Hacker Group: Bitcoin Only a 'Small Part' of ISIS Funding

As the European Union considers a Bitcoin crackdown, hackers say most of ISIS's funds still come from oil sales and extortion.

In the wake of the Paris attacks, the European Union is considering cracking down on virtual currencies to curb terrorist funding. But even with ISIS taking in supposed millions of dollars in Bitcoin, does it really amount to that much of its overall funding?

Ghost Security Group, an anti-terrorism hacker collective, says no. Tracking ISIS online since January’s attack on the Charlie Hebdo paper, the group says that while Bitcoin does amount for some of ISIS’ bankroll, the Islamic State is still raising most of its capital the old-fashioned way through “kidnapping, extortion, oil sales, and in some cases, organ harvesting.” We spoke to a Ghost Security Group member, who agreed to an email Q&A on the condition of anonymity, about how private hackers are tracking the new wave of terrorists online.

How long has Ghost Security Group been tracking ISIS Bitcoin accounts? Did the Paris attacks cause you to step up your engagement?

The ISIS Bitcoin address was found back in September, 2015, although we weren’t specially focusing on finding ISIS Bitcoin addresses. We are taking on ISIS online since the Charlie Hebdo attacks, and that address was found while we focused on tracking terrorism in the Deep Web.

The Paris attacks did of course deeply shock us as well as motivate us for the future. It has got all of us determined to continue the fight we’ve put up back in February.

And we’d like to share our most sincere condolences with all friends and family members of the victims.

Have you found ISIS Bitcoin accounts more via being tipped to them or by tracking online usage? If by tracking, can you give a general understanding of how to do that so a layman might understand?

We found that Bitcoin address by infiltrating and by closely following ISIS’ activity online in their communication networks. That includes infiltrators accounts, spying on them, large data analyst and handling. Basically, we act as an activist online to get as much data as possible.

Since the report of the ISIS wallet with the $3 million in Bitcoin was released have you found any other large caches? Are these funds you can freeze yourself through coordinated efforts or do you turn them over to authorities?

Since the report of the 3M$ address — which was found by us BUT analyzed and treated by Lewis Sanders IV from (they did all the work to identify, track, and investigate this address, and they found the 3 million in it) - we found yet another Bitcoin address regarding the “funding of the islamic struggle,” which was in fact a scam which led to silk roads and drugs activity. It was traced and exposed by us.

Those informations are forwarded to U.S. government through Mr. Michael Smith

How long do you believe ISIS has been actively pursuing Bitcoin as a source of funding? Do they favor any other form of cryptocurrency?

We do believe that ISIS recently — when I mean recently, I mean in the three or four last months — started to use Deep Web and cryptocurrency as a tool for their funding, recruitment, and propaganda. We do not know if they are using any other for of it although we believe they won’t since Bitcoin is by far the “biggest” — or current — one. We will still call for other cryptocurrency data in the future.

Has Ghost Security Group done this all alone or have you worked with any other groups like Anonymous?

We are working with many parters as The French “Katiba Des Narvalos,” a counter-terrorism made out of French volunteers (just as us), whose goal is to fight ISIS online by parody and counter-propaganda efforts. We also cooperate with the Peshmerga Cyber Terrorism Unit, but our main partner in this fight is Controlling Section, more than a partner it is our half, a team made of volunteer social networks experts more focused on countering ISIS’s presence on social networks, and analyzing threat and informational data about online and ground terrorism. That cooperation is now up for several months, and we put an important point on how this group shall get as much credit as we get.

We decided to separate from Anonymous multiple month ago, because we believe that collective isn’t made for counter terrorism as they can be counterproductive, suspending important Twitter accounts in terms of intelligence data. This hacktivist movement also generally represent illegal activities, and that’s why we’re separated from it. (More info in our press release.)

What steps — assuming you can reveal them — do you take to ensure you are going after accounts legitimately connected to terrorist groups?

We are making sure to go after only accounts related with terrorist groups by analyzing their tweets, pictures, and connections. Everyday we are making sure we aren’t going after any innocent users by analyzing the targets, although they usually talk loud about their motivations and affiliations

The European Union wants to crack down on Bitcoin regulations in the wake of the Paris attacks. Are there any security measures you think would be wise to implement?

We’ve seen that cryptocurrency is only accountable for a very small percentage of their net income, in a lot of cases, EU is blowing out of proportions that “problem.” We are strong advocates of cryptocurrencies; however if the Islamic State is using cryptocurrencies to some degree, it is not fault of the Bitcoin community. ISIS also uses Toyota vehicles, American weapons, social media, and foreign currencies — none are to blame for their products and services they use as they rely heavily on friendly nation technology.

Related Tags