The COVID-19 pandemic, and millions of people desperate for scarce protective equipment like masks and Tyvek suits, has presented a bonanza for scammers. Now, according to the US Department of Justice, it seems that even ISIS has gotten in on the game.
In a series of civil and criminal complaints and forfeiture notices released this week, the Justice Department has revealed that it seized hundreds of bitcoin and ethereum accounts, millions of dollars, and four websites from known Islamic extremist groups that were using those accounts and funds to support terrorist operations. Prosecutors say the forfeited crypto assets from the groups, which include ISIS, the al-Qassam Brigades, and al Qaeda, represent “the government’s largest-ever seizure of cryptocurrency in the terrorism context.” The cryptocurrency haul alone totals more than $1 million according to Chainalysis, a blockchain-focused firm whose tools were used in the investigation.
Among the jihadist fundraising efforts the DOJ has nixed, however, one stands out as particularly brazen. Court documents [PDF] detail how an ISIS agent allegedly ran a scam website for COVID-19 personal protective equipment, or PPE, known as FaceMaskCenter.com.
ISIS’ participation in the COVID-19 PPE scam industry is just part of a wave of fraud that has flooded the Internet since the COVID-19 pandemic began, says Mark Turnage, chief executive of DarkOwl, a security firm that’s tracked COVID-19 scams online for months. “We’ve seen a massive volume of illegitimate materials like PPE being sold and never delivered,” Turnage says. “The fact that ISIS decided to get into this business, too, isn’t really surprising. Everyone’s a capitalist. They’re leveraging the pandemic, too.”
According to one civil complaint, a confidential source linked an ISIS “facilitator” who used the alias Murat Cakar with the operation of FaceMaskCenter.com, as well as four Facebook accounts that advertised the site. Cakar is believed to be responsible for managing multiple ISIS hacking operations; the complaint alleges that he received $100,000 from Zoobia Shahnaz, an American woman who had planned to travel to Syria to join ISIS, and who pleaded guilty to material support of terrorism in 2018 after laundering ISIS funds with bitcoin.
FaceMaskCenter.com claimed to offer FDA-approved N95 face masks, as well as a wide range of other PPE, including Tyvek suits, gloves, goggles, and thermometers. “FaceMaskCenter is the original online personal protective equipment supplier and was the first of its kind,” read the website, which now shows only a seizure notice from the DOJ, US Treasury, and Department of Homeland Security.
It’s not entirely clear to what degree FaceMaskCenter was an outright scam, or whether it merely sold substandard PPE. The civil complaint against FaceMaskCenter.com states the masks offered on the site, for instance, were produced by a Turkish company and did not meet FDA standards, as advertised. When an US customer contacted FaceMaskCenter asking to buy masks and other PPE for hospitals, nursing homes, and fire departments, the DOJ says a Syrian national based in Turkey responded with an offer of up to 100,000 masks, a number the complaint describes as unrealistic given the scarcity of masks during the global pandemic. It’s unclear whether any masks were actually delivered.
FaceMaskCenter also claimed to be run by “sanitary experts,” and to have been founded in 1996, when in fact the domain was registered in late February of 2020, according to court documents. “There are a lot of different red flags,” says DarkOwl’s Turnage. “You can usually test just from the date of the creation of the domain whether this is a legitimate supplier versus someone who is just trying to capitalize on the pandemic.”
Aside from that PPE site seizure, the DOJ says that the IRS, FBI, and DHS’s Homeland Security Investigations unit also dismantled funding operations for al Qaeda and the Izz ad-Din al-Qassam Brigades, the militant wing of Hamas. According to a blog post from blockchain forensics firm Chainalysis about the operation, agents seized a total of more than $1 million in cryptocurrency, largely from an unlicensed money services business allegedly run by a Turkish man named Mehmet Akti. Chainalysis further writes that al Qaeda also funneled its cryptocurrency donations, solicited on the web and on Telegram, through BitcoinTransfer, a bitcoin exchange based in Idlib, Syria.
But ISIS appears to have been unique among the groups—at least based on the behavior captured in the indictment—in using a COVID-19 scam to raise money, rather than mere appeals for donations. The result is that desperate customers of FaceMaskCenter.com may not have just been stiffed on orders of life-saving equipment, but unknowingly contributed to violent extremism, too.
This story first appeared on wired.com.
Get your CompTIA A+, Network+ White Hat-Hacker, Certified Web Intelligence Analyst and more starting at $35 a month. Click here for more details.