Over the past few years, several experts have voiced concerns that the Islamic State (also known as ISIS) and other terrorist groups could use cryptocurrencies such as Bitcoin as a new funding stream to further their operations. But in spite of these fears, the use of digital currencies among terrorists is not widespread—yet. Neither terrorist financing methods nor cryptocurrency technology is static, however, and the world could soon see the worst-case scenario unfolding. Greater pressure on existing terrorist finance methods coupled with easier-to-use cryptocurrencies that give users greater anonymity may well lead to a large-scale adoption of the technology by extremists.
At present, cryptocurrencies are hardly a go-to solution for terrorist financiers. Most types afford only limited anonymity, and it is difficult to quickly transfer large amounts of money through these systems. Moreover, there is limited acceptance of digital cash in regions such as the Middle East and North Africa, where many terrorist groups are most active.
Yet as the U.S. Treasury Department and its partners have increasingly denied terrorists access to other parts of the international financial system, new cryptocurrency technologies could provide an attractive alternative. To be sure, gauging whether these new technologies will be adopted, and if so, how quickly, is difficult. The answer depends on a host of unknowns, such as what other technologies are around the corner, how the public uses the new cryptocurrencies, and how useful or safe they prove to be. Digital currencies could be used for general funding; for money laundering; or to pay the personnel, associates, and vendors that keep the terrorist machine running. But there can be barriers to use as well, depending on the type of group and how its operations are financed.
The Current Landscape
ISIS receives most of its funding from sources that require control of territory, including the sale of oil, extortion rackets, and the confiscation of private property. Exact numbers are hard to estimate, but taxation of various sorts is said to account for $360 million in revenue per year. It is likely to continue to rely on these funding sources even as its territorial base in Iraq and Syria shrinks.
The territory-based revenue model restricts the group's ability to use cryptocurrency, partly because the latter is difficult to convert into a form that could be readily used in ISIS-controlled areas. Even if this challenge was solved, the large amounts of money a group such as ISIS would need would also severely limit its ability to traffic in cryptocurrency markets. Even as ISIS leadership seeks more diverse funding sources, it is unlikely to become an early adopter as long as it continues to rely on control of territory for funding.
Or consider al Qaeda. The group's fundraising apparatus relied heavily on foreign support until after 9/11, when the U.S. Treasury Department and international banking regulators cracked down on such sources (PDF). If foreign support is still viable, and al Qaeda supporters feel safe doing so, donations of funds via cryptocurrency could undermine the success of this crackdown. Yet most cryptocurrency offers neither sufficient anonymity nor ease of use for would-be donors, and until that changes, it remains unlikely to become a significant source of funds.
Unlike ISIS and al Qaeda, Hezbollah relies heavily on state sponsorship for financing, eliminating much of the need for access to cryptocurrency. In addition, some traditional banks' accommodation of the group currently makes legally moving money a viable option. At the same time, the group's illegal activities abroad—including its large network of associates in drug and other illicit markets in Latin America's tri-border area—are likely to push it to become an early adopter of the virtual currency. If Hezbollah turns to cryptocurrency, given its role in technology transfer in other domains, it may portend the transfer of the relevant technical expertise to other terrorist groups in the near future.
Finally, “lone wolf” attackers—citizens of Western countries inspired by or remotely directed by international terrorist groups—and smaller regional terrorist organizations are mostly self-financed and do not heavily fundraise. However, some lone wolves and individuals traveling to join ISIS have raised funds via Kickstarter-like campaigns. Although cryptocurrency is not yet a viable method for such funding, current efforts by terrorist groups indicate this may already be changing as technical barriers to its use diminish.
The Cryptocurrency Evolution
De-anonymization is currently the largest issue preventing terrorists from using cryptocurrency.
De-anonymization is currently the largest issue preventing terrorists from using cryptocurrency. Bitcoin and similar currencies allow users the ability to transact without identification, affording partial anonymity, but without user privacy, Western governments can identify and target the funds of these groups. If the terrorists fail to install careful safeguards, preserving this anonymity is unlikely. Just as in other areas of cryptography, the security of transactions can decrease over time as newer attack techniques are developed.
Efforts have also begun to integrate many important cryptocurrency services, such as exchanges where cryptocurrency is bought and sold, into various anti-money-laundering programs in the United States, Europe, and around the world. These regulations require verification of identity and reporting of suspicious transactions and allow law enforcement to investigate users more easily. The more successful a currency becomes, the greater the pressure from users and other stakeholders to work within the traditional financial system and abide by these laws. Greater scrutiny by authorities will inevitably follow.
Additionally, the nations leading counterterrorism finance efforts are among the most sophisticated in terms of cybertechnology, with a wide variety of tools at their disposal. They could attack terrorist groups through vulnerabilities not known to the public. Furthermore, even if the cryptocurrency itself is secure, the computers used for the transactions are vulnerable to the same types of attacks any computer system is, including social engineering, hacking, and physical destruction. Even without these challenges, some terrorist organizations distrust systems funded by Western governments or researchers. This distrust may extend to cryptocurrencies.
Despite these limitations, technological progress promises advances that could accelerate the adoption of cryptocurrency for both lawful and illicit uses, including terrorist financing. Many of the steps currently required to secure anonymous use of cryptocurrencies are not user-friendly, requiring a moderate degree of sophistication and the cumbersome manual transfer of data from secure offline systems. But these usability challenges are likely to fade. Best practices for security will become more widespread as they become easier to use and better known, which has been the case with other technologies, including secure instant-messaging software such as Signal and WhatsApp, which have replaced older and more difficult-to-use programs that were only partially secure.
Some newer cryptocurrencies provide far more robust anonymity, which could harm counterterrorism efforts by undermining a key tool used to track terrorist organizations. Next-generation anonymous currencies such as Zcash and Monero can reduce traceability of transactions that were fixtures in earlier generations of cryptocurrency. Monero greatly increases privacy via cryptographic anonymization, and the ability to hide IP addresses and other advances may be forthcoming. (Recent work (PDF), however, shows that their success is limited.) Zcash, launched late last year, allows secure transactions using a different method that may be extended in the future to allow offline transactions, enabling unrecorded and potentially untraceable transfers that don't rely on clumsy methods like the physical transfer of a cryptocurrency wallet. This would make the use of these currencies viable in parts of the world without reliable Internet access. If these technologies live up to their promise, a major impediment for terrorists and other financial criminals will be removed—at least until even newer ways to attack anonymity and privacy are devised.
For now, cryptocurrencies are unlikely to be stable enough or trusted enough for widespread use—and funding is only one small but critical part of terrorist operations. Although cryptocurrency technologies continue to have significant limitations for terrorist use, those barriers should decline over time and cause the use of digital currency to spread to other groups. Terrorists' embrace of cryptocurrencies is not yet apparent, but it is not likely far off on the horizon.
David Manheim is an policy researcher, assistant at the nonprofit, nonpartisan RAND Corporation and a Ph.D. candidate at the Pardee RAND Graduate School. Patrick Johnston is a political scientist at RAND and specializes in counterinsurgency and counterterrorism, with a particular focus on Afghanistan, Iraq, and the Philippines. Joshua Baron is an information scientist specializing in cyberspace operations and cryptography at RAND. Cynthia Dion-Schwarz is a senior analyst at RAND.
This commentary originally appeared on Foreign Affairs on April 21, 2017. Commentary gives RAND researchers a platform to convey insights based on their professional expertise and often on their peer-reviewed research and analysis.