How do Terrorists use Financial Technologies?Joe Whittaker 9 Nov 2022
Keywords: Terrorist, financial technologies, international money transfer, Internet
There have been substantial concerns within policy and the media that online technologies present a challenge to counter-terror finance. This is particularly the case for virtual currencies – the US Department of Treasury notes that such financial services are “vulnerable to abuse by terrorist financiers because they enable potentially anonymous cross-border person-to-person fund transfers.” Similarly, the Financial Action Task Force (FATF) is concerned that “electronic online and new payment methods pose an emerging [vulnerability]…Many of these systems can be accessed globally and used to transfer funds quickly… [while being] difficult to identify the actual end-user.’ Although the FATF highlight several anecdotal case studies which demonstrate this, they note that the prevalence of such technologies is unclear. In essence, policymakers are highlighting a potential concern, yet there is little robust data to either support or challenge it.
A recently published open access article by this author seeks to explore this, assessing how terrorists are using financial technologies in three ways:
- How are terrorists moving money?
- How are terrorists making purchases?
- Does the use of technology affect terrorists’ success?
The research uses a sample of 231 individuals from 2012-2020 that acted on behalf of the so-called Islamic State (IS) in the US that was collected from open-source data, such as court documents, Department of Justice press releases, journalistic sources, and academic and grey literature. This includes those that plotted an attack; attempted to travel to the caliphate; and those that facilitated others. Importantly, it includes individuals that were successful in their plots and those that were apprehended, providing a useful means of comparison between the two groups. Legally, it includes individuals that have been arrested, charged, and convicted, as well as several individuals that died as a result of their activity (the latter group were only included if they were identified as acting on behalf of IS by the authorities or academic research). As part of their plots, terrorists both sent and received money for several reasons. This includes gathering funds amongst co-ideologues to purchase attack materials, or plane tickets, as well as sending money in the form of donations to facilitate others’ plots. It is worthwhile to separate this from the technology that terrorists use to make purchases because the latter involves engagement with licenced traders and as a result, one might expect different technologies (such as credit/debit card payment).
How are terrorists moving money?
In total, there were 224 instances of money being moved totalling $480,001 with the vast majority of this being sent to a recipient located within the US. This is an average of $2,264 per transaction. Despite concerns over online technologies, the data demonstrate that cash is still king – 60 percent of transactions used this method, while 29 percent used Money Service Businesses (MSBs) such as Western Union or MoneyGram. Only twenty-one transactions (10 percent) used any kind of Internet technology, such as peer-to-peer services like PayPal, cryptocurrencies like Bitcoin, or gift cards. The biggest takeaway here is that terrorists tend to opt for simplicity; they did not use more than two methods to move money, and in the instances in which there was more than one, the other tended to be cash or MSB. There are some outliers which tend to gather more press attention, which risk distorting the true picture, such as the case of Mohamed Elshinawy, who received money directly from IS using several sources, including Western Union and PayPal, as well as making cash withdrawals, or Zoobia Shahnaz, who made large cash withdrawals, used bank transfers and cryptocurrencies to move money. However, these cases are very much the exception rather than the rule.
Although only a minority used the Internet to actually transfer money, a far greater number (34 percent) were coordinated via the Internet. Keatinge and Keen argue that this has been an oversight in existing research; while much attention has been paid to social media in the dissemination of propaganda, little has been paid to its fund-raising potential. As an illustrative example, take the case of Abdulrahman El Bahnasawy, Talha Haroon, and Russell Salic, who organised an attack in New York from Canada, Pakistan, and the Philippines respectively. Although Salic sent $423,80 to an undercover officer via Western Union, the three men orchestrated the financing and organising of the plot via several different online messaging services. Just as with propaganda and networking, social media offers the ability to link people together from across the world, often beyond the reach of security services for almost no cost. It is worth noting that in the majority of these cases, these individuals did have offline connections with each other (although not so with Bahnasawy, Haroon, and Salic), lending further credence to the idea that the Internet is a facilitator, rather than a driver of terrorist behaviours.
How are terrorists making purchases?
There were 319 identified purchases of goods or services that were deemed relevant to terrorist actors’ plots. The amount could be identified in 70 cases for a total of $96,980, which is an average of $1,385 – although this may be a reporting bias; large purchases are more likely to be included in court documents or news stories. This was used on a wide variety of purchases, including travel tickets; firearms (and paraphernalia); bomb-making materials; military gear; and other attack materials. Around half (47 percent) of purchases were made online, for example, Ahmad Khan Rahimi made several purchases on eBay to help him construct a bomb, including circuit boards, citric acid, ball bearings, and firework ignitors. Others used the Internet for considerably more low-tech plots, like Esaamah Abdullah Rahim, who bought three knives from Amazon, one of which he would use in an attempted attack on police officers. Where the method of payment could be identified, there was a prevalence towards the banking sector, with debit and credit card payments making up 57 percent of purchases. Cash accounted for around a quarter, with online payment systems such as PayPal being used in 18 percent of cases. Similarly to the movement of money, actors tended to stick with what they knew, only typically opting for one type of payment method.
Does technology affect the success of terrorists’ plots?
Policy stakeholders have repeatedly pointed towards online financing technologies as being ripe for exploitation. The US Department of Treasury notes that many online person-to-person payment services ‘have not maintained adequate [counter-terror finance] controls…[which] has allowed terrorist financiers to move funds on these platforms.’ The underlying logic of this concern is that such platforms are more likely to go undetected and give terrorists an advantage. Therefore, it is worthwhile to test whether this is the case here.
However, of all the ways in which terrorists opted to move money, only one was correlated with the overall success of plots – using MSBs such as Western Union or MoneyGram. This finding holds even when controlling for the amount of money that is sent. This could tell us something about why terrorists are opting for tried and tested methods rather than innovating. The average amounts of money being sent or used for purchases is low enough that it is unlikely to raise flags with MSBs or require them to fill out Suspicious Activity Reports. Even in the cases in which large amounts of money are being sent, it does not appear that transactions are being met with much resistance.
This is congruent with existing research on terror financing. In their study on lone actors and small terrorist cells, Keatinge and Keen find that the amount of money involved, and the related financial activity, was typically below a threshold that might reasonably flag their behaviour as being connected with terrorism. Similarly, in an analysis of Suspicious Activity Reports in banking and MSB transactions, the US Treasury notes that, most often, they were filed on the basis of derogatory information rather than the suspicious financial activity. In essence, plots are simple and cheap and therefore often do not need to be technologically sophisticated.
If there is one key take away from this research, it is that terrorists are opting for simplicity when it comes to financial transactions; there is little evidence of the adoption of widespread sophisticated financial plots. To conclude, it is worthwhile to consider whether this sample from 2012-2020 is reflective of contemporary and future trends. One potential avenue that has received a lot of attention is the possibility of terrorists utilising cryptocurrencies and taking advantage of much of the operational security that they provide. Recent research by Gartenstein-Ross, Koduvayur, and Hodgson, which focuses on right-wing extremists, finds that several individuals are beginning to adopt this method, including donations to support digital content; paying for merchandise; and making general donations. They use several examples from the 6 January insurrection to demonstrate this point. This suggests that the barriers to entry are not so high as to preclude non-tech experts from using this technology. It is unclear whether this is a difference between right-wing extremism and jihadism, or merely that a dataset from the previous decade has yet to reflect a general move towards more sophisticated technology. It is a plausible, yet underdeveloped, argument that the far-right have a greater affinity towards tech innovations as part of their ideology.
Thinking more broadly, research across several fields, including terrorism, suggests that it is often hostile environments and competition which spur innovation. On this reading, if counter-terror finance becomes more sophisticated at detecting movement and purchases, this may be the catalyst which spurs actors towards using more complex methods.
Joe Whittaker is a Research Fellow at ICCT and a lecturer in Cyber Threats at Swansea University’s Department of Criminology, Sociology, and Social Policy. His primary research interest is online radicalisation. For his doctoral research (Swansea University & Leiden University) he created a database of 231 Islamic State terrorists that operated within the United States and analysed their online behaviours. He also researches how recommendation algorithms promote extremist content; terrorists’ use of video games; as well as how online counter-narratives are deployed. Outside of Terrorism Studies, Joe has research interests in political polarisation on social media and heuristic decision making. Joe is also affiliated with the Cyberterrorism Project in Swansea which, like ICCT, is internationally renowned and takes an interdisciplinary approach to different aspects of Terrorism Studies.
Entenmann, E., and van den Berg, W. Terrorist Financing and Virtual Currencies: Different Sides of the Same Bitcoin? The Interntaional Centre for Counter-Terrorism, Perspective, 1 November 2018
Van der Veer, R. Terrorism in the Age of Technology. The International Centre for Counter-Terrorism, Report for Clingendael’s Strategic Monitor 2019-2020, 11 December 2019
Keatinge, T. Identifying foreign terrorist fighters: The Role of Public-Private Partnership, Information Sharing and Financial Intelligence. The International Centre for Counter-Terrorism and Rusi, Research Paper, 1 July 2015