Image Source: SecurityIntelligence
In January 2009, Bitcoin became the first cryptocurrency available for public purchase. However, it wasn’t until two years later that the cryptocurrency saw its first real spike in popularity when the value reached (and passed) $1. Since the introduction of Bitcoin, over 21,000 different cryptocurrencies have popped up in the market, and approximately 21% of Americans have owned crypto as of 2022. However, cryptocurrency also has high anonymity and low regulation. Those aspects are exactly what makes cryptocurrency a rising transnational threat.
Cryptocurrencies, for those who are not chronically online, are a decentralized payment method that keeps ownership logs via a difficult-to-track, decentralized blockchain record. In fact, popular cryptocurrencies, like Bitcoin, were specifically created to eliminate the control, oversight, and fees associated with typical fiat transactions. Centralized currencies, like traditional governmental fiat currencies (the dollar, euro, yen, etc.), record all transactions on a central server. Decentralization allows cryptocurrency users to have “pseudo-anonymity” and make transactions without being easily identified.
This pseudo-anonymity and decentralized nature pose a threat to international security. As cryptocurrencies gain popularity and relevance to the international system, security forces both domestically and abroad must grapple with their implications on international crime and terrorism. Around 100 new cryptocurrencies are created each day, and some are harder to track than others. This creates a new modern-day security dilemma: how are states supposed to financially prevent international crime and terrorism when the transactions are untraceable?
Whereas banks and fiat currencies are highly regulated, the crypto space remains, largely, the wild west of financing. While Hollywood depicts criminals smuggling money in duffle bags or laundering it through fake businesses, crypto allows them a much easier route to store and access their ill-gotten funds.
Cybercrime, particularly those that involve the use of ransomware (a form of malware that locks the user out of their files or their device, then demands a payment to restore access), is on the rise. Most notably, the Colonial Pipeline ransomware attack caused a rush on a piece of critical American infrastructure, gas. DarkSide, the hacking group confirmed by the FBI to be behind the attack, received its payment in Bitcoin, and only around half of that amount was able to be recovered. Hacks like this cause economic damage and critical infrastructure breakdowns both of which can damage international security. The US Department of Justice just recently intercepted a ransomware group referred to as “Hive” following a months-long effort. According to the DOJ press release, Hive targeted more than 1,500 victims worldwide since June 2021 including hospitals, school districts, financial firms, and critical infrastructure. This group asked for its ransom in the form of cryptocurrency.
Your organization can work to prevent these types of cybercrime hacks, but almost all of that work has to be done ahead of time and maintained vigorously. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) recommends that you regularly backup your files and store them on a separate device, as well as train your employees on safe internet practices and policies. However, after you have been attacked, there is not much that can be done to recoup your funds or what you lost. This has devastating effects on small and big businesses.
The same anonymity that is good for international financial crime can also be beneficial for financing terrorist organizations, which means that we are hurtling toward a pre-9/11 system of terrorist financing. Most terrorist financiers are blacklisted by banks, making digital currency an appealing alternative. Compliance experts have stated that terrorists can also reap benefits from cryptocurrency because international officials aren’t up to date on the technology, and all terrorists need to collect these payments is internet access. Crypto subverts almost all of the rules preventing financial support for terrorist organizations and will make most of the financial tracking work done by the United States after 9/11 obsolete.
While hackers and ransomware groups have been able to embrace and harness the crypto movement, terrorists are lagging behind on using crypto for illicit purposes. In many instances, terrorists, especially jihadists, operate in areas that don’t lend themselves to using crypto effectively. Despite this, the Center on Sanctions and Illicit Finance has tracked and documented multiple jihadist crypto fundraising campaigns on social media. Domestically, according to Oren Segal, head of the Anti-Defamation League’s Center on Extremism, white supremacists, as they become more tech-savvy, will likely learn how to harness Bitcoin and other cryptocurrencies for their illicit purposes.
While not common, some groups are harnessing this technology. Recently, Victoria Jacobs, a New York City woman, was arrested and charged for using cryptocurrency to support Hay’at Tahrir al-Sham in Syria. She was also accused of laundering $10,661 for the group. Researchers at RAND have identified multiple factors that could lead to further terrorist adoption of cryptocurrencies, including the growing market, widespread adoption, and lack of cohesive oversight.
What is Being Done Now?
Almost every country in the world has a different set of approaches to cryptocurrencies. This disuniform approach poses a problem for how to track those who use the system for criminal activity. Policies around the world range from ignoring to fully banning the use of electronic currencies. However, just because a country issues a ban on these transactions does not mean that ban is enforced or monitored. For example, Russia bans the use of cryptocurrency, and violation of that law can lead to imprisonment. However, Russia does not particularly enforce that law as demonstrated by the fact that Russia is well-known for having some of the largest criminal hacking networks in the world.
Alternatively, the United States currently works toward solving these issues on a case-by-case basis, like prosecuting individuals or working to recover ransomed funds. However, these actions are often too little too late. Some companies that were the victims of ransomware attacks had devastating financial impacts and closed their doors after not being able to recover. Essentially, the United States is placing a bandaid over the real problem: we are sitting idly by while cryptocurrency is used by adversarial forces.
Where Do We Go From Here?
Crypto’s susceptibility to use by criminals and terrorists is by no means a condemnation of cryptocurrency as a whole. Rather, this article should serve as a warning to policymakers. Technology, as is true in nature, must be adapted to, or we will be left behind. This is not a doom and gloom prediction, but instead a doom and gloom warning. We have time to act now before this issue irreversibly impacts the international community forever.
The international community must find the time and willpower to move on regulating the wild west of cryptocurrencies. The United States is notoriously slow-moving when it comes to regulating the tech sector. The rest of the world varies, but an issue like this requires an international consensus. Some groups, like RAND and the United Nations, have been warning of this issue for some time, asking policymakers to get out ahead of the problem before it balloons.
As Yaya Fanusie said in his Congressional testimony, the adoption of cryptocurrencies for illicit purposes will grow as more members of the general public begin to use them in their everyday lives. This problem will continue to grow until it is too large to fix. Major world powers should advocate for more regulation and international cooperation of cryptocurrencies. This would be no different than what has already been done with the international banking system. This regulation could stop or mitigate these illegal transactions. Stepping out in front of this problem now could prevent devastating ransomware and terrorist attacks.