The Islamic State of Iraq and Syria (ISIS) has been called the world’s richest terror group. While the group generates the majority of its funds through oil fields seized in northern Iraq and Syria, it still relies on a number of other ways to secure financing. Donations from wealthy sympathizers greatly helped ISIS when it was first established. However, now that global governments are aware of ISIS and actively look to track and block all funding efforts through banking channels, donations have become harder to receive. These difficulties have not stopped ISIS from seeking ways to bypass sanctions and money-laundering filters, however. The group has begun to use cryptocurrencies such as Bitcoins as it looks for anonymous and untraceable ways to transfer money.

Bitcoins

Virtual currency is an electronic cryptocurrency used to purchase both virtual and actual goods and services. It is not contractually backed by assets or legal currency laws, it is not controlled by a central authority and it is not a tangible good. Bitcoins can be sent to anyone who has an Internet connection.

The first step in dealing in this type of currency is to set up a virtual wallet where Bitcoins and their transaction history are stored. According to CoinDesk, the wallet houses a file of secure digital keys used to access your public Bitcoin address and sign transactions. They are traded by sharing a wallet’s anonymous private identification number with the merchant or peer.

Wallets are a way to store the digital documentation of the Bitcoin value and grant access to users to spend them. There are many kinds of virtual wallets, with the most popular forms being desktop wallets, Web-based wallets and mobile wallets.

  • Desktop Bitcoin Wallets: Desktop wallets offer the most security and anonymity. This type of wallet is a software program that is downloaded onto a user’s computer. Desktop wallets process user transactions, allow users to create new addresses and store the user’s private key.
  • Web-Based Bitcoin Wallets: Web-based wallets store a user’s private key online via a main computer or server that is connected to the Web. Web-based wallets allow for more flexibility as they connect to a user’s desktop wallet and mobile device wallet. However, Web-based wallets have greater risks than desktop wallets. According to Bitcoin Reporter, these wallets hold user keys, leaving users vulnerable to any difficulties the service experiences, such as hackings, regulatory problems and technical issues.
  • Mobile-Based Bitcoin Wallets: Mobile wallets work via smartphones. Users must download an app to access their virtual currencies. These apps are simple vehicles into your wallet that you can use on your smartphone. They only use a subset of the block chain and rely on other networks to ensure all the correct information is there for the transaction to take place.

The ISIS-Bitcoin Nexus

Like most forms of technology, fraudsters, criminals and terror groups will find ways to exploit them for nefarious uses — Bitcoin is no different. Due to its anonymity and untraceabilitiy, it is used for criminal activities such as laundering money, buying and selling illegal goods and services and transferring money to support criminal or terror activities. Al-Khilafah Aridat: The Caliphate Has Returned, a pro-ISIS blog, discusses how Bitcoins can be used to fund the caliphate. The post states that they are untraceable by Western governments and, therefore, they will not be stopped by regulatory screening processes. The blog then discusses the decentralized nature of virtual currencies, specifically stating that they are able to access markets that cross all borders and nation-state regulations to send money instantly and in a way that is untraceable by “Kafir” governments.

In an additional step to keep the senders’ and receivers’ identities secret, the blog post discusses the use of dark wallets. Dark wallets offer Bitcoin users more protection in relation to privacy and identity. It is also widely known that dark wallets may enable serious crimes such as murder, child pornography, drug and weapon sales and terror group financing.

According to the blog, Bitcoins are an entirely anonymous donation system that could send millions of dollars instantly from the United States, United Kingdom, South Africa, Ghana, Malaysia and Sri Lanka.

On Oct. 13, Reddit’s Bitcoin forum discussed how the ISIS blog site was accepting Bitcoin as a form of payment on the Swedish/Latvian conversion site Yourserver.se. The blog claims the payments are strictly for maintenance and hosting the website. Reports indicate that Yourserver.se closed the account, claiming it has a strict terms and conditions policy that prohibits using its service for illegal activities. Yourserver.se lists its terms of service on its site and bans the following:

  • Anything forbidden by Swedish law;
  • Spamvertising websites;
  • Malicious software such as mail and network bombers, spam, virus operation software and control centers;
  • Scam and phishing websites such as fake eBay, PayPal and bank login forms;
  • Network abuse (i.e., network scanning).

Analyst Comments

It is not surprising that ISIS would begin to adapt to using cryptocurrencies as a way to receive funds; the group has proven to be quite skillful with technology and social media. ISIS has been known to spread propaganda, recruit individuals and seek funds through tools such as Twitter, Facebook, YouTube and Ask.fm.

There are some challenges with how ISIS would turn Bitcoins into physical currency in the states in which it operates. Many ISIS-controlled territories do not have the technology to extract high amounts of Bitcoins for cash. However, nearby Turkey, Israel and Dubai all have a small but flourishing Bitcoin community, with a few Bitcoin ATMs available. Bitcoin ATMs work just like bank ATMS and are electric communication devices that allow Bitcoins to be exchanged for cash without the need for a cashier. It is important to note that some models only allow for the purchasing of Bitcoins. When a Bitcoin ATM is not available, users can sell them online; however, this type of sale often requires users to verify their identity.

More from Banking & Finance

Unveiling the latest banking trojan threats in LATAM

9 min read - This post was made possible through the research contributions of Amir Gendler.In our most recent research in the Latin American (LATAM) region, we at IBM Security Lab have observed a surge in campaigns linked with malicious Chrome extensions. These campaigns primarily target Latin America, with a particular emphasis on its financial institutions.In this blog post, we’ll shed light on the group responsible for disseminating this campaign. We’ll delve into the method of web injects and Man in the Browser, and…

PixPirate: The Brazilian financial malware you can’t see

10 min read - Malicious software always aims to stay hidden, making itself invisible so the victims can’t detect it. The constantly mutating PixPirate malware has taken that strategy to a new extreme. PixPirate is a sophisticated financial remote access trojan (RAT) malware that heavily utilizes anti-research techniques. This malware’s infection vector is based on two malicious apps: a downloader and a droppee. Operating together, these two apps communicate with each other to execute the fraud. So far, IBM Trusteer researchers have observed this…

New Fakext malware targets Latin American banks

6 min read - This article was made possible thanks to contributions from Itzhak Chimino, Michael Gal and Liran Tiebloom. Browser extensions have become integral to our online experience. From productivity tools to entertainment add-ons, these small software modules offer customized features to suit individual preferences. Unfortunately, extensions can prove useful to malicious actors as well. Capitalizing on the favorable characteristics of an add-on, an attacker can leverage attributes like persistence, seamless installation, elevated privileges and unencrypted data exposure to distribute and operate banking…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today