This article is written by Ms Aporva Shekhar from KIIT School of law. This article is a brief introduction to cryptocurrency and its relationship with darknet transactions and terrorism.
Cryptocurrency is expected to be the future for all financial transactions, making them more secure and easily trackable, promoting transparency and accountability. But the cryptocurrencies that are being developed currently have not reached the desired level of sophistication yet and create several pitfalls for law enforcement. In an aim to increase privacy, cryptocurrencies present in the market currently have enabled their users to use and transfer such currencies offline as well. This disadvantage has created new opportunities for malefactors to transfer and accumulate their assets and engage in illicit transactions undetected by law enforcement with the help of cryptocurrencies. The anonymity granted by the internet and technology has facilitated darknet transactions and provided an opportunity for terrorist organisations to use it for their benefit.
Classification of cryptocurrencies
The popularity of cryptocurrencies is attributed to blockchain which is a decentralized ledger, data management solution and concurrent transaction technology. The main objective of cryptocurrencies is to eliminate third party control and create a decentralized environment for transactions. This technology has already been adopted by many institutions to facilitate cross border payments and financial transactions owing to its anonymous transaction processing. Most traders and investors in the field formulate their own classification model to distinguish one crypto asset from the other but the most popular form of classification is based on the crypto assets usage.
This might be the most popularly known form of use for cryptocurrencies, as that of digital money that can be used in transactions. Shared blockchain technology facilitates their operation on a distributed network of computers. Most cryptocurrencies are in a bid to become legal tender and others focus on transactions for a specific sector, industry or use. Payment cryptocurrencies might contain many features but they are easily distinguishable by some basic characteristics, that are, defining, storing, recording and securing transactions of the shared blockchain network they operate on. The premier cryptocurrency Bitcoin was created to make it an alternative to legal tender and therefore is an accurate example of a payment based cryptocurrency. Cryptocurrencies backed by assets can also be classified as payment based cryptocurrencies. These crypto-assets provide transparency and efficiency akin to traditional assets and also give the benefit of exposure to established stores of value.
Infrastructure based cryptocurrencies focus more on the payment of the network of computers that run the shared blockchain technology. Ether is the crypto asset that powers the cryptocurrency. Ethereum is an accurate example of an infrastructure based cryptocurrency. Decentralized applications can only be used and created on the network through the purchase of Ethereum. This type of cryptocurrency is used to power the infrastructure of various blockchain platforms that provide different use cases. Interoperable tokens that focus on linking multiple blockchain platforms to enable users to interact across these platforms can also be considered as infrastructure cryptocurrencies.
Financial cryptocurrencies facilitate the management and exchange of other forms of cryptocurrencies. These cryptocurrencies aid users in trading in decentralized exchanges and also helps in making operating decisions. They can be used for connecting nascent crypto projects and investors and can also be used for crowdfunding. More developed finance-based cryptocurrencies also seek to replicate complex financial services like borrowing, lending and market-making. They also have a benefit in the form of speculation as they can aid in the prediction of outcomes of certain events.
As the title suggests, service-based cryptocurrencies seek to provide services like personal management tools or enterprise data on a blockchain. The characteristic feature is to evaluate external data sources by aiding blockchain-based financial products. Blockchain technology has many use cases that can be merged with real-world applications. Dentacoin is an example of a cryptocurrency that is used in the healthcare industry and Storj and Siacoin are cryptocurrencies that offer services for file storage.
Entertainment and media-based
This cryptocurrency’s main use is to act as a reward for social media content, gambling and games for users. It aims to distribute value between consumers and creators in an equitable way like the Basic Attention Token. Augmented reality technologies and digital worlds are virtually powered and accessed by entertainment and media cryptocurrencies.
The policymakers : ECB, IMF, BIS, EBA, ESMA, World Bank and FATF
With all the benefits that cryptocurrencies bring with enhanced privacy and lowered transaction costs, they also add the threat of fraud and malpractice. The three main reasons for concern regarding cryptocurrencies are their irretrievable nature, exchange services and cryptocurrency mining malware. Another issue is the lack of uniformity in the categorization of cryptocurrencies from property to currency as both categorizations have different implications.
As a currency, it can be used as a measure and store of value and a means of exchange and as property taxes are to be levied on it. The encrypted nature of cryptocurrency makes it prone to losing value as it cannot escheat to the State like abandoned property and therefore might lose value. The ease of transaction across geographical bounds combined with other features of cryptocurrencies makes it a potential tool for criminal and terror organizations. Therefore, policy-making bodies have made an attempt to regulate cryptocurrencies to reduce the risk of fraud and misutilization.
ECB (European Central Bank)
Cryptocurrencies have been defined by the ECB to mean a digital alternative to money and store of value that is not issued by a central bank or any other institution. Bitcoin has been described as a cryptocurrency bilaterally interacting with the economy by the ECB. The ECB has categorized cryptocurrencies as a form of an unregulated subset of a virtual currency controlled by their developers and which can only be traded within a specific community of users. ECB categorized cryptocurrency into three types based on their interaction with legal tender and the economy:
- Virtual- which can only be used in a virtual environment like in software or game like the gold in world of warcraft game.
- Convertible- cryptocurrencies that unilaterally interact with the economy have a conversion rate that is used to quantify the value of the cryptocurrency in terms of legal tender. It is then used to buy virtual or real commodities and services like Facebook credits.
- Exchangeable- cryptocurrencies are connected to the economy bilaterally which means that they can be quantified in the form of legal tender through conversion rates and consequently they can also be bought and sold at the same rate. It can then be used to buy real and virtual commodities and services.
IMF (International Monetary Fund)
The IMF defines cryptocurrencies similar to the ECB, adding that they are denominated in their unit of account and are issued by private developers. But the IMF differs from the ECB as its definition of the term covers a wide range of so-called currencies ranging from certificate of debts(IOUs) to airline miles, coupons and asset-backed cryptocurrencies and others such as Bitcoin.
BIS (Bank for International Settlements)
A body of the BIS, the CPMI (Committee on Payments and Market infrastructure) has categorised cryptocurrencies that display specific characteristics to be digital currency schemes or currencies. The characteristics are:
- Assets with zero intrinsic value but their value is determined by the forces of supply and demand like gold.
- Remote peer-to-peer exchanges are facilitated through distributed ledgers of electronic value.
- No individual or institution operates it.
EBA (European Banking Authority)
The EBA has defined cryptocurrencies as digital stores of value that are not issued by any apex institution, which are used by natural or juristic persons as a means of transfer and exchange, not necessarily associated with legal tender and can be stored and traded digitally. In August 2014 the EBA suggested long and short term regulatory frameworks to minimize the identifiable risks.
ESMA (European Securities and Market Authority)
The ESMA, in association with EBA and EIOPA (European Insurance and Occupational Pensions Association), issued a pan-European warning referring to cryptocurrencies as virtual currency. Similar to other institutions like EBA, the ESMA defined cryptocurrencies as digital stores of value distinct from legal tender, not issued or guaranteed by any apex institution.
Akin to other institutions, the World Bank has also categorized cryptocurrencies to be a subset of the broad term digital currencies, defining them to be digital stores of value, different from e-money denominated in their unit of account. The only point of distinction from the definitions given by other institutions is that the World Bank states that, to achieve consensus, cryptocurrencies use cryptographic techniques.
FATF (Financial Action Task Force)
The FATF has also given a similar definition with 3 characteristic features for cryptocurrencies:
- It is a medium of exchange.
- A unit of account.
- A store of value lacking the status of fiat currency.
This institution categorizes cryptocurrencies into two types:
- Convertible- Centralized or decentralized cryptocurrency that is quantified in the form of legal tender by virtue of a conversion rate used for trade and exchange. For example, Bitcoin is a decentralized, math-based virtual convertible currency that is secured by cryptography.
- Non-Convertible- Digital currencies that can only be traded in specific virtual platforms like gold in World of Warcraft games and cannot be converted to legal tender.
Darknet and cryptocurrency taxonomy
The dark web is not distinct from the world wide web but rather consists of digital platforms that exist on network overlays requiring specialized software and authorization to access. It serves the nefarious purpose of being a hub for malicious content and illegal activities. The encrypted websites that are not normally indexed on conventional internet search engines provide anonymity that is used by people to express their views freely and by the police to communicate and detect potential offenders.
But the dark web is a double-edged sword, it does possess certain benefits but it also allows many malefactors to operate freely across the globe. Technology has ushered development into a new era but it has also highlighted the vices that exist in our society. The dark web combined with cryptocurrency is now being used by many individuals and organizations to evade the law with criminal intent. In order to identify the malicious transactions taking place on the dark web, certain categories of data associated with cryptocurrency transactions have been classified by the Interpol Darknet and Cryptocurrencies Task Force as global cryptocurrency taxonomy. The three main categories for identification are as follows:
- Entities- all the transactions between listed criminal individuals, organizations and other digital entities that engage in illegal activities on the darknet should be closely monitored. All information related to cryptocurrency transactions of such entities as mentioned above needs to be collected and analysed to identify and predict offences and illegal operations.
- Services- Data related to illegal commodities and services that are being solicited on the dark web in exchange for cryptocurrency should be collected as well. A close watch should be placed on darknet mediators, facility providers, markets and cryptocurrency exchanges to track and identify possible offenders and deviants.
- Categories of crime- tracking and collection of data are to be based on the transaction’s intended offence, like child pornography, cybercrime, sale of weapons, illicit drugs and other reprehensible activities. Law enforcement can effectively track and identify potential criminals by tracking cryptocurrency transactions related to these crimes and apprehend the offenders.
Online counter-terrorism investigations
Social media and other digital platforms have become a breeding ground for terrorist propaganda and recruitments across the globe cost-effectively. Encrypted communication applications virtually secured by robust cryptography have facilitated global communication for terror organizations that were not available in the past. The worldwide web has connected people across the globe but it has also created an unregulated territory for terror organizations to benefit from. Online spaces cannot be restricted altogether as that would encroach upon several human rights and curb free speech. So counter-terror operations have taken a precautionary approach through online investigations to nip terror schemes in the bud. UNCCT (United Nations Counter-Terrorism Centre) in association with INTERPOL has created a handbook to guide investigators in the analysis and collection of malicious data online.
Social media has the widest reach and thus, it is something that can be used by terror organizations to spread propaganda and recruit potential terrorists. Investigators must know how to effectively utilize social media to identify investigative leads and relevant electronic records. In order to ensure successful prosecutions, investigators must collect, preserve and analyse all relevant data to build a strong case. The handbook promotes good practices and provides useful online tools to help investigators. The key areas covered in the handbook are:
- Analysing the development and migration of terror organizations to digital platforms and their activity trends online.
- Promoting good practices in counter-terrorism investigations.
- Guide to requesting, collecting and preserving online records and pieces of evidence from service providers.
Ongoing UNCCT and INTERPOL operation
The handbook mentioned above is part of a wider cooperative effort between the two organizations to tackle the FTF (Foreign Terrorist Fighters) phenomenon. The program focuses on training and educating personnel in Southeast Asian regions, North Africa and the Middle East as terror organizations in these regions are very active. Global law enforcement is tasked with the duty of effectively understanding, anticipating and addressing the emerging security and terror threats. This program that was conducted between July 2018 to February 2019 sought to educate personnel in these regions through a series of training workshops. The existing knowledge and network of UNCCT, UNODC (United Nations Office on Drugs and Crime), CTED (Counter-Terrorism Committee Executive Directorate) and the IAP (International Association of Prosecutors) played an integral role in building presentations and discussions conducted in the regional workshops. This project was financed by contributions made by the countries of Japan, the United Arab Emirates and Saudi Arabia.
Cyberattacks on cryptocurrency
A secure source of finance is extremely important for terror organizations to carry out their operations and cryptocurrencies are being used by these organizations more and more to transfer funds around the globe. Cryptocurrencies are not as anonymous as they seem and law enforcement can use this vulnerability to track and attack such cryptocurrency transactions to choke the terror organization’s finance supply but it can go the other way around too.
Classification of attacks against cryptocurrency systems
With the advent of smarter and more sophisticated systems more, new forms of cryptocurrencies and cyber-attack schemes are being discovered every day, but the most popular forms of cyberattacks that can be used against cryptocurrency use are:
- Deanonymization- which focuses on revealing the identity of cryptocurrency users, involves snooping IP addresses and monitoring activities to identify parties involved in a crypto transaction.
- Spending Denial- this attack targets the blockchain system or the shared network, by encoded certain directions to prevent the processing of specific crypto transactions. DDoS (Distributed Denial of Service) attacks are very commonly known and interrupt the service connection of a network or service to make it unavailable to a specific set of users temporarily or indefinitely.
- Theft- this attack seeks to compromise the cryptography of the target by corrupting or stealing a personal key used to access the underlying system. Attacks are focused on crypto primitives and hosted wallets.
- Systematic- systematic attacks are the most drastic of them all and can shut down the entire blockchain network, thereby eliminating the system for all parties involved and preventing any further transactions. This is also a form of DDoS attack and can also be called a targeted border gateway protocol attack.
These attacks can further be classified in terms of their visibility as follows:
- Offline- these attacks do not require any connection to the blockchain and include most classes of side-channel and statistical attacks. These attacks can occur in real-time and aim to deanonymize without connecting to the system at all.
- Passive- as the name suggests passive attacks require no interference with the system but rather, involves data collection. For example, an adversary may collect internet traffic data by running Bitcoin nodes or nodes to identify IP addresses of individuals engaging in transactions. Similarly, an attacker could eliminate the anonymity advantage by connecting to a coin-mix system.
- Active- these attacks require involvement and connection to the network and may include DDoS that prevents a transaction from being processed. Even though these attacks are potentially detectable by the targeted party but are not that detectable by other observers. These attacks can range from simple stealing of passwords to more complex operations.
- Blatant- as it is apparent from the name, these attacks are easily identifiable by the targeted party and other observers and include DDoS attacks that involve taking down entire servers, seizing targeted funds to redirect them or compromising an e-wallet or a currency exchange. A systematic attack is carried out in this way, a sophisticated attack known as the Flame targeted a vulnerability in Microsoft’s software update verifications. Such attacks are public and easily identifiable.
Vulnerabilities of sophisticated cryptocurrencies
Regardless of their popularity, cryptocurrencies are still relatively new and therefore, are not well tested and are being developed to counter deficiencies. Therefore, new vulnerabilities may prop up every day that might threaten the anonymity and stability of the currency itself. Newer cryptocurrencies like Zcash and Monero are developed in consonance with public policy and so they ensure easy and convenient enforcement of anti-money laundering laws that even current legal tender and cryptocurrencies cannot accommodate. However, it is also possible that the same technology can be used to develop cryptocurrencies to evade the law.
There are several ways through which a terrorist organization can utilize cryptocurrencies for their nefarious purposes but there are also other ways that law enforcement can attack such cryptocurrency transactions by utilising its vulnerabilities. These advantages and disadvantages of digital currency can serve some purpose but it is not presently clear whether cryptocurrencies are being utilized by terror organisations. The numerous pitfalls of cryptocurrencies suggest that such terror organizations would be reluctant to rely on cryptocurrencies. Due to their immense potential law enforcement should closely monitor the development of cryptocurrencies.
Factors facilitating the increase in cryptocurrency viability for terrorist organizations
It is still unclear whether terrorist organizations are actually using cryptocurrencies or not but with the development of cryptocurrencies and new terror methods it might be highly likely. The degree of viability of cryptocurrencies will decide the extent of use by terrorist organizations. There are several factors that make cryptocurrency use more attractive for terrorist organizations and some of them are as follows:
Wider acceptance and continued growth make cryptocurrencies more feasible for use by terrorist organizations. With the passage of time cryptocurrencies might even become more common and generally acceptable as an alternative to legal tender across the globe. Widespread acceptance will lead to more transactions, as ease of use and convenience increase. This development might make cryptocurrencies valid in areas where terrorist organizations operate and with such a wide reach, terrorist organizations might utilize them to finance their operations across the globe.
This characteristic of cryptocurrencies has become very attractive to criminals and malefactors and newer cryptocurrencies with enhanced anonymity features are being employed by individuals and organizations for illicit activities every day. The current market is dominated by Bitcoin, which makes it extremely hard for other privacy-conscious cryptocurrencies to breakthrough. Zcash and Monero are not even worth half of Bitcoin’s value and such inconsequentiality makes the newer privacy-conscious cryptos not very useful for criminals and normal people alike. But anonymity and unlikable transactions are worrisome features of cryptocurrencies that could be used by terrorist organizations.
Cryptocurrency is still a relatively new technology for several countries, but it is still widely used and most countries only have partial or no regulatory guidelines at all to regulate the cryptocurrency market. Regulatory oversight is still somewhat limited owing to the dynamic nature of the market. Cryptocurrencies are constantly evolving and changing and so regulations and policies regulating them become outdated more often. Even though cryptocurrencies are not that widely used but with the lack of proper regulations they could be easily misused for money laundering and other illicit activities owing to their anonymity. Cryptocurrency transactions on decentralized exchanges are even harder to track and therefore, present a serious issue. A coordinated effort to formulate a regulatory guideline needs to be initiated worldwide.
Use in complementary and adjacent markets
Cryptocurrencies have perfectly adapted to complementary and adjacent markets, so much so that they have become extremely popular in black markets and several counterfeiting operations have already begun trading stolen credit. The combination of illicit uses and anonymity poses a serious issue as cryptocurrencies can be easily misappropriated. Newer privacy-conscious cryptocurrencies like Zcash and Monero have become the new currency for cybercrime. Cryptocurrencies are being used in the darknet markets to trade in illicit drugs and according to data the proceeds already range in millions of dollars. But there is no data at present to suggest that cryptocurrencies are being extensively used by criminals, but their adaptable nature and ease of use in different markets makes them very viable for criminal activity.
Limitations of current cryptocurrency systems for terrorist use
There is no data to suggest that terrorist organizations are using cryptocurrencies but rather, several characteristics of cryptocurrencies suggest that such organizations would be very reluctant to rely on cryptocurrencies. Some of these factors that make terror organizations averse to cryptocurrencies are as follows.
Fluctuation in the cryptocurrency markets
Cryptocurrencies are plagued by infighting and uncertainty as they grow, decreasing the chances of wider acceptance and therefore makes them less attractive for terrorist organizations. The existence of diversity and the decentralized nature of various cryptocurrencies, miners, investors and other parties involved prevents uniformity and development necessary for stability and acceptance. These factors have already led to significant competition between Bitcoin and Ethereum blockchains. This has a negative impact on its viability to be adopted as an alternative to legal tender and legal tender is stable and well established and understood by the masses. These factors make cryptocurrencies extremely unreliable and unacceptable for terrorist organizations.
International Law enforcement
Cryptocurrencies will only prove useful to a terrorist organization if it is widely accepted, but with widespread acceptance cryptocurrencies regulations will also increase to prevent misappropriation. Law enforcement and cybersecurity will reduce anonymity in cryptocurrency transactions which will reduce cryptocurrency’s viability to be used by terrorist organizations. It is also possible that cryptocurrencies might enable regulations and law enforcement, regardless of their anti-establishment origins. Due to its digital nature cryptocurrency exchanges could be easily programmed to filter through malicious transactions, therefore, making terrorist organizations averse to cryptocurrencies.
Security breaches and system hacks
Cryptocurrencies have been prone to system attacks, theft, security breaches and other similar mishaps since their inception. Most of these issues might not stem from system failures but misconceptions and misplaced trust by the users leading to the common consensus that cryptocurrencies are not a safe alternative to legal tender. Overall the trust in cryptocurrencies is generally very low due to such disadvantages and therefore it becomes even more unattractive for terrorist use.
Questioning the need for a more comprehensive approach, introducing license requirements for cryptocurrencies
Cryptocurrency has great potential and in order to realize it in a positive way, there is an immediate need for a more robust regulatory framework. An economy is a well-oiled machine and cryptocurrencies are a clog in that machine. With no statutory recognition, they might create more issues and reap no benefits. Regulations are needed to protect users and investors alike. Virtual assets can be easily manipulated and used for illicit purposes. Lawmakers should focus on legitimizing only specific cryptocurrencies out of the hundreds that exist and a regulatory authority also needs to be established to govern and adjudicate disputes in this field. Crypto assets have no intrinsic value and therefore it might be possible that due to technological advancements blockchain technology itself might become obsolete. Therefore, a balanced regulatory framework should be established after weighing its benefits and costs so as to not discourage the development of such progressive technologies and businesses.
Cryptocurrencies are a revolutionary feat of modern technology that combine several elements to create a convenient alternative to legal tender. But it is still a relevantly new technology and therefore it still has several pitfalls that could be misappropriated by malefactors. The dynamic and unstable nature of cryptocurrencies and the market is decentralized and highly unregulated making it ripe for exploitation. It has been extremely hard for regulators to form a comprehensive framework to accommodate cryptocurrency markets which might make it great for engaging in illicit transactions. But currently, there is no data to suggest that terrorist organizations are utilizing cryptocurrencies for their operations.
LawSikho has created a telegram group for exchanging legal knowledge, referrals, and various opportunities. You can click on this link and join: