Chapter 2: Terrorist Financing

While the fund required for a terrorist act may be as small as US$400, the process of recruiting, training and sustaining sleeper operations over years requires significant amounts of money. The Super Ferry 14 attack, the most maritime lethal attack in Southeast Asia cost US$400.

Since it is becoming more difficult for terrorists to raise funds from charities, they have resorted to money laundering. Terrorists are now working with drug traffickers and criminals to make and launder the proceeds of crimes like fraud, prostitution, intellectual property theft, smuggling - this is now routine for them.

Terrorists use low value but high volume fraud activity to fund their operations. Paramilitary groups in Northern Ireland are using legitimate businesses such as hotels, pubs and taxi operators to launder money and fund political activities. Even beyond Ireland, terrorists are buying out/controlling front-end businesses especially cash-intensive businesses including in some cases money services businesses to move monies. Bulk cash smuggling and placement through cash-intensive businesses is one typology. They are now also moving monies through the new online payment systems. They also use trade-linked schemes to launder monies. Nonetheless, the older systems have not given way. Terrorists also continue to move monies through MSBs/Hawalas, and through international ATM transactions. Charities also continue to be used in countries where controls are not so stringent.

Operation Green Quest was the US multi-agency task force set up in October 2001 to combat terrorist financing and had developed a checklist of suspicious activities. The following patterns of activity indicate collection and movement of funds that could be associated with terrorist financing:

  1. Account transactions that are inconsistent with past deposits or withdrawals such as cash, travellers’ cheques, personal cheques, and wire transfers.
  2. Transactions involving a high volume of incoming or outgoing wire transfers, with no logical or apparent purpose that come from, go to, or transit through locations of concern, that is, sanctioned countries, non-cooperative nations and sympathiser nations.
  3. Unexplainable clearing or negotiation of third party cheques and their deposits in foreign bank accounts.
  4. Structuring at multiple branches or the same branch with multiple activities.
  5. Corporate layering, transfers between bank accounts of related entities or charities for no apparent reasons.
  6. Wire transfers by charitable organisations to companies located in countries known to be bank or tax havens.
  7. Lack of apparent fund raising activity, for example, a lack of small cheques or typical donations associated with charitable bank deposits.
  8. Using multiple accounts to collect funds that are then transferred to the same foreign beneficiaries.
  9. Transactions with no logical economic purpose, that is, no link between the activity of the organisation and other parties involved in the transaction.
  10. Overlapping corporate officers, bank signatories, or other identifiable similarities associated with addresses, references and financial activities.
  11. Cash debiting schemes in which deposits in the US correlate directly with ATM withdrawals in countries of concern. Reverse transactions of this nature are also suspicious.
  12. Issuing cheques, money orders or other financial instruments, often numbered sequentially, to the same person or business, or to a person or business whose name is spelt similarly.

Even as legislation has shifted and improved over the last 2 decades, the impact of terrorist financing through patterns listed has now come to include the use of the cyber domain through the use of cryptocurrency and even the crowdsourcing of funds to conduct illicit activities.

In 2018, the US government listed a comprehensive strategy to combat terrorism and other illicit activities. This was spelt out in the revised CT Financing legislation that brought together a multi-agency framework to manage and mitigate the threat posed by terrorist financing. The multi-agency framework used “law enforcement, financial sanctions, and other financial measures to dismantle and disrupt terrorist financing networks, closing existing gaps in the US financial system that have been used to facilitate TF, and engage with foreign partners and the private sector to develop a secure global framework that will effectively deny terrorist groups the ability to access the international financial system to raise, move and use funds.” (National Terrorist Financing Risk Assessment, 2018)

The findings of the NTFRA raised a seep seated point of contention, i.e. the “most common type of TF activity in the United States involves individuals who knowingly provide funds to terrorists, terrorist groups, or their supporters abroad. This includes multiple groups designated by the United States as foreign terrorist organisations (FTOs), including the Islamic State of Iraq and Syria (ISIS) and its regional affiliates, Al-Qaida (AQ) and its regional affiliates Al Nusra Front (ANF), Al Shabaab, Hezbollah and Hamas.” (National Terrorist Financing Risk Assessment, 2018)

Challenges Arising from Quantum and Process

With the challenge arising from the self-styled Islamic State (IS), there have been several case studies that highlight some of these dominant challenges. Tasmina Salsabila, an Indonesian migrant worker in Hong Kong, significantly assisted Katibah al-Iman’s recruitment and funding. Tasmina recruited Riswandi alias Iwan, who is skilled in bomb making, and her husband, Zainal, into Katibah al-Iman. She additionally recruited Syuhada Umar, a pro-IS supporter based in Bekasi, a suburb of Jakarta, into Katibah al-Iman. Furthermore, Tasmina funded Katibah al-Iman, transferring 8 million rupiah (US$615) for the group’s armament. (Jerard, 2016).

The cell, led by Abu Gar, which conducted the first IS attack in Southeast Asia in Thamrin Jakarta, received 200 million rupiah (US$15,384) from an Indonesian IS fighter and leader of Katibah Masyaariq, Abu Jandal, in 2015. While in prison, Aman Abdurrahman summoned Abu Gar and instructed him to copy the Paris attack. Aman Abdurrahman noted that the instruction came from IS. Rois alias Iwan Darmawan Muntho, who was also incarcerated in Nusa Kambangan, assisted Abu Gar in materialising the plan. Hendro Fernando, who was arrested in Bekasi after the Jakarta attacks, led the fourth cell. (Jerard, 2016).

Another cell leader in Indonesia Hendro received a total of 1.3 billion rupiah (US$97,000) from the leader of Katibah Nusantara, Bahrumsyah, in several instalments throughout 2015. The money was channelled to the pro-IS groups in the region, Mujahidin Indonesia Timur (MIT) and Ansharul Khilafah Philippines (AKP), as well as to fund plots to attack Bali and Jakarta’s main airport and an international school. (Jerard, 2016). The money sent would help to facilitate operations on Southeast Asia.

2.1 Activities

It would be difficult to determine by the activity alone whether the particular act was related to terrorism or to organised crime. For this reason, these activities must be examined in context with other factors in order to determine a terrorist financing connection. Simple transactions can be found to be suspect and money laundering derived from terrorism will typically involve instances in which simple operations had been performed (retail foreign exchange operations, international transfer of funds) revealing links with other countries including FATF blacklisted countries. Some of the customers may have police records, particularly for trafficking in narcotics and weapons and may be linked with foreign terrorist groups. The funds may have moved through a state sponsor of terrorism or a country where there is a terrorism problem. A link with a Politically Exposed Person (PEP) may ultimately link up to a terrorist financing transaction. A charity may be a link in the transaction. Accounts (especially student) that only receive periodic deposits withdrawn via ATM over two months and are dormant at other periods could indicate that they are becoming active to prepare for an attack.

2.2 Sixth Column

We saw earlier that the Internet according to Rappa is a “sixth column” of protest. But it is also a site where terrorists can inflict grave damage as seen in the Stuxnet virus.

Stuxnet is a kind of PC inhabiting “worm” that first emerged in the summer of 2010. The worm attacks industrial-scale software and their attendant processes. Existing PC anti malware and anti-viruses as well as anti-anti virus viruses may evolve into more powerful versions in future. Stuxnet was a myth that has become part of the reality of cyberculture. According to Computerworld, September 16, 2010:

The Stuxnet worm is a "groundbreaking" piece of malware so devious in its use of unpatched vulnerabilities, so sophisticated in its multipronged approach, that the security researchers who tore it apart believe it may be the work of state-backed professionals. "It's amazing, really, the resources that went into this worm," said Liam O Murchu, manager of operations with Symantec's security response team. "I'd call it groundbreaking," said Roel Schouwenberg, a senior antivirus researcher at Kaspersky Lab. In comparison, other notable attacks, like the one dubbed Aurora that hacked Google's network and those of dozens of other major companies, were child's play. O Murchu and Schouwenberg should know: They work for the two security companies that discovered that Stuxnet exploited not just one zero-day Windows bug but four -- an unprecedented number for a single piece of malware.

Is the Stuxnet virus to become part of the cyber-counter-culture? In the world of viruses and egoistic hacking of computers, newer versions of it are likely to take its place.

2.3 Cyber Culture

Cyberculture is the culture that has emerged, or is emerging, from the use of computer networks for communication, entertainment and business. It is also the study of various social phenomena associated with the Internet and other new forms of network communication, such as online communities, online multi-player gaming, and e-mail usage.

Since the boundaries of cyberculture are difficult to define, the term is used flexibly, and its application to specific circumstances can be controversial. It generally refers at least to the cultures of virtual communities, but extends to a wide range of cultural issues relating to "cyber-topics", e.g. cybernetics, and the perceived or predicted cyborgization of the human body and human society itself. It can also embrace associated intellectual and cultural movements, such as cyborg theory and cyberpunk. The term often incorporates an implicit anticipation of the future.

Cyberculture is a wide social and cultural movement closely linked to advanced information science and information technology; their emergence, development and rise to social and cultural prominence between the 1960s and the 1990s. Cyberculture was influenced at its genesis by those early users of the Internet, frequently including the architects of the original project. These individuals were often guided in their actions by the hacker ethic. While early cyberculture was based on a small cultural sample and its ideals, the modern cyberculture is a much more diverse group of users and the ideals that they espouse.

Manifestations of Cyberculture include various human interactions mediated by computer networks. They can be activities, pursuits, games, places and metaphors, and include a diverse base of applications. Some are supported by specialised software and others work on commonly accepted web protocols. Examples include but are not limited to:

  1. Blogs
  2. Social networks
  3. Games
  4. Chat
  5. Usenet
  6. Bulletin Board Systems
  7. E-Commerce
  8. Peer-to-peer file sharing
  9. Virtual worlds

There are several qualities that cybercultures share that make them warrant the prefix “cyber-“. Some of those qualities are that cyberculture:

  1. Is a community mediated by ICTs.
  2. Is culture “mediated by computer screens.”
  3. Relies heavily on the notion of information and knowledge exchange.
  4. Depends on the ability to manipulate tools to a degree not present in other forms of culture.
  5. Allows vastly expanded weak ties and has been criticised for overly emphasising the same.
  6. Multiplies the number of eyeballs on a given problem, beyond that which would be possible using traditional means, given physical, geographic, and temporal constraints.
  7. Is a “cognitive and social culture, not a geographic one.”
  8. Is “the product of like-minded people finding a common ‘place’ to interact.”
  9. Is inherently more “fragile” than traditional forms of community and culture.

2.4 Cyber Crime

Cybercrime refers to any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. Netcrime refers, more precisely, to criminal exploitation of the Internet. Issues surrounding this type of crime have become high-profile, particularly those surrounding hacking, copyright infringement, child pornography, and child grooming. There are also problems of privacy when confidential information is lost or intercepted, lawfully or otherwise.

Computer crime encompasses a broad range of potentially illegal activities. Generally, however, it may be divided into one of two types of categories: (1) crimes that target computer networks or devices directly; (2) crimes facilitated by computer networks or devices, the primary target of which is independent of the computer network or device.

Cyberterrorism in general, can be defined as an act of terrorism committed through the use of cyberspace or computer resources. As such, a simple propaganda in the Internet, that there will be bomb attacks during the holidays can be considered cyberterrorism. As well, there are also hacking activities directed towards individuals, families, organised by groups within networks, tending to cause fear among people, demonstrate power, collecting information relevant for ruining peoples' lives, robberies, blackmailing, etc.

By extension, the use of cybercrime expertise by terrorist and extremists cannot be negated. The liberal sale of expertise on the deep web and dark web has facilitated access to resources and the sale of skill sets at an unprecedented pace.

Cyberextortion is a form of cyberterrorism in which a website, e-mail server, or computer system is subjected to repeated denial of service or other attacks by malicious hackers, who demand money in return for promising to stop the attacks. According to the Federal Bureau of Investigation, cyberextortionists are increasingly attacking corporate websites and networks, crippling their ability to operate and demanding payments to restore their service. More than 20 cases are reported each month to the FBI and many go unreported in order to keep the victim's name out of the domain. Perpetrators typically use a distributed denial-of-service attack.

The US Department of Defense (DoD) notes that cyberspace has emerged as a national-level concern through several recent events of geo-strategic significance. Among those are included the attack on Estonia's infrastructure in 2007, allegedly by Russian hackers. "In August 2008, Russia again allegedly conducted cyber attacks, this time in a coordinated and synchronised kinetic and non-kinetic campaign against the country of Georgia. Fearing that such attacks may become the norm in future warfare among nation-states, the concept of cyberspace operations impacts and will be adapted by warfighting military commanders in the future.