Investigating Cryptocurrencies and Terrorist Financing

Last summer, the Justice Department dismantled financing campaigns in the government's largest-ever seizure of cryptocurrency in a terrorism context, seizing millions of dollars. The financing schemes involved some of the world's most notorious terrorist groups, namely, the al-Qassam Brigades, Hamas' military wing, al-Qaeda, and the Islamic State of Iraq and the Levant (ISIS). In one of the campaigns, an ISIS agent used a scam website selling Covid-19 masks to acquire cryptocurrency. 

While Bitcoin and other cryptocurrencies have been making headlines with either hefty rises or drops in valuation, the technology has become a popular tool in the arsenal of terrorists, money launderers, and other criminals to send and receive money anonymously.

Skopenow spoke to Brenna Smith, an open source researcher specializing in the illicit use of cryptocurrencies, about how terrorists use the technology and possible ways of investigating them. Smith has worked at the Human Rights Center at Berkeley Law while attending the University of California, Berkeley, and has been a guest trainer and researcher with Bellingcat, where she wrote a weekly newsletter on cryptocurrencies. She is currently an investigations intern at USA Today and is joining the New York Times' visual investigations team later this year.

Cash is still king  

Smith says terrorists have gotten significantly better at using crypto. "They've gotten a lot better at trying their best to anonymize transactions, funneling money and using mixers and changing to different types of currencies," she says, adding that governments have also increased their efforts in pursuing these illicit uses of cryptocurrencies. "Federal intelligence firms are keeping track of this, and I don't think people give enough credit to how good those investigators are."

At the same time, even government agencies can face obstacles in their investigations of terrorist financing campaigns when entities outside of U.S. jurisdiction organize them. "When a U.S. person donates to a terrorist organization, they can clamp down on that, but it's really hard to do it on an international scale," she says. "Both the people investigating the terrorists and the terrorists themselves have improved over the years, which results in almost a net-zero effect." 

While the anonymity of cryptocurrencies makes them an attractive vehicle, Smith believes they won't become the primary source of funding for terrorists any time soon. "I do think that it will become a useful tool in their arsenal for money laundering or just getting international donations in general," she adds. According to a 2020 report by the Society for Worldwide Interbank Financial Telecommunication and BAE Systems, most money is still laundered using cash although there has been a noticeable increase in cryptocurrencies.

Investigating crypto

"Terrorists and white supremacists need donations from their supporters. So they'll publicly solicit crypto addresses," Smith says. But outside of that, it is often tough to know who is on the other side of a cryptocurrency address. Government agencies have the option to subpoena information about a user from cryptocurrency exchanges, but journalists and other non-government investigators don't have the option to do that, she says. 

Nevertheless, when terrorists are soliciting the addresses themselves, this step isn't necessary, she says. "You don't need that as an open-source investigator if you're able to see that: Oh, Hamas is soliciting this address, or you know, the Daily Stormer is soliciting this address," she says. "That is why I spend so much time looking into bad actors like terrorists and white supremacists who are actively soliciting donations from their supporters because it is very hard beyond that to figure out who is behind the transaction." 

More recently, terrorists have started trying to work around that. For example, Hamas generated unique Bitcoin addresses on its website, meaning every time the website is visited, a new "fresh" Bitcoin address is created that doesn't show any transactions yet. "Unless a transaction has occurred on the blockchain, you can't trace it," says Smith. "Because the address isn't necessarily logged on the blockchain yet, you're not able to easily see what wallet it's in or anything like that because there's no way to connect it yet to the larger ecosystem of that network." 

Law enforcement can still figure out ways to get around measures like Hamas', for example, by donating a tiny amount. Still, for journalists and other researchers, that method would most likely be illegal, she says.

Traceability

Despite the technology’s focus on anonymity and privacy, one large advantage of Bitcoin and other cryptocurrencies is their traceability. “Cryptocurrency, despite the purported anonymity it grants criminals, provides law enforcement with an exceptional tracing tool: the blockchain,” two assistant U.S. State Attorneys write in the Department Of Justice Journal Of Federal Law And Practice.

Most cryptocurrency is based on a blockchain, which is essentially a public digital ledger of transactions. “The blockchain is completely transparent and you're able to see all the sending and receiving addresses and the amounts that are sent there,” Smith says. “You won't always know who's behind those addresses, but there is a great transparency there allowing you to have a great starting point for your investigation.”

To dig deeper into crypto transactions, Smith recommends the tool Blockchair, which allows you to search different blockchains and cryptocurrencies for specific parameters such as a specific day or amount. Other tools such as Wallet Explorer can help researchers understand where and to which cryptocurrency exchanges money is moving, while Orbit can help visualize transaction flows, she says.

In the end, tools can only get you so far, and trying to figure out who is behind an address relies on more classic OSINT skills, she says. “You're scouring social media or Telegram or different forums, trying to see who was advertising or claiming an address.”