[House Hearing, 117 Congress] [From the U.S. Government Publishing Office] TERRORISM AND DIGITAL FINANCING: HOW TECHNOLOGY IS CHANGING THE THREAT ======================================================================= HEARING BEFORE THE SUBCOMMITTEE ON INTELLIGENCE AND COUNTERTERRORISM OF THE COMMITTEE ON HOMELAND SECURITY HOUSE OF REPRESENTATIVES ONE HUNDRED SEVENTEENTH CONGRESS FIRST SESSION __________ JULY 22, 2021 __________ Serial No. 117-25 __________ Printed for the use of the Committee on Homeland Security [GRAPHIC NOT AVAILABLE IN TIFF FORMAT] Available via the World Wide Web: http://www.govinfo.gov __________ U.S. GOVERNMENT PUBLISHING OFFICE 45-867 PDF WASHINGTON : 2021 ----------------------------------------------------------------------------------- COMMITTEE ON HOMELAND SECURITY Bennie G. Thompson, Mississippi, Chairman Sheila Jackson Lee, Texas John Katko, New York James R. Langevin, Rhode Island Michael T. McCaul, Texas Donald M. Payne, Jr., New Jersey Clay Higgins, Louisiana J. Luis Correa, California Michael Guest, Mississippi Elissa Slotkin, Michigan Dan Bishop, North Carolina Emanuel Cleaver, Missouri Jefferson Van Drew, New Jersey Al Green, Texas Ralph Norman, South Carolina Yvette D. Clarke, New York Mariannette Miller-Meeks, Iowa Eric Swalwell, California Diana Harshbarger, Tennessee Dina Titus, Nevada Andrew S. Clyde, Georgia Bonnie Watson Coleman, New Jersey Carlos A. Gimenez, Florida Kathleen M. Rice, New York Jake LaTurner, Kansas Val Butler Demings, Florida Peter Meijer, Michigan Nanette Diaz Barragan, California Kat Cammack, Florida Josh Gottheimer, New Jersey August Pfluger, Texas Elaine G. Luria, Virginia Andrew R. Garbarino, New York Tom Malinowski, New Jersey Ritchie Torres, New York Hope Goins, Staff Director Daniel Kroese, Minority Staff Director Natalie Nixon, Committee Clerk ------ SUBCOMMITTEE ON INTELLIGENCE AND COUNTERTERRORISM Elissa Slotkin, Michigan, Chairwoman Sheila Jackson Lee, Texas August Pfluger, Texas, Ranking James R. Langevin, Rhode Island Member Eric Swalwell, California Michael Guest, Mississippi Josh Gottheimer, New Jersey Jefferson Van Drew, New Jersey Tom Malinowski, New Jersey Jake LaTurner, Kansas Bennie G. Thompson, Mississippi (ex Peter Meijer, Michigan officio) John Katko, New York (ex officio) Brittany Carr, Subcommittee Staff Director Adrienne Spero, Minority Subcommittee Staff Director Joy Zieh, Subcommittee Clerk C O N T E N T S ---------- Page Statements The Honorable Elissa Slotkin, a Representative in Congress From the State of Michigan, and Chairwoman, Subcommittee on Intelligence and Counterterrorism: Oral Statement................................................. 1 Prepared Statement............................................. 3 The Honorable August Pfluger, a Representative in Congress From the State of Texas, and Ranking Member, Subcommittee on Intelligence and Counterterrorism: Oral Statement................................................. 4 Prepared Statement............................................. 6 The Honorable Bennie G. Thompson, a Representative in Congress From the State of Mississippi, and Chairman, Committee on Homeland Security: Prepared Statement............................................. 7 Witnesses Ms. Stephanie Dobitsch, Deputy Under Secretary, Office of Intelligence and Analysis, Department of Homeland Security: Oral Statement................................................. 8 Prepared Statement............................................. 9 Mr. John Eisert, Assistant Director, Investigative Programs, Homeland Security Investigations, Immigration and Customs Enforcement, Department of Homeland Security: Oral Statement................................................. 11 Prepared Statement............................................. 12 Mr. Jeremy Sheridan, Assistant Director, Office of Investigations, U.S. Secret Service, Department of Homeland Security: Oral Statement................................................. 17 Prepared Statement............................................. 18 TERRORISM AND DIGITAL FINANCING: HOW TECHNOLOGY IS CHANGING THE THREAT ---------- Thursday, July 22, 2021 U.S. House of Representatives, Committee on Homeland Security, Subcommittee on Intelligence and Counterterrorism, Washington, DC. The subcommittee met, pursuant to notice, at 10:03 a.m., in room 310, Cannon House Office Building, Hon. Elissa Slotkin [Chairwoman of the subcommittee] presiding. Present: Representatives Slotkin, Jackson Lee, Swalwell, Gottheimer, Malinowski, Thompson (ex officio), Pfluger, Guest, Van Drew, LaTurner, and Meijer. Ms. Slotkin. The Subcommittee on Intelligence and Counterterrorism will come to order. The subcommittee is meeting today on ``Terrorism and Digital Financing: How Technology Is Changing the Threat.'' Without objection, the Chair is authorized to declare the subcommittee in recess at any point. Good morning, everyone. I want to thank our witnesses from the Department of Homeland Security for being here today to discuss a topic that I think is really timely and really interesting, which is how digital financial tools can be exploited by terrorist actors to funnel support for their activities. Over the past several months, the abuse of digital finance platforms and technologies has jumped into the public view as the result of the burst of ransomware attacks that has struck the heart of day-to-day life in America, from gas pipelines and meat-processing plants to schools and hospitals. Last month, just as an anecdote, I held an event in my district with the Secretary of Agriculture focused on small family farms. This was just days after the ransomware attack on the world's largest meat processor. I am in a room full of farmers. We are in the barn. There is the John Deere tractors behind us. When we opened it up to Q&A, the first question from the farmers was about cyber attacks, cryptocurrency, and asking what their Government was doing to protect them. Now, let's be clear, there is nothing inherently illicit or illegal about cryptocurrencies or other digital finance technologies. They are used by millions of law-abiding people every single day. Nor is there anything inherently suspect about using technologies that aim to protect the privacy of users. But it is our responsibility on this committee to also understand how these tools could enable malicious activity that threatens our homeland security, whether it is a ransomware like the one I discussed with those farmers or our topic today, funding for terrorism. Detecting and preventing terrorist funding at home or abroad has long been a cat-and-mouse game for the Federal investigators in the intelligence community. Just like cyber criminals, terrorists consistently seek legal loopholes, illegal pathways, and new tech to stay one step ahead of governments, especially when it comes to funding their operations. As a former CIA analyst, I know this is far from a new challenge. We have been tracking terrorist financing for decades, and I know first-hand how difficult it can be. While the technology has changed, today's terrorists and extremist groups benefit from using many of the same tools that so many of us rely on for our daily, honest activities, just as they exploited commonly-used financial systems in the past. Some of the on-line platforms and on-line tech allow easy access for thousands, if not millions, of users to donate money through on-line campaigns. For example, crowdfunding through PayPal, GoFundMe, and Amazon have become popular ways in recent years for extremist groups to raise money. Bitcoin has been the currency of choice for ransomware and terrorist actors. To put this in context, according to the Global Project Against Hate and Extremism, from about 2005 to 2015, just about every extremist group they tracked featured a PayPal button on their website. Now, even though PayPal and other payment-processing platforms became aware of the issue and began to ban extremists from their platforms, which is a great first step, these groups have persevered and maintained a strong on-line presence. So, beyond social media platforms, new tech like cryptocurrencies, which are decentralized, largely anonymous forms of digital money, have enabled terrorists to further expand and disguise their funding efforts. Think about, for many of us who were, sort-of, in the 9/11 era, the hawalas that we all became familiar with after 9/11, except now the currency is virtual instead of being filtered through couriers. As these technologies become more and more widely used, we have seen a number of incidents in the past year that highlight the need for the Federal Government to understand these technologies, the degree to which they pose a threat, and their impact on terrorist financing. There is a number of examples from recent weeks; I am sure you all will be talking about them. But just as nefarious groups have changed their fundraising tactics after crackdowns by payment processors like PayPal, when law enforcement begins following and cracking down on illicit Bitcoin use, terrorist fundraisers advise supporters to use other cryptocurrencies to avoid detection. This was the case of a pro-ISIS website that requested its supporters send money via Monero, another cryptocurrency, instead of Bitcoin, because of its privacy and safety features. So we just need to properly understand and combat this threat. We know that it requires a lot of partnership between the private sector, our allies and partners--and, of course, a task the Department of Homeland Security is well-positioned to lead. I will just end by saying, today, I am hoping our witnesses will help us understand the actual scope and scale of this challenge. How much money are we talking about? How does it compare to terrorist financing as a whole or the total amount of cryptocurrency transactions? Who is taking advantage of this new tool? Is it domestic or foreign groups? Just help us contextualize a little bit. We know we have an uphill battle. Our subcommittee stands ready to help the Department with what you need. If you need changes to legislation, if you need resources, we want to hear more from you, not less. So we are pleased to welcome our witnesses today. I will just note that, as I mentioned to the witnesses, we expect votes to be called probably in the next 10 minutes. We will try and keep the hearing going as long as possible. There will probably be a short gap when myself and Mr. Malinowski are voting, but we will try to tag-team to make it as minimal as possible. [The statement of Chairwoman Slotkin follows:] Statement of Chairwoman Elissa Slotkin July 22, 2021 Over the past several months, the abuse of digital finance platforms and technologies has jumped into public view, as a result of the burst of ransomware attacks that have struck at the heart of day- to-day life in America--from pipelines and meat processing plants, to schools and hospitals. Last month, I held an event in my district with the Secretary of Agriculture that was focused on family farms--just days after a ransomware attack on the world's largest meat processor. And in a room full of Michigan farmers, the first question was about cryptocurrency--asking what our Government can do to track and recover digital payments of ransoms to these criminal groups. Now, let's be clear: There's nothing inherently illicit or illegal about cryptocurrencies or other digital finance technologies, which are used by millions of law-abiding people every day. Nor is there anything inherently suspect about using technologies that aim to protect the privacy of users. But it's our responsibility on this committee to also understand how these tools could enable malicious activity, that threatens our homeland security--whether that's a ransomware attack, like the one I discussed with those farmers, or our topic today: Funding for terrorism. Detecting and preventing terrorist funding--at home, and abroad--has long been a cat-and-mouse game for Federal investigators and the intelligence community. Just like cyber criminals, terrorists consistently seek legal loopholes, illegal pathways, and new technologies to stay one step ahead of governments--especially when it comes to funding their operations. As a former CIA analyst, I know this is far from a new challenge--we've been tracking terrorist financing for decades--and I know first-hand how difficult it can be. While technology has changed, today's terrorist and extremist groups benefit from using many of the same tools that so many of us rely on for our daily, honest activities--just as they exploited commonly-used financial systems, in the past. Some of these on-line platforms and on-line technologies allow easy access for thousands--if not millions--of users to donate money through on-line campaigns. For example, crowdfunding through PayPal, GoFundMe, and Amazon became a popular way in recent years for extremist groups to raise money. To put this into context, according to the Global Project Against Hate and Extremism, from about 2005-2015, just about every extremist group they tracked featured a PayPal button on their website. Now, even though PayPal and other payment processing platforms became aware of the issue and began to ban extremists from such platforms--at first glance, a promising first step--extremist and terrorist groups have persevered and maintained an on-line presence. For example, ISIS supporters have recently used Instagram to solicit donations for ISIS-affiliated women being detained in Syria, via PayPal fundraising links. Beyond social media platforms, new financial technologies like cryptocurrencies--which are decentralized, largely anonymous forms of digital money--have enabled terrorists to further expand and disguise their funding efforts. As these technologies become more and more widely used, we've seen a number of incidents just in the past year that highlight the need for the Federal Government to understand these technologies, the degree to which they pose a threat, and their impact on terrorist financing. In August 2020, the Justice Department ``dismantle[ed] three terrorist financing cyber-enabled campaigns'' involving Foreign Terrorist Organizations (FTOs)--ISIS, Hamas' military wing, and al-Qaeda-- resulting in the Government's largest-ever seizure of cryptocurrency from terrorist organizations. The seizure involved ``millions of dollars'' spanning 300 cryptocurrency accounts, four websites, and four Facebook pages--underscoring how various digital technologies could be used to help foster fundraising efforts. Just as nefarious groups changed fundraising tactics after crackdowns by payment processors like PayPal, when law enforcement began following and cracking down on illicit Bitcoin use, terrorist fundraisers advised supporters to use other cryptocurrencies, to avoid detection. This was the case with a pro-ISIS website that requested that its supporters send money via Monero, another cryptocurrency, instead of Bitcoin, because of its privacy and safety features. Properly understanding and effectively combating this threat will require close partnerships between all levels of government, the private sector, and our allies--a task the Department of Homeland Security is well-positioned to lead. Today, I'm hoping our witnesses can help us understand the actual scope and scale of this challenge:How much money are we talking about? How does it compare to terrorist financing as a whole, or the total amount of cryptocurrency transactions? Who's taking advantage of it: Domestic or foreign groups? I'm also interested in understanding how the intelligence and law enforcement approach to illicit digital financing compares to your historical work on terrorist funding, and the steps you're taking to combat it. It's clear that our law enforcement and intelligence community face an uphill battle in understanding and tackling this threat--as the examples I've outlined show, the technology is changing rapidly, as their adoption only continues to increase. Our subcommittee stands ready to help the Department take on this challenge, and we're pleased to welcome our witnesses today. I look forward to hearing from you about the trends the Department is currently monitoring on this issue and the novel ways it is working to counter terrorists' use of digital financing. Ms. Slotkin. So I now recognize the Ranking Member of the subcommittee, the gentleman from Texas, Mr. Pfluger, for an opening statement. Mr. Pfluger. Thank you, Madam Chair. I appreciate you holding this hearing today. I would like to thank the witnesses as well: Assistant Director Jeremy Sheridan from the Office of Investigations at the Secret Service, Assistant Director John Eisert from Investigative Programs at HSI, and Acting Deputy Under Secretary Stephanie Dobitsch from the Office of Intelligence and Analysis. I appreciate your expertise and your willingness to speak with us today on this very important subject. I am looking forward to an informative and productive discussion on this very important topic. I think this hearing is especially timely right now, with American troops, in effect, fully withdrawn from Afghanistan and the Taliban rapidly taking control of Afghanistan's provincial districts, reportedly occupying about a third of the country and including the key border-crossing areas. Afghan Security Forces are surrendering. The Taliban is beginning to fight for some of the provincial cities. There is reporting, public reporting, that the Afghan government could collapse at some point, as soon as maybe even 6 months. But I think the point is, all that to say that foreign terrorist organizations are alive and well. Not only are they present overseas, but they are growing. As we know, Afghanistan is only a portion of the wide-spread and diverse terror threat landscape that we face around the world. If they are given the opportunity to submit their presence overseas, I have no doubt that their next goal is and will continue to be to launch an attack on U.S. soil or on those of our partners and allies. Those who have served in Afghanistan saw first-hand the death and destruction that terrorist organizations can cause and have caused. It is absolutely imperative that the war on terror be fought abroad, on foreign soil, not here at home. We must guarantee that foreign terrorist organizations do not have the resources to expand their operations and bring the fight to the United States, to our homeland. Cutting off their access to financing is absolutely critical. It is paramount in this fight. Terrorist financing is not a new issue. Whether a transnational criminal organization, a foreign terrorist organization, or money launderer, we have been confronting this problem for decades. But cryptocurrency is, in fact, becoming a new tool that terrorists and other criminal enterprises have at their disposal. Unfortunately, Congress has not always been known for our ability to stay one step ahead, when it comes to the latest technological advances. But, when we are confronting the issue of terrorism and financing, playing catch-up is not an option for us. During a conversation I had earlier this week with Assistant Director Sheridan and Assistant Director Eisert, they mentioned that, relative to the terrorist-financing world, that cryptocurrency and the transactions account for maybe 1 percent of all cases. I think that this tells me right now that we are having this hearing at exactly the right time, that we might have a chance to stay one step ahead of what the issues and the problems could be, before this becomes a systemic issue world- wide. We are now in a position to provide our agency partners with the resources and the authorities that they need to confront this proactively instead of reacting to it. That is why I am most looking forward to the hearing--about the hearing today. How do we ensure that cryptocurrency transactions continue to be 1 percent, or maybe even less, of the problem? What does DHS need from us in Congress to best situate themselves to combat this threat? Coming out of this hearing, I also hope to understand what we should expect going forward. Although this is a small portion of the problem now, do we foresee that changing? If it is suspected to grow, how much will it grow, and how can we minimize that growth? It has been almost 20 years since 19 al-Qaeda terrorists coordinated the hijacking of 4 commercial airlines, flying them into buildings which were recognized world-wide as symbols of American strength, of freedom, of accomplishment, and taking 2,977 innocent lives. Thus far, we have successfully prevented an attack of that magnitude that we experienced on September 11. As long as I serve my country--and I think the Chairwoman will also agree-- whether it is in uniform overseas or in the capacity that we now serve here in Congress, I will do everything and I think I can confidently say we will do everything in our power to ensure that what happened on 9/11 does not happen again. I am confident that my fellow Members on the Homeland Security Committee also feel the same way in a very bipartisan manner. I am looking forward to working with Chairwoman Slotkin and the other Members of this committee to ensure that we are providing the Department with all the tools necessary to minimize the threat caused by terrorist financing and to successfully protect our homeland. Once again, I would like to thank our witnesses for joining us today, for your expertise, for your service to this country, and for looking at a threat in a proactive way that we can combat now so that it doesn't continue to become a problem of larger magnitude. With that, Madam Chair, I yield back. [The statement of Ranking Member Pfluger follows:] Statement of Ranking Member August Pfluger Thank you, Madam Chair. I appreciate you holding this hearing today and thank our witnesses: Assistant Director Jeremy Sheridan from the Office of Investigations at the Secret Service, Assistant Director John Eisert from Investigative Programs at HSI, and Acting Deputy Under Secretary Stephanie Dobitsch from the Office of Intelligence and Analysis. I am looking forward to an informative and productive discussion on this very important topic. This hearing is especially timely, with American troops in effect fully withdrawn from Afghanistan, and the Taliban rapidly taking control of Afghanistan's provincial districts--reportedly occupying about a third of the country including key border-crossing areas. Afghan security forces are surrendering, and the Taliban is beginning to fight for some of the provincial cities. There has been public reporting that the Afghan government could collapse within 6 months of our withdraw. All this to say that foreign terrorist organizations are alive and well. Not only are they present overseas, but they are growing, and as we all know Afghanistan is only a portion of the wide- spread and diverse terror threat landscape. If they are given the opportunity to cement their presence overseas, I have no doubt that their next goal will be to launch an attack on U.S. soil. Those who served in Afghanistan saw first-hand the death and destruction that terrorist organizations cause. It is absolutely imperative that the war on terror be fought on foreign soil. We must guarantee that foreign terrorist organizations do not have the resources to expand their operations and bring the fight to the homeland. Cutting off their access to financing is absolutely critical. Terrorist financing is not a new issue. Whether a transnational criminal organization, foreign terrorist organization, or money launderer, we have been confronting this problem for decades. But crypto currency is a new tool that terrorists and other criminal enterprises have at their disposal. Unfortunately, Congress has not always been known for our ability to stay one step ahead when it comes to the latest technological advances, but when we're confronting the issue of terrorism financing, playing catch-up is not an option. During a conversation I had earlier this week with Assistant Director Sheridan and Assistant Director Eisert, they mentioned that relative to the entire terrorist financing world, crypto currency transactions account for about 1 percent of cases. That tells me we are having this hearing at exactly the right time--before this is a systemic problem. We are now in the position to provide our agency partners with the resources and authorities they need to confront this proactively, as opposed to reactively. That is what I am most looking forward to hearing about today--how do we ensure that crypto currency transactions continue to be 1 percent of the problem. And what does DHS need from us in Congress to best situate themselves to combat this threat? Coming out of this hearing I also hope to understand what we should expect going forward. Although this is a small portion of the problem now, do we foresee that changing? If it is suspected to grow--how much and how can we minimize any growth? It has been almost 20 years since 19 al-Qaeda terrorists coordinated the hijacking of four commercial airlines, flying them into buildings which were recognized world-wide as symbols of American strength and accomplishment, taking 2,977 innocent lives. Thus far we have successfully prevented an attack of the magnitude we experienced on September 11. As long as I serve my country, whether in uniform overseas or here in Congress, I will do everything in my power to ensure that what happened on 9/11 does not happen again and I am confident that my fellow Members on the Homeland Security Committee feel the same way. I am looking forward to working with Chairwoman Slotkin and the other Members of the subcommittee to ensure that we are providing the Department with all of the tools necessary to minimize the threat caused by terrorist financing and successfully protect the homeland. I thank our witnesses for their willingness to appear before the subcommittee, today, and I yield back the balance of my time. Ms. Slotkin. Additional Member statements will be submitted for the record. [The statement of Chairman Thompson follows:] Statement of Chairman Bennie G. Thompson July 22, 2021 We are here today to talk about the use of modern financial technologies for terrorist fundraising and financing. The mantra ``follow the money'' has been one of the most effective ways of investigating and stopping criminal and terrorist activity. But since this committee was formed after 9/11, we have seen the rise of new platforms like Paypal and GoFundMe and entirely new types of money developed in the form of cryptocurrencies. These financial technologies and the digital marketplaces that make use of them have revolutionized the American economy and global markets. Unfortunately, they have complicated law enforcement and intelligence community efforts to detect and prohibit terrorist financing. As Treasury Secretary Janet Yellen told the Senate Finance Committee, cryptocurrencies ``can be used to finance terrorism, facilitate money laundering, and support malign activities that threaten U.S. national security interests. . . .'' Following the money is undoubtedly a different task than it was at the outset of the War on Terror. Yet, it remains a crucial guidepost in our efforts to root out terrorists and strengthen National security. We must ensure that our intelligence and law enforcement agencies have the tools and capabilities to keep pace with technological changes and new terrorist financing practices. I was pleased to support Rep. Kathleen Rice's bill, the Homeland Security Assessment of Terrorists' Use of Virtual Currencies Act, which required the Department of Homeland Security to produce a threat assessment of terrorists' use of virtual currency. And I look forward to hearing how this assessment has informed the Department's efforts to combat such activity. I am pleased that Chairwoman Slotkin is leading on this critical issue by holding today's hearing. I look forward to a productive conversation on this topic and to working with DHS, its components, and interagency partners to ensure they have the resources they need. Ms. Slotkin. I now welcome our panel of witnesses. Our first witness is Ms. Stephanie Dobitsch, the deputy under secretary for intelligence enterprise operations at DHS. Our second witness is Mr. John Eisert, the assistant director of investigative programs at U.S. Immigration and Customs Enforcement, Homeland Security Investigations, HSI. Our third and final witness is Mr. Jeremy Sheridan, the assistant director of the Office of Investigations at the U.S. Secret Service. Without objection, the witnesses' full statements will be inserted into the record. I now ask each witness to summarize his or her statement for 5 minutes, beginning with Deputy Under Secretary Dobitsch. STATEMENT OF STEPHANIE DOBITSCH, DEPUTY UNDER SECRETARY, OFFICE OF INTELLIGENCE AND ANALYSIS, DEPARTMENT OF HOMELAND SECURITY Ms. Dobitsch. Good morning, Chairwoman Slotkin, Ranking Member Pfluger, Members of the subcommittee. Thank you for the opportunity to appear before you today to represent the Office of Intelligence and Analysis and to discuss the malicious use of crypto and other digital currencies. Over the last several years, I&A has observed a growing and concerning trend of a wide range of malicious actors seeking to use access to digital and cryptocurrencies to facilitate their activities. This includes domestic and international terrorists, nation-state adversaries, transnational and other criminal organizations, and cyber criminals. While the intent and capabilities of these actors vary widely, I&A assesses that all of them see using crypto and other digital currencies as an effective means to obfuscate and fund their operations, including against the United States. Cryptocurrencies are a digital or virtual currency that is secured by cryptography, or, in other words, sophisticated coding. They are not issued by any central authority, and they offer users a high degree of anonymity, complicating law enforcement and intelligence community efforts to identify and disrupt potentially threatening activity. Bitcoin is the market leader, but there are thousands of other cryptocurrencies, including currency known as privacy coins, which provide an even greater level of obscurity for malicious actors. This means that users can easily hide who is sending or receiving a transaction, transaction amounts, and individual units of currency. Since at least 2015, we have observed terrorists seeking to use cryptocurrencies to procure materials and solicit funding for their operations. Most of this activity has occurred by terrorist groups and associates overseas, spanning the ideological spectrum. For example, supporters of ISIS and al- Qaeda have solicited cryptocurrency donations. Earlier this year, a pro-al-Qaeda media group offered a reward of 1 Bitcoin, worth about $60,000 at the time, to the first person to kill a police officer in a Western country. We have also seen foreign racially- or ethnically-motivated violent extremists claim that their activities were supported by the use of cryptocurrencies. In 2019, Brenton Tarrant, the perpetrator of the mosque attacks in Christchurch, New Zealand, claimed in his manifesto to have made money dealing in cryptocurrency. Later that same year, a racially- or ethnically-motivated violent extremist who attempted an attack in a synagogue in Germany claimed he received financial support for his operation via cryptocurrency. Beyond terrorism, the use of cryptocurrency has become even more common among cyber actors and criminal organizations. North Korean cyber actors affiliated with the regime have executed lucrative cryptocurrency thefts valued at hundreds of millions of dollars. Cryptocurrency is increasingly being used to buy and sell drugs on the dark web and by drug cartels seeking to launder their drug profits. Cryptocurrency is becoming the payment of choice for cyber criminals who are conducting ransomware attacks or selling malicious cyber services on-line. It is important to remember that the illicit use of cryptocurrency is a small fraction of the global transactions that occur daily, and many malicious actors, particularly foreign terrorist groups, are still relying on traditional means of funding. However, as this technology becomes more accessible and more scrutiny is applied to traditional banking systems, we expect to see more activity, and our ability to detect and disrupt these threat actors will be even more difficult. I&A's mandate and core mission is to provide Federal, State, local, Tribal, territorial, and private-sector partners with the intelligence and information necessary to secure the homeland. I want to underscore that I&A is committed to strengthening our efforts to identify and communicate the plans and intentions of malicious actors seeking to exploit emerging technologies like cryptocurrency. Just this week, I&A hosted our partners from the State and local intelligence councils for a conference, where this topic was discussed as a significant intelligence gap in our intelligence. Like with any threat to the homeland, I&A will ensure that policy and operational decision makers have the most robust understanding of this threat that the intelligence community can provide. Thank you again for the opportunity to appear before you today to discuss this issue and for your continued support to the Office of Intelligence and Analysis. [The prepared statement of Ms. Dobitsch follows:] Prepared Statement of Stephanie Dobitsch July 22, 2021 Chairwoman Slotkin, Ranking Member Pfluger, and distinguished Members of the Subcommittee on Intelligence & Counterterrorism. Thank you for the opportunity to appear before you today to discuss threats from terrorist use of cryptocurrencies. It is an honor to be here representing the Department of Homeland Security's (DHS) Office of Intelligence and Analysis (I&A), and the dedicated intelligence professionals that keep the homeland safe, secure, and resilient. terrorist use of cryptocurrency As we have learned in our fight against terrorism, terrorists are highly adaptive and have proven successful in exploiting new and emerging technologies to plan attacks against U.S. interests and the homeland. While some of those technologies, such as drones and 3D printing, pose direct harm, it is often access to sources of funding that are difficult to trace or attribute that allow terrorist groups even greater means to conduct a broad range of operations against the United States. Additionally, as governments and the global financial industry devote more resources to restricting terrorist use of traditional banking systems, the relative ease and anonymity of cryptocurrencies are helping to offset these restrictions, including for other malicious actors seeking to do harm to the United States. Since at least 2015, we have observed terrorists experimenting with cryptocurrencies to obfuscate their financial activities, procure materials, and solicit donations for their operations. These activities have spanned the spectrum of terrorist ideologies--from Racially or Ethnically Motivated Violent Extremists (RMVEs), to groups like the Islamic State of Iraq and ash-Sham (ISIS), al-Qaeda, and HAMAS. Using cryptocurrencies may be attractive to terrorists and supporters of violent extremism because they appear to offer a level of anonymity and less government oversight. We have seen ISIS supporters around the world requesting donations in cryptocurrency and they may have used the donated cryptocurrency to purchase website domains in 2015 and 2018. Since at least 2018, other individuals who support violent extremism abroad, as well as individuals who support RMVE ideologies, have solicited multiple types of cryptocurrency from on-line donors via social media. Also, receiving payments through cryptocurrency has risen in popularity, especially among Racially or Ethnically Motivated Violent Extremists (RMVE). For example, in March, the FBI arrested a RMVE on a weapons charge who sold merchandise via social media platforms and accepted payment in a variety of ways, including cryptocurrency. Additionally, in June a pro- al-Qaeda media group overseas offered a reward of one Bitcoin--which was worth around $60,000 at the time--to the first person to kill a police officer in a Western country in response to the announcement. To date, we are not aware of any specific cases where Domestic Violent Extremists (DVEs) or Home-grown Violent Extremists (HVEs) in the homeland have leveraged cryptocurrency to directly fund an attack. A review of DVE and HVE violence in the United States reveals that most attacks involved simple, easy to acquire weapons that were personally financed. There are a handful of examples of DVEs abroad utilizing cryptocurrency to facilitate violence, including a RMVE in Germany who attacked a synagogue in 2019 and received financial support for attack preparation from an unknown individual via cryptocurrency. Additionally, a RMVE attacked a mosque in Christchurch, New Zealand, and claimed in his manifesto to have made money dealing in cryptocurrency, however investigators assess he did not make significant profits. Regardless of what we have witnessed in the United States to date, we know that terrorists historically are adaptive and often seek to embrace new technologies, and activities overseas can often foreshadow developments domestically. In addition to concerns about terrorists using existing cryptocurrency, we are also concerned about the speed and complexity in which cryptocurrencies develop and advance to improve the user experience, including increased privacy measures, which challenges our collective abilities in the U.S. Government to identify and mitigate malicious use of this technology. Bitcoin is the market leader of cryptocurrencies and, unsurprisingly, it is also the most popular cryptocurrency for criminal and terrorist use. However, newer and less popular cryptocurrencies, known as ``privacy coins,'' are increasingly attractive to malicious actors because they include even more stringent privacy and security features. We already know that terrorists affiliated with ISIS, RMVEs, and other violent extremists are using these privacy coins to conduct financial activities while obfuscating their identies. Finally, it is important to keep in mind that the vast majority of terrorist financing occurs through methods other than cryptocurrency, and most cryptocurrency is used legitimately. But cryptocurrency has some appealing attributes that have already been exploited by terrorists, and we anticipate violent extremists will continue to use this tool to facilitate their terrorist activities, especially as the technology becomes easier to access and more wide-spread in use in general commerce and the commercial sector. As these technologies become increasingly ubiquitous, the opportunity for malicious actors to exploit them will grow. i&a efforts I&A's mandate and core mission is to provide our State, local, Tribal, territorial, and private-sector partners with the intelligence and information necessary to secure the homeland. This includes establishing and running analytic seminars on the illicit use of cryptocurrency and the dark web to inform our partners on the illicit use of the dark web, blockchain technology, major cryptocurrencies used, how criminals are using cryptocurrencies to launder money and make illegal transactions, and key tools and best practices that analysts can leverage in Dark Web and cryptocurrency investigations. And I want to underscore that I&A is committed to strengthening our efforts to identify and communicate threats from foreign and domestic terrorists, including their plans and intentions to exploit emerging technologies such as cryptocurrency through a number of recently- published pieces of Classified and un-Classified analytic production. I&A is also working to support our colleagues across DHS and the intelligence community through sharing and analyzing cryptocurrency data to enhance our understanding of the threat across the National security and law enforcement landscape. As with any threat to the homeland, we are committed to ensuring policy makers and operational decision makers have the most robust understanding of the threat that the intelligence community can provide. conclusion Thank you again for the opportunity to appear before you today to discuss this critical threat and for your continued support for I&A. We remain committed to keeping the homeland safe, secure, and resilient by safeguarding the Nation from terrorist, criminal, and other threat actors; protecting the physical and digital borders of the United States from Transnational Criminal Organizations and terrorist networks seeking to exploit and undermine our financial and cyber systems; and we will continue our efforts at home and abroad to uphold the National security and public safety of the United States. Ms. Slotkin. Thank you, Ms. Dobitsch. I now recognize Assistant Director Eisert to summarize his statement for 5 minutes. My sense is we may break just after Mr. Eisert for a few moments while we go and vote. STATEMENT OF JOHN EISERT, ASSISTANT DIRECTOR, INVESTIGATIVE PROGRAMS, HOMELAND SECURITY INVESTIGATIONS, IMMIGRATION AND CUSTOMS ENFORCEMENT, DEPARTMENT OF HOMELAND SECURITY Mr. Eisert. Thank you, Chairwoman Slotkin, Ranking Member Pfluger, and distinguished Members of the subcommittee. Thank you for the opportunity to appear before you today to discuss the critical investigative role Homeland Security Investigations plays in the fight to protect the homeland from transnational crime and threats. My testimony today will focus on HSI's efforts to identify, investigate, and bring to justice criminal organizations and terrorist networks whose illicit use of cryptocurrency jeopardizes National security and public safety. As the principal investigative component of the Department of Homeland Security, HSI is a global law enforcement organization responsible for conducting criminal investigations into the illegal cross-border movement of goods, money, contraband, people, and technology into, out of, and throughout the United States. HSI strives to protect the homeland's digital borders and pursue malicious cyber actors with the same dedication that we safeguard our physical land and sea borders. HSI applies its unique authorities and capabilities to conduct investigations, which include combating financial crime, investigating cyber crime, and protecting National security. The illicit use of cryptocurrency by nefarious actors leads to each of these priorities. Cryptocurrency is a digital asset that works as a medium of exchange or a store of value and is often used to purchase illicit items such as drugs or guns on the dark net marketplaces, to launder criminally-derived proceeds, or as a means to provide material support to terrorist organizations. Traditional money-laundering methods remain, yet cryptocurrency can now be used with relative ease to facilitate any type of illicit activity. Given that cryptocurrency is utilized across the spectrum of crimes that HSI has the authority to investigate, HSI plays a critical role in the U.S. Government's efforts to detect, investigate, and prevent its illicit use. As such, HSI investigations related to cryptocurrency have risen from a single criminal investigation in 2011 to over 604 active criminal investigations and $80 million in cryptocurrency seizures in this year alone. This marked increase signifies growing confidence in cryptocurrency by bad actors but also HSI's technical proficiency in performing these complex investigations. To be successful, HSI recognizes the importance of enhanced public and private partnerships. With that, we continue to be forward-leaning in our approach to Operation Cornerstone, our outreach efforts. Since 2019, HSI has provided 660 presentations to over 61,000 attendees, with the primary focus of detecting and closing vulnerabilities in the financial, trade, and transportation sectors. With the rapid growth of virtual currency, HSI expanded our outreach to include private industries involved in the cryptocurrency space, conducting 116 presentations to over 5,000 participants. The relationship we build with private sector directly correlates to our investigative success. They are not mutually exclusive. Last year, HSI led a global cyber operation with IRS and the FBI related to 24 cryptocurrency accounts, all of which were identified as sources of influence for al-Qaeda. The HSI undercover operation was initiated to investigate the unlawful use of cryptocurrency to support terrorism. The result of the investigation--ending result of the investigation, HSI seized 60 virtual currency wallets, worth $80 million, and illuminated the illicit financial network. In another case, HSI initiated another cyber undercover operation that resulted in the seizure of 150 cryptocurrency accounts, worth $2 million, and the taking over of a Hamas- administered website that solicited funds for jihad. HSI covertly operated this site, embedding an HSI undercover wallet and email to track funds and communications. The results of these cases and others illustrate how law enforcement can effectively disrupt terrorist groups through the use of HSI's financial and global investigative authorities, technical aptitude, undercover authorities, and the ability to use private sector as a force multiplier to disrupt and dismantle the command-and-control structure of these criminal organizations. In closing, I appreciate your interest in this rapidly- growing field. Thank you again for the opportunity to be before you today and for your continued support of Homeland Security Investigations. Thank you. [The prepared statement of Mr. Eisert follows:] Prepared Statement of John Eisert Thursday, July 22, 2021 introduction Chairwoman Slotkin, Ranking Member Pfluger, and distinguished Members: Thank you for the opportunity to appear before you to discuss the critical investigative role U.S. Immigration and Customs Enforcement (ICE) Homeland Security Investigations (HSI) plays in the fight to protect the homeland from transnational crime and other threats. My testimony today will focus on HSI's efforts to identify, investigate, and ultimately bring to justice criminal and terrorist organizations whose illicit use of cryptocurrency jeopardizes the National security and public safety of the United States. the hsi mission As the largest investigative component of the Department of Homeland Security, HSI is the premier law enforcement organization responsible for conducting Federal criminal investigations into the illegal cross-border movement of goods, money, technology, people, and other contraband into, out of, and throughout the United States. HSI strives to protect the homeland's digital borders and pursue malicious cyber actors with the same dedication it safeguards our land and sea borders from traditional organized transnational crime. HSI's operational priorities serve as the foundation of HSI's investigative and enforcement focus. HSI applies its unique authorities and capabilities to conduct complex and significant transnational investigations aligned with these priorities, which include combating financial crime, investigating cyber crime, and protecting National security. The illicit use of cryptocurrency by nefarious actors relates to each of these priorities and represents a key area of focus for HSI's investigations and operations. HSI participates in and has representation on dozens of collaborative cyber-related efforts, including the HSI Cyber Crimes Center, the Federal Bureau of Investigation's National Cyber Investigative Joint Task Force, the U.S. Secret Service Electronic Crimes Task Force, and the DHS Science and Technology Internet Anonymity Project Working Group. cryptocurrency and the threat it poses to the homeland A cryptocurrency is a digital asset that works as a medium of exchange, a unit of account, or a store of value. Cryptocurrency uses strong cryptography to secure financial transactions, control the creation of additional units, and verify the transfer of assets. In 2009, Bitcoin was introduced as the first decentralized convertible virtual currency and offered a high level of pseudo-anonymity for people to send and receive money over the internet. While Bitcoin is by far the most popular and well-known cryptocurrency, thousands of cryptocurrencies have been created and new ones are created every day. There is open source or proprietary software that anyone can use to create a cryptocurrency. Since 2009 cryptocurrencies have increasingly been used as the currency of choice to facilitate crime. From individual actors to large-scale transnational criminal organizations (TCOs), cryptocurrency can be exploited by any criminal organization engaged in almost any type of illicit activity. Cryptocurrencies are attractive to criminal and terrorist organizations because they offer a relatively fast, inexpensive, and pseudonymous system of transactions as compared to more traditional financial transactions. HSI has seen that nefarious actors are inclined to use cryptocurrency based on the perception that there is anonymity associated with their transactions or that because cryptocurrency used during an illicit scheme can be moved immediately offshore to a foreign exchange or over the counter trader (OTC), that U.S. law enforcement entities will be unable to trace or to seize and recover the assets. In addition, cryptocurrency offers the ability to engage in money laundering with minimal effort. By using OTCs or offshore exchanges, cryptocurrency can be laundered and reintroduced into the U.S. financial system relatively easily by utilizing typical laundering techniques of placement and layering. When used to fund terrorist operations and activities, terrorist organizations often have the opposite requirement. They seek to conceal the origin of funds from donors, businesses, and other legitimate sources to avoid law enforcement scrutiny. HSI has seen nefarious actors expend cryptocurrency in furtherance of a wide array of crimes HSI investigates. Both at home and abroad, cryptocurrency can be used to purchase illicit items such as drugs or guns on darknet marketplaces; to launder criminally-derived proceeds; or to provide material support to or funding for terrorist actors or organizations to carry out operations. Cryptocurrency can also be used to pay fraudsters, ransomware actors, or individuals involved in other illicit schemes such as intellectual property theft and illegal technology procurement. In addition, current trends indicate cryptocurrency is becoming prevalent within criminal organizations involved in child exploitation and human trafficking. Whether expended by TCOs, or terrorist organizations, or facilitators of such organizations, the use of cryptocurrency by bad actors continues to expand and evolve and presents a potential threat to the National security and public safety of the United States. hsi's lines of effort Given that cryptocurrency is used across the spectrum of crimes that HSI has the authority to investigate, HSI plays a critical role in the U.S. Government's efforts to detect, investigate, and prevent its illicit use by criminal and terrorist actors. Using its authorities and subject-matter expertise in financial, cyber, and National security cases; its strong strategic partnerships; and its robust international footprint, HSI employs a multi-faceted approach to combat crimes enabled by the use of cryptocurrency. This approach is rooted in HSI's investigative expertise, and supplemented by robust collaboration, training, and outreach programs. These efforts are described below. Investigations Bitcoin and other cryptocurrencies are attractive to bad actors because of their pseudo-anonymity and ease of transfer, but at some point, criminals need to convert their cash into cryptocurrency or their cryptocurrency into cash. Whenever monetary exchanges are made, a chokepoint is created. This is the time when criminals are most vulnerable and can be identified through law enforcement means and methods. Using traditional investigative methods such as surveillance, undercover operations, and confidential informants, coupled with sophisticated financial and blockchain analysis, HSI can take advantage of these chokepoints and use them to identify, disrupt, and dismantle the terrorist organizations and TCOs. In 2013, the U.S. Department of the Treasury's Financial Crimes Enforcement Network issued guidance clarifying that certain persons or companies that exchange convertible virtual currency, such as cryptocurrency, are considered money services businesses (MSBs), and therefore must follow the same regulatory and reporting protocols as traditional MSBs. The protocols include developing and implementing an anti-money laundering compliance program, filing suspicious activity reports, and registration requirements, among others. These procedures include ``Know Your Customer'' measures to record personal identifying information from customers to mitigate fraud. Lawful users of cryptocurrencies tend to use registered, compliant cryptocurrency exchanges that adhere to regulatory and operational measures in exchange for security, low fees, and the ease of processing transactions. Those who use cryptocurrency for illegal purposes generally avoid registered exchanges and seek illicit or unregistered exchanges that do not require or ask for personal identifying information. These illicit exchanges often take the form of a direct Peer-to-Peer (P2P) exchanger. P2P exchangers post advertisements stating the price for which they are willing to either buy or sell cryptocurrency on-line. Although some P2P exchangers do register with FinCEN and State authorities and follow compliance laws, most do not. Rather, these illicit P2P exchangers position themselves as the money launderers in the cryptocurrency world. P2P exchangers illegally generate revenue by charging a premium for allowing their customers to remain anonymous. They will sell cryptocurrency above market value and buy below market value to or from those customers who want to remain anonymous. Targeting these illicit P2P exchangers enables HSI to open the door and pull back the veil of pseudo-anonymity provided by cryptocurrencies. HSI can identify other criminals using cryptocurrency to fund and further their illicit activities through interviews and suspect cooperation; forensic analysis of computers, mobile phones, and other seized electronics; and the use of advanced blockchain tracing tools. Since 2018, HSI's Cryptocurrency Intelligence Program (CIP), housed at the National Bulk Cash Smuggling Center, has targeted unlicensed cryptocurrency MSBs and other gatekeepers in the cryptocurrency space. CIP provides blockchain forensics and analytics support to HSI investigators, as well as State, local, and international partners investigating cryptocurrency-enabled crimes. CIP uses technical and subject-matter expertise to exploit blockchain evidence, guide agency policy, monitor market intelligence, and regularly engages with private-sector partners such as exchanges, other virtual asset service providers and the blockchain industry groups. Collaboration With the rapid development of new technologies, TCOs and terrorist organizations often adapt new methodologies to facilitate their illicit activities. It is now more essential than ever that law enforcement agencies work together to enhance our abilities to address this threat. Currently, HSI uses established investigative techniques that have gradually evolved to keep pace with this change but, HSI often engages its Federal, State, local, and international partners to learn and exchange new and innovative approaches in the cryptocurrency space. HSI leads and participates in numerous task forces and working groups such as, the HSI Cyber Crimes Center, the FBI's National Cyber Investigative Joint Task Force, the U.S. Secret Service's Cyber Fraud Task Force, and the DHS Science and Technology Internet Anonymity Project Working Group. HSI's extensive international footprint, comprised of more than 80 offices in over 50 countries, equips HSI with a global ability to connect and engage with international partners in this space. HSI special agents assigned to EUROPOL coordinate multi-lateral foreign investigations of darknet markets, cryptocurrencies, and illicit travel connected to terrorism. HSI also sits on multiple committees and engages with international partners to exchange ideas, guide regulatory developments, and exchange investigative information. Given the transnational nature of the crimes HSI investigates, these international partnerships are essential to investigations into cryptocurrency use in illicit and terrorist activities. Training HSI has been engaged in a multi-year effort to increase its ``cyber-enabled'' workforce by training special agents, criminal analysts, and computer forensic analysts to conduct more effective and comprehensive on-line investigations. The HSI headquarters-based financial crimes unit and the HSI Cyber Crimes Center have partnered to provide cryptocurrency and darknet training for HSI special agents, as well as Federal, State, local, and international partners. Since 2017, HSI's subject-matter experts in cryptocurrency have conducted beginner and advanced cryptocurrency training to over 1,000 international law enforcement partners and Government officials world-wide. The training enables U.S. law enforcement agencies to initiate prolonged and combined campaigns of coordinated investigations targeting the criminal organizations that are using cryptocurrencies to launder illicit proceeds derived from various criminal schemes. Outreach In 2003, HSI initiated the Cornerstone outreach initiative, a Nation-wide program designed to promote cooperation and collaboration with private-sector partners in order to detect and close vulnerabilities within the financial industry. This mission is accomplished through proactive outreach and collaboration with businesses and industries that manage the very systems terrorists and other criminal organizations seek to exploit. Within the financial sector, HSI's efforts focus on conducting outreach with traditional financial institutions as well as MSBs. With the rapid growth of cryptocurrency, and with it the expansion of private companies involved in cryptocurrency, HSI has expanded Cornerstone to include outreach and training to private industry involved in the cryptocurrency space, who often represent the first line of defense against money laundering and the illicit use of cryptocurrency. statistics and investigative successes While HSI's investigative portfolio is extensive and diverse, financial investigations are at the core of every investigative program area that we investigate. TCOs, terrorist organizations and the myriad of criminal networks have grown increasingly more technical in their approach to obfuscating their criminal acts, while also morphing operations to the perceived anonymity of the darknet. Traditional money-laundering methods remain, yet cryptocurrency can now be used with relative ease to facilitate any type of illicit activity. As such, HSI investigations related to cryptocurrency have risen from one criminal investigation in 2011, to over 604 active criminal investigations in 2021. To date in 2021, HSI has already seized $79,825,606.65 in cryptocurrency. This marked increase signifies growing confidence in cryptocurrency use by bad actors and requires that law enforcement remains technically proficient in performing these complex investigations. These metrics also reflect an ability of HSI and our partners to engage in a concerted effort to identify and disrupt illicit economies, but to also use that intelligence to disrupt and dismantle the command- and-control structure of TCOs and those that proliferate or support terrorist acts. To illustrate the above point, HSI led a global cyber operation, along with the Internal Revenue Service (IRS) and Federal Bureau of Investigation (FBI), which resulted in the dismantlement of an on-line infrastructure of Hamas's militant wing, Al Qassam Brigades. Beginning in October 2019, HSI established several undercover personas who executed undercover donation payments, using Bitcoin and undercover electronic communications, with the subjects operating the Hamas cryptocurrency fundraising campaign. The undercover payments were executed in a method that enabled investigators to identify those supporters based in the United States and allowed investigators to further identify money flows. Through additional communications exploitation, HSI was able to identify 64 unique communication channels, which led to the execution of a seizure warrant on a Hamas donor's Bitcoin wallet. Through additional court-ordered search warrants, HSI identified 64 terrorist-affiliated email addresses, which illuminated the organizational blueprint, as well as covert access of Hamas's on-line recruitment, financing, domain, and network infrastructure, which was spread across the United States, Canada, Russia, Germany, and Saudi Arabia. In July 2020, HSI and IRS special agents executed a total of 24 Federal search and seizure warrants at numerous cryptocurrency exchanges, domain registration providers, VPN service providers, on- line payment providers, DDOS protection providers, and email providers, resulting in numerous account take-overs, server seizures, email account seizures, and domain redirections. Additionally, this cyber operation was executed in cooperation with foreign partners and ultimately resulted in the seizure of terabytes of terrorist-controlled data, the seizure of several million dollars from hundreds of Bitcoin wallets, and the account takeover of a terrorist-administered website that solicits terrorist donations via Bitcoin. This account takeover of website, www.alqassam.net, enabled HSI to seize terrorist donations for a 30-day period. To highlight another investigative example, in 2020, HSI, IRS, and FBI initiated an investigation related to 24 cryptocurrency accounts, all of which were identified as foreign assets or sources of influence for al-Qaeda. This investigation was initiated to investigate the unlawful use of cryptocurrency to support and finance terrorism. As a result of this investigation, HSI subsequently seized 60 virtual currency wallets used in this terrorism financing scheme. The results of this case and others illustrate how law enforcement can effectively disrupt terrorist groups, though the use of HSI's financial and global investigative authorities, technical aptitude, undercover and asset forfeiture authorities and ability to use law enforcement and the private sector as force multipliers in this fight. gaps and solutions While HSI has had success in countering the use of cryptocurrency to facilitate crime, investigative and regulatory challenges still remain. On the investigative front, the pseudo-anonymity offered by cryptocurrencies, combined with enhanced encryption being implemented by some platforms, restricts law enforcement's ability to trace financial transactions between illicit actors in support of a broad range of criminal activities. Cryptocurrency protocols are continuously being refined, and new cryptocurrencies are regularly developed and deployed with ever-growing technological complexity. As a result, law enforcement organizations such as HSI are confronted with the need to continuously update and expand their training and expertise to enable effective investigations. This presents a resource and training challenge, particularly in light of competing priorities within an agency such as HSI with a broad mission set. Additionally, significant challenges in international regulation remain, including the classification of cryptocurrency, which varies from country to country, and the lack of a common understanding and definition for cryptocurrency and what it is under the law. From HSI's perspective, the implementation of consistent global regulatory oversight would be an important step toward mitigating the illicit use of cryptocurrencies by terrorist and criminal actors. HSI has and will continue to engage with stakeholders across the branches of the U.S. Government to address questions, provide insight, and respond to requests related to cryptocurrency and the digital economy. conclusion Thank you again for the opportunity to appear before you today to discuss this important topic and for your continued support of HSI and our investigative mission. HSI remains committed to protecting the physical and digital borders of the United States from TCOs and terrorist networks seeking to exploit and undermine our financial and cyber systems and will continue our efforts at home and abroad to uphold the National security and public safety of the United States. Ms. Slotkin. Thank you for your testimony. Pursuant to today's order, the subcommittee stands in recess, subject to the call of the Chair. Mr. Malinowski will be back shortly. I will flag that we have a couple of Members who are on-line. You can't see them, but when they are called for questions, they will come up, and you will be aware of them. So give us just a few minutes. We will be right back to you. [Recess.] Ms. Slotkin. The subcommittee will come back to order. I now recognize Assistant Director Sheridan to summarize his statement for 5 minutes. Mr. Sheridan. Can you hear me, ma'am? I have a red--is that good? Can you hear me? OK. Ms. Slotkin. We can, unless---- Mr. Sheridan. OK. Ms. Slotkin [continuing]. The staff can't hear. Let us know. But we can hear you well. STATEMENT OF JEREMY SHERIDAN, ASSISTANT DIRECTOR, OFFICE OF INVESTIGATIONS, U.S. SECRET SERVICE, DEPARTMENT OF HOMELAND SECURITY Mr. Sheridan. Thank you, ma'am. Chairwoman Slotkin, Ranking Member Pfluger, and Members of this subcommittee, good morning. Thank you for inviting me here today to testify on how cryptocurrencies, virtual currencies, and other forms of digital money are being used to further advance criminal activity, including acts of terrorism and violent extremism. My name is Jeremy Sheridan, and I am the assistant director of the Secret Service's Office of Investigations. I lead our more than 160 field offices and direct our global network of Cyber Fraud Task Forces. I work to ensure that the Secret Service is effectively detecting and arresting those engaged in the violations we are authorized to investigate, while also supporting our diverse protective requirements across the world. For more than 150 years, the Secret Service has conducted investigations to protect the American public, private companies, financial institutions, and critical infrastructure from criminal exploitation. We maintain extensive authorities, expertise, and capabilities to safeguard financial and payment systems from criminal misuse, even as those activities are increasingly transnational and enabled by digital money. The Secret Service has a distinctive record of success in countering risks related to new technologies. We have successfully investigated and dismantled some of the most notorious virtual money platforms and crypto exchanges and brought to justice some of the most infamous money launderers and cyber criminals in U.S. history. Today, we remain committed to keeping pace with innovation and the evolving strategies and tactics criminals are using to exploit new financial instruments. Our perspective on these matters is based on our unique role. We are not a financial regulator or a member of the intelligence community. We are a law enforcement agency focused on accomplishing our integrated mission of protecting designated persons, places, and events and investigating crimes that undermine the integrity of financial and payment systems. This unified mission necessitates that we understand how digital money may present risk to the Nation's financial system as well as to our many protectees. Consequently, today, I will aim to address the broad criminal risks of digital money as well as the work of the Secret Service and our partners to mitigate those risks. I believe the measures to investigate and address these risks apply equally to violent extremism and financially motivated crime as they do to other forms of criminality. I wish to stress that, while digital money is not inherently criminal, it can be abused and is currently being abused for a wide variety of criminal purposes, from money laundering and ransomware to illicit financing of terrorism and violent extremism. Over the past decade, law enforcement has made great strides in the fight against the illicit use of digital money, but we anticipate that the on-going growth and criminality will continue over the coming years. Organized crime groups, terrorists, and other bad actors will continue to view digital money as an effective means to transfer value globally and as a means of evading the anti-money-laundering controls that are well-established within the traditional financial system. As the cryptocurrency industry improves their compliance with anti-money-laundering obligations, the Secret Service is focused on staying one step ahead of our adversaries. By building the investigative capabilities and purview to meet the evolving threats, we can continue to detect and arrest those who engage in criminality using digital money. But we must not be complacent. Keeping pace with criminals requires a continuous investment in technology, training, and, most importantly, people. The investigation of cyber crime and illicit finance is complex, demanding work. We need a steady stream of bright, diligent professionals equipped with the latest technology, training, and expertise if we hope to continue to be successful in the future, as we have in the past. Allow me to reiterate what many of my predecessors have emphasized. Those that seek to further their illicit activities through the use of digital currencies or the internet, more broadly, should have no illusions that they are beyond the reach of law. Even those digital assets and services that claim to be anonymous can be tracked and interdicted. As the investigative work of the Secret Service and our partners has demonstrated over the decades, we in law enforcement, whether it be the Secret Service, the FBI, HSI, IRS CI, or any of the other investigative agencies of the U.S. Government, are relentless in enforcing the law. We will not stop until those who seek to harm the United States and its citizens are arrested, convicted, and punished. Chairwoman Slotkin, Ranking Member Pfluger, and Members of this subcommittee, thank you again for the opportunity to appear before you today and for your continued support of the U.S. Secret Service. I look forward to working closely with this committee and with other Members of Congress on our shared priorities and welcome your questions. [The prepared statement of Mr. Sheridan follows:] Prepared Statement of Jeremy Sheridan July 22, 2021 introduction Good morning Chairwoman Slotkin, Ranking Member Pfluger, and Members of this subcommittee: Thank you for inviting me to testify on how criminals use digital money,\1\ including cryptocurrencies, to further illicit activity, such as terrorism and unlawful acts of violent extremism. My name is Jeremy Sheridan and I am the assistant director of the Office of Investigations. In this role, I lead more than 160 Secret Service field offices and direct our network of Cyber Fraud Task Forces (CFTFs) in their investigations of sophisticated computer and financial crimes. I ensure our global network of field offices and task forces effectively detect and arrest those that are engaging in the criminal violations we are authorized to investigate,\2\ while fully supporting our diverse protective requirements across the world. --------------------------------------------------------------------------- \1\ The term ``digital money'' is used to refer to a representation of value that is stored on and transferred through computer systems and that is used similar to money, regardless of legal tender status. The term ``digital money'' is inclusive of, but is not limited to, cryptocurrency assets like Bitcoin, Ether, Tether, and others. Consistent with FinCEN guidance (FIN-2013-G001), the Secret Service uses the term ``virtual currency'' to refer to mediums of exchange that operate like currency, but do not have legal tender status. \2\ See 18 U.S.C. 1028-1030, and 3056(b). --------------------------------------------------------------------------- Today, I will provide you with an overview of the risks associated with digital money, as viewed from the perspective of the United States Secret Service (Secret Service), and to highlight the various actions we are taking to address those risks. As part of my testimony, I will also seek to highlight some key challenges that we see on the horizon. For more than 150 years, the Secret Service has conducted investigations to protect the American public, private companies, financial institutions, and critical infrastructure from criminal exploitation. We maintain extensive authorities, expertise, and capabilities to effectively safeguard financial and payment systems from criminal misuse, even as those illicit activities are increasingly transnational in nature and enabled by the internet.\3\ --------------------------------------------------------------------------- \3\ For more information on the Secret Service's investigative mission see: https://www.secretservice.gov/investigation. --------------------------------------------------------------------------- The Secret Service has a distinctive record of success in countering risks related to emerging financial and payment technologies. This includes countering fraud in electronic transfers of funds in the early 1980's, countering criminal schemes related to payment cards in the 1990's, and investigations related to cryptocurrencies and digital money platforms over the past decade and half. Today, we remain committed to keeping pace with technological innovation and the evolving strategies and tactics criminals are using to exploit these new financial instruments. Through our decades of criminal investigations, the Secret Service has developed a deep understanding of the risks, challenges, and potential investigative benefits of digital money, as well as the effectiveness of various potential law enforcement and regulatory responses. Our perspective on these matters is based on our unique role. We are not a financial regulator or a member of the intelligence community. We are a law enforcement agency focused on accomplishing our dual responsibilities of protecting designated persons, places, and events and investigating crimes that undermine the integrity of financial and payment systems. These unified mission sets necessitate that we understand how digital money may present risks our Nation's financial system, such as through money laundering, fraud, theft, and extortion by cyber criminals (including through ransomware), in addition to the ways in which they present risks to our many protectees. Consequently, my testimony today will address the broad risks of how criminals can use digital money. In the interest of protecting on- going investigative activities and other law enforcement sensitive information, I will avoid detailed discussion of specific recent events or law enforcement techniques. I believe this committee's work can be well-informed by a discussion of the broad range of illicit activity that is enabled by digital money. The measures to investigate and address these risks, I believe, apply equally to terrorism, violent extremism, and financially-motivated crime, as they do to other forms of criminality. secret service investigations of digital money The commercialization of the internet in the 1990's brought with it a new push to develop payment systems that could function effectively within a digital economy. While the U.S. market predominately adopted payment cards as the solution, there have been numerous attempts to develop new digital payment systems that could operate with greater independence from, and with a similar degree of trust to, the traditional financial system, and all at a potentially lower cost. In 2009, Bitcoin sought to achieve these goals through a novel approach of using public-key cryptography and on-going decentralized computation to form a blockchain, a technical architecture which forms the basis of most forms of digital money today.\4\ --------------------------------------------------------------------------- \4\ Nakamoto, Satoshi, ``Bitcoin: A Peer-to-Peer Electronic Cash System'' (2008). Last accessed on July 6, 2021. Available at: https:// bitcoin.org/bitcoin.pdf. --------------------------------------------------------------------------- Since that time, the popularity of Bitcoin has inspired an exponential growth in digital assets globally, from cryptocurrencies to stable coins to non-fungible tokens (NFTs). As of July 2021, there are more than 5,000 blockchains in operation on the internet, with over 300 million users world-wide and total market capitalization of approximately $1.43 trillion.\5\ Even central banks are exploring these technologies as a means of encouraging more transparent and seamless financial exchanges. Several are already in circulation.\6\ While much of this effort is in support of legitimate economic activity, the rapid expansion of cryptocurrencies, as well as other digital stores of value, presents a significant challenge to law enforcement, and a growing area of risk to the United States and our foreign partners. --------------------------------------------------------------------------- \5\ ``Cryptocurrency Prices by Market Cap,'' Last accessed on July 6, 2021. Available at: https://www.coingecko.com/en. \6\ Among others, the Central Bank of Sweden proposed an ``e- krona'' in November 2016, and started testing an e-krona proof of concept in 2020; in November 2017, the Central Bank of Uruguay announced to begin a test to issue digital Uruguayan pesos; and on October 20, 2020, the Central Bank of the Bahamas introduced the ``Sand Dollar'' as a digital legal currency equivalent to the traditional Bahamian dollar. See Deloitte, ``Are Central Bank Digital Currencies (CBDCs) the money of tomorrow?'' Last accessed on July 11, 2021. Available at https://www2.deloitte.com/content/dam/Deloitte/lu/ Documents/financial-services/Banking/lu-are-central-bank-digital- currencies.pdf. --------------------------------------------------------------------------- The Secret Service has been at the forefront of combatting these crimes from their earliest iterations, and we continue this work today. We have successfully investigated and dismantled two centralized virtual currency providers that supported extensive criminal activity: e-Gold Ltd. (in 2007) \7\ and Liberty Reserve (in 2013).\8\ Working with our partners, we investigated and ultimately shut down a number of other virtual currency exchangers,\9\ including Western Express,\10\ which was prosecuted by the Manhattan District Attorney's Office, and, in 2017, the cryptocurrency exchange BTC-e.\11\ Through a partnership with the Internal Revenue Service's Criminal Investigation Division (IRS-CI) and other foreign and domestic law enforcement agencies, we successfully shuttered BTC-e, after it was accused to have failed to implement a program to prevent illicit financing.\12\ --------------------------------------------------------------------------- \7\ See U.S. Department of Justice: ``Over $56.6 Million Forfeited In E-Gold Accounts Involved In Criminal Offenses,'' https:// www.justice.gov/usao-md/pr/over-566-million-forfeited-e-gold-accounts- involved-criminal-offenses; Digital Currency Business E-Gold Indicted for Money Laundering and Illegal Money Transmitting, https:// www.justice.gov/archive/opa/pr/2007/April/07_crm_301.html. \8\ See U.S. Department of Justice press releases: ``Founder of Liberty Reserve Pleads Guilty to Laundering More Than $250 Million through His Digital Currency Business,'' https://www.justice.gov/opa/ pr/founder-liberty-reserve-pleads-guilty-laundering-more-250-million- through-his-digital; ``Manhattan U.S. Attorney Announces Charges Against Liberty Reserve, One Of World's Largest Digital Currency Companies, And Seven Of Its Principals And Employees For Allegedly Running A $6 Billion Money Laundering Scheme,'' https:// www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges- against-liberty-reserve-one-world-s-largest. \9\ Exchangers are businesses that allow for the trade of digital currencies for other assets, such as conventional fiat money, such as U.S. dollars, or other digital currencies. \10\ See Manhattan District Attorney, ``DA Vance Testimony on Digital Currency before the Department of Financial Services,'' https:/ /www.manhattanda.org/da-vance-testimony-on-digital-currency-before-the- department-of-financial-services/. \11\ See, ``Russian National and Bitcoin Exchange Charged In 21- Count Indictment For Operating Alleged International Money Laundering Scheme And Allegedly Laundering Funds From Hack Of Mt. Gox,'' https:// www.justice.gov/usao-ndca/pr/russian-national-and-bitcoin-exchange- charged-21-count-indictment-operating-alleged. \12\ See, ``FinCEN Fines BTC-e Virtual Currency Exchange $110 Million for Facilitating Ransomware, Dark Net Drug Sales'' https:// www.fincen.gov/news/news-releases/fincen-fines-btc-e-virtual-currency- exchange-110-million-facilitating-ransomware. --------------------------------------------------------------------------- More recently, in collaboration with our Federal and international partners, we successfully investigated a highly sophisticated, Russia- based criminal scheme to defraud multiple cryptocurrency exchangers and their customers.\13\ This effort led to the seizure of millions of dollars' worth of virtual assets. The criminals indicted in this scheme are alleged to have employed a variety of advanced methods in support of their fraud, including using fictitious or stolen identities to create accounts; circumventing exchanges' internal controls; swapping and mixing different types of virtual currency; moving virtual currency through multiple intermediary addresses; and a market manipulation scheme in which inexpensive virtual currency was purchased at a fast rate to increase demand and price, then quickly sold for a higher price to make a quick profit. --------------------------------------------------------------------------- \13\ See, ``Russian Nationals Indicted for Conspiracy to Defraud Multiple Cryptocurrency Exchanges and Their Customers,'' https:// www.justice.gov/usao-ndca/pr/russian-nationals-indicted-conspiracy- defraud-multiple-cryptocurrency-exchanges-; and ``Treasury Sanctions Russian Cyber Actors for Virtual Currency Theft,'' https:// home.treasury.gov/news/press-releases/sm1123. --------------------------------------------------------------------------- And just this year, our work investigating illicit uses of cryptocurrency supported indictments and arrests associated with a vast money-laundering operation that provided criminal services to not only some of the world's most dangerous cyber criminals but also North Korean military-affiliated actors.\14\ This North Korean group is accused of creating and deploying multiple malicious cryptocurrency applications, of developing and fraudulently marketing a fictitious blockchain platform, and ultimately stealing more than $1.3 billion from victims in the United States and overseas. --------------------------------------------------------------------------- \14\ See, ``Three North Korean Military Hackers Indicted in Wide- Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the Globe,'' https://www.justice.gov/opa/pr/three-north-korean-military- hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and. --------------------------------------------------------------------------- During the course of our criminal investigations, the Secret Service maintains close and continuous partnerships with a wide range of domestic and international law enforcement agencies. We regularly coordinate our work with the Department of Justice, Federal Bureau of Investigation (FBI), Homeland Security Investigations (HSI), IRS-CI and others, and, where appropriate, conduct joint investigations and information sharing with foreign counterparts. Through our Cyber Fraud Task Forces and through domestic and international task forces, like the National Cyber Investigative Joint Task Force (NCIJTF) and the Joint Cybercrime Action Taskforce (J-CAT) in Europe, we work to ensure effective deconfliction and intelligence sharing between and among our law enforcement partners. countering risks involving digital money Criminals can abuse digital money for a wide variety of purposes, including in support of terrorist or violent extremist activities. The types of criminality are diverse, and include such schemes as crypto- jacking,\15\ thefts of private keys,\16\ the purchase of illicit goods or services on the dark web, attacks on block chain networks,\17\ money-laundering, sanctions evasion, illicit financing, and as the extortion payment method of choice in modern ransomware, among other potential crimes.\18\ --------------------------------------------------------------------------- \15\ Crypto-jacking is the use of malware or compromised websites to use, without authorization, computing power of others for cryptocurrency mining. Mining is the computational process that verifies and maintains a blockchain, and is typically incentivized by a blockchain protocol rewarding cryptocurrency to miners. \16\ Control of assets on a blockchain is maintained through exclusive control and access to the associated private cryptographic key; however, there have been numerous instances of cryptocurrency heists, involving major exchanges, wallets, and individual users resulting from the theft and illicit use of private cryptographic keys. \17\ We have observed a few instances of attacks on blockchain systems themselves, either to impair their operation, as part of a broader scheme, or as part of a ``51 percent attack'' to defraud other users of the cryptocurrency. Such activities typically involve violations of 18 U.S.C. 1030 and can also include other criminal offenses. \18\ Ransomware, which impairs the operation of a computer as part of an extortion demand, has substantially grown in threat, corresponding with adopting cryptocurrencies as the means of paying extortion demands. --------------------------------------------------------------------------- The blockchain analysis tracking firm Chainalysis, has identified approximately $21.4 billion worth of likely illicit cryptocurrency transfers in 2020.\19\ However, we believe that this is likely a significant underestimate of the total value of illicit cryptocurrency transfers. Certain blockchain implementations on specific currencies can provide information for insightful analysis on its own, but a full accounting of the motives and identities of criminal actors using these tools can only be achieved through the work of trained criminal investigators, armed with subpoena powers and court-sanctioned legal process to undercover the true scale of the problem. --------------------------------------------------------------------------- \19\ ``Crypto Crime Report 2021,'' Chainalysis, available at: https://go.chainalysis.com/rs/503-FAP-074/images/Chainalysis-Crypto- Crime-2021.pdf. --------------------------------------------------------------------------- A 2019 study \20\ on terrorist use of digital currencies by the RAND Corporation, supported Secret Service's Office of Investigations finding that a specific digital currency can be viewed as more or less appealing to bad actors based upon six criteria: A currency's level of anonymity, its usability, its security, its acceptance in the marketplace, its reliability, and its overall volume. RAND's research shows that, ``should a single cryptocurrency emerge that provides wide- spread adoption, better anonymity, improved security, and that is subject to lax or inconsistent regulation, then the potential utility of this cryptocurrency, as well as the potential for its use by terrorist [or criminal] organizations, would increase.'' It is thus essential that the U.S. Government keep pace with changes in the market and align investigative resources and regulatory oversight to shifts in the tactics of terrorists, criminals, and other bad actors. --------------------------------------------------------------------------- \20\ See, ``Terrorist Use of Cryptocurrencies Technical and Organizational Barriers and Future Threats,'' The RAND Corporation, 2019, available at https://www.rand.org/pubs/research_reports/ RR3026.html. --------------------------------------------------------------------------- Law enforcement has made tremendous strides in the fight against illicit use of digital money, but we anticipate that the on-going growth in criminality will continue in the coming years. Organized crime groups, terrorists, violent extremists, and other bad actors will continue to view cryptocurrencies as an effective means to transfer substantial values globally, without encountering the anti-money laundering controls common in the traditional financial system. As the cryptocurrency industry improves their compliance with anti-money laundering (AML) obligations, I am focused on keeping the Secret Service one step ahead of our adversaries. By developing the investigative capabilities and purview to meet the evolving threat landscape, we can continue to detect and arrest those engaged in crime, including those engaged in terrorism and violent extremism. challenges for further consideration Cryptocurrencies remain attractive to bad actors for the various reasons provided above, but it also has its limitations and criminal drawbacks. For cryptocurrencies or other digital assets to be utilized within the mainstream economy--namely, to exchange them for most goods or services--they usually must be converted into government-backed fiat currency, such as the U.S. dollar, European euro, or Chinese yuan. This conversion typically occurs through ``exchanges,'' money services businesses which allow for the purchase and sale of digital assets with fiat currency. Exchanges, both as on-ramps and off-ramps to the cryptocurrency economy, have been a particularly effective data source and control point for governments to focus their efforts; however, as the variety of digital assets increases, further attention is needed to address the risks of technologies and services that obscure digital transactions from law enforcement and regulatory oversight. The United States and the broader international community have spent decades developing, implementing, and strengthening a global anti-money laundering (AML), Know-Your-Customer (KYC), and countering the financing of terrorism (CFT) regime. Financial institutions doing business in the United States must follow a host of statutory and regulatory obligations, including those related to the Bank Secrecy Act of 1970, the Annunzio-Wylie Anti-Money Laundering Act of 1992, and the Money Laundering Suppression Act of 1994, in addition to other associated laws and Federal regulations. These laws require covered entities to be registered, establish compliance programs, due diligence systems and monitoring programs, transmit suspicious activity reports, and develop risk-based anti-money-laundering programs. Failing to comply with these requirements or conducting or facilitating transactions designed to avoid reporting requirements or conceal or promote specified unlawful activities may constitute criminal violations of Title 31 of the U.S. Code or sections 1956, 1957, or 1960 of Title 18, in addition to other provisions of U.S. law. Criminals and terrorist groups persistently seek to avoid U.S. and foreign AML and KYC requirements by utilizing exchanges that do not adhere to these laws or reporting requirements. Criminals are also increasingly exploiting over-the-counter (OTC) brokers, which facilitate transactions conducted directly between two parties through bilateral contracts. Unlicensed OTC brokers with weak AML/CFT programs are increasingly being used by criminals and other bad actors for money laundering and other financial crimes. Compared to institutional exchanges, OTC brokers provide a more decentralized approach, which makes them attractive for those intent on engaging in money-laundering activity. In both cases, with exchanges or OTCs, criminals look to utilize those providers hosted in foreign jurisdictions with lax AML requirements or weak enforcement. Accordingly, it is vital to U.S. National security that AML/KYC laws achieve their intended effects, regardless of the bad actors' motivations for exploiting them. The enactment of the Anti-Money Laundering Act of 2020 (AML 2020) was an important step in this direction. Timely and effective implementation of the rules directed by this law, and effective enforcement of violations, will likely have a substantial impact on the illicit market. We are closely monitoring and participating in the implementation of the AML Act of 2020, both to track potential emerging risks and to identify where further action may be helpful. For example, enhanced data reporting, collection, retention requirements, and accessibility requirements may strengthen criminal investigations and effective oversight. We also foresee significant money laundering risks, which may require further action, related to anonymity-enhanced cryptocurrencies, services intended to obscure transactions on blockchains (i.e., cryptocurrency tumblers or mixers), and cryptocurrency mining pools. That said, the United States should be cautious about acting unilaterally, as this can simply lead to the ``offshoring'' of cryptocurrencies and associated services to foreign jurisdictions. We believe that the most effective interventions are those that are conducted in coordination with other major economic powers. Our foreign partners perform critical roles in in assisting U.S. law enforcement with conducting investigations, making arrests, seizing criminal assets, and establishing effective AML regulations to counter transnational criminal activity that harms Americans. As we take steps domestically, we continue to work to ensure that foreign partners are willing and capable to assist us in investigations. To that end, the Secret Service continues to partner closely with Departments of State, Justice, and the Treasury to develop these essential foreign partnerships and work collaboratively on multinational criminal investigations and training programs. Further, we acknowledge that some exchangers or brokers may actively obfuscate their ownership and location in an effort to evade detection and oversight. To address this challenge, additional consideration is warranted to improve cooperation between U.S. Government authorities and foreign and domestic providers of electronic communications services and remote computing services. This will facilitate expeditiously identifying users engaged in certain illicit activities, such as those involving digital money laundering, transnational cyber crime, or terrorist financing. Last year, the Cyberspace Solarium Commission made important recommendations toward achieving such improved cooperation.\21\ --------------------------------------------------------------------------- \21\ See, The Cyberspace Solarium Commission Report, available at, https://www.solarium.gov/report. --------------------------------------------------------------------------- Strong overseas partnerships are also key to effective regulation and oversight. Fostering these partnerships requires continual investment in government-to-government law enforcement and regulatory relationships to develop shared understanding of risks, and to ensure an effective international anti-money laundering regulatory and enforcement programs. Toward this end, we welcome efforts to improve global controls related to digital assets, through our international partners, and other global financial and banking associations. Finally, investigating crimes involving digital money, and the transnational organized criminal and terrorist groups that exploit it, requires highly-skilled criminal investigators. Hiring, developing, retaining, and equipping our investigative workforce, as well as partnering with and training our domestic and foreign law enforcement and other partners to develop their investigative capabilities, are all critical priorities for ensuring that the United States is well- prepared to address emerging risks both today and into the future. This can be achieved by strengthening and growing law enforcement training and capacity-building programs that equip Federal law enforcement, and our partners, with the technical skills and tools necessary pursue the most sophisticated transnational criminals. Programs such as the Secret Service's National Computer Forensics Institute (NCFI), which yearly trains over 3,000 U.S. State and local law enforcement officials in computer investigations techniques, and the Department of State's International Law Enforcement Academies (ILEA), which provide instruction to foreign law enforcement partners on approaches to combatting cyber crime and illicit finance, are prime examples of initiatives that enhance these requisite capabilities. conclusion Digital money is clearly of great interest to governments, businesses, and U.S. citizens, as demonstrated by the substantial research conducted and investments places into these assets. The Secret Service is focused on doing our part to address the challenges posed by the increasing use of digital money in furtherance of illicit activity, from ransomware, to money laundering, to the financing of violent extremists and terrorists. But we and our law enforcement partners, both domestic and foreign, must and can do more. We must dramatically expand our efforts, and continue to adapt our investigative tools and techniques, if we hope to stem the tide. Chairwoman Slotkin, Ranking Member Pfluger, and Members of this subcommittee, I will conclude by reiterating what many of my predecessors have emphasized here before in this body: Those that seek to further their illicit activities through use of digital currencies, or the internet more broadly, should have no illusions that they are beyond the reach of the law. Even those assets and services that purport to be ``anonymous'' can be tracked and interdicted. As the investigative work of the Secret Service and our law enforcement partners has over the years demonstrated: We are relentless in enforcing the law and will not stop until those who seek to harm the United States and its citizens are arrested, convicted, and punished to the fullest extent of the law. Thank you again for the opportunity to appear before you today, and your continued support for the mission of the U.S. Secret Service. I look forward to working closely with this committee, and with other Members of Congress, on our shared priorities. I look forward to answering your questions. Ms. Slotkin. I thank all the witnesses for their testimony. I will remind the subcommittee that we each have 5 minutes to question the panel. Since we haven't been in the room for a while, the clock is under the screens. That is 5 minutes total, so I will give you a gentle tap of the gavel when you have hit your 5-minute mark, if you are going strong. I will now recognize myself for questions. So, Ms. Dobitsch, can you help us just contextualize the threat? You know, sort-of, we know that there is, you know, a number--there is a bunch of terrorist organizations, there is a bunch of domestic extremist organizations that threaten Americans in different ways. How significant is the use of cryptocurrency versus other types of currencies, versus traditional types of currencies? I know it is hard to put an exact percentage on it, but give us a sense of the scale, if you would. Ms. Dobitsch. Thank you, Chairwoman. In terms of the scale, I think from a terrorist perspective we are really in the nascent stages, particularly as we look at foreign terrorist groups overseas. They remain reliant on those traditional sources of funding. But we are seeing increasing use of cryptocurrency, particularly regarding soliciting donations and fundraising. So early on in the stages. I think from a criminal perspective it is becoming more mainstream. Obviously, we are seeing more activity from transnational criminal organizations, obviously from cyber criminals, and, in certain instances, nation-states that are using it more frequently than they are those traditional sources. I think, as the technology becomes more accessible and easier for the user, it is going to be more common among terrorist groups. Again, it is largely limited. We have seen several cases. But, again, I think the concern for us is that as the technology advances and becomes more user-friendly that we are going to see more activity. Ms. Slotkin. Mr. Eisert, can you help us understand the use of sites that Americans are really used to, like GoFundMe, you know, Amazon, to raise money for charity? You know, most Americans have seen someone at least advertise those kinds of campaigns. Can you talk to us about what, if any, abuse you see of those sites? Mr. Eisert. Sure. Luckily for us, a lot of those mainstream payment systems, like PayPal and GoFundMe, they have due- diligence systems in place and checks and balances. So a lot of the social media sites and those mainline payment systems have identified criminal activity and have pushed them off the networks. But that is why--that is one of the reasons why we are starting to see an increase into these alternate forms of payment systems, like virtual currency. Ms. Slotkin. Then I think for both Mr. Eisert and Mr. Sheridan, just tell us about--you know, I have assumed that from a law enforcement perspective it is just harder to go after, you know, groups that are using cryptocurrency as opposed to traditional currencies. What are the tools or legal authorities that either you don't have, that you want to have, that would make your life easier? What are the roadblocks that are holding you back? Mr. Sheridan. That is a really important question, ma'am. Thank you. So, in regards to your first question about tools, we in the Secret Service rely on our Cyber Fraud Task Forces that are stationed globally and partner with all of Government in order to combat this threat. What we need in order to expand is to increase our presence in the international setting. As was mentioned earlier, this is an international/transnational crime situation that we are facing, and we need to increase our presence there. We need to get better at our processes in order to ensure that we are aggregating data appropriately and conducting the necessary data-link analysis for attribution. We need to continue to modernize. We greatly appreciate Congress's help in the Cyber Fraud Task Force modernization that they have assisted us with, but we need to continue to grow in those areas. As it relates to authorities, similarly, ma'am, there are areas for growth as it relates to our investigative authorities related to money laundering, structured payments, and unlicensed money transmitters that would make us stronger in this fight. Ms. Slotkin. OK. Well, I am sure we would love to hear more about some of the details. Then to Ms. Dobitsch again: You know, we know that intelligence is an important part of understanding these organizations and how they finance themselves. Talk to us about, like, what does the interagency structure look like in the Government? Who is working on this? Who do you talk to every day? Is there actually coordination between different actors? Ms. Dobitsch. Yes, ma'am, it is certainly an interagency problem. I think the difficulty really is thinking about that end- user. So we are seeing the activity occurring, but oftentimes we have significant information and intelligence gaps about where that money is going and how it is ultimately used. I&A certainly serves as that bridge between law enforcement and the intelligence community. In addition to that, it really takes not just an individual or an intelligence officer that kind-of understands the intent and capabilities of the actor but also has that deep understanding and knowledge of the technology itself. If you look at a group like ISIS, in terms of their use of drones, really, since 2014, they rapidly expanded their capability to leverage drones, first for reconnaissance and then for actual attacks on the battlefield overseas. So it really takes a whole-of-Government effort and connecting that law enforcement information with the intelligence to get the fullest picture of the threat. Ms. Slotkin. Great. I now recognize Ranking Member Mr. Pfluger for questions. Mr. Pfluger. Thank you, Chairwoman. I am so glad you brought up the use of drones. I think the key here is that they are using an innovative approach, and the nature of warfare is constantly changing, and we have to stay one step ahead. So I appreciate your testimonies so far and wanted to get right into some questions with Mr. Eisert. I understand that cryptocurrency has attracted bad actors because of the pseudo-anonymity or anonymity, in some cases. I want to focus now on the cartels. Have you seen cartels using cryptocurrencies in order to hide illicit proceeds from transnational criminal activity? Mr. Eisert. Yes. Thank you for that question. Yes, we do have recent investigations where we do see cartels conducting business with money brokers, professional money launderers. Throughout our investigations, we target these professional money launderers and insert our undercover activities with them. Specific to the cartels, we have found ourselves in the middle of investigations picking up cartel-level street proceeds and converting them to cryptocurrency through peer-to- peer platforms. Mr. Pfluger. How easy is that, for them to translate that into--to either leverage for what they want to get out of it for the use of, you know--into and out of the United States? Mr. Eisert. Oh, once it is in the virtual currency format, it could be moved around the world in a matter of minutes, 100 times over around the world. The biggest chokepoints and where we have our most success is when the on-ramping or the off-ramping of the virtual currency, so, for instance, getting it into the virtual currency realm. That is where we have our success in our undercover platforms and through our traditional money- laundering investigations. A few years back, many of the mainline exchanges were regulated as money service businesses and needed know-your- customer regulations, and that has pushed a lot of the illicit activity to unregulated peer-to-peer atmosphere. That is where we primarily target the cartel and their work. Mr. Pfluger. Thank you very much for that. For Mr. Sheridan, how does the Secret Service's approach differ from other agencies, other law enforcement colleagues? Kind-of, what makes you and the Secret Service unique in this regard? Mr. Sheridan. Thank you for that question, sir. So all law enforcement entities bring their own unique set of capabilities to this fight. We in the Secret Service are a smaller organization. That makes us more agile for information sharing and case coordination within our own agency. That small size also requires us to rely on partnerships. Partnerships are the lifeblood of the Secret Service, not only in our protective mission but investigatively as well. So we develop very strong partnerships across all of Government and with our international law enforcement partners. We also have a unique methodology, in that we have been doing this for 150 years. We have, over the past several decades, created a database of information related to these cyber actors, many of whom have graduated up to these most complex cyber-enabled fraud schemes that we are seeing today. We are able to follow that digital link to when they were just starting out and had a more public--and weren't as concerned with their on-line presence as being so noticeable. Then I think our perspective. Our perspective is based on our focused statutory authority, which is to protect the Nation's financial payment systems and financial infrastructure. That allows us to be specialists, as opposed to generalists, and create, really, subject-matter experts within our organization to conduct these investigations. Mr. Pfluger. Thank you for that. Let me just talk about the whole-of-Government approach. I appreciate your comments on that, Ms. Dobitsch. For me, representing a university that is a cyber center of excellence, talk to me about that whole-of-Government approach, the private-public partnerships that you all, I think, have mentioned, and how we can leverage a university like Angelo State University, who focuses on this--and, by the way, a minority-serving institution, a Hispanic-serving institution, doing wonderful things. Talk to me about how we can incorporate students and their learning and what they should be focusing on so that they can enter your organizations and combat this. Ms. Dobitsch. Yes, sir. Absolutely. As I stated earlier, having a sophisticated understanding of the technology itself is the first step, and that often comes from private business and academia. Understanding the trends that exist in cryptocurrency and other digital currencies is really that first step. Then, also, learning more about the vulnerabilities of each of those types of currencies. From the Classified intelligence perspective, we have the intent and capabilities of those actors, but we can only understand really what the threat is if we know well what the technology is able to do and what security mechanisms are in place to prevent the malicious use of that currency or other technology. So it really is a partnership. It is not just intelligence. That is why we say ``information and intelligence.'' It is that law enforcement data, it is the private academia, and, really, all sources of information, because this is a global trend, it is a global technology, and all types of actors are really seeking to exploit the technology for their own benefit. Mr. Pfluger. Well, thank you for that. We need to know the resources that you need. We need to know the things that you identify, what we are talking about here. If there is a more comprehensive list, we need to know that. We have seen it in the ransomware attacks recently. You have mentioned it in many of the examples you have given us. But that is the purpose of this hearing and the purpose of our committee, is to give you those resources, if we can, to make sure that we can combat that. With that, Madam Chair, I yield back. Ms. Slotkin. The Chair will now recognize other Members for questions they may wish to ask the witnesses. In accordance with the guidelines laid out by the Chairman and Ranking Member in the February 3 colloquy, I will recognize Members in order of seniority, alternating between Majority and Minority. Members participating virtually are also reminded to unmute themselves when recognized for questioning. The Chair recognizes for 5 minutes the gentleman from New Jersey, Mr. Malinowski. Mr. Malinowski. Thank you. Thank you, Madam Chair. So, as all of you have testified, cryptocurrencies are being used right now for all kinds of very nefarious purposes-- to purchase illicit goods, drugs, guns; to provide material support to terrorist organizations; to enable the ransom payments that are fueling arguably the biggest threat, one of the biggest threats, that Americans are facing in their daily lives today. Mr. Eisert, I think you said in your testimony that they give bad actors the ability to engage in money laundering with minimal effort. That is pretty bad. Just so everybody is clear, maybe say a little bit more about that. What is it about cryptocurrency that enables somebody to engage in money laundering with minimal effort? Mr. Eisert. Absolutely. Thank you for that question. The cryptocurrency problem set transcends borders, transcends industries. What I mean by that is, as I discussed earlier, once you can get your money into the crypto world through a regulated exchanger or an unregulated exchanger, it is a push of the button. I could tell you about the old days of law enforcement of following money launderers from bank to bank, and good luck if they could hit 20 in a day. Now you can sit on your couch and move it 100 times over. There is one documented case where money was moved over 21,000 times before it came out. Mr. Malinowski. Yes. Mr. Eisert. It is that simple. So, once it is in the system, it is moving. Tracing it within the system, it is challenging but not unbelievable. Identifying who is attached to that transaction is the challenge. Mr. Malinowski. Well, here is what troubles me. Chairwoman Slotkin, in her opening statement, said that there is nothing inherently wrong with digital currency. I could be convinced of that, but I am not convinced of that, because I am trying to see the other side. With, for example, drone technology, we know drones can be used for deadly, nefarious purposes, including some we have not yet seen that we all fear. Yet all of us can list dozens of positive uses of drone technology for consumers, for companies. Maybe you are not the right people to ask this question to, but can you think of any socially beneficial uses of cryptocurrency beyond providing some people with something to speculate in and make money off of? Mr. Eisert. Well, coming from the law enforcement side, we are always looking at the illicit side. So I can only tell you what my beliefs are and what is out there on the open web. I believe a lot of that focus goes into the underbanked. It gives an opportunity for the underbanked areas and countries to engage in world-wide transactions. Mr. Malinowski. Well, I don't know. I mean, I hear things like, well, it provides privacy. That didn't stop us from--and I am deeply committed to privacy. It did not stop us from banning the use of anonymous shell companies for very similar reasons, right? Because they are used to cover up illicit activity. I hear the phrase that it enables the democratization of currency. Every time someone says we are democratizing something, it kind-of ends the conversation. That is sort-of good. I don't really understand what that means in this context. I think it is an abstraction, whereas ransomware attacks are not an abstraction. They are hurting people every single day. So I am not sure if I see it. I think we do need to expand this conversation to ask that fundamental question, whether the challenges that you are facing, that we are asking you to deal with, in protecting us against all of these social ills, are challenges that are necessary, inescapable, and inevitable. I think we have to ask, what is the good, what is the positive social value of this phenomenon that is also creating all of this harm? You know, I think when you look at the history of how we built modern economies in the United States and around the world, we started 300 or 400 years ago with multiple currencies that were unregulated and not controlled by governments, and in every modern economy we built what we have today when Government decided, no, we are going to have one currency that is issued and regulated by Government. I think I could ask you--we don't have time--how we can better regulate cryptocurrency, but I think if we regulated it, it wouldn't be crypto anymore, and so what would be the point? So I come back to the question, should this be allowed? Thank you. I yield back. Ms. Slotkin. The Chair recognizes for 5 minutes the gentleman from Mississippi, Mr. Guest. Mr. Guest. Thank you, Madam Chairman. Director Sheridan, you say in your written testimony that for cryptocurrency and other digital assets to be utilized within the mainstream economy, they usually must be converted into Government-backed currencies, such as the U.S. dollar and the euro. You said that exchanges serve both as on-ramps and off- ramps to the cryptocurrency economy. You talk about the growth of unlicensed over-the-counter brokers and the importance of anti-money-laundering and know-your-customers laws. Could you expand on that very briefly? Mr. Sheridan. Yes, sir. Thank you for that question. What my written testimony was meant to encapsulate is the ecosystem of what we refer to as digital money. We see in a lot of these conversations that the terms related to the different platforms are used interchangeably: Virtual currency, digital currency, cryptocurrency. We in the Secret Service use the term ``digital money,'' because that encapsulates all forms, to include cryptocurrency and the most commonly referred to coins, such as Bitcoin, Ethereum, Tether, and so forth. The true definition really comes down to the technology used to create it, the regulations that apply, whether or not it is legal tender. But, for us, it comes down to how it is used. So the written testimony is meant to describe in more detail how it is used, as my colleague has identified, to on- ramp from legal tender to digital money, how it is used laterally for legal and illicit means, and how it is off- ramped, converted away from a digital platform to legal tender. The exchangers that were referenced are certainly integral to that. These are the ways in which we in law enforcement find are primary means to engage for identification and further information related to the digital money that is used. Mr. Guest. Switching gears very quickly, back in April, there was an announcement that the Secret Service was going to partner with the Mississippi attorney general's office, various other local law enforcement agencies, in establishing a Mississippi Cyber Fraud Task Force. My question is two-fold. One, can you talk a little bit about the importance of these task forces, how that serves as a force multiplier to what you are trying to do in the Secret Service? Then the other thing I want to follow up on is, it is my understanding that all of these agents will be trained at the National Computer Forensics Institute, which is located at Hoover, Alabama. I am very familiar with that institute. But can you talk a little bit about the mission of that institute and the important role that that organization serves? Mr. Sheridan. Yes, sir. The Cyber Fraud Tasks Forces are our global network of investigative task forces staffed by not only our special agent personnel but our professional work force of subject-matter experts from our Investigative Services Division, our network intrusion forensics analysts. These are our touchpoints to the local communities, to your constituents, that bring the information back to our Global Investigative Operations Center to make the whole Secret Service approach to our investigations. As you said, sir, a lot of what we do on that local level is through the National Computer Forensics Institute. As you are aware, that is the only Federal facility to train and equip State, local, territorial, Tribal officers, judges, and prosecutors. Those officers and law enforcement entities are really the first responders. They are the front line, they are the surge capacity in this fight against the complex cyber- enabled fraud. We are very grateful for the support of Congress for the growth of that facility. We have trained over 16,000 of those law enforcement officials. But, as you are aware, that facility's authorization is due to sunset in 2022, and we would greatly appreciate the support to continue its authorization, not only domestically but to expand that same training to our foreign partners to take this fight globally, to have that surge capacity on the global scale. Mr. Guest. As it relates to the National Computer Forensics Institute, do you feel that it serves as a key component in our fight against cyber crime? Mr. Sheridan. Sir, I could not agree with you more wholeheartedly on that question. It trains, equips State, local officers to be the first line of defense, the first people that your constituents are primarily going to call. With their support--as I mentioned, partnerships in the Secret Service--and shoulder-to-shoulder with us, this is how we are going to beat this adversary and how we are going to get more competent at combating these types of fraud schemes. Mr. Guest. As I understand your testimony, Director Sheridan, you believe it is crucial that Congress not only reauthorize this program but that we robustly fund what is going on there at the National Computer Forensics Institute. Is that correct? Mr. Sheridan. Yes, sir. I think that is imperative in this fight. Mr. Guest. Thank you, Madam Chairman. I yield back. Ms. Slotkin. Perfect timing. The Chair recognizes for 5 minutes the gentleman from California, Mr. Swalwell. Mr. Swalwell. Thank you. I thank the Chairwoman for holding this critical hearing as the dashboard is blinking for America's businesses as it relates to ransomware attacks. In many ways, this feels like a pre-September 11 environment for businesses, in that you have all the signs there that, you know, we are going to continue to face attacks, perhaps ones that could shut down for a protracted period of time critical infrastructure. You have these attacks being launched from foreign countries that are not our allies. It is unclear whether they are state-sponsored, but they are certainly state-enabled, because countries are looking the other way and aren't cooperating with us or INTERPOL in apprehending and stopping the hackers. So I wanted to first invoke a Bay Area business leader, John Chambers, who used to be the CEO at Cisco. He recently said that more than 65,000 ransomware attacks are expected to happen this year, at an average cost to small and medium-size businesses of $170,000 each. Kevin Mandia, the CEO of FireEye, recently said, ``There is a direct correlation between ransomware and the anonymity of digital currency.'' While I certainly am a supporter of cryptocurrency and blockchain technologies, I want to make sure that they are not contributing to or enabling these attacks. So the question I have first: Is anonymous cryptocurrency hindering your office's abilities at DHS to respond to cyber attacks? Mr. Eisert. Mr. Eisert. Thank you for that question. To get to your point about the use of virtual currencies in ransomware, the biggest hurdle is already taken care of with those illicit actors. The payer is on-ramping that money into the system for him. That is usually where we have our greatest success, as I discussed before. As for the fight against network intrusion, H&I has the Cyber Crimes Center, which supports cyber-enabled crimes as well as cyber crime directly. Within the Cyber Crimes Center, we have a network intrusion program; we call it Operation Cyber Centurion. What Cyber Centurion does is, we have trained special agents around the country with specific software and tools, and we scan and detect vulnerabilities in the infrastructure. So we will scan the open net for vulnerabilities that have been published by our sister agency, CISA, where, when we identify those vulnerabilities, we will reach out to those organizations and say, ``Hey, you have a gap here,'' or, ``Hey, you have a gap inside your system right now,'' and then we will proactively do an investigation with that. Mr. Swalwell. Thank you, Mr. Eisert. To follow up on that, how much does it help when a business reports to you that they have been attacked? How does that factor into whether you think we should have mandatory reporting, whether it is in critical infrastructure space or just business-wide in America? What information do you yield when you learn about a ransomware attack? Mr. Eisert. The more dots we have out there, the more connections we can make. So, with the increased reporting, either it be from the financial arena or just in the trend of money laundering and everything else, or private industry on how they have been hacked, when we have more bits of evidence and information, we can connect to bigger networks. So it would be extreme help to have that information. Mr. Swalwell. I know there is a lot that we can do, you know, left of boom, as far as, like, the hygiene requirements that we have, particularly of, you know, U.S. Government vendors and contractors. But on the right-of-boom side, what are you doing to make sure that businesses are comfortable working with DHS or the Bureau? You know, the concern I have heard from some vendors is, you know, we don't want to open our books up to the FBI or DHS; you know, who knows what we have done inadvertently that could put us, you know, on their radar. We don't want them thinking that way. We want them to trust the Government, that the Government can be a part of understanding the attack and, ideally, have the capability to shut it down. So what are you doing to try and earn the trust of businesses who are victims? Mr. Eisert. Again, thank you for that question. Well, we partner tremendously with our brothers and sisters in FBI and CISA in this world. We do a lot of outreach. I spoke earlier about Operation Cornerstone, which does a lot of outreach to private industries to let them know who we are, what we can do, how we can help. With that comes a level of comfortability. I can't speak for the other agencies on what they do independently, but I think it is important that we continue to work together and show that we are in this with one fight. Mr. Swalwell. Great. Thank you. Thank the Chair for the hearing. I yield back. Ms. Slotkin. Thank you. The Chair recognizes for 5 minutes the gentleman from the greatest State in the Union, Michigan, Mr. Meijer. Mr. Meijer. Amen. Thank you, Madam Chair. Then thank you to our witnesses for testifying here today and sharing a little bit more of your knowledge and experience and understanding on this critical issue that has obviously been in the news because of ransomware but has been an issue more broadly. As Ranking Member of this committee's Oversight Subcommittee, I always want to make sure that our Government is functioning as efficiently and as adequately as possible so that we can be most effective in combating terrorism. You know, we have before us three different subcomponents of the Department of Homeland Security represented. So I will allow whoever feels most well-equipped to answer this question to do so. But I want to understand, with all of the different Federal entities engaged in countering terrorism financing and the illicit financial activities that help contribute toward it, can you provide a little bit more clarity on which specific agencies are responsible for tracking which activities? So what are the left and right limits not only of your own entities but also how you engage with the broader intelligence and law enforcement community in these efforts? Mr. Sheridan. Sir, if I could, I will start conceptually first. We do recognize the fact that there are certainly overlapping authorities, to some extent, and responsibilities. But we in law enforcement view it as a team sport. There is more than enough work to go around. It is essential that we have that level of partnership and collaboration due to the complexity and the scope and scale of our adversary. We have institutional deconfliction and information-sharing mechanisms in place to ensure we aren't being wasteful in any way and being good stewards of the American taxpayer dollar, to your concern. More on a tactical approach, I will speak for the Secret Service, in that our role is focused on protecting the Nation's financial infrastructure and financial payment systems, so we will investigate crimes that violate U.S. law related to those. Because of those information-sharing mechanisms we have in place through our task forces, with my colleagues here at the table, as well as all of Federal and State and local law enforcement, we are able to share information and case coordination as an investigation comes up that may not focus on those payment systems. Mr. Eisert. If I may add to that, primacy within the Joint Terrorism Task Force lays with the FBI. So they will always have primacy when it comes to terrorism and terrorism financing. But, like my colleague said, a lot of us bring unique authorities to the table. H&I is the largest Federal contributor to the FBI's Joint Terrorism Task Force. It speaks specifically about those authorities. Fifty percent, almost 50 percent, of all disruptions within the Joint Terrorism Task Force fall within the authorities that HSI bring to the table--so, for instance, the UC activity, the undercover activity, that we have; full use of Bank Secrecy Act data that we have; full access to trade data. So each agency is bringing their particular skill set. Ms. Dobitsch. I will just add as well, I think, from the intelligence perspective, I&A is really serving as the bridge between the intelligence community and our State and local law enforcement partners. The first step really is access to that data, making sure that everyone involved in this fight has access to that data and that it is integrated in a way that we could use technology to quickly identify those threats. We think it is critical--particularly as we talked about how big cryptocurrency is and the use of digital currencies, it requires a sophisticated understanding and expertise but technology to be able to quickly comb through the data and figure out what we should be looking at. So it is really the access and the integration that is critical. Oftentimes we have local law enforcement information that is filling intelligence gaps and intelligence information that is helping local law enforcement understand what those vulnerabilities are. Mr. Meijer. Thank you all for your responses to that to better help, kind-of, flesh out that universe from a top-down level. I am heartened to hear on both the access side and the information-sharing side and on the deconfliction-mechanism side that those have been adequately addressed. I guess, when it comes to resources and capabilities--and then my time is running short here, but are there any concerns that there may be either gaps in enforcement, gaps in collection, or gaps in capabilities that we should be working to address? Mr. Eisert. Specific to the virtual currency problem set, the current regulations doesn't encapsulate the whole virtual currency. Virtual currency AML and know-your-customer stuff does not mirror traditional banking industry AML. Mr. Meijer. Then, with that, Madam Chair, my time has expired, and I yield back. Ms. Slotkin. Thank you. I will just note for the Members that we will do a quick second round here. But the Chair recognizes for 5 minutes the gentleman from New Jersey, Mr. Gottheimer. Mr. Gottheimer. Thank you, Chairwoman Slotkin, for organizing this very important hearing. Thank you to each of the witnesses for being here today and for the work you and your colleagues do to help counter the illicit use of cryptocurrencies. I am concerned about the increasing attractiveness of cryptocurrencies to two types of illicit actors: One, foreign terrorist organizations such as Hamas, Hezbollah, and ISIS, and, second, to the use of domestic White supremacists like the Proud Boys and other violent extremist groups which were involved in the January 6 attack on the Capitol. If it is OK, I will start with you, Ms. Dobitsch. How does our ability to pursue the illicit use of cryptocurrencies differ between these two types of actors? Is it easier to shut down, seize the assets of, and bring charges against foreign terrorist organizations compared to domestic violent extremists? Ms. Dobitsch. Thank you, sir. I would say that it is complex from both perspectives, in part because of the anonymity that cryptocurrency and other digital currencies provide. Even if we can see the transaction, we often don't know who the transaction--or who is receiving that and then what the ultimate purpose of that resource is. So it is difficult even from a foreign terrorist perspective to be able to track that money as it relates to it ultimately resulting in the purchase of a weapon or some kind of facilitation of an operation. From the domestic violent extremist angle, certainly we are seeing an increase in calls for fundraising and donations using cryptocurrency, but we have a difficult time really trying to translate that to violence and understanding how that resource is being translated into a plot or an operation here in the homeland. Mr. Gottheimer. Thank you. But, compared to cash, is it easier to track, or it is still more difficult because you can't really understand the purpose of it? Ms. Dobitsch. I would defer to my law enforcement colleagues on which one is more or less---- Mr. Gottheimer. I guess I will turn to Mr. Eisert on that one, or Mr. Sheridan I guess. I don't know. Who do you think is better on that one? Mr. Sheridan. Is your question about---- Mr. Gottheimer. I guess it is a Secret Service question, so cash---- Mr. Sheridan. Is your question about tracking, sir? Mr. Gottheimer. Yes. Mr. Sheridan. By its nature, digital money is easier to track, because there is a digital trail and actual evidence related to its use and each step it takes along the blockchain as it moves. Mr. Gottheimer. If I can stick with you, if that is OK, how can we eliminate barriers and friction for law enforcement to make it easier for us to keep up with ever-evolving digital assets and technologies? Is there anything you think we should be doing straightaway? Mr. Sheridan. For us, it would be resourcing in the basic concepts of people, process, and technology. We need to increase our work force, not only in volume but in capabilities, on the law enforcement side as well as the subject-matter experts, our professional work staff that we hire. We have a great team of computer scientists, folks with the capabilities to conduct blockchain analysis and crypto tracing, but we need more of them. We need to keep pace with the adversary. We need to grow into the international locations where we don't have as strong a presence, because this is a transnational crime. We need to get better at our processes, to modernize and have more advanced capabilities to handle the volume of data that we are seeing, because there is such a significant trading and movement related to these currencies. We also need to modernize our technologies related to our task forces throughout the globe. Mr. Gottheimer. Thank you, sir. Mr. Eisert, would you describe the role undercover HSI agents placed in last year's seizure of millions of dollars in cryptocurrencies from terrorists, including ISIS, al-Qaeda, and Hamas, if you don't mind? Thanks. Mr. Eisert. Absolutely. Excuse me, though, if I stay vague. There is a lot of undercover activity and Classified information that we are happy to host a separate meeting on. Mr. Gottheimer. Of course. Mr. Eisert. But those initial leads, if I can just bulk them together--they ran parallel and were very similar--those initial leads came through the Intelligence Committee as well as some reporting from watchdog organizations. Upon identifying the illicit intent of those organizations, we approached each of those organizations with multiple undercover personas, engaged them in conversation to get the intent of what the purpose of the money was, at which point we started to identify the Bitcoin wallets that they asked for. Throughout the investigation, their methods changed, but with each method change we just identified a new branch of tracing that we had to run and go do, bringing it right to the end, bringing it right to the culmination of the seizure of about $10 million in both cases. Mr. Gottheimer. Excellent. I appreciate that. I would enjoy a briefing in a Classified setting on that. Mr. Eisert. Excellent. Mr. Gottheimer. Thank you so much. I yield back. Thank you, Chairwoman. Ms. Slotkin. Thank you. We will now turn to a second round. I will recognize myself for some questions. So two very different questions. One is on this idea that our companies, our organizations, even local governments are not mandated reporters when it comes to the attacks that they withstand. So, for instance, a big box store could be hacked and have a ton of all of our personal data taken and then pay a ransom for that money, potentially through cryptocurrency, and not have to report that to the very individuals who had their information stolen, not have to report that to law enforcement, not have to actually say anything. We have seen examples of companies who have waited 6 months, a year, et cetera, to actually come forward and say something about this. Tell me, for the folks in law enforcement, what that does to your ability to actually help go after these guys. Do you believe that companies and organizations should be mandated reporters when they are the victim of a hacking or ransomware attack? Mr. Sheridan. Mr. Sheridan. Thank you, ma'am. That is an extremely important question. We, yes, support reporting in all instances to law enforcement, regardless of agency or which law enforcement entity it is reported to. I do believe there are some misconceptions about law enforcement's role in this, as was referenced earlier, that perhaps law enforcement creates an intrusion or creates some type of vulnerability to systems. We view our investigative mission as part of the prevention process. We will work with organizations and whatever third party they have as part of their security team in a collaborative sense. Reporting to us will help make systems stronger, will help identify areas of weakness, the attack vectors, the indicators of compromise. It will prevent future attacks not only to that individual organization but perhaps other organizations that may have similar vulnerabilities. Ms. Slotkin. Yes. You know, I talk to people in my district, and they feel like their data, their information, they are on the front lines of, kind-of, a cyber war. They are asking me constantly, you know, are we doing something about this? Is my Government helping to stop these attacks? A lot of people took notice when the Colonial Pipeline was attacked and ransomed, when, you know, we got money back through the FBI acting to grab some of that money back. It felt like the first time we were punching back--in a public way, right? Of course, there are lots of that things I know you can't talk about that, and we are glad to not talk about them. But help explain to, again, that farmer in the middle of my district who is asking about cybersecurity. Convince him that their Government is doing something about the fact that they are being constantly attacked. Mr. Sheridan. Yes, ma'am. Well, it starts, as was referenced earlier, with the National Computer Forensics Institute. We have trained over 16,000 State and local officers to be the first responders to these events. It starts with contacting them, contacting law enforcement. There are multiple tools within our organizations and our partners in order to interdict and stop in real time some of these victimizations that are occurring, not only within the network itself but in terms of the transfer of the funds that have been taken by these illicit actors. Within the Secret Service, we have our Global Rapid Response and Incident Tracking Team that is able to domestically stop wire transfers if notified within a certain amount of time. Since its inception in---- Ms. Slotkin. If notified. Uh-huh. Mr. Sheridan. If notified. Ms. Slotkin. Right. Mr. Sheridan. If it is notified, since 2019, we have intercepted more than $80 million in transit to prevent it from going to illicit actors. Within the Department of Treasury, FinCEN has their Rapid Response Program. Similarly, that is more internationally focused, but, over the past 4 years, we have an 82 percent success rate working with FinCEN if notified within a 72-hour window, primarily within a 48-hour window. The success rate drops dramatically depending on the amount of time that has lapsed. But we have been able to interdict more than $385 million from going to criminal actors. Within the Secret Service, we have our own Asset Forfeiture Branch that returns victim funds to victims if we are notified, if we are able to participate in the investigation and find the illicit funds in transit. Ms. Slotkin. So that is super-helpful and connects the two questions, right, that you all can actually do some real things if you are notified, but our current system does not require organizations or companies to notify anybody if their data has been taken, if there has been ransom. So I appreciate that and would offer that we could do with a little bit more public talk and discussion from you all about what you are doing, because it sounds like it is more than the average citizen knows, and they want to know that their Government is protecting them. So, with that, I yield to the gentleman from Texas, Mr. Pfluger. Mr. Pfluger. Thank you, Madam Chair. Kind-of discussing a similar topic, you know, attribution seems to be one of the toughest things to get after. So, whether it is mandatory or whether this public-private partnership encourages people because they know that, if the assets that they have potentially lost are going to be returned to them, then hopefully that will also drive a motivation to report--and especially if the education is out there and we have forums where they understand that, you know, your agencies offer them something to prevent this type of activity from happening. But let me kind-of focus in on the National Computer Forensics Institute and why it is valuable to the Secret Service in your investigations and what more it can be doing and how can we in Congress support you. Mr. Sheridan. Mr. Sheridan. Yes, sir. Thank you for the question. We are very, very grateful for Congress's support to this date regarding NCFI. It has been phenomenal to see the growth in that program and the number of people and State and local officers, judges, and prosecutors that have been trained there, over 16,000 to date. We are currently training about 3,000 a year. Projected estimates are almost twice that, but we are limited by not only the authorization that is pending in 2022 to sunset but the current resourcing that we have to that facility. We think we can double our capacity in terms of training, as well as expand into international areas, which I think is imperative for us to be stronger globally with our law enforcement partners around the world in order to combat this. Mr. Pfluger. Well, thank you. Just a question for any of you that wants to comment on this. How closely linked are terrorist organizations and these ransomware attacks that we are seeing, which are not new, but some of them are being publicized, especially the ones that are happening toward critical infrastructure, whether it is our food supply, our energy supply? How closely linked, and what is the projected or estimated threat, as you see it with your crystal ball, in the future? Ms. Dobitsch. So, to date, we haven't seen really any connections between ransomware attacks and terrorist groups or associates. But what we would underscore is, as we discussed earlier, that rapid ability to adapt that we have seen demonstrated by the broad range of terrorist groups. In addition to that, we call it the copycat trend. Terrorist groups often adopt tactics, techniques, and procedures from other malicious actors that they see as beneficial to them. So, again, as terrorists' use of cryptocurrency and digital currencies becomes more commonplace, certainly we could expect to see them using ransomware as a means to fund their operations. In addition to that, we are increasingly seeing cyber criminals offer ransomware as a service. So individuals can buy a service on the dark web, and we often don't know who the actor is that is paying for that service. So there are many opportunities for terrorists to exploit ransomware to support their operations. Mr. Pfluger. Again, probably underscoring the NCFI, your role that you play there. I would just say, based on that response, that I don't think--our position on this has to be incredibly strong. The responses that we as a country levy upon bad actors, criminal organizations, terrorist organizations, malign actors anywhere, state or non-state--it is not limited to 16 industries in this country; it is going to be across the board. Our response has got to be strong. I hope that this committee will continue to take that up and investigate this. With that, Madam Chair, I will yield back. Ms. Slotkin. The Chair recognizes the gentleman from New Jersey, Mr. Malinowski. Mr. Malinowski. Thank you, Madam Chair. So I am still not convinced this market in cryptocurrency should even exist, but let's talk about regulation for a moment. The Treasury Department recently announced that it would be requiring cryptocurrency transactions I believe over $10,000 to be reported to the IRS. Is that correct? Mr. Eisert. I believe there is proposed legislation. Mr. Malinowski. It is proposed, right. So that does require action from us? Or is this something that---- Mr. Eisert. I would have to defer to Treasury on that. Mr. Malinowski. OK. In principle, would that at least help to address the challenge that Chairwoman Slotkin referred to, in the sense that presumably a company making a ransom payment of over $10,000 would then at least have to report that to the IRS? Mr. Eisert. I would say depending on how the regulation is written. Mr. Malinowski. Right. Mr. Eisert. If we want to take mainstream financial institutions and how regulations are written now, if cash was to go into the system, there would be a requirement. Right now, the mainstream regulation revolves around cash. Mr. Malinowski. OK. Mr. Eisert. If it mirrored it with virtual currency, then yes. Mr. Malinowski. That would presumably be helpful to you all. Mr. Eisert. Extremely. Mr. Malinowski. Yes. OK. Most ransomware payments would be over $10,000, just in the current scheme of things, so it would probably capture a significant share of, if not all, ransomware payments. Other ideas? Should the SEC be given the authority to regulate cryptocurrency exchanges? Is that something that the administration is considering proposing? Mr. Sheridan. So, sir, the challenge with regulation that we see is, because digital money is used in so many different capacities, depending on the technology that is used to create it and, essentially, how it is employed, there is no one regulatory agency that currently has oversight. Sometimes it is a commodity, sometimes it is a security, a derivative, legal tender. So regulation is certainly important, as my colleague has identified. The anti-money-laundering laws, know-your-customer, countering of financing of terrorism, the anti-money-laundering law of 2020 have all been instrumental in helping tamp down criminal activity related to this. But, from a law enforcement perspective, we are not regulatory in nature, and our perspective would be to grow authorities related to our investigative and statutory capabilities as opposed to regulatory capabilities. There is some concern, as also was referenced, about the dual-edged nature of overregulation that may push illicit use and criminal actors deeper into anonymizing methods and corners of the internet that would make it more difficult for law enforcement. Mr. Malinowski. OK. Well, you know, we would very much value, I think, your guidance in finding that sweet spot, if the answer is going to be greater regulation. I presume that you would agree that, whatever rules we come up with, they should be broadly harmonized across the 50 States but also internationally. I wonder if you know of any examples outside the United States of regulatory steps that other governments, partner governments, have taken that you think might be helpful to emulate or, on the contrary, helpful not to emulate. Mr. Eisert. Sure. Thank you. Homeland Security Investigations sits on working groups with the Financial Action Task Force, FATFs, which is a conglomerate of countries and regulatory bodies. In this working group, we discuss those exact things--where should we be going? Many of the regulations you are seeing proposed and that have already come through are a result of those FATFs. You know, with that, the regulations and know-your- customer, they are meant to root out bad actors, support OFAC fundings. At no point do they restrict legal transfer of these virtual currencies. So it is important to note that, no matter what has been proposed, nothing is restricting the use of virtual currency. It is just creating obtainable records to root out the bad actors. Mr. Malinowski. OK. Thank you. I yield back. Ms. Slotkin. The Chair recognizes the gentleman from Michigan, Mr. Meijer. Mr. Meijer. Thank you, Madam Chair. I just want to follow up on the earlier line of questioning that I had. Mr. Eisert, I think you mentioned that one of the-- you know, the gaps that you identify when it comes to specific and virtual currency problem sets. We have been talking about that a little bit. I want to drill down, because I think many who are watching or listening here today are familiar with Bitcoin. They have at least heard of Bitcoin, if they are not more broadly aware of blockchain and crypto. But Bitcoin, though it is the most well- known and one of the largest by market--or the largest by market capitalization, it is one of, I think, over 5,000 different cryptocurrencies. So you have not only, you know, some others that people may have heard of, like Litecoin, Ethereum, Doge, but also many, many, many old coins and then proposed stable coins as well. Ms. Dobitsch, in your report, you also said--or your testimony, you also said that newer and less popular cryptocurrencies are increasingly attractive to malicious actors because of their more stringent privacy and security features. I guess, how well-resourced do you feel to deal with the lesser-known cryptos, not just those who may be in the top, you know, 5 or 10 of market cap, but even the potential for the exploitation of some of these mini or micro cap cryptocurrencies? Mr. Eisert. The privacy coins create a challenge because of their hidden blockchain, their obscured blockchain. A lot of our data analytics aren't as thorough as it is with the open blockchains, and sometimes it is not thorough enough for us to bring it to a courtroom to do something. Luckily for us, because, as you mentioned, the market cap and the total volume of coin, the usability is not there. If you are looking at Monero, with maybe a market cap right now of 40 to 50 million, if you are looking to move 3 million in Monero, you are using 10 percent of the market. So the usability is not there yet, and that is the scary part. The good thing is a lot of U.S. exchanges will not accept Monero because of its hidden blockchain. It won't meet their know-your-customer and AML policies. Mr. Meijer. Well, I actually want to follow up on that point, because, you know, when terrorists were aware that email traffic might be monitored, I mean, the way you get around that is you don't have that go through traffic, right? You have a draft, and then two parties both have access. I mean, what about a scenario where it is a super-micro- mini cap where it is not usable as a currency but if a company were to invest, you know, $10 million into it and, prior to that investment, a terrorist or ransomware entity, you know, buys up the entirety of it, I mean, it is essentially functioning as a mechanism to pass that through. Because, once the money is in there, they could just sell whatever the gains are, and then, you know, all of the losses are borne by the entity that had purchased--that company paying that ransom. I mean, that would obviously be a scenario where, to Mr. Malinowski's reference to the proposed Treasury Department regulations, it would not qualify, because it isn't a transfer. It is merely a purchase that is held. But that asset, essentially like a balloon deflating, loses all value, and all the air is captured on the outside. I mean, is that a scenario you could foresee happening? Mr. Eisert. Yes, I am trying to track most of it. Some of the regulations being proposed--and, again, I really would prefer to yield to Treasury on something like that--is, if an unhosted wallet has an exchange with a regulated wallet, there would be a reporting mechanism. So that would capture some of that. As for an alt-coin or a privacy coin that an organization decides to use and pump a lot of money in, that is great; they are still going to have the problem of--I am going to keep using the term--``off-ramping'' it. That is where the AML, the anti-money-laundering, policies will take effect and capture. Mr. Meijer. Ms. Dobitsch, anything to add? Ms. Dobitsch. No, just that we have seen terrorist groups use privacy coins, including Monero. So it is certainly something that we are seeing. I would also note that, you know, thousands of cryptocurrencies; the advancements are daily. So the increased privacy, the increased anonymity of these occurs with the creation of every new Bitcoin. So it is certainly a challenge, I think, first, to understand what they are using and then to have greater insight into how they are actually using the currency. Mr. Meijer. OK. Well, I appreciate the additional ability to probe a little bit deeper there. It is clearly that, you know, Bitcoin presents its own challenges, but, in the broad, you know, ecosphere of various cryptocurrencies, especially when we get down to that very small end, the opportunities for exploitation are nearly limitless. With that, Madam Chair, my time has expired, and I yield back. Ms. Slotkin. With that, I thank the witnesses for their testimony and the Members for their questions. The Members of the subcommittee may have additional questions for the witnesses, and we ask that you respond expeditiously in writing to those questions. The Chair reminds Members that the subcommittee record will remain open for 10 business days. Without objection, the subcommittee stands adjourned. [Whereupon, at 11:39 a.m., the subcommittee was adjourned.] [all]