The Islamic State of Iraq and Syria (ISIS) has been called the world’s richest terror group. While the group generates the majority of its funds through oil fields seized in northern Iraq and Syria, it still relies on a number of other ways to secure financing. Donations from wealthy sympathizers greatly helped ISIS when it was first established. However, now that global governments are aware of ISIS and actively look to track and block all funding efforts through banking channels, donations have become harder to receive. These difficulties have not stopped ISIS from seeking ways to bypass sanctions and money-laundering filters, however. The group has begun to use cryptocurrencies such as Bitcoins as it looks for anonymous and untraceable ways to transfer money.

Bitcoins

Virtual currency is an electronic cryptocurrency used to purchase both virtual and actual goods and services. It is not contractually backed by assets or legal currency laws, it is not controlled by a central authority and it is not a tangible good. Bitcoins can be sent to anyone who has an Internet connection.

The first step in dealing in this type of currency is to set up a virtual wallet where Bitcoins and their transaction history are stored. According to CoinDesk, the wallet houses a file of secure digital keys used to access your public Bitcoin address and sign transactions. They are traded by sharing a wallet’s anonymous private identification number with the merchant or peer.

Wallets are a way to store the digital documentation of the Bitcoin value and grant access to users to spend them. There are many kinds of virtual wallets, with the most popular forms being desktop wallets, Web-based wallets and mobile wallets.

  • Desktop Bitcoin Wallets: Desktop wallets offer the most security and anonymity. This type of wallet is a software program that is downloaded onto a user’s computer. Desktop wallets process user transactions, allow users to create new addresses and store the user’s private key.
  • Web-Based Bitcoin Wallets: Web-based wallets store a user’s private key online via a main computer or server that is connected to the Web. Web-based wallets allow for more flexibility as they connect to a user’s desktop wallet and mobile device wallet. However, Web-based wallets have greater risks than desktop wallets. According to Bitcoin Reporter, these wallets hold user keys, leaving users vulnerable to any difficulties the service experiences, such as hackings, regulatory problems and technical issues.
  • Mobile-Based Bitcoin Wallets: Mobile wallets work via smartphones. Users must download an app to access their virtual currencies. These apps are simple vehicles into your wallet that you can use on your smartphone. They only use a subset of the block chain and rely on other networks to ensure all the correct information is there for the transaction to take place.

The ISIS-Bitcoin Nexus

Like most forms of technology, fraudsters, criminals and terror groups will find ways to exploit them for nefarious uses — Bitcoin is no different. Due to its anonymity and untraceabilitiy, it is used for criminal activities such as laundering money, buying and selling illegal goods and services and transferring money to support criminal or terror activities. Al-Khilafah Aridat: The Caliphate Has Returned, a pro-ISIS blog, discusses how Bitcoins can be used to fund the caliphate. The post states that they are untraceable by Western governments and, therefore, they will not be stopped by regulatory screening processes. The blog then discusses the decentralized nature of virtual currencies, specifically stating that they are able to access markets that cross all borders and nation-state regulations to send money instantly and in a way that is untraceable by “Kafir” governments.

In an additional step to keep the senders’ and receivers’ identities secret, the blog post discusses the use of dark wallets. Dark wallets offer Bitcoin users more protection in relation to privacy and identity. It is also widely known that dark wallets may enable serious crimes such as murder, child pornography, drug and weapon sales and terror group financing.

According to the blog, Bitcoins are an entirely anonymous donation system that could send millions of dollars instantly from the United States, United Kingdom, South Africa, Ghana, Malaysia and Sri Lanka.

On Oct. 13, Reddit’s Bitcoin forum discussed how the ISIS blog site was accepting Bitcoin as a form of payment on the Swedish/Latvian conversion site Yourserver.se. The blog claims the payments are strictly for maintenance and hosting the website. Reports indicate that Yourserver.se closed the account, claiming it has a strict terms and conditions policy that prohibits using its service for illegal activities. Yourserver.se lists its terms of service on its site and bans the following:

  • Anything forbidden by Swedish law;
  • Spamvertising websites;
  • Malicious software such as mail and network bombers, spam, virus operation software and control centers;
  • Scam and phishing websites such as fake eBay, PayPal and bank login forms;
  • Network abuse (i.e., network scanning).

Analyst Comments

It is not surprising that ISIS would begin to adapt to using cryptocurrencies as a way to receive funds; the group has proven to be quite skillful with technology and social media. ISIS has been known to spread propaganda, recruit individuals and seek funds through tools such as Twitter, Facebook, YouTube and Ask.fm.

There are some challenges with how ISIS would turn Bitcoins into physical currency in the states in which it operates. Many ISIS-controlled territories do not have the technology to extract high amounts of Bitcoins for cash. However, nearby Turkey, Israel and Dubai all have a small but flourishing Bitcoin community, with a few Bitcoin ATMs available. Bitcoin ATMs work just like bank ATMS and are electric communication devices that allow Bitcoins to be exchanged for cash without the need for a cashier. It is important to note that some models only allow for the purchasing of Bitcoins. When a Bitcoin ATM is not available, users can sell them online; however, this type of sale often requires users to verify their identity.

More from Banking & Finance

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…