Click here to read GNET's latest report ‘Fogging’ and ‘Flooding’: Countering Extremist Mis/Disinformation After Terror Attacks

Thinking About the Crime-Terror Nexus in the COVID-19 era

Thinking About the Crime-Terror Nexus in the COVID-19 era
26th October 2021 Isaac Kfir
In Coronavirus, Insights

Research indicates that the end of the Cold War gave rise to the crime-terror nexus as states ended their support of terrorist groups. The change compelled such groups to search for new sources of funding. Criminal groups, on the other hand, looked at the geopolitical situation and saw new opportunities.

Criminals and terrorists learn from one another, as they engage, construct and operate as covert, transnational, complex, networks, to fund and sustain their operations. Work on the crime-terror nexus has shown cross-fertilisation, for example, jihadi groups have recruited people with criminal backgrounds, encouraging them to adapt their criminal skills in service of the group. Other examples of terrorism and criminal learning from one another are the narco-terrorists most visible in Tri-border, the Golden Crescent, and the Golden Triangle.

Evidence of new trends within the crime-terror nexus relating to the cyber world is largely anecdotal and uninspiring. However, the dystopian features of the pandemic and the democratisation of technology presented new opportunities for nefarious actors to exploit supply-chain vulnerabilities and raised the profiles of many institutions and public bodies. Moreover, the change in living and work practices with people and businesses moving from public spaces (office) to private space (home) has meant increased use of personal computers and devices to access business information, web conferencing, in-person meetings, online shopping, etc. Consequently, users leave a massive digital footprint that is easily exploitable by those that know how as seen for example in the rise in cyber-enabled crimes (offences where the perpetrator uses computer systems to commit a traditional such as fraud) and cyber-dependent crimes (offences that take place when the perpetrator uses some form of computer systems or networks to commit the offence such as denial of service attacks, hacking, viruses). Criminals have found innovative ways such as smishing or social engineering to harm people. On the other end, terrorist groups have looked to use the pandemic in their recruitments as they exploit growing disillusionment, frustration, anger, and loneliness.

Much of the research on terrorists using cyber has been rightly dismissive of their technical skills noting it tends to involve such activities as doxing, defacements, basic hacking of social media aimed at reputational damage, and the like. Noted experts such as Professor Bruce Hoffman and others also point out that terrorists are inherently conservative in their modus operandi, preferring to remain with tried and tested mechanisms, which may explain why many have been hesitant in carrying out cyber operations. However, as the crime-terror nexus shows, the latter does look to the former for innovative ways to avoid detection, raise funds, and survive. Where there is evidence of terrorists emulating criminal cyber activity is with virtual currencies, specifically the use of Bitcoin and the like, to pay for an activity such as travel or to finance an operation. These engagements are normally carried out by a single lone actor as opposed to a group as these have remained largely hesitant about using virtual currencies. An example of state-sponsored terrorist activity was the WannaCry cyberattack launch by the Lazarus Group, a North Korean hackers unit, although it remains unclear whether the Group’s principal motive was criminal or political.

There is evidence of criminals applying social heuristics to engage in new scams and activities during the COVID-19 pandemic in part because traditional criminal activity such as street crime and burglaries has declined. Thus, criminals have invested in more cyber-related criminal activities as online romance fraud, a tactic where an individual pretends to form a relationship with a person through a social network site to commit fraud. In 2020, this activity alone netted criminals over $US 300 million, a 50% increase from 2019. This action is not that different from Islamic State recruiters forming online relations with young European teenage girls to get them to relocate to Iraq and Syria.

The democratisation and simplification of technology have meant that people with rudimentary computer skills can easily acquire malignant codes for nefarious purposes. The situation is made worse by such things as online forums and messaging boards, and the fact that services and platforms are so heavily interconnected.

In forums, knowledge and service are transferred and shared anonymously. The presence of such sites and forums as Dark Market, Shadow Crew, Darkode, GhostMarket, Raidforums, Hell Bound Hackers (HBH), allow criminals to interact and share their ill-gain proceeds as seen for example with Raidforums, which has around 400,000 registered users. Members engage in discussions about technology, database leaks, and hacking. On sites such as Hack Forums, individuals can get basic information on how to hack, and one suspects that it is often used by young people interested in engaging in hacking. Notably, the site also provides information on the cyberlaw to help those interested navigate what is permissible and what is not, as well as advice on how to avoid detection. Law enforcement has gone to great lengths to shut down forums such as Alphabay and Hansa as they became popular with those interested in carrying out criminal activities. However, these forums continue to emerge because there is a need and interest.

Secondly, because companies like Google and Facebook provide multiple services it means that by accessing one platform, hackers can get access to other platforms. For example, in 2019 hackers penetrated the accounts of some YouTubers, granting them access to the YouTubers’ Gmail, Google Drive, as well as other platforms, accounts, services linked to the YouTubers’ accounts.

These are some of the reasons why there is a need for a complete rethink of the possibility of cyber-dependent and cyber-enabled terrorist activity as seen with the growing use of ransomware which can lie dormant in a computer or system until the execution key is activated. Such tools give attackers ample time to explore systems, encrypt files, and sow the seeds for chaos.

When thinking about the crime-terror nexus in the post-COVID-19 era, it is useful to remember the technology is constantly evolving. The process is driven by the private sector, which means law enforcement is constantly playing catch up as they lack the staff, resources, and the understanding of some of the changes, as many of the activities are undertaken by super-specialists who develop the ideas and apply them to a mass audience. Moreover, the legal regime governing technology is consistently trying to catch up. These realities further empower those wishing to exploit cyberspace for nefarious activities.

Terrorists watch the world as they look for opportunities to advance their agenda. The increased reliance on technology and the World Wide Web has afforded great gains for innovative criminals, and it is likely that terrorist groups, if they do not already look to expand and improve their in-house cyber and tech capabilities, would explore ways to gain new capabilities. Historically, criminal groups tended to be rather careful about interacting with terrorist groups as they feared the increased attention that comes with such engagement, however, there is evidence suggesting that the disdain and hesitancy are dissipating, particularly because one could acquire tools and codes from unaffiliated individuals, looking to make money.

In sum, looking at criminal cyber activities, permit one to glean insights into the services, capabilities, and trajectories of potential action by terrorists who look at what criminals do to raise fund, recruit, and survive.