Date: September 2015
Originating Organization: National Security Agency
File Type: pdf
File Size: 1,653,564 bytes
File Hash (SHA-256): 156ED749C29E087C5698C8843C3FB39458A7F960C616EE12FE60818968DB068D
Program Definition: Detects and mitigates web-based malware Zero-Day and Advanced Persistent Threats using COTS technology by leveraging, dynamically producing, and enhancing global threat knowledge to rapidly protect the networks.
IAP Protection: Provide highly available and reliable automated sensing and mitigation capabilities to all 10 DOD IAPs. Commercial behavioral and heuristic analytics and threat data enriched with NSA unique knowledge, through automated data analysis processes, form the basis for discovery and mitigation.
Cyber Situational Awareness and Data Sharing: Consume public malware threat data, enrich with NSA unique knowledge and processes. Share with partners through automation systems, for example the SHARKSEER Global Threat Intelligence (GTI) and SPLUNK systems. The data will be shared in real time with stakeholders and network defenders on UNCLASSIFIED, U//FOUO, SECRET, and TOP SECRET networks.
National Terrorist Financing Risk Assessment 2015
Page Count: 70 pages
Date: June 2015
Originating Organization: Department of the Treasury
File Type: pdf
File Size: 1,425,075 bytes
File Hash (SHA-256): DDC42CE4FBD16
After the September 11, 2001 terrorist attacks, the United States adopted a preventive approach to combating all forms of terrorist activity. Efforts to combat the financing of terrorism (CFT) are a central pillar of this approach. Cutting off financial support to terrorists and terrorist organizations is essential to disrupting their operations and preventing attacks. To that end, the U.S. government has sought to identify and disrupt ongoing terrorist financing (TF) and to prevent future TF. The law enforcement community, including various components of the U.S. Departments of Justice, Homeland Security, and the Treasury, along with the intelligence community and the federal functional regulators, applies robust authorities to identify, investigate, and combat specific TF threats, enforce compliance with applicable laws and regulations, and prosecute supporters in order to deter would-be terrorist financiers. The U.S. Department of the Treasury (Treasury), which leads financial and regulatory CFT efforts for the U.S. government, employs targeted financial sanctions, formulates systemic safeguards, and seeks to increase financial transparency to make accessing the U.S. financial system more difficult and risky for terrorists and their facilitators. All of these efforts involve extensive international engagement to try to prevent any form of TF, particularly financing that does not necessarily originate in the United States, from accessing the U.S. financial system.
These efforts have succeeded in making it significantly more difficult for terrorists and their facilitators to access and abuse the regulated U.S. and international financial systems. At the time of the September 11, 2001 attacks, Al-Qaida (AQ) was relying on both a web of wealthy supporters that practically operated in the open and a financial system that let money for terrorists flow with minimal scrutiny. Operating such a financial network would be substantially more difficult today in the United States because of robust anti-money laundering (AML)/CFT standards. Additionally, several of the most significant sources of TF—such as the ability of terrorists to derive financial benefit through the control of territory—result from weak governance that the United States does not experience.
However, the threat from terrorism and terrorist financing is constantly evolving and requires adaptation by law enforcement, financial regulators, intelligence services, and policy makers. When examined over time, several fundamental lessons emerge: first, a wide range of terrorist organizations have sought to draw upon the wealth and resources of the United States to finance their organizations and activities; second, just as there is no one type of terrorist, there is no one type of terrorist financier or facilitator; and third, terrorist financiers and facilitators are creative and will seek to exploit vulnerabilities in our society and financial system to further their unlawful aims.
Thus, even with the safeguards described above, the U.S. financial system continues to face residual TF risk. The central role of the U.S. financial system within the international financial system and the sheer volume and diversity of international financial transactions that in some way pass through U.S. financial institutions expose the U.S. financial system to TF risks that other financial systems may not face. As Treasury Secretary Jacob Lew has observed, “The dollar is the world’s reserve currency and, for over 200 years, we have established ourselves as the backbone of the global financial system.” While U.S. counterterrorism (CT)/CFT efforts have resulted in better identification and faster action than prior to September 11, 2001, information obtained from financial institution reporting, TF-related prosecutions, and enforcement actions against financial institutions in the United States are powerful reminders of the TF risk that remains in the United States.
As described in detail in Section III, multiple terrorist organizations and radicalized individuals seek to exploit several vulnerabilities in the United States and in the U.S. financial system to raise and move funds, that despite ongoing efforts by the U.S. government to mitigate, still pose a residual risk of TF. Terrorist financiers use various criminal schemes to raise funds in the United States, and they continue to attempt to exploit the generosity of American citizens. Although coordinated law enforcement and regulatory efforts by the U.S. government, working with charitable organizations, has improved the resiliency of the charitable sector to abuse by TF facilitators, the large size and diversity of the U.S. charitable sector and its global reach means the sector remains vulnerable to abuse. A notable trend identified in the charitable sector involves individuals supporting various terrorist groups seeking to raise funds in the United States under the auspices of charitable giving, but outside of any charitable organization recognized by the U.S. government. Additionally, the growth of online communication networks, including social media, has opened up new avenues for terrorists and their supporters to solicit directly, and receive funds from, U.S. residents.
B. GLOBAL SOURCES OF TERRORIST FINANCING
In order to operate, however, each of these groups requires significant funding. While the cost of an individual terrorist attack can be quite low, maintaining a terrorist organization requires large sums. Organizations require significant funds to create and maintain an infrastructure of organizational support, to sustain an ideology of terrorism through propaganda, and to finance the ostensibly legitimate activities needed to provide a veil of legitimacy for terrorist organizations. As deceased AQ financial chief Sa’id al-Masri put it: “without money, jihad stops.” Although financial activities can vary significantly among different terrorist groups, several areas of commonality exist.
1. CRIMINAL ACTIVITY
a. Kidnapping for Ransom
Terrorist groups engage in a range of criminal activity to raise needed funds. Extensive revenue from kidnapping for ransom (KFR) and other criminal activities such as extortion have permitted AQ affiliates and other terrorist groups to generate significant revenue. KFR remains one of the most frequent and profitable source of illicit financing, and an extremely challenging TF threat to combat. The U.S. government estimates that terrorist organizations collected approximately $120 million in ransom payments between 2005 and 2012. In 2014 alone, ISIL acquired at least $20 million and as much as $45 million in ransom payments. In addition, AQAP, AQIM, and Boko Haram are particularly effective with KFR and are using ransom money to fund the range of their activities. Kidnapping targets are usually Western citizens of countries with governments that have established a pattern of paying ransoms, either directly or through third party intermediaries, for the release of individuals in custody. AQAP used ransom money it received for the return of European hostages to finance its over $20 million campaign to seize territory in Yemen between mid-2011 and mid-2012. AQIM is believed to have obtained a €30 million ransom payment in October 2013 for the release of four French hostages who worked for the French government-owned nuclear firm Areva. Also in 2013, Boko Haram kidnapped eight French citizens in northern Cameroon and obtained a substantial ransom payment for their release. Similarly, Al-Shabaab-affiliated groups received an approximately five million dollar ransom in exchange for the release of two Spanish hostages who were kidnapped in Kenya in October 2011.
The exploitation of local populations and resources has become a key revenue source for numerous terrorist groups worldwide. Pioneered by groups such as Hamas and Al-Shabaab, this form of pseudosovereignty-based fundraising has spread to other un- or under-governed territories around the world, most recently Iraq and Syria. Not only does territorial occupation allow for fundraising from the theft of natural resources, but it also creates the opportunity to extort, under the threat of violence, local populations and businesses and generate funds from the seizure of public utility services and their accompanying revenues. Unlike taxation by local governing authorities, whereby tax revenue is used to pay for basic public services, terrorist groups extort funds from local populations with minimal corresponding provision of services in exchange, and under the threat of physical harm for non-payment. For example, Al-Shabaab, Al-Nusrah Front (ANF) and ISIL are all able to leverage their occupation of territory and the threat of violence to extort funds from the local population, as well as conduct criminal activity such as robbery and trafficking in stolen goods. ISIL generates significant revenue, up to several million dollars per week, from the sale of stolen and smuggled energy resources it controls inside Iraq and Syria. ISIL also operates sophisticated extortion rackets throughout Iraq and Syria, including extracting payments for the use of public highways and cash withdrawals from banks by depositors in cities such as Mosul. Through these schemes, ISIL can receive upwards of several million dollars a month of revenue. Despite losing control of the port of Kismayo, which was its key revenue source, Al-Shabaab continues to generate at least hundreds of thousands of dollars per month, primarily through extortion and the threat of violence, in its remaining strongholds in southern Somalia. Similarly, Hamas can also raise revenue from control of border crossings and avenues of commerce, as well as businesses and local populations.
c. Drug trafficking and other criminal activity
In addition, various terrorist groups derive significant financial benefit from other criminal activities, including through drug trafficking. Both the Revolutionary Armed Forces of Colombia (FARC) and the Taliban have utilized drug trafficking operations to finance their terrorist operations. The Haqqani Network is also financed by a wide range of revenue sources including businesses and proceeds derived from criminal activities such as smuggling, extortion, and KFR in Afghanistan and Pakistan. Hizballah supporters are often engaged in a range of criminal activities that benefit the group financially, such as smuggling contraband goods, passport falsification, drug trafficking, money laundering, and a variety of fraudulent schemes, including credit card, immigration, and bank fraud. BSA reporting specifically implicates individuals currently being investigated by the FBI for ties to Hizballah and Hamas in a wide variety of money laundering activity within the U.S. financial system, most prominently trade-based money laundering (TBML) activities including through the export of used cars.