Getting ahead of the cyber game

As part of its commitment to counter terrorism, the City of London Police supported Paul Carroll in an MSc in this field.  He interviewed four leading cyber security professionals on the appetite of Islamist terrorists to utilise cyber and makes the case for further research and training on collaborative strategies to counter cyber-related terrorism finance.

While there is a significant body of empirical research on traditional terrorist financing, our understanding of the extent of the use of cyber by terrorist financers is underdeveloped. As cyber-related criminality is growing, and terrorists have historically borrowed fundraising techniques from criminals, it is an issue warranting greater attention within terrorism studies.

Learning from the experts

Four subject matter experts were asked to discuss whether Islamist terrorist organisations could utilise cyber, and more specifically cryptocurrencies, to raise and transfer finance, now and in the future. The experts were: a lead government cyber security professional; a Detective Inspector and Deputy Director of the Economic Crime Academy, City of London Police; a financial crime compliance director in the banking sector; a researcher at a major policy think tank and former investment banker.

The limitations of cyber for terrorist financing

The four experts were initially, and understandably, dismissive of any significant use of cyber within terrorism finance. It was suggested that traditional methods have greater appeal, and still prove beneficial, regardless of geographic location. This may be for a number of reasons. First, licit and illicit enterprise can have multiple strategic and operational objectives beyond the financial. For example, legitimate companies in high unemployment areas not only raise funds but can also strengthen a group’s political and social capital by providing local jobs. If the company is involved in cross-border trade, then it could be used as a front to smuggle people or arms. In another example, extortion raises money while signalling a group’s authority over a community and the weakness of the state.

Second, the choice of terrorist financial streams is limited by start-up capital, the skills available to the group and geographical location.

The initial investment, digital infrastructures and expertise needed to raise or move money through cyber may not be available, may not represent a worthwhile investment and the creation of a digital footprint may be too risky for risk-adverse terrorist financers, especially when there are well-grounded fundraising tools already in place. For example, why invest money and time in an online scam which can be traced when a donation plate can be passed around at a wedding for no cost and with little risk?

Or why steal money from a bank by hacking when your organisation has existing expertise in tiger kidnapping?

A potential to shift to cyber to fund terrorism

The four experts acknowledged that the lack of quality data means that there may be more terrorism finance activity within the cyber domain than is empirically known. The use of cyber and crypto-currencies may not be seen as a current threat, but there was agreement that it could be used in the future by some terrorist financers, depending largely on their geographical profile and capability. Terrorist organisations, and criminal networks in general, are very good at adapting to their changing surroundings. As technology makes it easier to use and access cryptocurrencies and the Dark Web, they become more routine aspects of our lives which generate more criminal opportunities, which terrorist financers may take advantage of. The shift to cyber could also result, for some financers, as a response to law enforcement and preventive interventions against traditional terrorism finance methods.

Training needed for security services

Bespoke training of security services and wider organisations now could put us one step ahead. Fundamental gaps have been highlighted, which if not filled, might prevent effective progression of counter terrorism finance efforts. In fact, one of our participants – a researcher at a major policy think tank and former investment banker – reflected that ‘counter’ terrorism finance is perhaps the wrong turn of phrase. Instead, the objective should be not simply to counter finance, but to ‘use’ it as intelligence to identify perpetrators and counter terrorism as a whole.

As such, there is a need to develop an effective, collaborative terrorism finance intelligence gathering platform. But for this to gain momentum, it is proposed that there are two distinct areas which need to be considered as a starting point: 1) improved data collection, which places financial meta-data in geographical context, and 2) bespoke and collaborative cyber-terrorist financing training to facilitate the collection of such data.

Improved data collection: Geographic Financial Profiling

The meta–data of terrorism finance will not be a ‘one size fits all’. Depending on where you are situated geographically, financial behaviours can vary considerably, in particular with regards to the standards of infrastructure and capability to support cyber-related ventures. By deciphering geographic profiles of how individuals might raise, send and receive finance, more context will be provided from which to make assumptions regarding financial behaviours, and to recognise any shift in methodology.

This recommendation proposes that there are four sub-categories which this geographic financial profiling should be matched against, specifically in relation to Islamic terrorist organisations. Each category relates to the direction of travel of the finance or financer.

Local: finances are raised in the local or national base of an organisation in the East and are used for operational purposes in that locality (i.e. the money is generated and stays in Syria). This situation requires a steady flow of income to pay for high operational and organisational costs. The lack of cyber infrastructure and need for traditional currency within a cash-based system means that there may be a reliance on traditional means of financing.

Local > Foreign: finances are raised in the local or national base of the organisation in the East but are moved to another country for operational purposes (i.e. the money is generated in Syria and then moved to Europe). This situation may require, for example, returning foreign fighters to physically carry money back to Europe to pay for operational costs.

Foreign: finances are raised in a country outside the organisation’s base in the East and are used for operational purposes in that locality (i.e. the money is generated and stays in Europe). Here a range of licit and illicit enterprises could be used to generate money to pay for relatively small welfare and operational costs. The cyber infrastructure in the West could facilitate a greater use of cyber financing, especially as cyber becomes more routine in everyday life.

Foreign > Local: finances are raised in a country outside the organisation’s base in the East and are moved for operational purposes to the base country (i.e. the money is generated in Europe and then moved back to Syria).

By focusing on these geographic channels of finance flow, profiles might be created that actually pertain to the infrastructure and financial behaviours of the said geographical location where the finance is raised or moved to. This will not depict individual behaviours of terrorists themselves but will set a backdrop against which certain behaviours might be pre-empted. For example, terrorist financers from the East might be influenced by exposure to geographical locations in the West with stronger infrastructure, acquiring cyber-related specialism, through the guidance of those already well versed in the use of cyber to raise and transfer finance.

It’s possible that an increase in cyber capability might be influenced by a more transient terrorist organisation, with members passing from local to foreign and vice versa more frequently, as well as a shift to a younger generation more adept in the use of cyber.

Training – a collaborative approach

We propose that a terrorism finance module should be written into the standard training delivered to all financial investigators in the police service. Consideration should be made to expand its delivery to all investigators, as well as to explore the potential of delivery to a broad spectrum of organisations. From international organisations to small businesses, all have a vested interest in the training delivered and a responsibility to identify and report unusual financial behaviour, especially that which might pertain to a terrorist organisation and its members.

The researchers consider the resourcing and collaborative approach of this proposal to be fundamental in achieving a cohesive process, ensuring the continuity of terrorism finance intelligence gathering across organisations nationally and perhaps internationally.

Paul Carroll

City of London Police, Dr James Windle Acting Head of Criminology

University College of Cork