Back to publications

Terrorist Financing and Virtual Currencies: Different Sides of the Same Bitcoin?

01 Nov 2018


Virtual currencies (VCs), including cryptocurrencies such as Bitcoin, have gained considerable popularity over the past several years. Although VCs have many potential uses in everyday life, they often carry an association with illicit transactions such as purchasing illegal drugs on Dark Web marketplaces or in ransomware attacks such as WannaCry, which affected companies and government agencies including the British National Health Service in 2017. Whether this reputation is justified is difficult to ascertain objectively, as it has proven difficult to accurately measure the degree to which VCs are used for criminal activities. For example, some studies indicate that less than 1% of Bitcoins entering exchanges to be converted to currencies like US dollars and Euros are from illicit sources, while other studies argue that around 25% of all Bitcoin users are associated with illegal activity. Regardless of the proportion of illicit transactions, it is clear that VCs are being used in innovative ways by criminal organisations (although these organizations still prefer cash, which remains fully anonymous). This use by criminal organisations has spurred on considerable speculation whether VCs are also being used by terrorist organisations. Allegations range from attributing the hike in value of VCs in late 2017 to terrorists’ use of VC, to claims that Bitcoin was used in connection to the 2015 Paris attacks. However, there seems to be a lack of analysis of the actual and potential danger emanating from terrorist organisations using VCs. This ICCT Perspective analyses this threat in light of the Centre’s work on the crime-terror-nexus. It finds that many of the claims are currently unfounded, but that there are various factors that may contribute to terrorist groups’ use of VCs in the future. Instead of overregulating VCs, the authors recommend a measured approach, which also appreciates the financial intelligence gathering powers that VCs can provide.

What are terrorists currently using VCs for?

Specific evidence of terrorist groups using VCs is scarce. The existing evidence predominately relates to crowd-sourcing and fundraising activities among those sympathetic to terrorist ideologies and is primarily anecdotal in nature. The most concrete example is provided by a former CIA analyst, who described how the propaganda arm of a number of designated terrorist groups in Gaza called for Bitcoin donations as part of its regular funding drive on Twitter. In another instance, the Washington Post reported that someone claiming to be representing Islamic State (IS) posted a Bitcoin appeal for funding on the Dark Web, following the publication of an instruction manual for using Bitcoins by a convicted IS sympathiser. Several other websites and individuals have called for VC donations, purportedly to be used by and channelled to terrorist organisations, although these appeals could also simply be scams. In the US, one woman has been charged with crimes relating to her laundering money and transferring VCs to IS in Syria. Some unconfirmed reports allege that VCs were used to partially fund attacks in Paris and Brussels, by acquiring weapons and pre-paid cards through VC payments. In Indonesia authorities have warned that Bitcoin (as well as PayPal) has been used by Islamic groups from the Middle East to fund terrorist activities on Indonesian soil. Europol, both in official documentation and in talks with the authors noted that there are currently only a limited number of confirmed uses of VCs by designated terrorist groups. Chainalysis, a company investigating VC transactions, also confirms this.[1] The European Commission suggested that “it seems like virtual money is used by terrorist organisations in order to conceal financial transactions, in which they can be used in a more autonomous fashion”. Other than these actions mostly by sympathisers and followers – rather than central leadership of terrorist organisations – and warnings by authorities and experts alike, the threat of terrorist organisations using VCs has to date not materialised on a significant scale, especially not compared to the much more widely publicized innovative use of VCs by organised criminal groups.

Key difference between criminal and terrorist organisations

The most important difference in this regard between criminal and terrorist organisations is the fact that the latter’s primary aim does not revolve around monetary gains. Especially low-complexity terrorist attacks can be carried out at minimal costs, with weapons of choice such as (rented) trucks and kitchen knives; items that are easy, cheap and legal to come by. Whether it is sympathisers and lone actors carrying out such attacks, or individuals being directed by terrorist organisations, there is often simply no need for large transfers of (illicit virtual) money to fulfil their primary aim. Terrorist organisations of course do require money to sustain themselves. These groups, however, have more “legitimate” alternatives than relying on transferring money through anonymous virtual networks. IS - once the world’s richest terrorist group – used taxes and control over natural resources to fund its activities, and controlled currency-exchange offices to convert US dollars as well as Syrian and Iraqi dinars into its own currency. This is in addition to various other means of gaining cash, such as extortion, robberies (e.g. from the Mosul central bank) and receiving money from abroad, often in the form of cash brought in by foreign fighters and their families. Unlicensed money-transfer businesses and the Hawala system are other means popular with terrorist groups for moving money. Hawala is an informal, trust-based person-to-person transfer system that exists outside the traditional banking and regulatory systems. Al-Qaeda was famous for moving “much of its money by hawala” before the 9/11 attacks, Hawala-like systems were also used by IS and al-Nusra front in Iraq & Syria, and extensively by al-Shabaab in Somalia. A further – and related – difference between criminal and terrorist organisations is the availability of technical infrastructure. To be sure, terrorist organisations are by no means averse to technological innovation, but the lack of reliable technical infrastructure may hinder their uptake of the possibilities offered by VCs. Criminal organisations operating in the developed world benefit from an advanced digital infrastructure such as reliable and fast internet access through fibre optic cables. In contrast, organisations such as Al-Shabaab in Somalia, Boko Haram in Nigeria, or Al-Qaeda in Yemen must operate in areas with incomplete and unreliable electricity, let alone internet coverage, which could make dealing in VCs less attractive when alternatives like the Hawala system exist. But perhaps more important is the network of vendors that accepts VCs. Criminal organisations can easily use VCs to buy and sell digital goods and services involved in cybercrime such as stolen credit card data and ransomware from other tech-savvy criminals who can reuse the VCs online. Terrorist organisations on the other hand are (currently) less interested in digital goods and more interested in physical goods such as food, fuel, and ammunition, for which there is a much smaller vendor network willing to accept VCs.

Future risks and challenges

It is likely that in the coming decade, VCs will become easier to use and that a growing number of people will accept payment in them. While the UK Treasury maintains that “Terrorist use of digital currencies is assessed to be unlikely to increase significantly in the next five years”, the mainstreaming of VCs may increase the likelihood of VCs being used in terrorist financing. As one law enforcement officer working on cybercrime put it: “So far, terrorist organisations have been using tech such as Telegram, TOR, and VPNs much more than Bitcoin. But when VCs are mainstreamed and dummified we will see more terrorist use. Any good technology is eventually used by criminal and terrorist organisations”.[2] There are various ways in which VCs may be used by terrorist groups. Organisations may use the Dark Web for obtaining weapons, including traditional firearms, explosives, chemical or biological toxins, paying for these with VCs. VCs could also facilitate other illicit income activities by terrorist groups; there has been for instance an uptick in VC demands during kidnapping for ransom, with kidnaping for ransom being a popular source of income also for terrorist organisations. Similarly, if terrorist organisations move toward more digital attacks or cyberterrorism, VCs may become more useful to these organizations as they allow for the purchase of “digital weapons” such as malware. Obviously, VCs are not crucial to any of these activities, but they could make these transactions easier than traditional card payments or bank transfers. An additional aspect that may speed up terrorist groups’ adoption of VCs is the convergence of terrorist and criminal organisations. Terrorist groups have long used organised criminal means, such as tobacco smuggling, to fund their activities and there are numerous examples of cooperation between the two types of groups. These range from ETA’s relationship with Columbian drug cartels and facilitation of cocaine smuggling in Europe, to the Continuity IRA’s cooperation with Eastern European human traffickers and Hezbollah’s cooperation with Mexican drug lords. More recently, there has been an increased emphasis on the so-called crime-terror nexus, for example through the movement of individuals with criminal pasts into terrorist networks. At least two-thirds of individuals with an operational connection to IS who carried out attacks in Europe and America in the past few years had a criminal past. There is evidence that the criminal “skills” such as access to forged documents and weapons are readily used in their new extremist environments. Given these developments, it may just be a matter of time until the VC tools and tactics used by criminal syndicates are exported to terrorist groups; or that cooperation and transactions between terrorist and organised criminals could involve VCs.

Technical and regulatory developments

It is important to note that not all VCs are alike and that the technology behind encryption and decryption is also rapidly evolving in a constant arms race. For example, Bitcoin is usually pseudonymous, not anonymous as is often assumed, meaning that interactions can be tracked and – when interaction between virtual and fiat currency occurs – often traced to physical individuals. For law enforcement agents this means that smuggling funds in Bitcoin is more difficult to detect, but once it has been detected, it is sometimes easier to trace because it is recorded on a public blockchain. Other VCs, like Monero and private transactions with Zcash are practically anonymous today – although that could change in the future depending on new decryption and tracing methods. An example of the ongoing technical arms race between law enforcement and those wishing for more anonymity is the creation of cryptocurrency mixing services which were developed to “mix” potentially identifiable cryptocurrency funds with other funds to make transactions harder to trace. These mixing services have developed because bitcoin is not properly anonymous. In turn, law enforcement agencies are now working on ways to de-anonymize these services. With the dawn of VC mainstreaming in sight, the regulatory framework for anti-money laundering and counter-terrorist financing (AML-CTF) has started to kick in. The traditional financial services and banking sector is bound by compliance programmes such as due diligence and Know-Your-Customer regulations. While they shied away from VC’s as part of de-risking practices until a few years ago, financial institutions are now entering the VC domain. Other VC service providers such as companies offering digital wallets and VC exchange platforms have also increasingly become subject to AML-CTF regulations: in May this year, the EU adopted a measure requiring its member states to regulate VC exchanges and custodians operating in Europe. In the US, companies selling VCs have been fined for failure to protect their products from being used for terrorism financing.

What’s next?

While terrorist organisations are not using VCs on any significant scale at the moment, the potential for such use exists. As policymakers adapt regulatory frameworks for preventing VC-use for organised crime, and as AML-CTF frameworks are expanded, it is important to keep this possibility in mind. Such moves are welcome as they are preventative in nature, rather than reactionary. However, before over-regulating, it is also crucial to better understand the threat that VCs may or may not pose in terms of terrorist financing, and to keep in mind the opportunities that a lightly-regulated system provides in terms of intelligence gathering, detecting and tracing terrorist activity, especially as Bitcoin transactions have already allowed law enforcement agencies to trace illicit financial flows they otherwise would not have been able to.[3] Here, cooperation between regulatory bodies including the Financial Action Task Force, law enforcement agencies and the private sector including both traditional financial services industries and VC companies is crucial.

[1] Interview with Oisin Conolly, technical lead at Chainalysis, April 2018

[2] Interview with Europol officer, The Hague, March 2018.

[3] Interview with Europol officer, The Hague, March 2018; and Interview with Oisin Conolly, technical lead at Chainalysis, April 2018