The Brief: Digital Vigilantes vs. the Terrorists
Last month, the fight against counter-terrorist financing took a twist. Several international cyberhacking groups, including Anonymous and Ghost Security, announced on Twitter they were going to target banks and countries who financed the Islamic State (“ISIS”) and other terrorist groups. Their operation, dubbed #OpISIS, arose in response to the Charlie Hebdo attacks in Paris.
We can probably all agree that our global counter-terrorist financing measures have failed. If our counter-terrorist financing laws had been effectively enforced, ISIS would never have risen to power and had the financial capacity to start and continue its horrific reign of terror. Right now, it’s occupying an area the same size as the UK.
ISIS women in Syria have mockingly tweeted that they continue to withdraw funds from Western banks using the ATM network, and continue to bank in Saudi Arabia. Turkish journalists have reported that ISIS set up a consulate in Ankara, opened a number of businesses and bought luxury homes; all of which, if true, requires ISIS to have bank accounts in Turkey.
Meanwhile, we’re bombing oil fields yet ignoring that ISIS is a transnational criminal organization engaged in human trafficking, the sale of antiquities and human organs, and the collection of illegal ransom payments for Western hostages, as well as other widescale organized activities that routinely use international financial systems. We have typologies to detect this activity globally, but don’t use them for ISIS.
Cyberhackers are well aware of this wholesale failure. It’s because of it that they’ve chosen the Internet as a digital battlefield to take on ISIS and try to keep funds out of the terrorist organization’s pockets. But if you’re a director or officer of a financial institution, fund, online payment processor or money services business, the fact that cyberhackers are engaged in counter-terrorist financing efforts should worry you—in the 140 characters of their tweet, the cyberhackers have become your financial regulatory judge, jury and executioner.
Banks make easy villains today, but anonymous judges are not accountable—worse, these judges can tap a key and swipe data on their pick of clients, executives and transactions records. Or kick the bank offline altogether. If cyberhackers dive deeply into counterterrorist financing, it’s inevitable that they’ll identify deficiencies. And what then? You have digital mob rule.
The hackers have already been busy, knocking down government agencies in Turkey, Pakistan, Syria, Yemen, Afghanistan and about 100 websites allegedly controlled by ISIS. No banks yet, but the year is young, and they’ve put Saudi Arabia on notice that banks there will be targets. In case you didn’t know, Western banks such as HSBC and Deutsche Bank do business there.
And that’s a big problem because we live in a democracy where the rule of law prevails. Of course, this lofty invocation won’t win over the hearts and minds of anyone other than counter-terrorism lawyers. At the practical level, the rule of law is our immutable standard for civilization that even technology can’t push aside. Your Porsche may go 200 mph, but just because it can doesn’t mean we let you treat the Don Valley Parkway in Toronto like the Autobahn. No one questions this. That’s the social contract we’ve struck in our democracy, and it works all over the world.
So while we may secretly admire the passion and compassion, the skill and the drive of cyberhackers for taking on ISIS terrorist financing, for democracy to work, we must all subscribe to a long-treasured ideal. We must all play by the same rules and follow the law.
Christine Duhaime is a lawyer based in Canada with a specialized practice in counter-terrorism and anti-money laundering law.
Copyright 2014 Rogers Publishing Ltd. This article first appeared in the March 2015 edition of Corporate Risk Canada magazine