Recent reports emerging from India indicate that the Delhi Police Special Cell have discovered a terrorist financing module using Cryptocurrencies linked to Al-Qassam brigades which is the military wing of the terrorist group HAMAS. Notwithstanding the fact that terrorist financing through Cryptocurrencies is not something new that has been documented since 2016, this is possibly the first instance where an Indian connection has emerged in financing a foreign terrorist group through Cryptocurrencies. This news is bound to set the cat among the pigeons. Interestingly, this latest terrorist financing scheme through Cryptocurrencies albeit, similar to earlier known instances, yet stands out for its improvisation and evolved as a multi layered network to avoid tracking.
Terrorists use of Cryptocurrencies for financing their activity has evolved over the years. This article sets out to unravel these layers of terrorist financing through crypto currencies, comparing the past instances and how it has evolved over these years. These past and present evolutions may possibly be captured in four stages which appear to be in direct response to the counter measures, in conjunction with birth of new technology.
The infancy stage
In 2018, researchers from The International Institute of Counter Terrorism published a report entitled Jihadists Use of Virtual Currency, which claimed that the first known terrorist financing campaign through Bitcoin was initiated in 2012, suspected to be linked to the Islamic State support network. This financing campaign was launched through a website which was accessible only through dark web. According to this report, this particular Bitcoin account had received 5 Bitcoins. Similar reports indicate that the Islamic State has been soliciting funding through Bitcoin after the Paris attacks in 2015. However, there was no direct evidence to suggest that they were linked to the Islamic State. These were some of the instances which were suspected to be linked to terrorist groups. Things changed in 2016 and terrorist financing through Cryptocurrencies became a reality.
The first known Cryptocurrency funding campaign directly linking a terrorist group, was documented in 2016 by Yaya Fanusie, Center for Sanctions and Illicit Finance, who was formerly with the CIA. The report revealed that, The Ibn Taymiyya Media Center (ITMC) which is linked to designated terrorist groups in Gaza was openly soliciting funds to finance their terrorist activity. This campaign was named as Jahezona campaign (Equip Us). This online campaign which was launched in July 2015 solicited funds and went on to add Bitcoin payment mechanism in June 2016. According to Yaya Fanusie, this Bitcoin account had received around 0.929 Bitcoins from two transactions valued at USD 540. Though this campaign was up and running till 2017, it could manage only USD 2500.
Perhaps the most concrete evidence to establish a direct link was discovered in 2017, when a group known as Al Sadaqah which claims to be a non profitable organization supporting rebel factions in Syria started soliciting funds through Bitcoin. The funding campaign called Ribaat Project stated “Supporting the Mujahideen in Syria With Weapons, Financial Aid and Other Projects Assisting the Jihad”(sic) and stating “Donate Safely and Securely with Bitcoin”. This account showed 8 transactions and had a balance of 0.08945 Bitcoins.
In this phase, the amount of funds which these groups have managed to raise through Cryptocurrency does not appear to be alarming. One possible reason could be that the Bitcoin addresses which were displayed for soliciting donations were static, i.e., the deposits into and withdrawals from that address could be easily tracked as the transactions in these Bitcoin addresses were openly viewable. Learning from these flaws, other prominent players threw in their hat and experimented to overcome the above lacunae in the next stage.
The Defensive Stage
As the Bitcoin addresses were traceable, some of the groups fearing exposure went on the defensive and provided the Cryptocurrency address details only after the prospective donors contacted the facilitator directly through social media accounts. This way, the groups were able to maintain secrecy on the recipient account. This has been brought meticulously out by Brenna Smith, in her report entitled The Evolution of Bitcoin in Terrorist Financing where she has captured how the Bitcoin funding mechanisms have evolved over a period of time.
Smith’s report reveals that in 2018, Al Malhama Tactical, a mercenary training group linked to anti-Assad rebel groups. solicited donations through Bitcoins. While they initiallysought donations andpublished its Bitcoin address, but later removed the Bitcoin address, possibly fearing exposure. Al Malhama Tactical ran a fresh donor campaign asking potential donors to contact directly for details. According to Benjamin Strick, a researcher who specializes in open source intelligence,this Bitcoin address which was originally published had a balance of USD 46.88 with only 3 transactions at the time of removal of Bitcoin address (See Image 1)
In 2019, a Telegram account Tawheed & Jihad Media ostensibly linked to Al Qaeda in Syria, solicited donations through Bitcoin. This campaign called for donations stating “Fund Raising Campaign – Finance Bullets and Rockets for the Mujahideen” and provided a Telegram account to contact for further information seeking donations through diversified forums such as Bitcoin, Western Union & PayPal (See Image 2).
Many may not be aware of the fact that these campaigns were not lucrative and created further vulnerabilities for both the donors and their terrorist facilitators as intelligence officials operating undercover posed as potential donors to identify the facilitators as per a 2020 report entitled Global Disruption of Three Terror Finance Cyber Enabled Campaigns published by United States Department of Justice. In response, bigger groups with expertise and infrastructure started exploiting Cryptocurrencies to finance their activities by adding another layer to the financing network. And one among them was Al Qassam Brigades linked to HAMAS.
The improvisation stage
According to the United States Department of Justice,, Al Qassam Brigades which is the military arm of terrorist group HAMAS, started a fund raising campaign soliciting donations through Bitcoin published in its social media page which was later moved to its websites as well. Interestingly, the Bitcoin address which was published in the poster were tracked and all the Bitcoin addresses linked were identified and monitored by the US government the same year.
In response, Al Qassam Brigades improvised and created a more dynamic campaign and moved it to its website without revealing the Bitcoin address.The prospective donors were asked to click on a link which generated a new Bitcoin address every time a donor clicked thus making it impossible for the agencies to track the entire transactions. If one were to look at each of the Bitcoin addresses churned for every click, the account will remain empty as it will be visible only to the individual who has clicked the link. This way Al Qassam Brigades improvised and made it virtually impossible to identify and track its donations.
While some of the websites which were up since 2017, linked to Al Qassam Brigades have been taken down, few of them still operate. One such website ostensibly linked to Al Qassam Brigades has sought donations through Bitcoin stating “You can now directly communicate your financial support to the resistance in Bitcoin through wallet address that will appear to you after verification“. This message is accompanied by a 2.10 minute video which guides the prospective donors on how to go about funding through Bitcoin (See Image 3).
The Indian Link
Against the above backdrop, the Indian connection to the Al Qassam Brigades Cryptocurrency campaign appears to be have added further layer to avoid exposure. In the Indian case, hackers linked to Al Qassam Brigades have stolen the Cryptocurrencies which were stored in a Cryptocurrency wallet of the victim. Instead of donors contributing willfully, hackers have exploited the vulnerability of Cryptocurrencies and siphoned off the funds which is akin to online banditry. For varied reasons, this episode stands out as unique which is bound to keep our security planners interested.
Firstly, this case throws up a legal challenge for the investigating agencies to prosecute individuals directly linked to the campaign. This episode has added another layer to their financing campaign, Earlier instances consisted of only one stage where the donors contributed through Cryptocurrencies using the link provided by Al Qassam Brigades. Interestingly, in this case, another stage or layer has been added. A two layered process where the first part is hacking and stealing the Cryptocurrencies and second level is routing the stolen funds into their central collection account. By hacking into the Cryptocurrency account of an innocent victim, the Al Qassam Brigades has effectively stopped the tracing process in the first stage itself wherein the innocent victim alone is known to the law enforcement agencies and the possible facilitators and end user may not be discovered at all.
Additionally compared with earlier instances, where donors consent was required to contribute, this episode does not carry any such stipulations as the funds have been stolen without the contributors consent. In this way, the criminal culpability of individual contributors cannot be established in India and ends at the innocent victims doorsteps.
Secondly, the hacking indicates the possible involvement of hackers outside the terrorist groups. This in turn may reinforce the theory of nexus between criminals and terrorist groups for raising finances. Nexus of criminals with terrorists will possibly mitigate the risks or vulnerabilities which the terrorist group may face if they are directly involved. On the flip side, this is going to throw up a challenge for the terrorist groups themselves as involvement of outsiders may expose their network. However, financing through Cryptocurrency using hackers may relatively cut down the risk of exposure, as the investigators may hit a dead end at the initial stage itself .
Thirdly, financing through Cryptocurrencies acts as a force multiplier compared to other means of terrorist financing. A traditional terrorist financial network contains 3 distinct stages i.e., raising funds, moving funds across financial jurisdictions and storage of those funds for end use. Conventionally, groups raise funds through various sources such as drugs, donations and abuse of charities, These funds are moved either through formal systems such as banks and informal systems such as Hawala. These funds are parked either in formal systems and informal mechanisms such as currency, precious gems etc. till they are deployed for organizational and operational uses. However, with Cryptocurrencies, both the movement and storage mechanisms are under one mode. Now if one adds to it the hacking process, source of funds is also taken care of, brining all three stages under one mode.
Lastly, rapid appreciation in value of crypto currencies such as Bitcoin is also one of the drivers. In the instant Indian case, it is believed that Cryptocurrencies worth Rs 4.5 crores (USD 575000 approx) were siphoned off and deposited in Crypto wallets. This high value associated with Cryptocurrencies presents the terrorist groups with an attractive proposition factoring, the risk against rewards ratio.
Given the above, it is only natural that terrorist groups gravitate towards financing their activity using Cryptocurrencies. Interestingly not all groups have been observed to take to financing through Cryptocurrencies. Only groups which espouse extremist Islamic ideology have taken to financing through Cryptocurrencies. Religious extremistssuch as Syrian groups linked to Al Qaeda, the Islamic State and HAMAS have resorted to financing through Cryptocurrencies while the other groups espousing leftwing ideology and secessionism have not been observed to finance abuse Cryptocurrencies. This brings us to the million dollar question as to why only Islamist groups have resorted to financing or seeking donations through Cryptocurrencies which is germane for us to understand this phenomenon.
One possible explanation could be that Islamic groups such as the Islamic State, HAMAS and Syrian groups have a wide support base scattered across the globe among the Muslim Ummah. Presence ofthis Islamic diaspora across various countries which aresympathetic to theIslamic Ummah cause is one of the drivers for these groups to exploit Cryptocurrencies. This creates an imperative for terrorist groups to deploy a robust and safe movement mechanism to transfer funds across financial jurisdictions without being monitored. Cryptocurrencies provides them with an ideal mechanism which provides both the prospective donors and the terrorist groups with utmost discreetness.
Additionally, Syrian groups linked to Al Qaeda, Islamic State came into existence concomitantly with the birth of technology aided funding mechanisms and various Cryptocurrency platforms. This indicates that only those groups with ability and necessary infrastructure were able to abuse Cryptocurrency for financing terrorism. Both the Islamic State and Al Qaeda linked groups attracted foreign fighters and sympathisers from various countries. Most of these fighters and sympathisers were educated and technically proficient breaking the stereotypes where other groups from the other end of the ideological spectrum, attracted less erudite crowd into their ranks. This literate crowd in rank and file of these groups, was possibly another reason as to why both the Islamic State and Al Qaeda linked groups were able to exploit Cryptocurrencies to finance their activities. On the other hand, HAMAS appears to have learned from its younger peers, adding Cryptocurrencies to their financing repertoire.
The Way Forward
With the advent of social media and technology aided online payment platforms, terrorist groups have resorted to exploiting these mechanisms for financing their illegal activity. It was only a matter time before terrorists groups exploited Cryptocurrencies which they have done so in the recent past. Cryptocurrencies which had emerged as a possible terrorist financing mechanism in 2015, has now become a an evolving threat. Given the very nature of Cryptocurrencies being informal and decentralised, these evolutions act as additional layers of protection and pose a serious terrorist financing risk. Terrorist groups are fast learners and adaptive. Learning from their past mistakes and from their peers, they have always kept these groups one step ahead of the sentinels. As these groups improvise and evolve in their Cryptocurrency financing mechanisms, interdicting them will become more and more difficult. A January 2022 report entitled The Threat of Terrorist and Violent Extremist – Operated Website, published by Tech against Terrorism states, “Some T/VEOWs utilise the mechanisms underpinning cryptocurrency, which can make disrupting their online revenue streams more difficult” (T/VEOWs – Terrorist/Violent Extremist Online Websites).
Globally, governments have either tried to regulate or ban trading or investing in Cryptocurrencies. Financial Action Task Force (FATF) has attempted to regulate the players in the Cryptocurrency segment, who are called Virtual Asset Service Providers (VASP). The Financial Action Task Force issued a set of standards, which are popularly known as “Travel Rule”. Under this, Cryptocurrency operators are required to retain the same customer data as banks and money services businesses for certain transactions above a certain threshold. According to Rob Garver, a journalist, there are atleast 30000 registered or licensed VASPs globally and only a few have been compliant with the FATF Travel Rules. On the other hand, outright suppression of crypto currencies have also been seen. China has recently cracked down on crypto currencies and exchanges, banning any activity in crypto currencies.
Again in the Indian context, terrorist financing through Cryptocurrencies is not only a threat to the national security, it poses a greater threat to the economic security as well. Investing and trading in Cryptocurrencies is bound to create a parallel and an informal financial system similar to Hawala, which directly challenges and dilutes the value of the Indian Currency. There were reports that the Indian government was also planning to come down heavily on Cryptocurrencies. Opinions are spilt, on whether India can actually clamp down on Cryptocurrencies fully. One section are of the opinion the Cryptocurrencies should be banned while the other holds an opinion that it needs to be regulated. Banning Cryptocurrencies alone may not be sufficient, as countries such as India lack necessary expertise to monitor violations thereon.
The Indian government in its annual budget in Feb 2022, has stated that Cryptocurrencies (ostensibly referring to privately run Cryptocurrencies) will be taxed at 30 per cent. At the same time, the government also has proposed to release it own digital currency. There appears to be lot of ambiguity surrounding these measures which has only muddied the waters more. Looking at these, one gets a feeling that a comprehensive understanding on the part of the Indian government is necessary either to ban or even regulate Cryptocurrency, and even if there is an understanding, can the government regulate given the informal nature of the Cryptocurrencies ? Till such an understanding and ability to monitor Cryptocurrencies is in place, efforts to counter Cryptocurrencies in India, will be not bear fruit.
*About the author: Dr V. Balasubramaniyan is an independent researcher based in India specializing in Terrorism Financing and Money Laundering. He is also the co-author of the book “Terror Funds in India : Money Behind Mayhem” (Lancer, 2017) and author of untitled upcoming books on Terrorism Financing in India, Islamic State in South India.