by Ross King (AIT Austrian Institute of Technology GmbH), Georgios Kioumourtzis (IANUS Consulting) and Georgios Papadopoulos (FORTH-ICS)
The European Union’s Internal Security Fund (ISF) will contribute to ensuring a high level of security in the Union, by supporting actions that help to prevent and combat terrorism and radicalisation, serious and organised crime, and cybercrime. One such project that has launched in January 2022 is Anti-FinTer: Versatile artificial intelligence investigative technologies for revealing online cross-border financing activities of terrorism.
Directive (EU) 2019/713 [1] on combating fraud and counterfeiting of non-cash means of payment points out that such means of payment are threats to security and enablers for other criminal activities, such as terrorism. The need for improving law enforcement capacity and developing expertise in the area of terrorist financing is also in line with the Financial Action Task Force (FATF) Report on Terrorist Financing [L1], which calls for deepening the understanding of financing mechanisms. The need for action in Europe is also clear, for example through the terrorist modi operandi identified in Europol’s recent IOCTA [2] and SOCTA [L2] reports: First, terrorists are implementing crowdfunding campaigns to collect resources to finance their activities. In an attempt to maintain anonymity, terrorist crowdsource platforms combine cryptocurrency and Dark Web market technologies. Second, terrorist groups aiming at trafficking drugs and/or firearms in large quantities tend to adopt a hierarchical internal structure that is typically based in multiple countries inside and outside the borders of the EU. Illegal transfers and smuggling techniques are typically implemented with and covered by conventional legal business activities. Third, an emerging scenario has been detected in which terrorists aim to collect revenues from selling extremist versions of common products (e.g., merchandise like t-shirts or flags that market or promote extremist groups) or other illicit goods (e.g., counterfeits, illegal drugs, or weapons) to the general public or other extremists/terrorists. These activities are often realised on the surface web but may also involve links to Dark Web platforms or markets.
The new ISF project Anti-FinTer [L3] will improve law enforcement capabilities, increase capacity, and develop expertise in the area of terrorist financing associated with activities in the Dark Web, crypto-assets, new payment systems and darknet marketplaces. The project consortium consists of ten European partners: four research organisations, two small-to-medium enterprises, and four law enforcement agencies (LEAs). The project has launched in January 2022 and will run for two years.
Three distinct project activities will contribute to the combat against terrorism and cybercrime. The first is through the facilitation of knowledge exchange among stakeholders and the documentation of best practices, and through risk analysis and policy recommendations in workshops and virtual meetings. The second is through the integration of existing forensic software to create a Toolkit for training investigators and analysts in new investigative techniques that include crypto-asset analysis, new payment channels such as the Lightning Network, text and image analysis from surface web, dark web and social media channels to identify common actors and correlate terrorist activity with cryptocurrency transactions, and artificial intelligence analytics for detecting transaction anomalies. The third is through the development of training curricula and an exercise environment used in virtual and face-to-face training events that will be organised and carried out during the project along with train-the-trainer events that will ensure a wider impact for the curricula.
Financial investigations typically include multiple, iterative, and refined data collection and analysis steps, which involve financially related information (e.g., transactions, purchase records), but also associated context (e.g., social media analysis, terrorist propaganda incidents, ransomware and phishing reports). Anti-FinTer will extend the capabilities of investigations to include the context of transactions in Dark Web markets, as explored in the H2020 ASGARD [L4] project.
A well-established methodology that has been validated in various financially related crimes is the so-called “follow the money” approach, where the fundamental principle states that tracking the flow of money will very likely lead to the detection and identification of the suspects behind the illicit activities. Anti-FinTer extends the capabilities of financial investigations to include money flows in the form of crypto-assets and new payment systems, by building on results from the H2020 TITANIUM [L5] project.
However, the “follow the money” approach alone cannot guarantee the successful completion of an investigation. It has been observed that the organised criminal groups tend to fragment their business activities, in an attempt to obfuscate LEA operations. Therefore, a “follow the actor” approach, as illustrated in Figure 1, will also be developed during the course of the project, aiming at identifying the (groups of) actors behind different types of crime and various related activities (e.g., firearms trafficking), combining both cyber and physical information cues. This methodology combines information about the location and identity of suspects with virtual information from open-source intelligence, such as cryptocurrency ledgers, public and private sector archives, and the Internet. The approach puts the focus on jointly analysing multiple illegal financial investigations/cases, to reveal the identities of the same (group of) actors that are behind all these incidents. For example, the application of visual analytics applied to dark web data in the context of Anti-FinTer will enable LEAs to pursue more effectively the “follow the actor” approach by identifying commonalities in the depiction of illicit goods.
Figure 1: Anti-FinTer's proposed “follow-the-actor” financial investigation strategy.
This report was funded by the European Union’s Internal Security Fund — Police under Grant Agreement No. 101036262. The content of the report represents the views of the authors only and is their sole responsibility. The European Commission does not accept any responsibility for use that may be made of the information it contains.
Links:
[L1] https://www.fatf-gafi.org/publications/methodsandtrends/documents/terrorist-financing-risk-assessment-guidance.html
[L2] https://www.europol.europa.eu/publications-events/main-reports/socta-report
[L3] https://anti-finter.eu/
[L3] https://www.asgard-project.eu/
[L4] https://www.titanium-project.eu/
References:
[1] Directive (EU) 2019/713 of the European Parliament and of the Council of 17 April 2019 on combating fraud and counterfeiting of non-cash means of payment and replacing Council Framework Decision 2001/413/JHA. http://data.europa.eu/eli/dir/2019/713/oj
[2] Europol (2021), Internet Organised Crime Threat Assessment (IOCTA) 2021, Publications Office of the European Union, Luxembourg. https://www.europol.europa.eu/publications-events/main-reports/internet-organised-crime-threat-assessment-iocta-2021
Please contact:
Ross King
AIT Austrian Institute of Technology GmbH, Austria
Anti-FinTer Coordinator
Georgios Kioumourtzis
IANUS Consulting, Cyprus
Anti-FinTer Dissemination Manager
Georgios Th. Papadopoulos
Foundation for Research and Technology – Hellas, Greece
Anti-FinTer Technical Manager
Figure 1: Anti-FinTer's proposed “follow-the-actor” financial investigation strategy.
