Hi everyone! My name is Giovanni and today
we are going to take a deep dive into the
darkest corners of the blockchain. As with
all innovative technologies, cryptocurrencies
have the potential to change the world for
the better, but at the same time they can
be used to facilitate criminal enterprises,
such as money laundering schemes, drug trafficking
and even terrorism.
Terrorist groups have been interested in crypto
because it enables almost instant transfers
of money across borders without the oversight
of a central authority. Since terrorists are
locked out of the traditional financial system,
they have been testing Bitcoin as an alternative
way to fund their activities.
But how successful were these attempts? Are
cryptocurrencies really a sustainable source
of funding for terrorists? And what can the
crypto industry and law enforcement agencies
do about it? Let’s have a look at some concrete
scenarios.
One of the earliest documented cases dates
back to 2016, when a pro-Islamic State organization
called Ibn Taymiyyah Media Center started
asking for donations in Bitcoin on social
media. The goal of the fundraising campaign
was to raise $2,500 dollars for each of their fighters.
Unfortunately for the terrorists, they made
a big mistake.
Contrary to what they might have thought,
Bitcoin is not fully anonymous. Every transaction
leaves a trace on the blockchain, and by publishing
their Bitcoin address on social media, the
terrorists made it easy for investigators
to trace funds moving in and out from that
address. Which is probably why within two
years the fundraising campaign reportedly
collected only $2,500 dollars in total.
As pointed out by RAND, a US think tank focused
on national security, there are three aspects
to take into account when talking about terrorism
financing: receipt, management and spending.
So far, crypto gives a real advantage only
for the first; terrorists can receive an unlimited
amount of money from everywhere in the world
by accepting Bitcoin. However, once they’ve
received their Bitcoin, they are likely to
have a hard time managing and spending those
funds anonymously.
I mean, you can’t exactly buy a missile
with Bitcoin yet, so in order to purchase
weapons and other equipment terrorists need
to cash out.
This means they need to rely on some sort
of centralized infrastructures such as cryptocurrency
exchanges, many of which scrutinize their
users and can shut down suspicious accounts.
But how exactly is it possible to track terrorism-related
funds on the blockchain? To answer this question,
we reached out to Itsik Levy, CEO at Whitestream,
an intelligence company based in Israel, specialized
in extracting information from the blockchain
traffic.
Itsik, earlier this year you traced some Bitcoin
donations to ISIS, which were likely used
to fund a terror attack in Sri Lanka. How
did you manage to find out about these funds?
What were the techniques you used?
So, ISIS is raising funds on the blockchain
for more than two years and we can estimate
that they are raised more than hundreds of
thousands of dollars worth of Bitcoin. Also,
because the Bitcoin price went up in this
time. ISIS basically released a website for
fundraising, calling their supporters to donate
the organization with Bitcoins. Based on this
website, it is actively operating on the Tor
network, but also on the regular web infrastructure,
we managed to find several donations from
different timestamps from the last one year.
After tracing those donations, we can manage
to find the main wallet devices where they
group their transaction. And the interesting
thing was that we saw that some of the movement,
some of the funds didn't move for a while
for several months.
And all these days before the attacks in Sri
Lanka, the mining was cashed out from those
addresses. That money was grouped to a bigger
transaction and the money went out from the
wallets. Again, we don't know if it's directly
related to the attacks, but it's very interesting
to see that ISIS money moved on the blockchain,
certain amount of money day before those attacks.
Okay, and once you have tracked terrorist
funding on the blockchain, what’s the next
step, how do you stop it?
Once we find such an interesting intelligence
stuff that maybe can be tied together for
a terrorist activity in real life, we are
sharing this information with the governments
and we also sharing the wallet numbers and
wallet addresses with some third-party companies
that we find that the terrorist is probably
working through their services. We want to
share this information in real time as fast
as we can with this company in order to stop
these attacks.
Sometimes those companies aren't aware of
the activity of their users, which is pretty
complicated to understand in real time. Even
for us as a blockchain intelligence company
is a big effort to understand these activities
in real time. But once we find the terrorist
activities that are tied to specific wallets,
we are sharing it with the authorities and
also with the third party companies that we're
seeing that can help to stop this type of activity.
Okay, that makes sense. Now, can you give
us an esteem of how much of the illicit movements
on the Bitcoin blockchain is related to terrorist
groups?
So the numbers are pretty small. If we take
all the Bitcoin ecosystem and you're trying
to measure the illegal activity on the blockchain,
which is about two or three percent from the
overall blockchain traffic, and if you take
the specifically terror financing inside this
illegal activity, I believe that it's a very,
very low percentage.
So, it’s clear that cash is still king when
it comes to illegal activities.
According to the European Police Office, the
use of cash is the main reason triggering
suspicious transaction reports within the
European Union's financial system, accounting
for more than 30% of the total. As shown in
the report by Chainalysis, illicit transactions
comprise less than 1% of Bitcoin activity
in 2018, down from 7% in 2012.
Still, terrorists appeared to have learned
from their previous mistakes and are getting
increasingly sophisticated in their approach
to crypto.
Malhama Tactical, one of the many jihadi groups
fighting in the Syrian civil war, was also
asking for Bitcoin donations on Twitter. This
time, though, they did not publish their crypto
address. Instead, donors were asked to send
a direct message to the group in order to
get more information on how to donate.
Even more sophisticated is the approach used
by the Al-Qassam brigades, the armed wing
of Hamas. A few months ago, the organization
set up a web page for donations, which generates
automatic Bitcoin addresses. The addresses
change every time the page is refreshed, which
makes it very challenging to track the funds.
Later on, it turned out that the same address
generator software used by Al-Qassam was also
being used by the Islamic State. Apparently,
after losing its territories in Syria, as
well as most of its assets, ISIS is now testing
new fundraising methods.
Also, let’s not forget that cryptocurrencies
are evolving beyond Bitcoin. Privacy coins,
such as Monero, ZCash, or Dash, enable higher
degrees of anonymity than Bitcoin does. Most
of these cryptocurrencies haven’t reached
enough adoption or usability to meet the terrorists’
needs but the situation might change in the
future.
According to the report by RAND, should a
widely adopted cryptocurrency emerge, that
has improved security and anonymity features
and is not subjected to strict regulation,
it could become a very dangerous tool in terrorists’
hands.
To know more about how the relationship between
crypto and terrorism might evolve in the future,
we reached out to Yaya Fanuse, a former CIA
analyst now focusing on cryptocurrency and
national security issues.
Yaya, what is lacking in crypto for it to
become a sustainable source of funding for
terrorism and will terrorists be able to use
it more effectively, as the technology evolves?
So for terrorists to adapt fully to use this
technology, they only can do it in a way where
there's no trace to identity and those ways
are smaller right to use, not anonymous nation
coins to use, you know, privacy coins more
to use, maybe decentralized exchanges. But
those technologies have not really scaled
even within the crypto ecosystem. So that's,
I think, always going to be very limited.
If cryptocurrency scale for people to use
them often for daily purchases for, you know,
without having to even necessarily cash out
into fiat currency. If that scales, it's only
logical that terrorists and other bad guys
are going to use it, are going to be using
it. So it's it's it's there should be a corresponding
relationship between how widely adopted crypto
is and unfortunately, how much terrorists
are going to use it or try to use it as well.
As far as we know, the amount of Bitcoin raised
by terrorist groups are quite small, almost
irrelevant. Why should we be concerned then?
You know, it depends on what a group is looking
for. If a group is trying to, you know, do
an attack or has a cell, you know, as a cell
that's going to do an operation, that sort
of thing, you know, doesn't cost a lot of
money. And that's where the big concern is
that some of these groups may be even moving
thousands of dollars here and there. It doesn't
it doesn't cost much to do attacks nowadays.
The key concern with terrorist groups and
crypto is, again, not just how much they're
raising now or how much they've raised, but
it is their level of adaptation. The fact
that we see them adapting, trying different
things, trying to get more anonymous and that
they're learning.
So what should the regulators and cryptocurrency
companies do to prevent bad actors from taking
advantage of this technology?
So what regulators have to do in pretty much
all countries, they have to make sure that
the cryptocurrency exchange environment makes
it very difficult for terrorist groups and
other illicit actors to purchase crypto currencies
to sell and trade crypto currencies.
Cryptocurrency exchanges, many of them are
new or young in this in business. They have
to be made to follow those rules, the rules
for how they onboard their customers.
Verifying an identity, a transaction, monitoring
transaction limits, all the different things
that money service businesses need to do.
So that has to be standardized across the
board. If you don't do that, criminals are
just going to find the exchange that has the
most loopholes where they can operate. But
collectively, law enforcement regulators and
the industry have to sort of tighten. They
have to make sure that they are following
and implementing the global standards for
anti money laundering and counter terrorist
financing.
At the moment, there is not much reason for
worrying: cryptocurrencies are far from being
a prominent source of funding for terrorists,
mainly because of their traceability and low
adoption rate. Still, blockchain technology
is evolving and terrorists are learning fast,
which means regulators and companies shouldn’t
ignore this potential threat. What do you
think guys, what can be done to keep the bad
guys out of the space? Should cryptocurrency’s
privacy be limited for the sake of security?
And can regulators and the industry create
a common front against terrorism? Comments
below! My name is Giovanni, thank you for
watching this video and always remember to
like subscribe and hodl!
