Cryptocurrency and Terrorist Financing in the Middle East and North Africa

Announcer: Welcome to the World of Intelligence, a podcast for you to discover the latest analysis of global military and security trends within the open source defense intelligence community. Now onto the episode with your host, Terry Pattar.

Terry Pattar: Hello and welcome to this episode of the Janes Podcast, I'm Terry Patar. I'm joined on this episode by Ahmed Buckley who is an expert on terrorism financing, amongst other things, and we'll get up to the topic that we're going to talk about on this episode. Ahmed, thanks for joining me. Welcome to the podcast.

Ahmed Buckley: Thank you very much for having me.

Terry Pattar: No problem. I specifically wanted to talk to you about some research that you've done, and I should give a bit of background to your experience, but you were previously part of the Analytical Support and Sanctions Monitoring Team at the UN. And you were part of a team that worked on some really interesting research. And we're going to unpack that a little bit by talking about some of the ways in which we're seeing, for example, cryptocurrency, now being used in terrorism financing. It would be great just to get from you some of your experience or an idea of your previous experience. How did you come to work in that team and maybe a bit about what you're doing now as you are now part of the Egyptian Foreign Ministry.

Ahmed Buckley: Well, thank you very much, Terry, for having me. So I was part of the Egyptian Foreign Ministry and I was working on their International Counterterrorism Coordination unit, I was the deputy director of that unit, and then I applied for the UN job. And thankfully got it. And let me tell you a little bit of what the team does. The Analytical Support and Sanctions Monitoring Team is a small group of independent experts. They report directly to the Security Council and they monitor the activities of the three designated groups on the United Nations designated groups list. So that's ISIL, Al Qaeda, and the Taliban, along with associated individuals and entities. What we do is we gather information from member states and present them to the Security Council, but we also publish two biannual reports every year. And we help monitor sanctions implementation in member states and deliver some capacity building when it is required. When it is asked of us. That's how I came to across this information, when I was trying to track down ways in which terrorist organizations were using cryptocurrency. And when I first joined the team in 2018, this was a fad. People were talking about it as a potential, as something in the future, but without any concrete cases. The cases were limited and far between.

Terry Pattar: That's really interesting, and just to touch on that, because the last time I really looked at this topic, it was maybe five or six years ago. We were asked to do some research on where the terrorist groups were starting to use, not just cryptocurrencies, but digital currencies as a whole, as part of their financing. And at the time we looked into it, we spoke to several experts who were also looking at it, and the conclusion was that at that point in time, they weren't doing that. And that actually, it was almost more difficult to use those types of currencies to move money around than it was to use the normal ways and other methods they were using. So it's interesting that that was still almost the perception when you started doing that kind of work.

Ahmed Buckley: Absolutely. And I think that truism, that it is easier to track cryptocurrency than it is to track cash, that still applies even today. But that hasn't prevented these terrorist groups and individuals from experimenting, from trying to adapt and learn, and see ways where they can exploit gaps in regulations pertaining to crypto, to bolster their finances. So, in 2020, we had a number of cases that were exposed. Three, in particular, related to Al Qaeda and ISIL directly. Others related to terrorist groups that are not designated on the United Nations list, but that we also followed. Just because we understand that terrorists, or these groups, learn from each other. And there's a lot of experience sharing amongst themselves. So this was 2020. And here, I just like to give a shout out to the people who actually did the research and who actually investigated these cases, whether in the US Department of Justice, the District Attorney's office, and private sector companies that actually did the blockchain analytics work that supported the government law enforcement investigations. Today, I'm just a conduit of their great work and I thank them for it.

Terry Pattar: That's fantastic. And in an ideal world, it would've been great to get everyone on and talk to everybody about the roles they played and some of the work. And I suspect some of it actually was probably very technical, so actually would've been maybe difficult in some ways to explain and understand. But it'd be great to get from you an idea of those cases, the three that you mentioned, maybe talking us through some of those and what you saw and what you learned from those case and how you think that this issue may develop. We'll come on to maybe talking about how it may develop in future.

Ahmed Buckley: Sure, yeah, I'd love to do that. Let me first talk about some of the early experiments. So way back in 2013, we know that ISIL issued this short treaties called Bitcoin and the Charity of the Physical Struggle. It was short, they discussed whether or not trading in Bitcoin was quote/ unquote" halal", and whether it can be used to fund the so- called jihad. The treaties, anyway, showed a weakness in their understanding of Bitcoin. I think this understanding was prevalent at the time, even among law enforcement agents, that the Bitcoin is completely anonymous, that it can't be traced, but that understanding, I think, has to developed and changed and they've quickly come to learn that it is traceable. As evidenced by some of the cases that were exposed.

Terry Pattar: Within that treaties, though, when you say they were discussing whether it was halal or not, was that around the way that cryptocurrencies go up in value? In terms of, were they also looking at it not just as a means of moving money securely or anonymously, as they believed it was at the time? Were they actually looking at it as a way to also generate funds and make money?

Ahmed Buckley: Exactly. So they studied the inaudible aspect of it, from the fact that it is speculative. Is it akin to gambling? And from the aspect that it is also issued by apostates and people we are at war with. Whether we can still use it. The conclusion of that treaties was that it is useful because it is a way to transfer money under the radar, without being detected. And I think, particularly at the time also, in the areas where they were functioning, particularly in the Middle East, the understanding and the capacity to trace these transactions was very limited. So anything that happened at that time certainly went unnoticed and undetected. In 2017, you've probably come across this case, there was one New Jersey woman who was convicted for bank fraud and money laundering. Also affiliated to the Islamic State. She had obtained about 85,000 US dollars worth of cryptocurrency and tried to transfer it abroad. That was the one case that was affiliated to ISIL in 2017 and we had not seen any until 2020.

Terry Pattar: And then in 2020, you started to see more cases?

Ahmed Buckley: Exactly, exactly. And let me just dive into some of these cases.

Terry Pattar: Yeah, that would be great.

Ahmed Buckley: Let me start by the one case involving a cryptocurrency exchanger in Idlib, in Northwestern Syria. This was a physical office that was present there. It was controlled by a prevalent terrorist group in the area, foreign language, and they went by the moniker of Bitcoin Transfer. What they would do is, they would help move money in and out of Idlib through cryptocurrency. So they served different terrorist groups and terrorist fundraising campaigns. These fundraising campaigns would solicit donations in crypto from abroad, and then layer them in a certain way through different hops or different transactions, so that they would conceal their original source. Eventually these donations would move to a central hub of cryptocurrency wallet addresses that were run by this exchange, Bitcoin Transfer. Then Bitcoin Transfer would distribute the funds to these different entities. Mostly they would just cash them out for them, provide cash in return for the cryptocurrencies that were transferred to it. Some of the campaigns that were associated with this office were foreign language or Remembrance from Syria, foreign language or foreign language. But one of the groups that also used this service was known as Malhama Tactical. And Malhama Tactical was a group, mostly made of Russian speaking veterans of terrorism, that also fought abroad outside of Syria. They were directly associated with the largest terrorist group in Idlib, Hay'at Tahrir al- Sham, and they provided a sort of... They were HTSs firearms training arm. They provided some fighting expertise to Hay'at Tahrir al- Sham.

Terry Pattar: So you mean helping build the capacity of Hay'at Tahrir al- Sham.

Ahmed Buckley: Exactly, yeah.

Terry Pattar: Right. Got it.

Ahmed Buckley: Malhama, they advertised their fundraising campaign on Telegram, not realizing of course, that their channels were traceable and that their undercover communications were ongoing with administrators of these Telegram channels associated with the group. Anyway, that's how the investigation began. I believe, at the end, forfeiture warrants were issued and over 150 hosted wallets were frozen, confiscating about$ 150,000 worth of cryptocurrency.

Terry Pattar: Wow. And those hosted wallets, were they being held and managed by individuals or by groups? Or, as you described before, like an office or something like that? What kind of entities were controlling those wallets?

Ahmed Buckley: They were being controlled by this office, this Bitcoin Transfer office, that was inaudible out of Idlib.

Terry Pattar: So potentially, beyond that office, once that money had been cashed out, in terms of the digital trail or the online trail, it almost stopped at that office and then you'd have to investigate by other means to figure out where that money went.

Ahmed Buckley: Absolutely. And as I mentioned, most of the cases, the endpoint of where the cryptocurrency ended up was, were wallets belonging to Bitcoin Transfer. And then they would cash out to the terrorist individuals.

Terry Pattar: Got it. It's an interesting way in which that functioned, that process and the way that they ran it. And also, I guess they assumed there was a level of anonymity on those Telegram discussions that actually wasn't there.

Ahmed Buckley: Absolutely. That's mostly the premise, that it is anonymous, that it is untraceable. One of the mistakes that they also did was, anytime they would check their wallets without using a Virtual Private Network. You can trace the IP that's checking into the wallets and you could trace that back to the individual who's checking in on his hosted wallet and find out who' actually managing that wallet address.

Terry Pattar: Yeah. That is fascinating, actually, to know. I think this is really interesting insight for people who maybe are aware that cryptocurrencies are out there. So maybe some people who are listening to this are using them and trading cryptocurrencies themselves. But there's probably a lot of people who aren't really that familiar with it, and maybe don't understand some of the technology and how it works, and also how people are using it and how these kinds of groups are using it. So, yeah, it's really interesting.

Ahmed Buckley: One of the other cases that we managed to report was this one case out of France. And this was also in September or October of 2020 when this was first announced. This was a group of individuals, over 20 people, who were being controlled by two very savvy, young financiers, also operating out of Northwestern Syria. But they had French connections, a network. And they used their network, requesting from them to buy Bitcoin coupons. Bitcoin coupons was a scheme that... it's a marketing scheme developed by two Bitcoin companies in France, simply to help people engage with crypto. Help them invest. They would sell these cryptocurrency, or Bitcoin coupons, in tobacconist stores, ranging from 50 euros a coupon to 250 euros. So small investments, really just helping people get a foot into the cryptocurrency market. Some of these coupons were bought by the network and these small amounts of cryptocurrency were then layered and moved to wallets controlled by the two financiers that I had mentioned earlier, who were operating in Syria. And this was a way to collect small sums of money and transfer them a bit at a time from France to terrorist organization working in Syria. The network was discovered, again, just simply by tracing cryptocurrency movement and finding out that these two individuals in Syria were operating the endpoint of some of these Bitcoin transfers from France. The third case that we talked about in our reports, and that I talked about in that presentation that you saw, that was related to Facemask Center.

Terry Pattar: Facemask Center.

Ahmed Buckley: Facemask Center, yes. crosstalk. This was a website that came online in February of 2020, and this was February 2020, and Facemask Center is a website that purportedly sold PPE. So you can tell by the date that the site went online that there was great foresight on the side of these terrorists.

Terry Pattar: So that was right at the outset when people were,... I guess, I mean, I think we all saw a lot of companies suddenly spring up that were selling PPE once the pandemic got rolling. And I guess, yeah, February is definitely... they were definitely early on the scene.

Ahmed Buckley: Absolutely. Yeah. And they boasted that they were an interface of a global leader in PPE procurement and distribution. That they can provide an infinite quantity of N95 masks. This was at the time when I couldn't find dish soap in New York so you can imagine how such boastfulness of the infinite amount of PPE that they had raised suspicions of law enforcement agencies. They used Facebook to advertise their services. And investigations led to the knowledge, also, that the facilitator of the site was stealing credit card information from his victims and using it to buy cryptocurrency that was then moved to where the facilitator resided. This was a Syrian individual that was residing in Turkey at the time. And I believe that later investigations found that he was also connected to that one individual in New Jersey who was indicted, that I talked about at the beginning of the podcast, so this wasn't the first time he was trying to dabble in cryptocurrency. The site was eventually brought down and the cryptocurrency that this individual managed to collect was seized in corporation between US and Turkish authorities.

Terry Pattar: What's interesting is that the three cases are each quite different to each other. There's different characteristics there, different methods involved. And you talk about, in that second case, for example, about people buying the coupons. Which is a different way of going about it. And then in that third case, taking advantage, almost, of the start of the pandemic and building a website based around that. But I mean, ultimately that money is... Well, it's being funneled into places and to people who, along the lines, there are some people who are using those services, perhaps, or maybe buying those coupons or who are using that office in Idlib, who aren't connected to terrorism financing. So it's almost being mixed in with, I guess, other people's financial activity. To that extent, how much do you think this kind of increase in terrorist groups using cryptocurrency, how much is that just a part and parcel of everyone starting to use cryptocurrency more generally, I guess.

Ahmed Buckley: Yeah, before I answer that question, you mentioned how these cases were very different. I particularly enjoy the Facemask Center case because it just has everything in it. It's terrorism finance, credit card fraud, PPE scam.

Terry Pattar: Yeah, it is pretty impressive. They've hit a lot of marks there crosstalk.

Ahmed Buckley: And I always wondered if someone like Jeffrey Robinson or Jake Bernstein can turn it into a book or something. It would be a very interesting read.

Terry Pattar: Definitely. I can already see the movie happening.

Ahmed Buckley: I can see myself playing the financier. But back to your question, I think the rise in entire use of cryptocurrency is definitely a function of greater public uptake. Definitely. Let's put things into perspective or into context. There's a surge of people adopting cryptocurrency for a number of reasons. There's institutional investment in places also adjacent into conflict zones. There is an increase in uptake simply because people are trying to hedge against inflation. So two of the fastest growing crypto adopters in the world, in terms of individuals buying into cryptocurrency, are Turkey and Nigeria. And you can imagine how most of these people will be people trying to beat inflation, small time investors, but there is a chance for some nefarious actors to bandwagon on that uptake. I think it is now an archaic thought that crypto is always associated with crime. If you're buying Bitcoin, then you must be either a junkie or an anarchist. But that's not the case anymore. And by exposing some of these cases, some of these ways in how terrorists are using cryptocurrency, that's in no way saying that cryptocurrency is a crime or that we're trying to establish that all uses of cryptocurrency are nefarious. How much flow, how much activity on the blockchain is actually illicit?

Terry Pattar: That's an interesting question.

Ahmed Buckley: And again, you know, we want to know, because we're not trying to blemish users of cryptocurrency in any way.

Terry Pattar: Presumably, I mean, it's difficult to measure. You can't necessarily get an accurate take on how much activity on the blockchain is related to illicit activity.

Ahmed Buckley: True.

Terry Pattar: Is that fair or is there some way of getting an estimate?

Ahmed Buckley: I think you're absolutely right that maybe we can't get a precise estimate, but that's not to say that people have not tried. And I would rely on the estimates of some of these blockchain analytics companies, because they can see, in real time, the flow of Bitcoin or of Ethereum across wallets. And they can, to some degree, estimate what is the percentage of illicit activity going on, on the blockchain? Generally, with minute differences, some of the reports I read that covered illicit activity in 2020, they ranged from between 0. 5% and 1%. that was the amount of illicit activity on the entire Bitcoin blockchain. If we take the conservative estimate that only 0. 5% of the activity was illicit, that to about$ 10 billion worth of Bitcoin in illicit activity. It's not insignificant, but it's also not commensurate with some of the perdition and sin city narratives that surround the use of virtual assets.

Terry Pattar: Again, putting this in context, is that in line with terrorism financing as a whole? In the sense that, when I've looked at it in the past... Actually, a lot of terrorist groups, the finances they require, the amount of money that they are having funneled to them from outside areas where they operate, perhaps, or where they've got a significant presence, tends to be quite small. It's a lot of small transactions often. Is that still the case or is it the case that, actually that there are significant sums involved and they actually do have quite substantial financial holdings? And this is just another way of, for them, of almost diversifying their portfolio?

Ahmed Buckley: No, you're absolutely right. That is still the case and that's where I see the trend moving. It's going to continue, terrorist activity is going to continue depending on small amounts of money for small time activities or attacks. And that is still the case. And the three cases that I talked about, the entire amount of money that was confiscated from these activities, was about 1 million. Again, that's$ 1 million too many. It's good, taking that money out of circulation from the hands of terrorists.

Terry Pattar: Absolutely.

Ahmed Buckley: It's not the amount of money that's... Compared to the big crimes, the big financial crimes associated with cryptocurrency, Ponzi schemes, ransomware, initial coin offering scams, these are big financial crimes associated with cryptocurrency. And they're responsible for billions of dollars worth of losses every year. Terrorism finance is way down on the list of crimes associated with digital currency. But handling that and building capacity to fight that is also important, because as you mentioned, it only takes a limited amount of money to create a huge impact.

Terry Pattar: Sure. And it seems like, yeah, terrorist groups often do rely on small amounts. They don't necessarily need a lot of money to carry out some of their activities. I guess it depends. I know it varies, obviously, from group to group and based on what territory they're operating in and other sources of income they might have. And maybe we can touch on that a little bit, in terms of how they... Or the mix you saw from, potentially, those cases and the groups you were looking at. What the mix was in terms of how much are they getting via transfers via cryptocurrencies compared to the overall mix of their funding? Is it still relatively small? Is it growing? How did you see that developing?

Ahmed Buckley: Actually, I always say that's one of the factors that will always hinder terrorist use of virtual currency. At least the groups that I'm following, your ISIL, Al Qaeda. I'm not talking about right wing groups who are not designated and it is still very legal for them to handle cryptocurrency. Maybe for them digital currency plays a bigger role. But for the designated group groups that I follow, at least the biggest hindrance of them adopting cryptocurrency is that the traditional, the tried and tested ways of raising money and transferring money, still work and are still available to them. So your traditional halal networks, cash couriers, the abuse of nonprofit sector, those are still tried, tested and they have utility. Especially in the region, especially in the Middle East. But that's not to say that they will continue to experiment, as we've seen them doing, at least in 2020. They're adapters, they're learners. They might experiment with things like decentralized finance, where you can now collect cryptocurrency, put them somewhere, and make money out of it. There are other ways in which they can experiment in the future, in my opinion. But cryptocurrency will continue to play a small portion of the funds available to them and a small way in which they transfer money across borders. Simply because these other methods, the old ones, the halal networks, they're still functioning and alive. And we still have, as law enforcement agencies and national regulators, I think there's still a lot of room to cover, to combat these traditional modes of money transfer.

Terry Pattar: And within that use of cryptocurrency, and the cases that you described, that we saw in 2020, will those kinds of cases perhaps put them off? Will they see, actually, we had this assumption previously that this was a more anonymous method, maybe, of moving money you around. And actually it turns out that it's not. Is that likely to have an impact, do you think, in terms of how they might perceive cryptocurrencies?

Ahmed Buckley: I think they've come to the realization now that it's not completely anonymous. That it is traceable. That law enforcement agencies, particularly in certain jurisdiction, have the capacity to trace transactions. But they're learners, they're fast learners, and they will adapt. I mentioned they might experiment with decentralized finance, maybe they'll experiment with some of these privacy coins that are harder to trace. Your Monero, your Zcash.

Terry Pattar: Could you touch on those a little bit? Just for those who are listening who maybe aren't familiar with those privacy coins. And describe what the difference is between, say, one of those and something like Bitcoin or Ethereum.

Ahmed Buckley: The major difference is that, with Bitcoin, Bitcoin is not anonymous. It's pseudonymous. The ledger of transactions is completely public, anyone can log in and find out that certain wallet address delivered a certain amount of money to another wallet address. It's all open information. If I can associate the wallet address with a known name, then I have the information available to me; who is responsible for that wallet address. And I can do that through open source intelligence methods. All of these wallet addresses are searchable online. There are websites that I can log in and I can type in a wallet address and find out who it is associated to. And these blockchain analytics companies do a very good job of matching wallet addresses to entities and names. So basically it's not difficult using Bitcoin to find out that this wallet address belongs to this person. And so the entire history of transactions is available. The privacy coins, it's different. Yes, the ledger is public, but the wallet addresses that appear on the ledger are encrypted. So I cannot associate them automatically with a known entity. It takes more time, more research, to find out who this person is. It's only easy to catch them if they try to transform that cryptocurrency into cash at some point. Or if they chain hop, if they move that privacy coin and transfer it or trade it to another coin that is not a privacy coin, like crosstalk or Bitcoin or something. Even with privacy coins, the good thing about our capacity to catch these perpetrators and to limit the illicit use of these coins, is that we're developing solutions now. We're slowly developing solutions, even with privacy coins, to try and crack who they belong to. Private sector companies are also making... they're developing ways in which to fill in capacity gaps in areas such as the Middle East and Africa. I don't know if you've recently heard, Dubai police is now... they have a unit now that is able to track down on cryptocurrency exchanges. Some of the Gulf countries are moving forward in that too. So we're closing in gaps where law enforcement doesn't have the capacity. I'm worried about other areas of the world. And I'm worried about capacity gaps that lead to arbitrage. That some jurisdictions where cryptocurrency will be less regulated and where law enforcement agents will have lower capacity to detect and to cooperate with other jurisdictions. These are the areas where I think we need to focus on and we need to educate our regulators and our law enforce agents there, that there is a way in which you can transform cryptocurrency from something that is a nightmare to you, into something that is much more traceable than cash. The fact is that cryptocurrency is a lot more traceable than cash.

Terry Pattar: And the other question I was going to ask was, at some point, given the proliferation of currencies we've seen and how many new ones pop up all the time, the barrier to entry to actually creating your own cryptocurrency seems to be getting lower. Or maybe people are more familiar with how to do it. Might we see a terrorist group at some point launch their own cryptocurrency?

Ahmed Buckley: Yeah. It's easy to launch, but it's not as easy to adopt as it was a couple of years ago. I think people are tired of coin scams, of coins that were advertised and then turned out to be rubbish in terms of their value. As you said, the technology is there. It's easy to put out an initial coin offering. But I don't think people are ready to take that on anymore, simply because of the amount of coins that went bust in the last few years.

Terry Pattar: This has been a fascinating discussion. And I feel like I could talk to you for ages to really get into the details and the weeds of these different cases that you talked about and the different aspects of this issue. I mean, were there any other thoughts you had? Other things you wanted to share, things that you came across from your research that you thought actually other people might benefit from understanding about this?

Ahmed Buckley: So for anyone who is doing this sort of investigation, whether it's on a Telegram channel or one of the public chat forums, you will occasionally come across chatter involving cryptocurrency or wallet addresses. Particularly if a wallet address is mentioned, or if an entity is mentioned that is associated with cryptocurrency, there's always an open line of communication with some of these blockchain analytics companies. They have emails advertised, where you can log in and send that information you found. And that information connects directly to the law enforcement agencies that they're working with. That's one thing that we can do, as researchers. And as I mentioned, any wallet address, any fragment of a wallet address that you come across in some of these forums, that's searchable and that is good intelligence that you can provide to your law enforcement agency or blockchain analytics companies that are working in your jurisdiction. I mentioned capacity building as one of the things that we need to cover, also awareness in some of the jurisdictions that still associate cryptocurrency with crime. There are good examples out there of countries that were able to make use of real, private public partnerships and cracking down on the use of cryptocurrency in illicit activity. Some of the examples are UK's JMLIT, Joint Money Laundering and Intelligence Task Force, I think that's a great public private forum that really helped to build regulations and capacities in that area. Australia's Fintel Alliance, that's also another example. And I just hope that we'll see more of these forums pop up, particularly in areas that are more vulnerable in the Middle East and Africa.

Terry Pattar: I feel like I've learned a lot from this discussion, there's so many insights that you've shared with us, it's been really useful.

Ahmed Buckley: And again, Terry, thank you very much. You've been very generous with your time.

Terry Pattar: No, no, thank you. Thank you very much. foreign language. It's been really nice speaking to you and, yeah, I hope we'll continue this discussion and talk more about this issue as it develops further.

Announcer: Thanks for joining us this week on the World of Intelligence. Make sure to visit our website, janes. com/ podcast, where you can subscribe to the show on Apple Podcasts, Spotify, or Google Podcasts, so you'll never miss an episode. Uncover the threat landscape with Assured at Interconnected Threat Intelligence from Janes. Covering military capabilities, terrorism and insurgency, country risk, and CBRN. Support your threat and capability assessments and enhance your situational awareness with Janes Threat Intelligence Solutions. Find out more at janes. com/ threat.