Covid-19 and the crime–terror nexus in the cyber domain

When the US Joint Chiefs of Staff chairman Mark Milley announced, ‘We’re at war with Covid-19, we’re at war with terrorists, and we’re at war with drug cartels’, he articulated a fear shared by many who watch illicit non-state actors. Transnational organised crime and terrorist groups have a crucial thing in common: their business models are built around exploiting governance dysfunction and vulnerabilities. It’s inevitable that they’d seek to capitalise on the strain the Covid-19 pandemic is placing on state institutions and a potential emerging security gap.

In Asia, the United Nations Office on Drugs and Crime is struggling to bring the region’s law enforcement agencies together to share information and intelligence and to plan and conduct joint operations. Face-to-face meetings of intelligence officials have been indefinitely postponed, public security ministers and senior officials are in lockdown, and frontline law enforcement, border and customs officials are being tasked with the impossible. The pandemic is exposing fatal flaws in the capacity and response of the public security sector.

Transnational organised crime syndicates and terrorist groups are also having to rethink and adapt in response to the challenges and opportunities posed by the pandemic. From a cyber and crime–terror nexus lens, two dynamics are evident: there’s likely to be greater convergence between organised crime syndicates and terrorist groups, and that will lead to greater access to and activities in the cyber domain by both criminal and terrorist organisations.

The recent upsurge in cyberattacks against organisations and individuals is significant. That activity is expected to increase as perpetrators use the Covid-19 crisis to carry out attacks themed around the virus by distributing malware packages. Interpol has issued a warning to organisations at the forefront of the global response to the outbreak that have also become targets of ransomware attacks.

Cybercriminals are likely to exploit an increasing number of attack vectors as employers institute telework arrangements and allow remote access to their organisations’ systems and networks. Interpol warns that frontline hospitals, medical centres and public institutions are being targeted by cybercriminals.

Terrorist organisations will also try to take this opportunity to further their objectives. The latest issue of the Islamic State’s al-Naba newsletter says that the security ‘distraction’ of countries trying to control and respond to the spread of Covid-19 leaves an opening for jihadists to exploit. The US Department of Homeland Security has warned that ‘extremist groups are encouraging one another to spread the virus … to targeted groups through bodily fluids and personal interactions’.

Agencies tasked with combating these threats must recognise the crime–terror nexus as a key dynamic. Organised crime and terrorist groups often operate along a continuum of degrees of convergence that are agnostic to the groups’ differing objectives. Terrorists’ pursuit of ideological, political or religious aims can be synchronistic with transnational organised crime’s pursuit of profit and other material benefits. Essentially, the commonality is the facilitation of goods and services. But it can also lead to hybrid organisations such as Abu Sayyaf in the Southern Philippines and the FARC in Colombia.

For non-state actors who naturally operate in the shadows of states, the cyber domain offers refuge.

Both organised crime and terrorist groups are recruiting from new demographics. Terrorist organisations, as they increase in popularity, diversify their human capital needs and acquire members with advanced training and expertise, enabling these groups to operate in new areas.

The cyber domain—to which social media is the gateway—has significant appeal as a battlefield to the millennial jihadist. This makes terrorist groups more agile and more adaptive and therefore harder to disrupt. In the past, groups such as al-Qaeda and IS used the internet mainly to recruit young jihadists and promote their beliefs.

Terrorist groups now tend to have in-house cyber expertise and can branch out into actual cyber terrorism. And, importantly, groups that don’t have the capabilities can gain access to these services through client–patron relationships with organised crime syndicates.

As countries continue to close their borders (and keep them closed) due to Covid-19 and the movement of goods and people becomes increasingly restricted, transnational organised crime and terrorist groups will likely increase their reliance on commercially based relationships and hybrid tactics. They will look for new zones of exploitation, and that will include the cyber domain.

The crime–terror lens offers insights into both the services and the access to capabilities that organised crime provides to terrorists. This includes the services cybercriminals provide to facilitate illicit activities by terrorist groups in the cyber domain—which is distinct from cyberterrorism.

The crime–terror nexus has changed the way in which these cybercriminals operate. They use methods that increase the effectiveness of terrorist operations and logistics. For example, operational capabilities of terrorist organisations are enhanced through transnational organised crime syndicates acting as facilitators and providers of services. In the cyber domain, it can include cyber criminals providing hacking capabilities or supplying malware packages to disrupt targeted states, facilitate operations or launder and move funds. Organised crime networks have also used information and communications technology to facilitate various forms of traditionally offline activities, such as trafficking of people and ordnance of interest to terrorist groups.

As governments, international organisations, civil society, and the public and private sectors scramble to respond to the pandemic, there’s a risk that their usual policies and practices to curb organised crime will be weakened or become outdated. This has significant implications for the fight against both organised crime and terrorism. One key to success lies in understanding the nexus between the two.

The cyber domain presents new opportunities for convergence. Policing the digital world will therefore become increasingly important and increasingly difficult. The Covid-19 pandemic demands new mediums and modes of engagement. Illicit non-state actors operating in grey zones are potentially well placed to take advantage of the pandemic and turn risk into revenue.