The U.S. has quietly turned to a new strategy in fighting ISIS — follow the money, then blow it up, U.S. officials tell NBC News.
At least four times in the past four months, U.S. military jets have targeted [major] ISIS financial centers, destroying them in strikes that have turned millions of U.S. dollars into confetti. The U.S. has also killed ISIS financial leaders — its "oil minister" in 2015 and its "finance minister" in March.
The strikes are the fruit of a secret cyber war in which the U.S. is tracking, manipulating and even stealing or destroying the financial assets of terrorists. Five years after the SEAL raid that killed Osama bin Laden on May 1, 2011, it's a subtle shift from the U.S. strategy against al Qaeda in which degrading the operational leadership was the priority.
Just as unraveling the courier network was critical to tracking bin Laden, the cyber efforts against the ISIS financial network are critical to upending ISIS, say U.S. officials. Unlike al Qaeda, ISIS is trying to run a government and control a big chunk of land, and it has a constant need for hard currency to pay its fighters and bureaucrats and feed its population. The war is not just about tracing the movement of money but the movement of individuals linked to the cash.
It's part of what CIA Director John Brennan calls a broader cyber effort against ISIS. "They are murderers and we need to be able to change this narrative — including in the cyber environment, the digital domain, in social media," said Brennan. "It is a question of what type of activities might take place in that cyber environment that we would be able to carry out destructive actions against."
Financial transactions, one senior intelligence official tells NBC News, have become one of the most lucrative forms of intelligence on personal relations, foreign fighter movements, and sources of supply.
The intelligence community tracks ISIS financial transactions through data collection programs with such secret code names as "Kaching" (CIA), "TRACKFIN" (NSA) and FINO (the National Clandestine Service). Newly created electronic portals for the processing of what is now called financial intelligence (or FININT) — Swordfish, QLIX/HYDRA and Sentry, among others — fuse together conventional banking, transaction and intercepted data.
But the most visible actions against ISIS came earlier this year. Starting in January, after a series of strikes on ISIS oil production and distribution assets, the U.S. began targeting financial facilities. On January 11, a coalition airstrike destroyed an ISIS "cash and finance distribution center" in a nondescript building in Mosul, the Northern Iraqi city of 2 million controlled by the group. Video shows missiles hitting the building in the middle of the night, sending a plume of shredded U.S. cash, mostly $100 bills, hundreds of feet into the air.
Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.
The senior intelligence official said as much as $50 million in financial assets was destroyed in that attack, including $35 million in U.S. paper currency and Euros. The amount is equal to about one-fifth of what the U.S. estimates ISIS looted from Iraqi banks when they ransacked Mosul in June 2014.
“You can bet that (ISIS) is feeling the strain on its checkbook,” said CENTCOM commander Gen. Lloyd J. Austin III, describing the first “money bomb.”
“We estimate that it served to deprive ISIL (ISIS) of millions of dollars.”
U.S. officials say it was no coincidence that a few days later, President Obama referred indirectly to the targeting of money in his State of the Union speech. While describing (and defending) progress against ISIS, he mentioned going after financing first on his list of successes, before airstrikes on fighters, plot disruptions, even before efforts to stop the flow of foreign volunteers.
On January 18, there was another attack on an ISIS financial center in Mosul, and another flurry of greenback confetti. Then, on February 13 and March 16, there were two more attacks on ISIS financial sites, the first a "finance distribution and tax collection center," also in Mosul; the second "a finance storage center" in Al Qaim, near the Syrian border. The official said other similar, but smaller sites have been struck during the same time period inside Syria and Iraq.
The tracking of finances has also led to targeting of important ISIS money men. On March 25, the Pentagon said it had killed the ISIS finance minister, Abd al-Rahman Mustafa al-Qaduli, in a special operations raid originally designed to capture him. Defense Secretary Ashton Carter said, "We've taken out the leader who oversees the funding for ISIL's operations, hurting their ability to pay fighters and hire recruits."
In 2015, U.S. special ops personnel killed a man known as “Abu Sayyaf,” an ISIS official engaged in finance. Sayyaf reportedly helped direct ISIS oil, gas and financial operations. He too had been marked for capture, but died in a special operations raid. In both cases, critical financial data was retrieved by the special ops personnel for further exploitation.
“We’ve gone through multiple stages in our approach to dealing with terrorist finances,” the intelligence official told NBC News. “And we seem to have landed upon the most effective tried to date.”
Attacks against financial assets began with the war on drugs in the 1970s and ‘80s and then broadened in the period of sanctions and counter-proliferation of weapons of mass destruction in the ‘90s. After 9/11, the effort mushroomed, particularly because many mistakenly believed that Osama bin Laden controlled hundreds of millions of dollars.
Despite massive efforts, it became clear to the intelligence agencies that conventional banking and data mining for suspicious activity only penetrated so far into the clandestine financial networks, many of which adapted to the clampdown on banking and other informal money transfers.
According to senior intelligence officials, five years into the war against al Qaeda, “the numbers also told their own story,” as one noted. Only $11 million in assets had been seized inside the U.S. banking system and $136 million in terrorist assets worldwide were found and seized. A Rand Corporation analysis called it “a nearly negligible sum,” pointing out that it was a mere .04 percent of the $300 billion annual global narcotics industry, another illegal financial network long targeted by authorities.
Then came a report by the 9/11 Commission on terrorist financing that estimated the attacks on the World Trade Center and Pentagon had cost only $400,000 to $500,000. Stopping money became less of a focus.
“Success” in the initial post 9/11 actions was also yielding diminishing returns. “We were being successful,” the official says, “but we also pushed finances deeper in the shadows.”
By the end of the Bush administration, counter-terrorism priorities had also shifted from doing whatever was needed to thwart another 9/11, the senior official says.
Soldiers were increasingly dying from suicide attacks and the use of improvised explosive devices. The new emphasis became tactical — stopping individual attacks at a much lower level. Both the anti al Qaeda war and the counter-IED efforts in Iraq shifted to “attack the network” as their primary pillars; that is, getting deeper and lower into the enemy’s operational ranks.
Things have changed again since 2011. ISIS is richer than any terror group in history, including al Qaeda. When it swept into Mosul, it seized a branch of the Iraqi Central Bank, flush with as much as a quarter billion in cash and cash equivalents.
But ISIS also has a huge overhead. The Mosul money has been used to pay fighters, purchase arms and supply pensions to the widows of dead fighters. The caliphate needs a steady supply of small bills for expenses and salaries. All these transactions create a trail for U.S. intelligence to follow.
And the U.S. ability to follow transactions has improved. The last five years, the official said, have yielded enormous advances in both big data exploitation and methods of collection. A combination of transactional data, human intelligence, and intercepts has meant more and better data. From the battlefield in Syria and Iraq to the streets of Europe and America, programs like “Kaching’ were beginning to sniff out even tiny transactions.
Senior military and intelligence officials insist that the new financial focus has also increased the effectiveness of bombing, yielding hidden results that cannot be seen in merely looking at the number of airstrikes. Cyber, they say, is now an integral part of the war against ISIS and finances are at the center of cyber collection and action.
“Money,” the senior official says, “is often a more effective way to track and target than eyeballs or hearing.”
Robert Windrem is an investigative reporter/producer with NBC News, specializing in international security.
William M. Arkin
William M. Arkin is a freelance writer who specializes in national security.