiated major hacks and succeeded in laundering far larger amounts of cryptocurrency. In both the al-Qassam Brigades case and the Al-Qaeda case, members of both groups initially solicited donations via bitcoin addresses that they publicly posted on social media and their websites. This made it easy for law enforcement officials to trace donation activity, as the public nature of the bitcoin ledger makes it possible to see the activity to and from the addresses they publicly linked and see other associated addresses. While in both cases the fundraising campaigns did eventually begin using software to generate unique addresses for each donation, these tactics are still limited in use and possible for law enforcement to track with blockchain analysis.

Finally, the ISIS fundraising campaign illustrates how terrorist groups are taking advantage of the COVID-19 pandemic to fundraise. As the Treasury Department’s Financial Crimes Enforcement Network highlighted in a July advisory, a wide range of illicit actors are taking advantage of both the major increase in online activity and demand for critical, scarce products like PPE to commit fraud and engage in other illicit financial activity. The pandemic has created an environment ripe for terrorists and other illicit actors, and financial institutions and law enforcement officials will need to be especially vigilant as large amounts of financial activity continues to occur online.

While the illicit fundraising in these cases was nowhere near as elaborate as actors like North Korea, terrorist groups also require far less funding to enable their activities. Members of Congress have rightly asked for more information about terrorist and other illicit financial activity via cryptocurrency, and about whether additional legislative efforts may be necessary. There are some areas where the United States can improve the regulatory framework. One key improvement would be lowering the threshold for retaining and transmitting information about the parties involved in a transaction, known as the “travel” rule. The current rule only applies to transmittals of $3,000 or more, well above the $1,000 threshold recommended by the Financial Action Task Force (FATF), a global standard setting body for anti-money laundering and countering the financing of terrorism, and which both FATF and the U.S. Department of the Treasury have highlighted as a regulatory gap. Given the often smaller value donations and amounts associated with terrorist financing, this is a key gap to close, especially with cryptocurrency transactions. Additionally, the increasing fusion of terrorist financing and communication efforts, highlights the needs for collaboration among social media companies, cryptocurrency exchanges, and other money services businesses to share information across industries. While social media companies share some information on terrorist activity on their platforms with each other, and financial institutions have mechanisms to share information on illicit activity with each other and the government, information-sharing across industries is limited. Improving the mechanisms and authorities to share information across the various platforms used for terrorist financing will be key as this fundraising activity increasingly occurs online. As terrorist financing tactics continue to evolve, law enforcement officials, financial institutions, virtual asset service providers, and social media companies will need new tools and greater collaboration to continue to thwart this activity.