US multiagency operation dismantled part of al-Qaeda’s cryptocurrency network. What we learned so far and what to expect – by Daniele M. Barone

On August 13, the US Department of Justice announced that the US government, through a multiagency effort, seized about $2 million in Bitcoin from accounts connected to Al Qaeda, Daesh, and the al-Qassam Brigades (i.e. Hamas’s paramilitary arm) and disrupted their terrorism financing cryptocurrency networks.

It has been defined as the largest-ever seizure of cryptocurrency related to terrorism finance, which has disrupted and seized over 300 cryptocurrency account, four websites, and four Facebook pages connected to terrorism.

Furthermore, as explained by the blockchain analysis company, Chainalysis[i], this interagency effort, that included the FBI, the IRS’ cyber crimes unit and Homeland Security Investigations, has unrevealed an impressive network of mixing funding, managed by al-Qaeda, through 159 bitcoin addresses and the equivalent of $285.000 in bitcoin sent by this network (value related to the exact time of the transaction).

Besides the economic impact on jihadist groups’ finances, this operation represents an unprecedented institutional sign of awareness about the ever-evolving financial ecosystem that has been developing, since 9 years, among terrorist groups, their supporters, and cryptocurrencies.

The US Department of Justice, indeed, is not underestimating the scale of this phenomenon, which seems to be a long-term strategy able to highlight the liquidity and fast-learning approach of jihadist organizations through their ability to change fundraising tactics and develop or experiment new funding methods even while the campaign is ongoing.

Moreover, as analyzed by ITSTIME [ii], this evolution concerns at the same time different terrorist organizations, which become more and more able to mutually learn from the mistakes or developments made by each other. As declared by the US Department of Justice, “ these three terror finance campaigns all relied on sophisticated cyber-tools…  The action demonstrates how different terrorist groups have similarly adapted their terror finance activities to the cyber age”[iii]

3 main factors to describe jihadists’ use of cryptocurrencies

Through the years, the cryptocurrencies-jihad network has shown that the economic aspect is the tip of an iceberg that has been growing in years through three main factors: narrative factor (strictly related to terrorist propaganda and the perceived public trust on their modus operandi), technical factor (i.e. the adoption of the necessary know-how by activists scattered across the globe to learn new funding methods) and financial factor  (i.e. to move either large or small amounts of money or find a reliable source as a store of value).

Each factor has a twofold nature:

  • The narrative factor develops its strong points by depicting cryptocurrencies as an independent value, which is not corrupted by governmental control. From this perspective, by donating cryptocurrencies, activists can finance terrorism while circumventing takfir monitoring or banking system. This aspect merged with the jihad bil-maal (i.e. if you can’t fight, then donate to the mujahideen) bypasses the haram (i.e. forbidden) reputation of cryptocurrencies which, according to an ongoing debate among Islamic scholars, can be compared to a gambling game due to their highly fluctuating value. Then, for conservative extremist subjects, this can be perceived as highly risky and incoherent with one of the key goals of Shariah (Islamic law), which is to preserve and protect wealth[iv].
  • The technical factor represents another activists’ layer of skepticism concerning the assurance of guaranteed anonymity of transactions. This issue has been overcome by covering the truth about the only partial anonymity provided by cryptocurrencies, boasting the fact that they can’t be connected to user’s identity while claiming that they can be used for violent causes.
    In other words, extremist groups overlapped technical doubts by focusing the attention of the audience on the promise of an immediate reward: provide an instrument to make an immediate impact by remote, with no middle-man interference. Thus, the narrative factor intersects with the technical factor because jihadist cryptocurrency crowdfunding campaigns were the first call for donations explicitly militaristic, letting donors feel as they’re on the battlefield helping the mujahideen[v].
    Once convinced the audience about these features, they extremely simplify instructions to buy and donate cryptocurrency, provide a public address and a contact to give further information.
  • The financial factor comes only after the fulfillment of the previous two, depending on the available technology[vi]. More specifically, the search for a product that can be user-friendly, safe as a store of value, and anonymous. Until terrorist organization won’t find these features, cryptocurrency is more likely to be kept inside the narrative and technical factor.
    In these terms, indeed, Bitcoin is a mere palliative, forcing jihadist groups and their members to ongoing exploration and experimentation to find a privacy-centric product (e.g. Monero).
    Because, technically, any bitcoin transaction with a party that knows someone’s identity leaks information[vii] (e.g. exchange services subject to anti-money-laundering and counterterrorism financing regulations; a BTC address displayed on a crowdfunding campaign) that can be used to identify its activity, past, and future, on the blockchain[viii].

To deepen these aspects, it is worth analysing how al-Qaeda built its global network from Syria to the world, understanding current trends and future scenarios updated by the findings brought by the recent US interagency operation.

BitcoinTransfer: al-Qaeda’s global exchange service based in Idlib

It is well known how cutting-edge jihadist technological environment is. Especially in Syria, as in many areas in the Middle East, where activists needed since the beginning to get creative and adapt quickly.

In this area, characterized by a high rate of unbanked population or political and economical instability, demand for an alternative way of payments, as altcoins, is up also for legitimate businesses or money transfers[ix].

Jihadist groups, after the overuse for terrorism purposes of services as Western Union and PayPal, caused the adoption of strict security protocols by governments and private sector, had to start giving a closer look at cryptocurrencies.

In this context, to spread the use of cryptocurrencies among followers while centralizing the communication and the donations, al-Qaeda created its Syria-based cryptocurrency exchange: BitcoinTransfer[x].

This service, active since December 2018, was advertised on Telegram, Whatsapp and Social media groups, disseminating a sophisticated promo videos[xi] and sharable informative contents in English, Arabic, Turkish, French, German, and other languages[xii]. To build trust, it also displayed reviews from other users as “… I’ve repeatedly used the services of the brothers to receive money through BitcoinTransfer, money came quickly and without problems… I advise them.”[xiii]

Chainalysis, which deeply analyzed this terrorist exchange service, discovered that BitcoinTransfer is a relatively small exchange: hosts 158 Bitcoin addresses, which have received and sent just over 36 BTC across 679 transfers. These transactions include significant exposure to regulated cryptocurrency exchanges with global audiences as Binance.

Then, the common denominators of BitcoinTransfer dissemination strategy are:

  • A communication strategy with a geographical core in Idlib, where is allegedly located the jihadi exchange service headquarter, specifically addressed to users outside of Syria (i.e. narrative factor: from far away people can directly help the mujahideen or Muslims in general)
  • About its service, it emphasizes security and anonymity and its ability to facilitate transfers from European countries without submitting identification (technical factor: guaranteed anonymity).

A closer look at al-Qaeda cryptocurrency network

The narrative factor of the recently partially dismantled Al-Qaeda bitcoin crowdfunding campaign develops through various encrypted chats, related to as much affiliated terrorist group, that present the act of donating to the mujahideen in two different ways:

  • Donate can help to buy weapons and food for the mujahideen. This is an explicit and relatively modern way to advertise, made possible by the perception of anonymity provided by cryptocurrencies, letting terrorist groups being explicit about the terrorist purpose of the campaign. The explicitly militaristic campaigns connected to BitcoinTransfer are: al-Sadaqa; Malhama Tactical campaigns (sent 172 BTC); Tawheed & Jihad Media (0.15 BTC) – Source Chainalysis
  • As learned by the Dawa infrastructure politically correct approach (e.g. publicly claim to raise funds for the orphans or to save a mosque from destruction instead of admitting any violent cause), other campaigns were presented as charities[xiv] while concealing their links to militant organizations. Furthermore, once on private chats, as declared by an undercover HSI agent who communicated with the administrator of one of these groups, they become explicit about the terrorism financing purpose of the campaign. The charity campaigns connected to BitcoinTransfer are: Reminders of Syria (sent 23 BTC to a BTC address allegedly connected to BitcoinTransfer); Al-Ikhwa (0.52 BTC); Sadaqa al-Khair (0.03 BTC); The Merciful Hands (0.05 BTC) – Source Chainalysis.

Al-Ikhwa and Sadaqa al-Khair were analyzed by ITSTIME more than a year ago, highlighting that, even though at that time it was not possible to track their network of mixing funds, through their narrative factor, it came clear they were part of a bigger (and long-term) extremist picture.

In financial terms, the purpose of these campaigns (militaristic or charity) made no difference. They’ve been sending and receiving bitcoin among each other, in a mixing scheme, which included more than 150 BTC accounts, that had as a common denominator BitcoinTransfer and, at the top of the pattern, the exploitation of legitimate regulated cryptocurrency exchanges with global audiences.

This highlights the centralized scheme of al-Qaeda in administrating this network and that communication and propaganda is just a facade used to attract as many activists or sympathizers as possible.

Current situation and what to expect

Even after this operation, at present times, according to al-Qaeda, cash is still king. The amount of wealth moved and laundered via cryptocurrency through this network, indeed, is irrelevant for a global terrorist organization.

In this long-term goal, which is to globally spread the use of cryptocurrency among activists, the financial factor can wait. During these 2 years of structured activity, indeed, al-Qaeda has already succeeded in:

  • Gathering experience and information on how activists with different cultural and technical backgrounds can react to the use of new funding methods and start planning future projects in this sector.
  • Disseminating its propaganda through donations: these crowdfunding campaigns gave al-Qaeda the possibility either to talk to a broader audience through advertisements or engage a one-to-one approach to radicalize while soliciting funds.

These two aspects, that exclusively interest the narrative and technical factor, where just the physiological investment for a new updated strategy, which is likely to include the financial factor.

As previously mentioned, privacy-centric products as Monero are already used by other jihadist institutional (e.g. since May 2020 by Akhbar al-Muslimin, connected to Daesh) or non-institutional (e.g. SadaqaCoins) campaigns and could easily be spread among other jihadist calls for donations.

Furthermore, soon, stablecoins recent developments (as Libra from Facebook) have to be kept accurately monitored, because they have the potential to become mainstream in no time while providing a stabilized value based on State money, thus, a reliable store of wealth on a user-friendly product.

 

[i] https://www.chainalysis.com/

[ii] https://www.itstime.it/w/the-jihadi-ever-evolving-online-financing-ecosystem-by-daniele-m-barone/

[iii] The United States Department of Justice (August 13, 2020) Global Disruption of Three Terror Finance Cyber-Enabled Campaigns – Largest Ever Seizure of Terrorist Organizations’ Cryptocurrency Accounts. https://www.justice.gov/opa/pr/global-disruption-three-terror-finance-cyber-enabled-campaigns

[iv] Blossom Finance (April 12, 2018) Is Bitcoin Halal or Haram: A Shariah Analysis. https://blossomfinance.com/press/is-bitcoin-halal-or-haram-a-shariah-analysis

[v] https://www.itstime.it/w/jihad-as-a-business-segment-the-malhama-tactical-team-by-daniele-maria-barone/

https://www.itstime.it/w/cyber-jihad-and-terrorism-financing-new-methods-old-rules-by-daniele-maria-barone/

[vi] C. Dion-Schwarz, D. Manheim, P.B. Johnston (2019) Terrorist Use of CryptocurrenciesTechnical and Organizational Barriers and Future Threats. RAND. https://www.rand.org/pubs/research_reports/RR3026.html

[vii] AFFIDAVIT IN SUPPORT OF AN APPLICATION FOR A CRIMINAL COMPLAINT AND ARREST WARRANT (August 12, 202) https://www.justice.gov/opa/press-release/file/1304276/download

[viii] T.Robinson (June 17, 2015) Bitcoin Is Not Anonymous. Elliptic. https://www.elliptic.co/our-thinking/bitcoin-transactions-money-laundering

[ix] L. Cuen (May 4, 2020) Bitcoin in Emerging Markets: The Middle East. Coindesk. https://www.coindesk.com/bitcoin-crypto-middle-east-consensus-distributed

[x] Chainalysis (August 2020) BitcoinTransfer: Syria-based Cryptocurrency Exchange Facilitating Terrorism Financing. https://go.chainalysis.com/rs/503-FAP-074/images/Chainalysis%20Intelligence%20Brief%20-%20BitcoinTransfer.pdf?mkt_tok=eyJpIjoiTXpBMVpqa3dOR1psWldZeiIsInQiOiJFTm5mWkJYWXNjVE53N2EwMW5HSm9maWJnWmRSR0ZzVmZoWkpEaFMwK3k1UzJHeWFJdHpcL1c5NEdKRmhpd1lnMTdIYUMyTWVOS3VMM09QWWJHcHBoWXFhU3A5YkI4R3NrMEdwd0FjUDE5bXhIOFNScUlRZmVxc1ordnRRbW9uRFMifQ%3D%3D

[xi] Bitcoin Transfer promo Video https://www.youtube.com/watch?v=8xaN6ImbiCo&feature=youtu.be

[xii] R. Katz (October 13, 2019) Tales of Crypto-Currency: Bitcoin Jihad in Syria and Beyond. The Daily Beast. https://www.thedailybeast.com/the-bitcoin-jihad-in-syria-and-beyond-tales-of-crypto-currency

[xiii] Chainalysis (August 2020) BitcoinTransfer: Syria-based Cryptocurrency Exchange Facilitating Terrorism Financing. https://go.chainalysis.com/rs/503-FAP-074/images/Chainalysis%20Intelligence%20Brief%20-%20BitcoinTransfer.pdf?mkt_tok=eyJpIjoiTXpBMVpqa3dOR1psWldZeiIsInQiOiJFTm5mWkJYWXNjVE53N2EwMW5HSm9maWJnWmRSR0ZzVmZoWkpEaFMwK3k1UzJHeWFJdHpcL1c5NEdKRmhpd1lnMTdIYUMyTWVOS3VMM09QWWJHcHBoWXFhU3A5YkI4R3NrMEdwd0FjUDE5bXhIOFNScUlRZmVxc1ordnRRbW9uRFMifQ%3D%3D

[xiv] R. Shanahan (March 14, 2018) Charities and terrorism: Lessons from the Syrian crisis. Lowy Institute. https://publications.lowyinstitute.org/archive/charities-and-terrorism-lessons-from-the-syrian-crisis/