[House Hearing, 117 Congress]
[From the U.S. Government Publishing Office]


               TERRORISM AND DIGITAL FINANCING: HOW 
                TECHNOLOGY IS CHANGING THE THREAT

=======================================================================

                                HEARING

                               BEFORE THE

                            SUBCOMMITTEE ON
                            INTELLIGENCE AND
                            COUNTERTERRORISM

                                 OF THE

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                    ONE HUNDRED SEVENTEENTH CONGRESS

                             FIRST SESSION

                               __________

                             JULY 22, 2021

                               __________

                           Serial No. 117-25

                               __________

       Printed for the use of the Committee on Homeland Security
                                     

[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]                                   

        Available via the World Wide Web: http://www.govinfo.gov
        
                               __________

                    U.S. GOVERNMENT PUBLISHING OFFICE                    
45-867 PDF                 WASHINGTON : 2021                     
          
-----------------------------------------------------------------------------------   

                     COMMITTEE ON HOMELAND SECURITY

               Bennie G. Thompson, Mississippi, Chairman
Sheila Jackson Lee, Texas            John Katko, New York
James R. Langevin, Rhode Island      Michael T. McCaul, Texas
Donald M. Payne, Jr., New Jersey     Clay Higgins, Louisiana
J. Luis Correa, California           Michael Guest, Mississippi
Elissa Slotkin, Michigan             Dan Bishop, North Carolina
Emanuel Cleaver, Missouri            Jefferson Van Drew, New Jersey
Al Green, Texas                      Ralph Norman, South Carolina
Yvette D. Clarke, New York           Mariannette Miller-Meeks, Iowa
Eric Swalwell, California            Diana Harshbarger, Tennessee
Dina Titus, Nevada                   Andrew S. Clyde, Georgia
Bonnie Watson Coleman, New Jersey    Carlos A. Gimenez, Florida
Kathleen M. Rice, New York           Jake LaTurner, Kansas
Val Butler Demings, Florida          Peter Meijer, Michigan
Nanette Diaz Barragan, California    Kat Cammack, Florida
Josh Gottheimer, New Jersey          August Pfluger, Texas
Elaine G. Luria, Virginia            Andrew R. Garbarino, New York
Tom Malinowski, New Jersey
Ritchie Torres, New York
                       Hope Goins, Staff Director
                 Daniel Kroese, Minority Staff Director
                     Natalie Nixon, Committee Clerk
                               
                               ------                                

           SUBCOMMITTEE ON INTELLIGENCE AND COUNTERTERRORISM

                  Elissa Slotkin, Michigan, Chairwoman
Sheila Jackson Lee, Texas            August Pfluger, Texas, Ranking 
James R. Langevin, Rhode Island          Member
Eric Swalwell, California            Michael Guest, Mississippi
Josh Gottheimer, New Jersey          Jefferson Van Drew, New Jersey
Tom Malinowski, New Jersey           Jake LaTurner, Kansas
Bennie G. Thompson, Mississippi (ex  Peter Meijer, Michigan
    officio)                         John Katko, New York (ex officio)
               Brittany Carr, Subcommittee Staff Director
          Adrienne Spero, Minority Subcommittee Staff Director
                      Joy Zieh, Subcommittee Clerk
                            
                            
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Elissa Slotkin, a Representative in Congress From 
  the State of Michigan, and Chairwoman, Subcommittee on 
  Intelligence and Counterterrorism:
  Oral Statement.................................................     1
  Prepared Statement.............................................     3
The Honorable August Pfluger, a Representative in Congress From 
  the State of Texas, and Ranking Member, Subcommittee on 
  Intelligence and Counterterrorism:
  Oral Statement.................................................     4
  Prepared Statement.............................................     6
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Chairman, Committee on 
  Homeland Security:
  Prepared Statement.............................................     7

                               Witnesses

Ms. Stephanie Dobitsch, Deputy Under Secretary, Office of 
  Intelligence and Analysis, Department of Homeland Security:
  Oral Statement.................................................     8
  Prepared Statement.............................................     9
Mr. John Eisert, Assistant Director, Investigative Programs, 
  Homeland Security Investigations, Immigration and Customs 
  Enforcement, Department of Homeland Security:
  Oral Statement.................................................    11
  Prepared Statement.............................................    12
Mr. Jeremy Sheridan, Assistant Director, Office of 
  Investigations, U.S. Secret Service, Department of Homeland 
  Security:
  Oral Statement.................................................    17
  Prepared Statement.............................................    18

 
 TERRORISM AND DIGITAL FINANCING: HOW TECHNOLOGY IS CHANGING THE THREAT

                              ----------                              


                        Thursday, July 22, 2021

             U.S. House of Representatives,
                    Committee on Homeland Security,
                              Subcommittee on Intelligence 
                                      and Counterterrorism,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 10:03 a.m., in 
room 310, Cannon House Office Building, Hon. Elissa Slotkin 
[Chairwoman of the subcommittee] presiding.
    Present: Representatives Slotkin, Jackson Lee, Swalwell, 
Gottheimer, Malinowski, Thompson (ex officio), Pfluger, Guest, 
Van Drew, LaTurner, and Meijer.
    Ms. Slotkin. The Subcommittee on Intelligence and 
Counterterrorism will come to order.
    The subcommittee is meeting today on ``Terrorism and 
Digital Financing: How Technology Is Changing the Threat.''
    Without objection, the Chair is authorized to declare the 
subcommittee in recess at any point.
    Good morning, everyone. I want to thank our witnesses from 
the Department of Homeland Security for being here today to 
discuss a topic that I think is really timely and really 
interesting, which is how digital financial tools can be 
exploited by terrorist actors to funnel support for their 
activities.
    Over the past several months, the abuse of digital finance 
platforms and technologies has jumped into the public view as 
the result of the burst of ransomware attacks that has struck 
the heart of day-to-day life in America, from gas pipelines and 
meat-processing plants to schools and hospitals.
    Last month, just as an anecdote, I held an event in my 
district with the Secretary of Agriculture focused on small 
family farms. This was just days after the ransomware attack on 
the world's largest meat processor. I am in a room full of 
farmers. We are in the barn. There is the John Deere tractors 
behind us. When we opened it up to Q&A, the first question from 
the farmers was about cyber attacks, cryptocurrency, and asking 
what their Government was doing to protect them.
    Now, let's be clear, there is nothing inherently illicit or 
illegal about cryptocurrencies or other digital finance 
technologies. They are used by millions of law-abiding people 
every single day. Nor is there anything inherently suspect 
about using technologies that aim to protect the privacy of 
users.
    But it is our responsibility on this committee to also 
understand how these tools could enable malicious activity that 
threatens our homeland security, whether it is a ransomware 
like the one I discussed with those farmers or our topic today, 
funding for terrorism.
    Detecting and preventing terrorist funding at home or 
abroad has long been a cat-and-mouse game for the Federal 
investigators in the intelligence community. Just like cyber 
criminals, terrorists consistently seek legal loopholes, 
illegal pathways, and new tech to stay one step ahead of 
governments, especially when it comes to funding their 
operations.
    As a former CIA analyst, I know this is far from a new 
challenge. We have been tracking terrorist financing for 
decades, and I know first-hand how difficult it can be.
    While the technology has changed, today's terrorists and 
extremist groups benefit from using many of the same tools that 
so many of us rely on for our daily, honest activities, just as 
they exploited commonly-used financial systems in the past.
    Some of the on-line platforms and on-line tech allow easy 
access for thousands, if not millions, of users to donate money 
through on-line campaigns. For example, crowdfunding through 
PayPal, GoFundMe, and Amazon have become popular ways in recent 
years for extremist groups to raise money. Bitcoin has been the 
currency of choice for ransomware and terrorist actors.
    To put this in context, according to the Global Project 
Against Hate and Extremism, from about 2005 to 2015, just about 
every extremist group they tracked featured a PayPal button on 
their website.
    Now, even though PayPal and other payment-processing 
platforms became aware of the issue and began to ban extremists 
from their platforms, which is a great first step, these groups 
have persevered and maintained a strong on-line presence.
    So, beyond social media platforms, new tech like 
cryptocurrencies, which are decentralized, largely anonymous 
forms of digital money, have enabled terrorists to further 
expand and disguise their funding efforts.
    Think about, for many of us who were, sort-of, in the 9/11 
era, the hawalas that we all became familiar with after 9/11, 
except now the currency is virtual instead of being filtered 
through couriers.
    As these technologies become more and more widely used, we 
have seen a number of incidents in the past year that highlight 
the need for the Federal Government to understand these 
technologies, the degree to which they pose a threat, and their 
impact on terrorist financing.
    There is a number of examples from recent weeks; I am sure 
you all will be talking about them. But just as nefarious 
groups have changed their fundraising tactics after crackdowns 
by payment processors like PayPal, when law enforcement begins 
following and cracking down on illicit Bitcoin use, terrorist 
fundraisers advise supporters to use other cryptocurrencies to 
avoid detection. This was the case of a pro-ISIS website that 
requested its supporters send money via Monero, another 
cryptocurrency, instead of Bitcoin, because of its privacy and 
safety features.
    So we just need to properly understand and combat this 
threat. We know that it requires a lot of partnership between 
the private sector, our allies and partners--and, of course, a 
task the Department of Homeland Security is well-positioned to 
lead.
    I will just end by saying, today, I am hoping our witnesses 
will help us understand the actual scope and scale of this 
challenge. How much money are we talking about? How does it 
compare to terrorist financing as a whole or the total amount 
of cryptocurrency transactions? Who is taking advantage of this 
new tool? Is it domestic or foreign groups? Just help us 
contextualize a little bit.
    We know we have an uphill battle. Our subcommittee stands 
ready to help the Department with what you need. If you need 
changes to legislation, if you need resources, we want to hear 
more from you, not less.
    So we are pleased to welcome our witnesses today.
    I will just note that, as I mentioned to the witnesses, we 
expect votes to be called probably in the next 10 minutes. We 
will try and keep the hearing going as long as possible. There 
will probably be a short gap when myself and Mr. Malinowski are 
voting, but we will try to tag-team to make it as minimal as 
possible.
    [The statement of Chairwoman Slotkin follows:]
                 Statement of Chairwoman Elissa Slotkin
                             July 22, 2021
    Over the past several months, the abuse of digital finance 
platforms and technologies has jumped into public view, as a result of 
the burst of ransomware attacks that have struck at the heart of day-
to-day life in America--from pipelines and meat processing plants, to 
schools and hospitals. Last month, I held an event in my district with 
the Secretary of Agriculture that was focused on family farms--just 
days after a ransomware attack on the world's largest meat processor. 
And in a room full of Michigan farmers, the first question was about 
cryptocurrency--asking what our Government can do to track and recover 
digital payments of ransoms to these criminal groups.
    Now, let's be clear: There's nothing inherently illicit or illegal 
about cryptocurrencies or other digital finance technologies, which are 
used by millions of law-abiding people every day. Nor is there anything 
inherently suspect about using technologies that aim to protect the 
privacy of users. But it's our responsibility on this committee to also 
understand how these tools could enable malicious activity, that 
threatens our homeland security--whether that's a ransomware attack, 
like the one I discussed with those farmers, or our topic today: 
Funding for terrorism. Detecting and preventing terrorist funding--at 
home, and abroad--has long been a cat-and-mouse game for Federal 
investigators and the intelligence community.
    Just like cyber criminals, terrorists consistently seek legal 
loopholes, illegal pathways, and new technologies to stay one step 
ahead of governments--especially when it comes to funding their 
operations. As a former CIA analyst, I know this is far from a new 
challenge--we've been tracking terrorist financing for decades--and I 
know first-hand how difficult it can be. While technology has changed, 
today's terrorist and extremist groups benefit from using many of the 
same tools that so many of us rely on for our daily, honest 
activities--just as they exploited commonly-used financial systems, in 
the past. Some of these on-line platforms and on-line technologies 
allow easy access for thousands--if not millions--of users to donate 
money through on-line campaigns. For example, crowdfunding through 
PayPal, GoFundMe, and Amazon became a popular way in recent years for 
extremist groups to raise money. To put this into context, according to 
the Global Project Against Hate and Extremism, from about 2005-2015, 
just about every extremist group they tracked featured a PayPal button 
on their website.
    Now, even though PayPal and other payment processing platforms 
became aware of the issue and began to ban extremists from such 
platforms--at first glance, a promising first step--extremist and 
terrorist groups have persevered and maintained an on-line presence. 
For example, ISIS supporters have recently used Instagram to solicit 
donations for ISIS-affiliated women being detained in Syria, via PayPal 
fundraising links. Beyond social media platforms, new financial 
technologies like cryptocurrencies--which are decentralized, largely 
anonymous forms of digital money--have enabled terrorists to further 
expand and disguise their funding efforts.
    As these technologies become more and more widely used, we've seen 
a number of incidents just in the past year that highlight the need for 
the Federal Government to understand these technologies, the degree to 
which they pose a threat, and their impact on terrorist financing. In 
August 2020, the Justice Department ``dismantle[ed] three terrorist 
financing cyber-enabled campaigns'' involving Foreign Terrorist 
Organizations (FTOs)--ISIS, Hamas' military wing, and al-Qaeda--
resulting in the Government's largest-ever seizure of cryptocurrency 
from terrorist organizations. The seizure involved ``millions of 
dollars'' spanning 300 cryptocurrency accounts, four websites, and four 
Facebook pages--underscoring how various digital technologies could be 
used to help foster fundraising efforts.
    Just as nefarious groups changed fundraising tactics after 
crackdowns by payment processors like PayPal, when law enforcement 
began following and cracking down on illicit Bitcoin use, terrorist 
fundraisers advised supporters to use other cryptocurrencies, to avoid 
detection. This was the case with a pro-ISIS website that requested 
that its supporters send money via Monero, another cryptocurrency, 
instead of Bitcoin, because of its privacy and safety features. 
Properly understanding and effectively combating this threat will 
require close partnerships between all levels of government, the 
private sector, and our allies--a task the Department of Homeland 
Security is well-positioned to lead.
    Today, I'm hoping our witnesses can help us understand the actual 
scope and scale of this challenge:
   How much money are we talking about?
   How does it compare to terrorist financing as a whole, or 
        the total amount of cryptocurrency transactions?
   Who's taking advantage of it: Domestic or foreign groups?
    I'm also interested in understanding how the intelligence and law 
enforcement approach to illicit digital financing compares to your 
historical work on terrorist funding, and the steps you're taking to 
combat it. It's clear that our law enforcement and intelligence 
community face an uphill battle in understanding and tackling this 
threat--as the examples I've outlined show, the technology is changing 
rapidly, as their adoption only continues to increase.
    Our subcommittee stands ready to help the Department take on this 
challenge, and we're pleased to welcome our witnesses today. I look 
forward to hearing from you about the trends the Department is 
currently monitoring on this issue and the novel ways it is working to 
counter terrorists' use of digital financing.

    Ms. Slotkin. So I now recognize the Ranking Member of the 
subcommittee, the gentleman from Texas, Mr. Pfluger, for an 
opening statement.
    Mr. Pfluger. Thank you, Madam Chair. I appreciate you 
holding this hearing today.
    I would like to thank the witnesses as well: Assistant 
Director Jeremy Sheridan from the Office of Investigations at 
the Secret Service, Assistant Director John Eisert from 
Investigative Programs at HSI, and Acting Deputy Under 
Secretary Stephanie Dobitsch from the Office of Intelligence 
and Analysis.
    I appreciate your expertise and your willingness to speak 
with us today on this very important subject. I am looking 
forward to an informative and productive discussion on this 
very important topic.
    I think this hearing is especially timely right now, with 
American troops, in effect, fully withdrawn from Afghanistan 
and the Taliban rapidly taking control of Afghanistan's 
provincial districts, reportedly occupying about a third of the 
country and including the key border-crossing areas.
    Afghan Security Forces are surrendering. The Taliban is 
beginning to fight for some of the provincial cities. There is 
reporting, public reporting, that the Afghan government could 
collapse at some point, as soon as maybe even 6 months.
    But I think the point is, all that to say that foreign 
terrorist organizations are alive and well. Not only are they 
present overseas, but they are growing. As we know, Afghanistan 
is only a portion of the wide-spread and diverse terror threat 
landscape that we face around the world. If they are given the 
opportunity to submit their presence overseas, I have no doubt 
that their next goal is and will continue to be to launch an 
attack on U.S. soil or on those of our partners and allies.
    Those who have served in Afghanistan saw first-hand the 
death and destruction that terrorist organizations can cause 
and have caused. It is absolutely imperative that the war on 
terror be fought abroad, on foreign soil, not here at home. We 
must guarantee that foreign terrorist organizations do not have 
the resources to expand their operations and bring the fight to 
the United States, to our homeland.
    Cutting off their access to financing is absolutely 
critical. It is paramount in this fight. Terrorist financing is 
not a new issue. Whether a transnational criminal organization, 
a foreign terrorist organization, or money launderer, we have 
been confronting this problem for decades. But cryptocurrency 
is, in fact, becoming a new tool that terrorists and other 
criminal enterprises have at their disposal.
    Unfortunately, Congress has not always been known for our 
ability to stay one step ahead, when it comes to the latest 
technological advances. But, when we are confronting the issue 
of terrorism and financing, playing catch-up is not an option 
for us.
    During a conversation I had earlier this week with 
Assistant Director Sheridan and Assistant Director Eisert, they 
mentioned that, relative to the terrorist-financing world, that 
cryptocurrency and the transactions account for maybe 1 percent 
of all cases.
    I think that this tells me right now that we are having 
this hearing at exactly the right time, that we might have a 
chance to stay one step ahead of what the issues and the 
problems could be, before this becomes a systemic issue world-
wide. We are now in a position to provide our agency partners 
with the resources and the authorities that they need to 
confront this proactively instead of reacting to it.
    That is why I am most looking forward to the hearing--about 
the hearing today. How do we ensure that cryptocurrency 
transactions continue to be 1 percent, or maybe even less, of 
the problem? What does DHS need from us in Congress to best 
situate themselves to combat this threat?
    Coming out of this hearing, I also hope to understand what 
we should expect going forward. Although this is a small 
portion of the problem now, do we foresee that changing? If it 
is suspected to grow, how much will it grow, and how can we 
minimize that growth?
    It has been almost 20 years since 19 al-Qaeda terrorists 
coordinated the hijacking of 4 commercial airlines, flying them 
into buildings which were recognized world-wide as symbols of 
American strength, of freedom, of accomplishment, and taking 
2,977 innocent lives.
    Thus far, we have successfully prevented an attack of that 
magnitude that we experienced on September 11. As long as I 
serve my country--and I think the Chairwoman will also agree--
whether it is in uniform overseas or in the capacity that we 
now serve here in Congress, I will do everything and I think I 
can confidently say we will do everything in our power to 
ensure that what happened on 9/11 does not happen again. I am 
confident that my fellow Members on the Homeland Security 
Committee also feel the same way in a very bipartisan manner.
    I am looking forward to working with Chairwoman Slotkin and 
the other Members of this committee to ensure that we are 
providing the Department with all the tools necessary to 
minimize the threat caused by terrorist financing and to 
successfully protect our homeland.
    Once again, I would like to thank our witnesses for joining 
us today, for your expertise, for your service to this country, 
and for looking at a threat in a proactive way that we can 
combat now so that it doesn't continue to become a problem of 
larger magnitude.
    With that, Madam Chair, I yield back.
    [The statement of Ranking Member Pfluger follows:]
               Statement of Ranking Member August Pfluger
    Thank you, Madam Chair. I appreciate you holding this hearing today 
and thank our witnesses: Assistant Director Jeremy Sheridan from the 
Office of Investigations at the Secret Service, Assistant Director John 
Eisert from Investigative Programs at HSI, and Acting Deputy Under 
Secretary Stephanie Dobitsch from the Office of Intelligence and 
Analysis. I am looking forward to an informative and productive 
discussion on this very important topic.
    This hearing is especially timely, with American troops in effect 
fully withdrawn from Afghanistan, and the Taliban rapidly taking 
control of Afghanistan's provincial districts--reportedly occupying 
about a third of the country including key border-crossing areas. 
Afghan security forces are surrendering, and the Taliban is beginning 
to fight for some of the provincial cities. There has been public 
reporting that the Afghan government could collapse within 6 months of 
our withdraw. All this to say that foreign terrorist organizations are 
alive and well. Not only are they present overseas, but they are 
growing, and as we all know Afghanistan is only a portion of the wide-
spread and diverse terror threat landscape. If they are given the 
opportunity to cement their presence overseas, I have no doubt that 
their next goal will be to launch an attack on U.S. soil.
    Those who served in Afghanistan saw first-hand the death and 
destruction that terrorist organizations cause. It is absolutely 
imperative that the war on terror be fought on foreign soil. We must 
guarantee that foreign terrorist organizations do not have the 
resources to expand their operations and bring the fight to the 
homeland. Cutting off their access to financing is absolutely critical.
    Terrorist financing is not a new issue. Whether a transnational 
criminal organization, foreign terrorist organization, or money 
launderer, we have been confronting this problem for decades. But 
crypto currency is a new tool that terrorists and other criminal 
enterprises have at their disposal. Unfortunately, Congress has not 
always been known for our ability to stay one step ahead when it comes 
to the latest technological advances, but when we're confronting the 
issue of terrorism financing, playing catch-up is not an option. During 
a conversation I had earlier this week with Assistant Director Sheridan 
and Assistant Director Eisert, they mentioned that relative to the 
entire terrorist financing world, crypto currency transactions account 
for about 1 percent of cases. That tells me we are having this hearing 
at exactly the right time--before this is a systemic problem. We are 
now in the position to provide our agency partners with the resources 
and authorities they need to confront this proactively, as opposed to 
reactively.
    That is what I am most looking forward to hearing about today--how 
do we ensure that crypto currency transactions continue to be 1 percent 
of the problem. And what does DHS need from us in Congress to best 
situate themselves to combat this threat?
    Coming out of this hearing I also hope to understand what we should 
expect going forward. Although this is a small portion of the problem 
now, do we foresee that changing? If it is suspected to grow--how much 
and how can we minimize any growth?
    It has been almost 20 years since 19 al-Qaeda terrorists 
coordinated the hijacking of four commercial airlines, flying them into 
buildings which were recognized world-wide as symbols of American 
strength and accomplishment, taking 2,977 innocent lives. Thus far we 
have successfully prevented an attack of the magnitude we experienced 
on September 11. As long as I serve my country, whether in uniform 
overseas or here in Congress, I will do everything in my power to 
ensure that what happened on 9/11 does not happen again and I am 
confident that my fellow Members on the Homeland Security Committee 
feel the same way.
    I am looking forward to working with Chairwoman Slotkin and the 
other Members of the subcommittee to ensure that we are providing the 
Department with all of the tools necessary to minimize the threat 
caused by terrorist financing and successfully protect the homeland.
    I thank our witnesses for their willingness to appear before the 
subcommittee, today, and I yield back the balance of my time.

    Ms. Slotkin. Additional Member statements will be submitted 
for the record.
    [The statement of Chairman Thompson follows:]
                Statement of Chairman Bennie G. Thompson
                             July 22, 2021
    We are here today to talk about the use of modern financial 
technologies for terrorist fundraising and financing. The mantra 
``follow the money'' has been one of the most effective ways of 
investigating and stopping criminal and terrorist activity. But since 
this committee was formed after 9/11, we have seen the rise of new 
platforms like Paypal and GoFundMe and entirely new types of money 
developed in the form of cryptocurrencies. These financial technologies 
and the digital marketplaces that make use of them have revolutionized 
the American economy and global markets.
    Unfortunately, they have complicated law enforcement and 
intelligence community efforts to detect and prohibit terrorist 
financing. As Treasury Secretary Janet Yellen told the Senate Finance 
Committee, cryptocurrencies ``can be used to finance terrorism, 
facilitate money laundering, and support malign activities that 
threaten U.S. national security interests. . . .''
    Following the money is undoubtedly a different task than it was at 
the outset of the War on Terror. Yet, it remains a crucial guidepost in 
our efforts to root out terrorists and strengthen National security. We 
must ensure that our intelligence and law enforcement agencies have the 
tools and capabilities to keep pace with technological changes and new 
terrorist financing practices.
    I was pleased to support Rep. Kathleen Rice's bill, the Homeland 
Security Assessment of Terrorists' Use of Virtual Currencies Act, which 
required the Department of Homeland Security to produce a threat 
assessment of terrorists' use of virtual currency. And I look forward 
to hearing how this assessment has informed the Department's efforts to 
combat such activity.
    I am pleased that Chairwoman Slotkin is leading on this critical 
issue by holding today's hearing. I look forward to a productive 
conversation on this topic and to working with DHS, its components, and 
interagency partners to ensure they have the resources they need.

    Ms. Slotkin. I now welcome our panel of witnesses.
    Our first witness is Ms. Stephanie Dobitsch, the deputy 
under secretary for intelligence enterprise operations at DHS. 
Our second witness is Mr. John Eisert, the assistant director 
of investigative programs at U.S. Immigration and Customs 
Enforcement, Homeland Security Investigations, HSI. Our third 
and final witness is Mr. Jeremy Sheridan, the assistant 
director of the Office of Investigations at the U.S. Secret 
Service.
    Without objection, the witnesses' full statements will be 
inserted into the record.
    I now ask each witness to summarize his or her statement 
for 5 minutes, beginning with Deputy Under Secretary Dobitsch.

STATEMENT OF STEPHANIE DOBITSCH, DEPUTY UNDER SECRETARY, OFFICE 
 OF INTELLIGENCE AND ANALYSIS, DEPARTMENT OF HOMELAND SECURITY

    Ms. Dobitsch. Good morning, Chairwoman Slotkin, Ranking 
Member Pfluger, Members of the subcommittee. Thank you for the 
opportunity to appear before you today to represent the Office 
of Intelligence and Analysis and to discuss the malicious use 
of crypto and other digital currencies.
    Over the last several years, I&A has observed a growing and 
concerning trend of a wide range of malicious actors seeking to 
use access to digital and cryptocurrencies to facilitate their 
activities. This includes domestic and international 
terrorists, nation-state adversaries, transnational and other 
criminal organizations, and cyber criminals.
    While the intent and capabilities of these actors vary 
widely, I&A assesses that all of them see using crypto and 
other digital currencies as an effective means to obfuscate and 
fund their operations, including against the United States.
    Cryptocurrencies are a digital or virtual currency that is 
secured by cryptography, or, in other words, sophisticated 
coding. They are not issued by any central authority, and they 
offer users a high degree of anonymity, complicating law 
enforcement and intelligence community efforts to identify and 
disrupt potentially threatening activity.
    Bitcoin is the market leader, but there are thousands of 
other cryptocurrencies, including currency known as privacy 
coins, which provide an even greater level of obscurity for 
malicious actors. This means that users can easily hide who is 
sending or receiving a transaction, transaction amounts, and 
individual units of currency.
    Since at least 2015, we have observed terrorists seeking to 
use cryptocurrencies to procure materials and solicit funding 
for their operations. Most of this activity has occurred by 
terrorist groups and associates overseas, spanning the 
ideological spectrum. For example, supporters of ISIS and al-
Qaeda have solicited cryptocurrency donations. Earlier this 
year, a pro-al-Qaeda media group offered a reward of 1 Bitcoin, 
worth about $60,000 at the time, to the first person to kill a 
police officer in a Western country.
    We have also seen foreign racially- or ethnically-motivated 
violent extremists claim that their activities were supported 
by the use of cryptocurrencies. In 2019, Brenton Tarrant, the 
perpetrator of the mosque attacks in Christchurch, New Zealand, 
claimed in his manifesto to have made money dealing in 
cryptocurrency. Later that same year, a racially- or 
ethnically-motivated violent extremist who attempted an attack 
in a synagogue in Germany claimed he received financial support 
for his operation via cryptocurrency.
    Beyond terrorism, the use of cryptocurrency has become even 
more common among cyber actors and criminal organizations. 
North Korean cyber actors affiliated with the regime have 
executed lucrative cryptocurrency thefts valued at hundreds of 
millions of dollars. Cryptocurrency is increasingly being used 
to buy and sell drugs on the dark web and by drug cartels 
seeking to launder their drug profits. Cryptocurrency is 
becoming the payment of choice for cyber criminals who are 
conducting ransomware attacks or selling malicious cyber 
services on-line.
    It is important to remember that the illicit use of 
cryptocurrency is a small fraction of the global transactions 
that occur daily, and many malicious actors, particularly 
foreign terrorist groups, are still relying on traditional 
means of funding.
    However, as this technology becomes more accessible and 
more scrutiny is applied to traditional banking systems, we 
expect to see more activity, and our ability to detect and 
disrupt these threat actors will be even more difficult.
    I&A's mandate and core mission is to provide Federal, 
State, local, Tribal, territorial, and private-sector partners 
with the intelligence and information necessary to secure the 
homeland. I want to underscore that I&A is committed to 
strengthening our efforts to identify and communicate the plans 
and intentions of malicious actors seeking to exploit emerging 
technologies like cryptocurrency.
    Just this week, I&A hosted our partners from the State and 
local intelligence councils for a conference, where this topic 
was discussed as a significant intelligence gap in our 
intelligence.
    Like with any threat to the homeland, I&A will ensure that 
policy and operational decision makers have the most robust 
understanding of this threat that the intelligence community 
can provide.
    Thank you again for the opportunity to appear before you 
today to discuss this issue and for your continued support to 
the Office of Intelligence and Analysis.
    [The prepared statement of Ms. Dobitsch follows:]
                Prepared Statement of Stephanie Dobitsch
                             July 22, 2021
    Chairwoman Slotkin, Ranking Member Pfluger, and distinguished 
Members of the Subcommittee on Intelligence & Counterterrorism. Thank 
you for the opportunity to appear before you today to discuss threats 
from terrorist use of cryptocurrencies. It is an honor to be here 
representing the Department of Homeland Security's (DHS) Office of 
Intelligence and Analysis (I&A), and the dedicated intelligence 
professionals that keep the homeland safe, secure, and resilient.
                    terrorist use of cryptocurrency
    As we have learned in our fight against terrorism, terrorists are 
highly adaptive and have proven successful in exploiting new and 
emerging technologies to plan attacks against U.S. interests and the 
homeland. While some of those technologies, such as drones and 3D 
printing, pose direct harm, it is often access to sources of funding 
that are difficult to trace or attribute that allow terrorist groups 
even greater means to conduct a broad range of operations against the 
United States. Additionally, as governments and the global financial 
industry devote more resources to restricting terrorist use of 
traditional banking systems, the relative ease and anonymity of 
cryptocurrencies are helping to offset these restrictions, including 
for other malicious actors seeking to do harm to the United States.
    Since at least 2015, we have observed terrorists experimenting with 
cryptocurrencies to obfuscate their financial activities, procure 
materials, and solicit donations for their operations. These activities 
have spanned the spectrum of terrorist ideologies--from Racially or 
Ethnically Motivated Violent Extremists (RMVEs), to groups like the 
Islamic State of Iraq and ash-Sham (ISIS), al-Qaeda, and HAMAS. Using 
cryptocurrencies may be attractive to terrorists and supporters of 
violent extremism because they appear to offer a level of anonymity and 
less government oversight.
    We have seen ISIS supporters around the world requesting donations 
in cryptocurrency and they may have used the donated cryptocurrency to 
purchase website domains in 2015 and 2018. Since at least 2018, other 
individuals who support violent extremism abroad, as well as 
individuals who support RMVE ideologies, have solicited multiple types 
of cryptocurrency from on-line donors via social media. Also, receiving 
payments through cryptocurrency has risen in popularity, especially 
among Racially or Ethnically Motivated Violent Extremists (RMVE). For 
example, in March, the FBI arrested a RMVE on a weapons charge who sold 
merchandise via social media platforms and accepted payment in a 
variety of ways, including cryptocurrency. Additionally, in June a pro-
al-Qaeda media group overseas offered a reward of one Bitcoin--which 
was worth around $60,000 at the time--to the first person to kill a 
police officer in a Western country in response to the announcement.
    To date, we are not aware of any specific cases where Domestic 
Violent Extremists (DVEs) or Home-grown Violent Extremists (HVEs) in 
the homeland have leveraged cryptocurrency to directly fund an attack. 
A review of DVE and HVE violence in the United States reveals that most 
attacks involved simple, easy to acquire weapons that were personally 
financed.
    There are a handful of examples of DVEs abroad utilizing 
cryptocurrency to facilitate violence, including a RMVE in Germany who 
attacked a synagogue in 2019 and received financial support for attack 
preparation from an unknown individual via cryptocurrency. 
Additionally, a RMVE attacked a mosque in Christchurch, New Zealand, 
and claimed in his manifesto to have made money dealing in 
cryptocurrency, however investigators assess he did not make 
significant profits. Regardless of what we have witnessed in the United 
States to date, we know that terrorists historically are adaptive and 
often seek to embrace new technologies, and activities overseas can 
often foreshadow developments domestically.
    In addition to concerns about terrorists using existing 
cryptocurrency, we are also concerned about the speed and complexity in 
which cryptocurrencies develop and advance to improve the user 
experience, including increased privacy measures, which challenges our 
collective abilities in the U.S. Government to identify and mitigate 
malicious use of this technology. Bitcoin is the market leader of 
cryptocurrencies and, unsurprisingly, it is also the most popular 
cryptocurrency for criminal and terrorist use. However, newer and less 
popular cryptocurrencies, known as ``privacy coins,'' are increasingly 
attractive to malicious actors because they include even more stringent 
privacy and security features. We already know that terrorists 
affiliated with ISIS, RMVEs, and other violent extremists are using 
these privacy coins to conduct financial activities while obfuscating 
their identies.
    Finally, it is important to keep in mind that the vast majority of 
terrorist financing occurs through methods other than cryptocurrency, 
and most cryptocurrency is used legitimately. But cryptocurrency has 
some appealing attributes that have already been exploited by 
terrorists, and we anticipate violent extremists will continue to use 
this tool to facilitate their terrorist activities, especially as the 
technology becomes easier to access and more wide-spread in use in 
general commerce and the commercial sector. As these technologies 
become increasingly ubiquitous, the opportunity for malicious actors to 
exploit them will grow.
                              i&a efforts
    I&A's mandate and core mission is to provide our State, local, 
Tribal, territorial, and private-sector partners with the intelligence 
and information necessary to secure the homeland. This includes 
establishing and running analytic seminars on the illicit use of 
cryptocurrency and the dark web to inform our partners on the illicit 
use of the dark web, blockchain technology, major cryptocurrencies 
used, how criminals are using cryptocurrencies to launder money and 
make illegal transactions, and key tools and best practices that 
analysts can leverage in Dark Web and cryptocurrency investigations. 
And I want to underscore that I&A is committed to strengthening our 
efforts to identify and communicate threats from foreign and domestic 
terrorists, including their plans and intentions to exploit emerging 
technologies such as cryptocurrency through a number of recently-
published pieces of Classified and un-Classified analytic production. 
I&A is also working to support our colleagues across DHS and the 
intelligence community through sharing and analyzing cryptocurrency 
data to enhance our understanding of the threat across the National 
security and law enforcement landscape. As with any threat to the 
homeland, we are committed to ensuring policy makers and operational 
decision makers have the most robust understanding of the threat that 
the intelligence community can provide.
                               conclusion
    Thank you again for the opportunity to appear before you today to 
discuss this critical threat and for your continued support for I&A. We 
remain committed to keeping the homeland safe, secure, and resilient by 
safeguarding the Nation from terrorist, criminal, and other threat 
actors; protecting the physical and digital borders of the United 
States from Transnational Criminal Organizations and terrorist networks 
seeking to exploit and undermine our financial and cyber systems; and 
we will continue our efforts at home and abroad to uphold the National 
security and public safety of the United States.

    Ms. Slotkin. Thank you, Ms. Dobitsch.
    I now recognize Assistant Director Eisert to summarize his 
statement for 5 minutes.
    My sense is we may break just after Mr. Eisert for a few 
moments while we go and vote.

  STATEMENT OF JOHN EISERT, ASSISTANT DIRECTOR, INVESTIGATIVE 
  PROGRAMS, HOMELAND SECURITY INVESTIGATIONS, IMMIGRATION AND 
      CUSTOMS ENFORCEMENT, DEPARTMENT OF HOMELAND SECURITY

    Mr. Eisert. Thank you, Chairwoman Slotkin, Ranking Member 
Pfluger, and distinguished Members of the subcommittee. Thank 
you for the opportunity to appear before you today to discuss 
the critical investigative role Homeland Security 
Investigations plays in the fight to protect the homeland from 
transnational crime and threats.
    My testimony today will focus on HSI's efforts to identify, 
investigate, and bring to justice criminal organizations and 
terrorist networks whose illicit use of cryptocurrency 
jeopardizes National security and public safety.
    As the principal investigative component of the Department 
of Homeland Security, HSI is a global law enforcement 
organization responsible for conducting criminal investigations 
into the illegal cross-border movement of goods, money, 
contraband, people, and technology into, out of, and throughout 
the United States.
    HSI strives to protect the homeland's digital borders and 
pursue malicious cyber actors with the same dedication that we 
safeguard our physical land and sea borders. HSI applies its 
unique authorities and capabilities to conduct investigations, 
which include combating financial crime, investigating cyber 
crime, and protecting National security. The illicit use of 
cryptocurrency by nefarious actors leads to each of these 
priorities.
    Cryptocurrency is a digital asset that works as a medium of 
exchange or a store of value and is often used to purchase 
illicit items such as drugs or guns on the dark net 
marketplaces, to launder criminally-derived proceeds, or as a 
means to provide material support to terrorist organizations. 
Traditional money-laundering methods remain, yet cryptocurrency 
can now be used with relative ease to facilitate any type of 
illicit activity.
    Given that cryptocurrency is utilized across the spectrum 
of crimes that HSI has the authority to investigate, HSI plays 
a critical role in the U.S. Government's efforts to detect, 
investigate, and prevent its illicit use.
    As such, HSI investigations related to cryptocurrency have 
risen from a single criminal investigation in 2011 to over 604 
active criminal investigations and $80 million in 
cryptocurrency seizures in this year alone. This marked 
increase signifies growing confidence in cryptocurrency by bad 
actors but also HSI's technical proficiency in performing these 
complex investigations.
    To be successful, HSI recognizes the importance of enhanced 
public and private partnerships. With that, we continue to be 
forward-leaning in our approach to Operation Cornerstone, our 
outreach efforts.
    Since 2019, HSI has provided 660 presentations to over 
61,000 attendees, with the primary focus of detecting and 
closing vulnerabilities in the financial, trade, and 
transportation sectors. With the rapid growth of virtual 
currency, HSI expanded our outreach to include private 
industries involved in the cryptocurrency space, conducting 116 
presentations to over 5,000 participants.
    The relationship we build with private sector directly 
correlates to our investigative success. They are not mutually 
exclusive.
    Last year, HSI led a global cyber operation with IRS and 
the FBI related to 24 cryptocurrency accounts, all of which 
were identified as sources of influence for al-Qaeda. The HSI 
undercover operation was initiated to investigate the unlawful 
use of cryptocurrency to support terrorism. The result of the 
investigation--ending result of the investigation, HSI seized 
60 virtual currency wallets, worth $80 million, and illuminated 
the illicit financial network.
    In another case, HSI initiated another cyber undercover 
operation that resulted in the seizure of 150 cryptocurrency 
accounts, worth $2 million, and the taking over of a Hamas-
administered website that solicited funds for jihad. HSI 
covertly operated this site, embedding an HSI undercover wallet 
and email to track funds and communications.
    The results of these cases and others illustrate how law 
enforcement can effectively disrupt terrorist groups through 
the use of HSI's financial and global investigative 
authorities, technical aptitude, undercover authorities, and 
the ability to use private sector as a force multiplier to 
disrupt and dismantle the command-and-control structure of 
these criminal organizations.
    In closing, I appreciate your interest in this rapidly-
growing field. Thank you again for the opportunity to be before 
you today and for your continued support of Homeland Security 
Investigations. Thank you.
    [The prepared statement of Mr. Eisert follows:]
                   Prepared Statement of John Eisert
                        Thursday, July 22, 2021
                              introduction
    Chairwoman Slotkin, Ranking Member Pfluger, and distinguished 
Members: Thank you for the opportunity to appear before you to discuss 
the critical investigative role U.S. Immigration and Customs 
Enforcement (ICE) Homeland Security Investigations (HSI) plays in the 
fight to protect the homeland from transnational crime and other 
threats. My testimony today will focus on HSI's efforts to identify, 
investigate, and ultimately bring to justice criminal and terrorist 
organizations whose illicit use of cryptocurrency jeopardizes the 
National security and public safety of the United States.
                            the hsi mission
    As the largest investigative component of the Department of 
Homeland Security, HSI is the premier law enforcement organization 
responsible for conducting Federal criminal investigations into the 
illegal cross-border movement of goods, money, technology, people, and 
other contraband into, out of, and throughout the United States. HSI 
strives to protect the homeland's digital borders and pursue malicious 
cyber actors with the same dedication it safeguards our land and sea 
borders from traditional organized transnational crime.
    HSI's operational priorities serve as the foundation of HSI's 
investigative and enforcement focus. HSI applies its unique authorities 
and capabilities to conduct complex and significant transnational 
investigations aligned with these priorities, which include combating 
financial crime, investigating cyber crime, and protecting National 
security. The illicit use of cryptocurrency by nefarious actors relates 
to each of these priorities and represents a key area of focus for 
HSI's investigations and operations.
    HSI participates in and has representation on dozens of 
collaborative cyber-related efforts, including the HSI Cyber Crimes 
Center, the Federal Bureau of Investigation's National Cyber 
Investigative Joint Task Force, the U.S. Secret Service Electronic 
Crimes Task Force, and the DHS Science and Technology Internet 
Anonymity Project Working Group.
         cryptocurrency and the threat it poses to the homeland
    A cryptocurrency is a digital asset that works as a medium of 
exchange, a unit of account, or a store of value. Cryptocurrency uses 
strong cryptography to secure financial transactions, control the 
creation of additional units, and verify the transfer of assets. In 
2009, Bitcoin was introduced as the first decentralized convertible 
virtual currency and offered a high level of pseudo-anonymity for 
people to send and receive money over the internet. While Bitcoin is by 
far the most popular and well-known cryptocurrency, thousands of 
cryptocurrencies have been created and new ones are created every day. 
There is open source or proprietary software that anyone can use to 
create a cryptocurrency.
    Since 2009 cryptocurrencies have increasingly been used as the 
currency of choice to facilitate crime. From individual actors to 
large-scale transnational criminal organizations (TCOs), cryptocurrency 
can be exploited by any criminal organization engaged in almost any 
type of illicit activity. Cryptocurrencies are attractive to criminal 
and terrorist organizations because they offer a relatively fast, 
inexpensive, and pseudonymous system of transactions as compared to 
more traditional financial transactions.
    HSI has seen that nefarious actors are inclined to use 
cryptocurrency based on the perception that there is anonymity 
associated with their transactions or that because cryptocurrency used 
during an illicit scheme can be moved immediately offshore to a foreign 
exchange or over the counter trader (OTC), that U.S. law enforcement 
entities will be unable to trace or to seize and recover the assets. In 
addition, cryptocurrency offers the ability to engage in money 
laundering with minimal effort. By using OTCs or offshore exchanges, 
cryptocurrency can be laundered and reintroduced into the U.S. 
financial system relatively easily by utilizing typical laundering 
techniques of placement and layering. When used to fund terrorist 
operations and activities, terrorist organizations often have the 
opposite requirement. They seek to conceal the origin of funds from 
donors, businesses, and other legitimate sources to avoid law 
enforcement scrutiny.
    HSI has seen nefarious actors expend cryptocurrency in furtherance 
of a wide array of crimes HSI investigates. Both at home and abroad, 
cryptocurrency can be used to purchase illicit items such as drugs or 
guns on darknet marketplaces; to launder criminally-derived proceeds; 
or to provide material support to or funding for terrorist actors or 
organizations to carry out operations. Cryptocurrency can also be used 
to pay fraudsters, ransomware actors, or individuals involved in other 
illicit schemes such as intellectual property theft and illegal 
technology procurement. In addition, current trends indicate 
cryptocurrency is becoming prevalent within criminal organizations 
involved in child exploitation and human trafficking. Whether expended 
by TCOs, or terrorist organizations, or facilitators of such 
organizations, the use of cryptocurrency by bad actors continues to 
expand and evolve and presents a potential threat to the National 
security and public safety of the United States.
                         hsi's lines of effort
    Given that cryptocurrency is used across the spectrum of crimes 
that HSI has the authority to investigate, HSI plays a critical role in 
the U.S. Government's efforts to detect, investigate, and prevent its 
illicit use by criminal and terrorist actors. Using its authorities and 
subject-matter expertise in financial, cyber, and National security 
cases; its strong strategic partnerships; and its robust international 
footprint, HSI employs a multi-faceted approach to combat crimes 
enabled by the use of cryptocurrency. This approach is rooted in HSI's 
investigative expertise, and supplemented by robust collaboration, 
training, and outreach programs. These efforts are described below.
Investigations
    Bitcoin and other cryptocurrencies are attractive to bad actors 
because of their pseudo-anonymity and ease of transfer, but at some 
point, criminals need to convert their cash into cryptocurrency or 
their cryptocurrency into cash. Whenever monetary exchanges are made, a 
chokepoint is created. This is the time when criminals are most 
vulnerable and can be identified through law enforcement means and 
methods. Using traditional investigative methods such as surveillance, 
undercover operations, and confidential informants, coupled with 
sophisticated financial and blockchain analysis, HSI can take advantage 
of these chokepoints and use them to identify, disrupt, and dismantle 
the terrorist organizations and TCOs.
    In 2013, the U.S. Department of the Treasury's Financial Crimes 
Enforcement Network issued guidance clarifying that certain persons or 
companies that exchange convertible virtual currency, such as 
cryptocurrency, are considered money services businesses (MSBs), and 
therefore must follow the same regulatory and reporting protocols as 
traditional MSBs. The protocols include developing and implementing an 
anti-money laundering compliance program, filing suspicious activity 
reports, and registration requirements, among others. These procedures 
include ``Know Your Customer'' measures to record personal identifying 
information from customers to mitigate fraud. Lawful users of 
cryptocurrencies tend to use registered, compliant cryptocurrency 
exchanges that adhere to regulatory and operational measures in 
exchange for security, low fees, and the ease of processing 
transactions.
    Those who use cryptocurrency for illegal purposes generally avoid 
registered exchanges and seek illicit or unregistered exchanges that do 
not require or ask for personal identifying information. These illicit 
exchanges often take the form of a direct Peer-to-Peer (P2P) exchanger. 
P2P exchangers post advertisements stating the price for which they are 
willing to either buy or sell cryptocurrency on-line. Although some P2P 
exchangers do register with FinCEN and State authorities and follow 
compliance laws, most do not. Rather, these illicit P2P exchangers 
position themselves as the money launderers in the cryptocurrency 
world. P2P exchangers illegally generate revenue by charging a premium 
for allowing their customers to remain anonymous. They will sell 
cryptocurrency above market value and buy below market value to or from 
those customers who want to remain anonymous.
    Targeting these illicit P2P exchangers enables HSI to open the door 
and pull back the veil of pseudo-anonymity provided by 
cryptocurrencies. HSI can identify other criminals using cryptocurrency 
to fund and further their illicit activities through interviews and 
suspect cooperation; forensic analysis of computers, mobile phones, and 
other seized electronics; and the use of advanced blockchain tracing 
tools.
    Since 2018, HSI's Cryptocurrency Intelligence Program (CIP), housed 
at the National Bulk Cash Smuggling Center, has targeted unlicensed 
cryptocurrency MSBs and other gatekeepers in the cryptocurrency space. 
CIP provides blockchain forensics and analytics support to HSI 
investigators, as well as State, local, and international partners 
investigating cryptocurrency-enabled crimes. CIP uses technical and 
subject-matter expertise to exploit blockchain evidence, guide agency 
policy, monitor market intelligence, and regularly engages with 
private-sector partners such as exchanges, other virtual asset service 
providers and the blockchain industry groups.
Collaboration
    With the rapid development of new technologies, TCOs and terrorist 
organizations often adapt new methodologies to facilitate their illicit 
activities. It is now more essential than ever that law enforcement 
agencies work together to enhance our abilities to address this threat. 
Currently, HSI uses established investigative techniques that have 
gradually evolved to keep pace with this change but, HSI often engages 
its Federal, State, local, and international partners to learn and 
exchange new and innovative approaches in the cryptocurrency space. HSI 
leads and participates in numerous task forces and working groups such 
as, the HSI Cyber Crimes Center, the FBI's National Cyber Investigative 
Joint Task Force, the U.S. Secret Service's Cyber Fraud Task Force, and 
the DHS Science and Technology Internet Anonymity Project Working 
Group.
    HSI's extensive international footprint, comprised of more than 80 
offices in over 50 countries, equips HSI with a global ability to 
connect and engage with international partners in this space. HSI 
special agents assigned to EUROPOL coordinate multi-lateral foreign 
investigations of darknet markets, cryptocurrencies, and illicit travel 
connected to terrorism. HSI also sits on multiple committees and 
engages with international partners to exchange ideas, guide regulatory 
developments, and exchange investigative information. Given the 
transnational nature of the crimes HSI investigates, these 
international partnerships are essential to investigations into 
cryptocurrency use in illicit and terrorist activities.
Training
    HSI has been engaged in a multi-year effort to increase its 
``cyber-enabled'' workforce by training special agents, criminal 
analysts, and computer forensic analysts to conduct more effective and 
comprehensive on-line investigations. The HSI headquarters-based 
financial crimes unit and the HSI Cyber Crimes Center have partnered to 
provide cryptocurrency and darknet training for HSI special agents, as 
well as Federal, State, local, and international partners. Since 2017, 
HSI's subject-matter experts in cryptocurrency have conducted beginner 
and advanced cryptocurrency training to over 1,000 international law 
enforcement partners and Government officials world-wide. The training 
enables U.S. law enforcement agencies to initiate prolonged and 
combined campaigns of coordinated investigations targeting the criminal 
organizations that are using cryptocurrencies to launder illicit 
proceeds derived from various criminal schemes.
Outreach
    In 2003, HSI initiated the Cornerstone outreach initiative, a 
Nation-wide program designed to promote cooperation and collaboration 
with private-sector partners in order to detect and close 
vulnerabilities within the financial industry. This mission is 
accomplished through proactive outreach and collaboration with 
businesses and industries that manage the very systems terrorists and 
other criminal organizations seek to exploit. Within the financial 
sector, HSI's efforts focus on conducting outreach with traditional 
financial institutions as well as MSBs. With the rapid growth of 
cryptocurrency, and with it the expansion of private companies involved 
in cryptocurrency, HSI has expanded Cornerstone to include outreach and 
training to private industry involved in the cryptocurrency space, who 
often represent the first line of defense against money laundering and 
the illicit use of cryptocurrency.
                 statistics and investigative successes
    While HSI's investigative portfolio is extensive and diverse, 
financial investigations are at the core of every investigative program 
area that we investigate. TCOs, terrorist organizations and the myriad 
of criminal networks have grown increasingly more technical in their 
approach to obfuscating their criminal acts, while also morphing 
operations to the perceived anonymity of the darknet. Traditional 
money-laundering methods remain, yet cryptocurrency can now be used 
with relative ease to facilitate any type of illicit activity. As such, 
HSI investigations related to cryptocurrency have risen from one 
criminal investigation in 2011, to over 604 active criminal 
investigations in 2021. To date in 2021, HSI has already seized 
$79,825,606.65 in cryptocurrency. This marked increase signifies 
growing confidence in cryptocurrency use by bad actors and requires 
that law enforcement remains technically proficient in performing these 
complex investigations.
    These metrics also reflect an ability of HSI and our partners to 
engage in a concerted effort to identify and disrupt illicit economies, 
but to also use that intelligence to disrupt and dismantle the command-
and-control structure of TCOs and those that proliferate or support 
terrorist acts.
    To illustrate the above point, HSI led a global cyber operation, 
along with the Internal Revenue Service (IRS) and Federal Bureau of 
Investigation (FBI), which resulted in the dismantlement of an on-line 
infrastructure of Hamas's militant wing, Al Qassam Brigades. Beginning 
in October 2019, HSI established several undercover personas who 
executed undercover donation payments, using Bitcoin and undercover 
electronic communications, with the subjects operating the Hamas 
cryptocurrency fundraising campaign. The undercover payments were 
executed in a method that enabled investigators to identify those 
supporters based in the United States and allowed investigators to 
further identify money flows. Through additional communications 
exploitation, HSI was able to identify 64 unique communication 
channels, which led to the execution of a seizure warrant on a Hamas 
donor's Bitcoin wallet.
    Through additional court-ordered search warrants, HSI identified 64 
terrorist-affiliated email addresses, which illuminated the 
organizational blueprint, as well as covert access of Hamas's on-line 
recruitment, financing, domain, and network infrastructure, which was 
spread across the United States, Canada, Russia, Germany, and Saudi 
Arabia. In July 2020, HSI and IRS special agents executed a total of 24 
Federal search and seizure warrants at numerous cryptocurrency 
exchanges, domain registration providers, VPN service providers, on-
line payment providers, DDOS protection providers, and email providers, 
resulting in numerous account take-overs, server seizures, email 
account seizures, and domain redirections. Additionally, this cyber 
operation was executed in cooperation with foreign partners and 
ultimately resulted in the seizure of terabytes of terrorist-controlled 
data, the seizure of several million dollars from hundreds of Bitcoin 
wallets, and the account takeover of a terrorist-administered website 
that solicits terrorist donations via Bitcoin. This account takeover of 
website, www.alqassam.net, enabled HSI to seize terrorist donations for 
a 30-day period.
    To highlight another investigative example, in 2020, HSI, IRS, and 
FBI initiated an investigation related to 24 cryptocurrency accounts, 
all of which were identified as foreign assets or sources of influence 
for al-Qaeda. This investigation was initiated to investigate the 
unlawful use of cryptocurrency to support and finance terrorism. As a 
result of this investigation, HSI subsequently seized 60 virtual 
currency wallets used in this terrorism financing scheme. The results 
of this case and others illustrate how law enforcement can effectively 
disrupt terrorist groups, though the use of HSI's financial and global 
investigative authorities, technical aptitude, undercover and asset 
forfeiture authorities and ability to use law enforcement and the 
private sector as force multipliers in this fight.
                           gaps and solutions
    While HSI has had success in countering the use of cryptocurrency 
to facilitate crime, investigative and regulatory challenges still 
remain. On the investigative front, the pseudo-anonymity offered by 
cryptocurrencies, combined with enhanced encryption being implemented 
by some platforms, restricts law enforcement's ability to trace 
financial transactions between illicit actors in support of a broad 
range of criminal activities. Cryptocurrency protocols are continuously 
being refined, and new cryptocurrencies are regularly developed and 
deployed with ever-growing technological complexity. As a result, law 
enforcement organizations such as HSI are confronted with the need to 
continuously update and expand their training and expertise to enable 
effective investigations. This presents a resource and training 
challenge, particularly in light of competing priorities within an 
agency such as HSI with a broad mission set.
    Additionally, significant challenges in international regulation 
remain, including the classification of cryptocurrency, which varies 
from country to country, and the lack of a common understanding and 
definition for cryptocurrency and what it is under the law. From HSI's 
perspective, the implementation of consistent global regulatory 
oversight would be an important step toward mitigating the illicit use 
of cryptocurrencies by terrorist and criminal actors. HSI has and will 
continue to engage with stakeholders across the branches of the U.S. 
Government to address questions, provide insight, and respond to 
requests related to cryptocurrency and the digital economy.
                               conclusion
    Thank you again for the opportunity to appear before you today to 
discuss this important topic and for your continued support of HSI and 
our investigative mission. HSI remains committed to protecting the 
physical and digital borders of the United States from TCOs and 
terrorist networks seeking to exploit and undermine our financial and 
cyber systems and will continue our efforts at home and abroad to 
uphold the National security and public safety of the United States.

    Ms. Slotkin. Thank you for your testimony.
    Pursuant to today's order, the subcommittee stands in 
recess, subject to the call of the Chair.
    Mr. Malinowski will be back shortly. I will flag that we 
have a couple of Members who are on-line. You can't see them, 
but when they are called for questions, they will come up, and 
you will be aware of them.
    So give us just a few minutes. We will be right back to 
you.
    [Recess.]
    Ms. Slotkin. The subcommittee will come back to order.
    I now recognize Assistant Director Sheridan to summarize 
his statement for 5 minutes.
    Mr. Sheridan. Can you hear me, ma'am? I have a red--is that 
good? Can you hear me? OK.
    Ms. Slotkin. We can, unless----
    Mr. Sheridan. OK.
    Ms. Slotkin [continuing]. The staff can't hear. Let us 
know. But we can hear you well.

  STATEMENT OF JEREMY SHERIDAN, ASSISTANT DIRECTOR, OFFICE OF 
  INVESTIGATIONS, U.S. SECRET SERVICE, DEPARTMENT OF HOMELAND 
                            SECURITY

    Mr. Sheridan. Thank you, ma'am.
    Chairwoman Slotkin, Ranking Member Pfluger, and Members of 
this subcommittee, good morning. Thank you for inviting me here 
today to testify on how cryptocurrencies, virtual currencies, 
and other forms of digital money are being used to further 
advance criminal activity, including acts of terrorism and 
violent extremism.
    My name is Jeremy Sheridan, and I am the assistant director 
of the Secret Service's Office of Investigations. I lead our 
more than 160 field offices and direct our global network of 
Cyber Fraud Task Forces. I work to ensure that the Secret 
Service is effectively detecting and arresting those engaged in 
the violations we are authorized to investigate, while also 
supporting our diverse protective requirements across the 
world.
    For more than 150 years, the Secret Service has conducted 
investigations to protect the American public, private 
companies, financial institutions, and critical infrastructure 
from criminal exploitation. We maintain extensive authorities, 
expertise, and capabilities to safeguard financial and payment 
systems from criminal misuse, even as those activities are 
increasingly transnational and enabled by digital money.
    The Secret Service has a distinctive record of success in 
countering risks related to new technologies. We have 
successfully investigated and dismantled some of the most 
notorious virtual money platforms and crypto exchanges and 
brought to justice some of the most infamous money launderers 
and cyber criminals in U.S. history.
    Today, we remain committed to keeping pace with innovation 
and the evolving strategies and tactics criminals are using to 
exploit new financial instruments.
    Our perspective on these matters is based on our unique 
role. We are not a financial regulator or a member of the 
intelligence community. We are a law enforcement agency focused 
on accomplishing our integrated mission of protecting 
designated persons, places, and events and investigating crimes 
that undermine the integrity of financial and payment systems. 
This unified mission necessitates that we understand how 
digital money may present risk to the Nation's financial system 
as well as to our many protectees.
    Consequently, today, I will aim to address the broad 
criminal risks of digital money as well as the work of the 
Secret Service and our partners to mitigate those risks. I 
believe the measures to investigate and address these risks 
apply equally to violent extremism and financially motivated 
crime as they do to other forms of criminality.
    I wish to stress that, while digital money is not 
inherently criminal, it can be abused and is currently being 
abused for a wide variety of criminal purposes, from money 
laundering and ransomware to illicit financing of terrorism and 
violent extremism.
    Over the past decade, law enforcement has made great 
strides in the fight against the illicit use of digital money, 
but we anticipate that the on-going growth and criminality will 
continue over the coming years. Organized crime groups, 
terrorists, and other bad actors will continue to view digital 
money as an effective means to transfer value globally and as a 
means of evading the anti-money-laundering controls that are 
well-established within the traditional financial system.
    As the cryptocurrency industry improves their compliance 
with anti-money-laundering obligations, the Secret Service is 
focused on staying one step ahead of our adversaries. By 
building the investigative capabilities and purview to meet the 
evolving threats, we can continue to detect and arrest those 
who engage in criminality using digital money.
    But we must not be complacent. Keeping pace with criminals 
requires a continuous investment in technology, training, and, 
most importantly, people. The investigation of cyber crime and 
illicit finance is complex, demanding work. We need a steady 
stream of bright, diligent professionals equipped with the 
latest technology, training, and expertise if we hope to 
continue to be successful in the future, as we have in the 
past.
    Allow me to reiterate what many of my predecessors have 
emphasized. Those that seek to further their illicit activities 
through the use of digital currencies or the internet, more 
broadly, should have no illusions that they are beyond the 
reach of law. Even those digital assets and services that claim 
to be anonymous can be tracked and interdicted.
    As the investigative work of the Secret Service and our 
partners has demonstrated over the decades, we in law 
enforcement, whether it be the Secret Service, the FBI, HSI, 
IRS CI, or any of the other investigative agencies of the U.S. 
Government, are relentless in enforcing the law. We will not 
stop until those who seek to harm the United States and its 
citizens are arrested, convicted, and punished.
    Chairwoman Slotkin, Ranking Member Pfluger, and Members of 
this subcommittee, thank you again for the opportunity to 
appear before you today and for your continued support of the 
U.S. Secret Service. I look forward to working closely with 
this committee and with other Members of Congress on our shared 
priorities and welcome your questions.
    [The prepared statement of Mr. Sheridan follows:]
                 Prepared Statement of Jeremy Sheridan
                             July 22, 2021
                              introduction
    Good morning Chairwoman Slotkin, Ranking Member Pfluger, and 
Members of this subcommittee: Thank you for inviting me to testify on 
how criminals use digital money,\1\ including cryptocurrencies, to 
further illicit activity, such as terrorism and unlawful acts of 
violent extremism. My name is Jeremy Sheridan and I am the assistant 
director of the Office of Investigations. In this role, I lead more 
than 160 Secret Service field offices and direct our network of Cyber 
Fraud Task Forces (CFTFs) in their investigations of sophisticated 
computer and financial crimes. I ensure our global network of field 
offices and task forces effectively detect and arrest those that are 
engaging in the criminal violations we are authorized to 
investigate,\2\ while fully supporting our diverse protective 
requirements across the world.
---------------------------------------------------------------------------
    \1\ The term ``digital money'' is used to refer to a representation 
of value that is stored on and transferred through computer systems and 
that is used similar to money, regardless of legal tender status. The 
term ``digital money'' is inclusive of, but is not limited to, 
cryptocurrency assets like Bitcoin, Ether, Tether, and others. 
Consistent with FinCEN guidance (FIN-2013-G001), the Secret Service 
uses the term ``virtual currency'' to refer to mediums of exchange that 
operate like currency, but do not have legal tender status.
    \2\ See 18 U.S.C.  1028-1030, and 3056(b).
---------------------------------------------------------------------------
    Today, I will provide you with an overview of the risks associated 
with digital money, as viewed from the perspective of the United States 
Secret Service (Secret Service), and to highlight the various actions 
we are taking to address those risks. As part of my testimony, I will 
also seek to highlight some key challenges that we see on the horizon.
    For more than 150 years, the Secret Service has conducted 
investigations to protect the American public, private companies, 
financial institutions, and critical infrastructure from criminal 
exploitation. We maintain extensive authorities, expertise, and 
capabilities to effectively safeguard financial and payment systems 
from criminal misuse, even as those illicit activities are increasingly 
transnational in nature and enabled by the internet.\3\
---------------------------------------------------------------------------
    \3\ For more information on the Secret Service's investigative 
mission see: https://www.secretservice.gov/investigation.
---------------------------------------------------------------------------
    The Secret Service has a distinctive record of success in 
countering risks related to emerging financial and payment 
technologies. This includes countering fraud in electronic transfers of 
funds in the early 1980's, countering criminal schemes related to 
payment cards in the 1990's, and investigations related to 
cryptocurrencies and digital money platforms over the past decade and 
half. Today, we remain committed to keeping pace with technological 
innovation and the evolving strategies and tactics criminals are using 
to exploit these new financial instruments.
    Through our decades of criminal investigations, the Secret Service 
has developed a deep understanding of the risks, challenges, and 
potential investigative benefits of digital money, as well as the 
effectiveness of various potential law enforcement and regulatory 
responses. Our perspective on these matters is based on our unique 
role. We are not a financial regulator or a member of the intelligence 
community. We are a law enforcement agency focused on accomplishing our 
dual responsibilities of protecting designated persons, places, and 
events and investigating crimes that undermine the integrity of 
financial and payment systems. These unified mission sets necessitate 
that we understand how digital money may present risks our Nation's 
financial system, such as through money laundering, fraud, theft, and 
extortion by cyber criminals (including through ransomware), in 
addition to the ways in which they present risks to our many 
protectees.
    Consequently, my testimony today will address the broad risks of 
how criminals can use digital money. In the interest of protecting on-
going investigative activities and other law enforcement sensitive 
information, I will avoid detailed discussion of specific recent events 
or law enforcement techniques. I believe this committee's work can be 
well-informed by a discussion of the broad range of illicit activity 
that is enabled by digital money. The measures to investigate and 
address these risks, I believe, apply equally to terrorism, violent 
extremism, and financially-motivated crime, as they do to other forms 
of criminality.
             secret service investigations of digital money
    The commercialization of the internet in the 1990's brought with it 
a new push to develop payment systems that could function effectively 
within a digital economy. While the U.S. market predominately adopted 
payment cards as the solution, there have been numerous attempts to 
develop new digital payment systems that could operate with greater 
independence from, and with a similar degree of trust to, the 
traditional financial system, and all at a potentially lower cost. In 
2009, Bitcoin sought to achieve these goals through a novel approach of 
using public-key cryptography and on-going decentralized computation to 
form a blockchain, a technical architecture which forms the basis of 
most forms of digital money today.\4\
---------------------------------------------------------------------------
    \4\ Nakamoto, Satoshi, ``Bitcoin: A Peer-to-Peer Electronic Cash 
System'' (2008). Last accessed on July 6, 2021. Available at: https://
bitcoin.org/bitcoin.pdf.
---------------------------------------------------------------------------
    Since that time, the popularity of Bitcoin has inspired an 
exponential growth in digital assets globally, from cryptocurrencies to 
stable coins to non-fungible tokens (NFTs). As of July 2021, there are 
more than 5,000 blockchains in operation on the internet, with over 300 
million users world-wide and total market capitalization of 
approximately $1.43 trillion.\5\ Even central banks are exploring these 
technologies as a means of encouraging more transparent and seamless 
financial exchanges. Several are already in circulation.\6\ While much 
of this effort is in support of legitimate economic activity, the rapid 
expansion of cryptocurrencies, as well as other digital stores of 
value, presents a significant challenge to law enforcement, and a 
growing area of risk to the United States and our foreign partners.
---------------------------------------------------------------------------
    \5\ ``Cryptocurrency Prices by Market Cap,'' Last accessed on July 
6, 2021. Available at: https://www.coingecko.com/en.
    \6\ Among others, the Central Bank of Sweden proposed an ``e-
krona'' in November 2016, and started testing an e-krona proof of 
concept in 2020; in November 2017, the Central Bank of Uruguay 
announced to begin a test to issue digital Uruguayan pesos; and on 
October 20, 2020, the Central Bank of the Bahamas introduced the ``Sand 
Dollar'' as a digital legal currency equivalent to the traditional 
Bahamian dollar. See Deloitte, ``Are Central Bank Digital Currencies 
(CBDCs) the money of tomorrow?'' Last accessed on July 11, 2021. 
Available at https://www2.deloitte.com/content/dam/Deloitte/lu/
Documents/financial-services/Banking/lu-are-central-bank-digital-
currencies.pdf.
---------------------------------------------------------------------------
    The Secret Service has been at the forefront of combatting these 
crimes from their earliest iterations, and we continue this work today. 
We have successfully investigated and dismantled two centralized 
virtual currency providers that supported extensive criminal activity: 
e-Gold Ltd. (in 2007) \7\ and Liberty Reserve (in 2013).\8\ Working 
with our partners, we investigated and ultimately shut down a number of 
other virtual currency exchangers,\9\ including Western Express,\10\ 
which was prosecuted by the Manhattan District Attorney's Office, and, 
in 2017, the cryptocurrency exchange BTC-e.\11\ Through a partnership 
with the Internal Revenue Service's Criminal Investigation Division 
(IRS-CI) and other foreign and domestic law enforcement agencies, we 
successfully shuttered BTC-e, after it was accused to have failed to 
implement a program to prevent illicit financing.\12\
---------------------------------------------------------------------------
    \7\ See U.S. Department of Justice: ``Over $56.6 Million Forfeited 
In E-Gold Accounts Involved In Criminal Offenses,'' https://
www.justice.gov/usao-md/pr/over-566-million-forfeited-e-gold-accounts-
involved-criminal-offenses; Digital Currency Business E-Gold Indicted 
for Money Laundering and Illegal Money Transmitting, https://
www.justice.gov/archive/opa/pr/2007/April/07_crm_301.html.
    \8\ See U.S. Department of Justice press releases: ``Founder of 
Liberty Reserve Pleads Guilty to Laundering More Than $250 Million 
through His Digital Currency Business,'' https://www.justice.gov/opa/
pr/founder-liberty-reserve-pleads-guilty-laundering-more-250-million-
through-his-digital; ``Manhattan U.S. Attorney Announces Charges 
Against Liberty Reserve, One Of World's Largest Digital Currency 
Companies, And Seven Of Its Principals And Employees For Allegedly 
Running A $6 Billion Money Laundering Scheme,'' https://
www.justice.gov/usao-sdny/pr/manhattan-us-attorney-announces-charges-
against-liberty-reserve-one-world-s-largest.
    \9\ Exchangers are businesses that allow for the trade of digital 
currencies for other assets, such as conventional fiat money, such as 
U.S. dollars, or other digital currencies.
    \10\ See Manhattan District Attorney, ``DA Vance Testimony on 
Digital Currency before the Department of Financial Services,'' https:/
/www.manhattanda.org/da-vance-testimony-on-digital-currency-before-the-
department-of-financial-services/.
    \11\ See, ``Russian National and Bitcoin Exchange Charged In 21-
Count Indictment For Operating Alleged International Money Laundering 
Scheme And Allegedly Laundering Funds From Hack Of Mt. Gox,'' https://
www.justice.gov/usao-ndca/pr/russian-national-and-bitcoin-exchange-
charged-21-count-indictment-operating-alleged.
    \12\ See, ``FinCEN Fines BTC-e Virtual Currency Exchange $110 
Million for Facilitating Ransomware, Dark Net Drug Sales'' https://
www.fincen.gov/news/news-releases/fincen-fines-btc-e-virtual-currency-
exchange-110-million-facilitating-ransomware.
---------------------------------------------------------------------------
    More recently, in collaboration with our Federal and international 
partners, we successfully investigated a highly sophisticated, Russia-
based criminal scheme to defraud multiple cryptocurrency exchangers and 
their customers.\13\ This effort led to the seizure of millions of 
dollars' worth of virtual assets. The criminals indicted in this scheme 
are alleged to have employed a variety of advanced methods in support 
of their fraud, including using fictitious or stolen identities to 
create accounts; circumventing exchanges' internal controls; swapping 
and mixing different types of virtual currency; moving virtual currency 
through multiple intermediary addresses; and a market manipulation 
scheme in which inexpensive virtual currency was purchased at a fast 
rate to increase demand and price, then quickly sold for a higher price 
to make a quick profit.
---------------------------------------------------------------------------
    \13\ See, ``Russian Nationals Indicted for Conspiracy to Defraud 
Multiple Cryptocurrency Exchanges and Their Customers,'' https://
www.justice.gov/usao-ndca/pr/russian-nationals-indicted-conspiracy-
defraud-multiple-cryptocurrency-exchanges-; and ``Treasury Sanctions 
Russian Cyber Actors for Virtual Currency Theft,'' https://
home.treasury.gov/news/press-releases/sm1123.
---------------------------------------------------------------------------
    And just this year, our work investigating illicit uses of 
cryptocurrency supported indictments and arrests associated with a vast 
money-laundering operation that provided criminal services to not only 
some of the world's most dangerous cyber criminals but also North 
Korean military-affiliated actors.\14\ This North Korean group is 
accused of creating and deploying multiple malicious cryptocurrency 
applications, of developing and fraudulently marketing a fictitious 
blockchain platform, and ultimately stealing more than $1.3 billion 
from victims in the United States and overseas.
---------------------------------------------------------------------------
    \14\ See, ``Three North Korean Military Hackers Indicted in Wide-
Ranging Scheme to Commit Cyberattacks and Financial Crimes Across the 
Globe,'' https://www.justice.gov/opa/pr/three-north-korean-military-
hackers-indicted-wide-ranging-scheme-commit-cyberattacks-and.
---------------------------------------------------------------------------
    During the course of our criminal investigations, the Secret 
Service maintains close and continuous partnerships with a wide range 
of domestic and international law enforcement agencies. We regularly 
coordinate our work with the Department of Justice, Federal Bureau of 
Investigation (FBI), Homeland Security Investigations (HSI), IRS-CI and 
others, and, where appropriate, conduct joint investigations and 
information sharing with foreign counterparts. Through our Cyber Fraud 
Task Forces and through domestic and international task forces, like 
the National Cyber Investigative Joint Task Force (NCIJTF) and the 
Joint Cybercrime Action Taskforce (J-CAT) in Europe, we work to ensure 
effective deconfliction and intelligence sharing between and among our 
law enforcement partners.
                countering risks involving digital money
    Criminals can abuse digital money for a wide variety of purposes, 
including in support of terrorist or violent extremist activities. The 
types of criminality are diverse, and include such schemes as crypto-
jacking,\15\ thefts of private keys,\16\ the purchase of illicit goods 
or services on the dark web, attacks on block chain networks,\17\ 
money-laundering, sanctions evasion, illicit financing, and as the 
extortion payment method of choice in modern ransomware, among other 
potential crimes.\18\
---------------------------------------------------------------------------
    \15\ Crypto-jacking is the use of malware or compromised websites 
to use, without authorization, computing power of others for 
cryptocurrency mining. Mining is the computational process that 
verifies and maintains a blockchain, and is typically incentivized by a 
blockchain protocol rewarding cryptocurrency to miners.
    \16\ Control of assets on a blockchain is maintained through 
exclusive control and access to the associated private cryptographic 
key; however, there have been numerous instances of cryptocurrency 
heists, involving major exchanges, wallets, and individual users 
resulting from the theft and illicit use of private cryptographic keys.
    \17\ We have observed a few instances of attacks on blockchain 
systems themselves, either to impair their operation, as part of a 
broader scheme, or as part of a ``51 percent attack'' to defraud other 
users of the cryptocurrency. Such activities typically involve 
violations of 18 U.S.C.  1030 and can also include other criminal 
offenses.
    \18\ Ransomware, which impairs the operation of a computer as part 
of an extortion demand, has substantially grown in threat, 
corresponding with adopting cryptocurrencies as the means of paying 
extortion demands.
---------------------------------------------------------------------------
    The blockchain analysis tracking firm Chainalysis, has identified 
approximately $21.4 billion worth of likely illicit cryptocurrency 
transfers in 2020.\19\ However, we believe that this is likely a 
significant underestimate of the total value of illicit cryptocurrency 
transfers. Certain blockchain implementations on specific currencies 
can provide information for insightful analysis on its own, but a full 
accounting of the motives and identities of criminal actors using these 
tools can only be achieved through the work of trained criminal 
investigators, armed with subpoena powers and court-sanctioned legal 
process to undercover the true scale of the problem.
---------------------------------------------------------------------------
    \19\ ``Crypto Crime Report 2021,'' Chainalysis, available at: 
https://go.chainalysis.com/rs/503-FAP-074/images/Chainalysis-Crypto-
Crime-2021.pdf.
---------------------------------------------------------------------------
    A 2019 study \20\ on terrorist use of digital currencies by the 
RAND Corporation, supported Secret Service's Office of Investigations 
finding that a specific digital currency can be viewed as more or less 
appealing to bad actors based upon six criteria: A currency's level of 
anonymity, its usability, its security, its acceptance in the 
marketplace, its reliability, and its overall volume. RAND's research 
shows that, ``should a single cryptocurrency emerge that provides wide-
spread adoption, better anonymity, improved security, and that is 
subject to lax or inconsistent regulation, then the potential utility 
of this cryptocurrency, as well as the potential for its use by 
terrorist [or criminal] organizations, would increase.'' It is thus 
essential that the U.S. Government keep pace with changes in the market 
and align investigative resources and regulatory oversight to shifts in 
the tactics of terrorists, criminals, and other bad actors.
---------------------------------------------------------------------------
    \20\ See, ``Terrorist Use of Cryptocurrencies Technical and 
Organizational Barriers and Future Threats,'' The RAND Corporation, 
2019, available at https://www.rand.org/pubs/research_reports/
RR3026.html.
---------------------------------------------------------------------------
    Law enforcement has made tremendous strides in the fight against 
illicit use of digital money, but we anticipate that the on-going 
growth in criminality will continue in the coming years. Organized 
crime groups, terrorists, violent extremists, and other bad actors will 
continue to view cryptocurrencies as an effective means to transfer 
substantial values globally, without encountering the anti-money 
laundering controls common in the traditional financial system. As the 
cryptocurrency industry improves their compliance with anti-money 
laundering (AML) obligations, I am focused on keeping the Secret 
Service one step ahead of our adversaries. By developing the 
investigative capabilities and purview to meet the evolving threat 
landscape, we can continue to detect and arrest those engaged in crime, 
including those engaged in terrorism and violent extremism.
                  challenges for further consideration
    Cryptocurrencies remain attractive to bad actors for the various 
reasons provided above, but it also has its limitations and criminal 
drawbacks. For cryptocurrencies or other digital assets to be utilized 
within the mainstream economy--namely, to exchange them for most goods 
or services--they usually must be converted into government-backed fiat 
currency, such as the U.S. dollar, European euro, or Chinese yuan. This 
conversion typically occurs through ``exchanges,'' money services 
businesses which allow for the purchase and sale of digital assets with 
fiat currency. Exchanges, both as on-ramps and off-ramps to the 
cryptocurrency economy, have been a particularly effective data source 
and control point for governments to focus their efforts; however, as 
the variety of digital assets increases, further attention is needed to 
address the risks of technologies and services that obscure digital 
transactions from law enforcement and regulatory oversight.
    The United States and the broader international community have 
spent decades developing, implementing, and strengthening a global 
anti-money laundering (AML), Know-Your-Customer (KYC), and countering 
the financing of terrorism (CFT) regime. Financial institutions doing 
business in the United States must follow a host of statutory and 
regulatory obligations, including those related to the Bank Secrecy Act 
of 1970, the Annunzio-Wylie Anti-Money Laundering Act of 1992, and the 
Money Laundering Suppression Act of 1994, in addition to other 
associated laws and Federal regulations. These laws require covered 
entities to be registered, establish compliance programs, due diligence 
systems and monitoring programs, transmit suspicious activity reports, 
and develop risk-based anti-money-laundering programs. Failing to 
comply with these requirements or conducting or facilitating 
transactions designed to avoid reporting requirements or conceal or 
promote specified unlawful activities may constitute criminal 
violations of Title 31 of the U.S. Code or sections 1956, 1957, or 1960 
of Title 18, in addition to other provisions of U.S. law.
    Criminals and terrorist groups persistently seek to avoid U.S. and 
foreign AML and KYC requirements by utilizing exchanges that do not 
adhere to these laws or reporting requirements. Criminals are also 
increasingly exploiting over-the-counter (OTC) brokers, which 
facilitate transactions conducted directly between two parties through 
bilateral contracts. Unlicensed OTC brokers with weak AML/CFT programs 
are increasingly being used by criminals and other bad actors for money 
laundering and other financial crimes. Compared to institutional 
exchanges, OTC brokers provide a more decentralized approach, which 
makes them attractive for those intent on engaging in money-laundering 
activity. In both cases, with exchanges or OTCs, criminals look to 
utilize those providers hosted in foreign jurisdictions with lax AML 
requirements or weak enforcement.
    Accordingly, it is vital to U.S. National security that AML/KYC 
laws achieve their intended effects, regardless of the bad actors' 
motivations for exploiting them. The enactment of the Anti-Money 
Laundering Act of 2020 (AML 2020) was an important step in this 
direction. Timely and effective implementation of the rules directed by 
this law, and effective enforcement of violations, will likely have a 
substantial impact on the illicit market.
    We are closely monitoring and participating in the implementation 
of the AML Act of 2020, both to track potential emerging risks and to 
identify where further action may be helpful. For example, enhanced 
data reporting, collection, retention requirements, and accessibility 
requirements may strengthen criminal investigations and effective 
oversight. We also foresee significant money laundering risks, which 
may require further action, related to anonymity-enhanced 
cryptocurrencies, services intended to obscure transactions on 
blockchains (i.e., cryptocurrency tumblers or mixers), and 
cryptocurrency mining pools.
    That said, the United States should be cautious about acting 
unilaterally, as this can simply lead to the ``offshoring'' of 
cryptocurrencies and associated services to foreign jurisdictions. We 
believe that the most effective interventions are those that are 
conducted in coordination with other major economic powers. Our foreign 
partners perform critical roles in in assisting U.S. law enforcement 
with conducting investigations, making arrests, seizing criminal 
assets, and establishing effective AML regulations to counter 
transnational criminal activity that harms Americans. As we take steps 
domestically, we continue to work to ensure that foreign partners are 
willing and capable to assist us in investigations. To that end, the 
Secret Service continues to partner closely with Departments of State, 
Justice, and the Treasury to develop these essential foreign 
partnerships and work collaboratively on multinational criminal 
investigations and training programs.
    Further, we acknowledge that some exchangers or brokers may 
actively obfuscate their ownership and location in an effort to evade 
detection and oversight. To address this challenge, additional 
consideration is warranted to improve cooperation between U.S. 
Government authorities and foreign and domestic providers of electronic 
communications services and remote computing services. This will 
facilitate expeditiously identifying users engaged in certain illicit 
activities, such as those involving digital money laundering, 
transnational cyber crime, or terrorist financing. Last year, the 
Cyberspace Solarium Commission made important recommendations toward 
achieving such improved cooperation.\21\
---------------------------------------------------------------------------
    \21\ See, The Cyberspace Solarium Commission Report, available at, 
https://www.solarium.gov/report.
---------------------------------------------------------------------------
    Strong overseas partnerships are also key to effective regulation 
and oversight. Fostering these partnerships requires continual 
investment in government-to-government law enforcement and regulatory 
relationships to develop shared understanding of risks, and to ensure 
an effective international anti-money laundering regulatory and 
enforcement programs. Toward this end, we welcome efforts to improve 
global controls related to digital assets, through our international 
partners, and other global financial and banking associations.
    Finally, investigating crimes involving digital money, and the 
transnational organized criminal and terrorist groups that exploit it, 
requires highly-skilled criminal investigators. Hiring, developing, 
retaining, and equipping our investigative workforce, as well as 
partnering with and training our domestic and foreign law enforcement 
and other partners to develop their investigative capabilities, are all 
critical priorities for ensuring that the United States is well-
prepared to address emerging risks both today and into the future.
    This can be achieved by strengthening and growing law enforcement 
training and capacity-building programs that equip Federal law 
enforcement, and our partners, with the technical skills and tools 
necessary pursue the most sophisticated transnational criminals. 
Programs such as the Secret Service's National Computer Forensics 
Institute (NCFI), which yearly trains over 3,000 U.S. State and local 
law enforcement officials in computer investigations techniques, and 
the Department of State's International Law Enforcement Academies 
(ILEA), which provide instruction to foreign law enforcement partners 
on approaches to combatting cyber crime and illicit finance, are prime 
examples of initiatives that enhance these requisite capabilities.
                               conclusion
    Digital money is clearly of great interest to governments, 
businesses, and U.S. citizens, as demonstrated by the substantial 
research conducted and investments places into these assets. The Secret 
Service is focused on doing our part to address the challenges posed by 
the increasing use of digital money in furtherance of illicit activity, 
from ransomware, to money laundering, to the financing of violent 
extremists and terrorists. But we and our law enforcement partners, 
both domestic and foreign, must and can do more. We must dramatically 
expand our efforts, and continue to adapt our investigative tools and 
techniques, if we hope to stem the tide.
    Chairwoman Slotkin, Ranking Member Pfluger, and Members of this 
subcommittee, I will conclude by reiterating what many of my 
predecessors have emphasized here before in this body: Those that seek 
to further their illicit activities through use of digital currencies, 
or the internet more broadly, should have no illusions that they are 
beyond the reach of the law. Even those assets and services that 
purport to be ``anonymous'' can be tracked and interdicted. As the 
investigative work of the Secret Service and our law enforcement 
partners has over the years demonstrated: We are relentless in 
enforcing the law and will not stop until those who seek to harm the 
United States and its citizens are arrested, convicted, and punished to 
the fullest extent of the law.
    Thank you again for the opportunity to appear before you today, and 
your continued support for the mission of the U.S. Secret Service. I 
look forward to working closely with this committee, and with other 
Members of Congress, on our shared priorities. I look forward to 
answering your questions.

    Ms. Slotkin. I thank all the witnesses for their testimony.
    I will remind the subcommittee that we each have 5 minutes 
to question the panel. Since we haven't been in the room for a 
while, the clock is under the screens. That is 5 minutes total, 
so I will give you a gentle tap of the gavel when you have hit 
your 5-minute mark, if you are going strong.
    I will now recognize myself for questions.
    So, Ms. Dobitsch, can you help us just contextualize the 
threat? You know, sort-of, we know that there is, you know, a 
number--there is a bunch of terrorist organizations, there is a 
bunch of domestic extremist organizations that threaten 
Americans in different ways. How significant is the use of 
cryptocurrency versus other types of currencies, versus 
traditional types of currencies? I know it is hard to put an 
exact percentage on it, but give us a sense of the scale, if 
you would.
    Ms. Dobitsch. Thank you, Chairwoman.
    In terms of the scale, I think from a terrorist perspective 
we are really in the nascent stages, particularly as we look at 
foreign terrorist groups overseas. They remain reliant on those 
traditional sources of funding. But we are seeing increasing 
use of cryptocurrency, particularly regarding soliciting 
donations and fundraising. So early on in the stages.
    I think from a criminal perspective it is becoming more 
mainstream. Obviously, we are seeing more activity from 
transnational criminal organizations, obviously from cyber 
criminals, and, in certain instances, nation-states that are 
using it more frequently than they are those traditional 
sources.
    I think, as the technology becomes more accessible and 
easier for the user, it is going to be more common among 
terrorist groups. Again, it is largely limited. We have seen 
several cases. But, again, I think the concern for us is that 
as the technology advances and becomes more user-friendly that 
we are going to see more activity.
    Ms. Slotkin. Mr. Eisert, can you help us understand the use 
of sites that Americans are really used to, like GoFundMe, you 
know, Amazon, to raise money for charity? You know, most 
Americans have seen someone at least advertise those kinds of 
campaigns. Can you talk to us about what, if any, abuse you see 
of those sites?
    Mr. Eisert. Sure. Luckily for us, a lot of those mainstream 
payment systems, like PayPal and GoFundMe, they have due-
diligence systems in place and checks and balances. So a lot of 
the social media sites and those mainline payment systems have 
identified criminal activity and have pushed them off the 
networks.
    But that is why--that is one of the reasons why we are 
starting to see an increase into these alternate forms of 
payment systems, like virtual currency.
    Ms. Slotkin. Then I think for both Mr. Eisert and Mr. 
Sheridan, just tell us about--you know, I have assumed that 
from a law enforcement perspective it is just harder to go 
after, you know, groups that are using cryptocurrency as 
opposed to traditional currencies.
    What are the tools or legal authorities that either you 
don't have, that you want to have, that would make your life 
easier? What are the roadblocks that are holding you back?
    Mr. Sheridan. That is a really important question, ma'am. 
Thank you.
    So, in regards to your first question about tools, we in 
the Secret Service rely on our Cyber Fraud Task Forces that are 
stationed globally and partner with all of Government in order 
to combat this threat. What we need in order to expand is to 
increase our presence in the international setting. As was 
mentioned earlier, this is an international/transnational crime 
situation that we are facing, and we need to increase our 
presence there.
    We need to get better at our processes in order to ensure 
that we are aggregating data appropriately and conducting the 
necessary data-link analysis for attribution.
    We need to continue to modernize. We greatly appreciate 
Congress's help in the Cyber Fraud Task Force modernization 
that they have assisted us with, but we need to continue to 
grow in those areas.
    As it relates to authorities, similarly, ma'am, there are 
areas for growth as it relates to our investigative authorities 
related to money laundering, structured payments, and 
unlicensed money transmitters that would make us stronger in 
this fight.
    Ms. Slotkin. OK. Well, I am sure we would love to hear more 
about some of the details.
    Then to Ms. Dobitsch again: You know, we know that 
intelligence is an important part of understanding these 
organizations and how they finance themselves. Talk to us 
about, like, what does the interagency structure look like in 
the Government? Who is working on this? Who do you talk to 
every day? Is there actually coordination between different 
actors?
    Ms. Dobitsch. Yes, ma'am, it is certainly an interagency 
problem.
    I think the difficulty really is thinking about that end-
user. So we are seeing the activity occurring, but oftentimes 
we have significant information and intelligence gaps about 
where that money is going and how it is ultimately used.
    I&A certainly serves as that bridge between law enforcement 
and the intelligence community. In addition to that, it really 
takes not just an individual or an intelligence officer that 
kind-of understands the intent and capabilities of the actor 
but also has that deep understanding and knowledge of the 
technology itself.
    If you look at a group like ISIS, in terms of their use of 
drones, really, since 2014, they rapidly expanded their 
capability to leverage drones, first for reconnaissance and 
then for actual attacks on the battlefield overseas.
    So it really takes a whole-of-Government effort and 
connecting that law enforcement information with the 
intelligence to get the fullest picture of the threat.
    Ms. Slotkin. Great.
    I now recognize Ranking Member Mr. Pfluger for questions.
    Mr. Pfluger. Thank you, Chairwoman.
    I am so glad you brought up the use of drones. I think the 
key here is that they are using an innovative approach, and the 
nature of warfare is constantly changing, and we have to stay 
one step ahead.
    So I appreciate your testimonies so far and wanted to get 
right into some questions with Mr. Eisert.
    I understand that cryptocurrency has attracted bad actors 
because of the pseudo-anonymity or anonymity, in some cases. I 
want to focus now on the cartels. Have you seen cartels using 
cryptocurrencies in order to hide illicit proceeds from 
transnational criminal activity?
    Mr. Eisert. Yes. Thank you for that question.
    Yes, we do have recent investigations where we do see 
cartels conducting business with money brokers, professional 
money launderers. Throughout our investigations, we target 
these professional money launderers and insert our undercover 
activities with them.
    Specific to the cartels, we have found ourselves in the 
middle of investigations picking up cartel-level street 
proceeds and converting them to cryptocurrency through peer-to-
peer platforms.
    Mr. Pfluger. How easy is that, for them to translate that 
into--to either leverage for what they want to get out of it 
for the use of, you know--into and out of the United States?
    Mr. Eisert. Oh, once it is in the virtual currency format, 
it could be moved around the world in a matter of minutes, 100 
times over around the world.
    The biggest chokepoints and where we have our most success 
is when the on-ramping or the off-ramping of the virtual 
currency, so, for instance, getting it into the virtual 
currency realm. That is where we have our success in our 
undercover platforms and through our traditional money-
laundering investigations.
    A few years back, many of the mainline exchanges were 
regulated as money service businesses and needed know-your-
customer regulations, and that has pushed a lot of the illicit 
activity to unregulated peer-to-peer atmosphere. That is where 
we primarily target the cartel and their work.
    Mr. Pfluger. Thank you very much for that.
    For Mr. Sheridan, how does the Secret Service's approach 
differ from other agencies, other law enforcement colleagues? 
Kind-of, what makes you and the Secret Service unique in this 
regard?
    Mr. Sheridan. Thank you for that question, sir.
    So all law enforcement entities bring their own unique set 
of capabilities to this fight. We in the Secret Service are a 
smaller organization. That makes us more agile for information 
sharing and case coordination within our own agency.
    That small size also requires us to rely on partnerships. 
Partnerships are the lifeblood of the Secret Service, not only 
in our protective mission but investigatively as well. So we 
develop very strong partnerships across all of Government and 
with our international law enforcement partners.
    We also have a unique methodology, in that we have been 
doing this for 150 years. We have, over the past several 
decades, created a database of information related to these 
cyber actors, many of whom have graduated up to these most 
complex cyber-enabled fraud schemes that we are seeing today. 
We are able to follow that digital link to when they were just 
starting out and had a more public--and weren't as concerned 
with their on-line presence as being so noticeable.
    Then I think our perspective. Our perspective is based on 
our focused statutory authority, which is to protect the 
Nation's financial payment systems and financial 
infrastructure. That allows us to be specialists, as opposed to 
generalists, and create, really, subject-matter experts within 
our organization to conduct these investigations.
    Mr. Pfluger. Thank you for that.
    Let me just talk about the whole-of-Government approach. I 
appreciate your comments on that, Ms. Dobitsch. For me, 
representing a university that is a cyber center of excellence, 
talk to me about that whole-of-Government approach, the 
private-public partnerships that you all, I think, have 
mentioned, and how we can leverage a university like Angelo 
State University, who focuses on this--and, by the way, a 
minority-serving institution, a Hispanic-serving institution, 
doing wonderful things. Talk to me about how we can incorporate 
students and their learning and what they should be focusing on 
so that they can enter your organizations and combat this.
    Ms. Dobitsch. Yes, sir. Absolutely. As I stated earlier, 
having a sophisticated understanding of the technology itself 
is the first step, and that often comes from private business 
and academia. Understanding the trends that exist in 
cryptocurrency and other digital currencies is really that 
first step.
    Then, also, learning more about the vulnerabilities of each 
of those types of currencies. From the Classified intelligence 
perspective, we have the intent and capabilities of those 
actors, but we can only understand really what the threat is if 
we know well what the technology is able to do and what 
security mechanisms are in place to prevent the malicious use 
of that currency or other technology.
    So it really is a partnership. It is not just intelligence. 
That is why we say ``information and intelligence.'' It is that 
law enforcement data, it is the private academia, and, really, 
all sources of information, because this is a global trend, it 
is a global technology, and all types of actors are really 
seeking to exploit the technology for their own benefit.
    Mr. Pfluger. Well, thank you for that.
    We need to know the resources that you need. We need to 
know the things that you identify, what we are talking about 
here. If there is a more comprehensive list, we need to know 
that.
    We have seen it in the ransomware attacks recently. You 
have mentioned it in many of the examples you have given us. 
But that is the purpose of this hearing and the purpose of our 
committee, is to give you those resources, if we can, to make 
sure that we can combat that.
    With that, Madam Chair, I yield back.
    Ms. Slotkin. The Chair will now recognize other Members for 
questions they may wish to ask the witnesses. In accordance 
with the guidelines laid out by the Chairman and Ranking Member 
in the February 3 colloquy, I will recognize Members in order 
of seniority, alternating between Majority and Minority.
    Members participating virtually are also reminded to unmute 
themselves when recognized for questioning.
    The Chair recognizes for 5 minutes the gentleman from New 
Jersey, Mr. Malinowski.
    Mr. Malinowski. Thank you. Thank you, Madam Chair.
    So, as all of you have testified, cryptocurrencies are 
being used right now for all kinds of very nefarious purposes--
to purchase illicit goods, drugs, guns; to provide material 
support to terrorist organizations; to enable the ransom 
payments that are fueling arguably the biggest threat, one of 
the biggest threats, that Americans are facing in their daily 
lives today.
    Mr. Eisert, I think you said in your testimony that they 
give bad actors the ability to engage in money laundering with 
minimal effort. That is pretty bad.
    Just so everybody is clear, maybe say a little bit more 
about that. What is it about cryptocurrency that enables 
somebody to engage in money laundering with minimal effort?
    Mr. Eisert. Absolutely. Thank you for that question.
    The cryptocurrency problem set transcends borders, 
transcends industries. What I mean by that is, as I discussed 
earlier, once you can get your money into the crypto world 
through a regulated exchanger or an unregulated exchanger, it 
is a push of the button.
    I could tell you about the old days of law enforcement of 
following money launderers from bank to bank, and good luck if 
they could hit 20 in a day. Now you can sit on your couch and 
move it 100 times over. There is one documented case where 
money was moved over 21,000 times before it came out.
    Mr. Malinowski. Yes.
    Mr. Eisert. It is that simple. So, once it is in the 
system, it is moving.
    Tracing it within the system, it is challenging but not 
unbelievable. Identifying who is attached to that transaction 
is the challenge.
    Mr. Malinowski. Well, here is what troubles me. Chairwoman 
Slotkin, in her opening statement, said that there is nothing 
inherently wrong with digital currency. I could be convinced of 
that, but I am not convinced of that, because I am trying to 
see the other side.
    With, for example, drone technology, we know drones can be 
used for deadly, nefarious purposes, including some we have not 
yet seen that we all fear. Yet all of us can list dozens of 
positive uses of drone technology for consumers, for companies.
    Maybe you are not the right people to ask this question to, 
but can you think of any socially beneficial uses of 
cryptocurrency beyond providing some people with something to 
speculate in and make money off of?
    Mr. Eisert. Well, coming from the law enforcement side, we 
are always looking at the illicit side. So I can only tell you 
what my beliefs are and what is out there on the open web. I 
believe a lot of that focus goes into the underbanked. It gives 
an opportunity for the underbanked areas and countries to 
engage in world-wide transactions.
    Mr. Malinowski. Well, I don't know. I mean, I hear things 
like, well, it provides privacy. That didn't stop us from--and 
I am deeply committed to privacy. It did not stop us from 
banning the use of anonymous shell companies for very similar 
reasons, right? Because they are used to cover up illicit 
activity.
    I hear the phrase that it enables the democratization of 
currency. Every time someone says we are democratizing 
something, it kind-of ends the conversation. That is sort-of 
good. I don't really understand what that means in this 
context. I think it is an abstraction, whereas ransomware 
attacks are not an abstraction. They are hurting people every 
single day.
    So I am not sure if I see it. I think we do need to expand 
this conversation to ask that fundamental question, whether the 
challenges that you are facing, that we are asking you to deal 
with, in protecting us against all of these social ills, are 
challenges that are necessary, inescapable, and inevitable. I 
think we have to ask, what is the good, what is the positive 
social value of this phenomenon that is also creating all of 
this harm?
    You know, I think when you look at the history of how we 
built modern economies in the United States and around the 
world, we started 300 or 400 years ago with multiple currencies 
that were unregulated and not controlled by governments, and in 
every modern economy we built what we have today when 
Government decided, no, we are going to have one currency that 
is issued and regulated by Government.
    I think I could ask you--we don't have time--how we can 
better regulate cryptocurrency, but I think if we regulated it, 
it wouldn't be crypto anymore, and so what would be the point? 
So I come back to the question, should this be allowed?
    Thank you. I yield back.
    Ms. Slotkin. The Chair recognizes for 5 minutes the 
gentleman from Mississippi, Mr. Guest.
    Mr. Guest. Thank you, Madam Chairman.
    Director Sheridan, you say in your written testimony that 
for cryptocurrency and other digital assets to be utilized 
within the mainstream economy, they usually must be converted 
into Government-backed currencies, such as the U.S. dollar and 
the euro.
    You said that exchanges serve both as on-ramps and off-
ramps to the cryptocurrency economy. You talk about the growth 
of unlicensed over-the-counter brokers and the importance of 
anti-money-laundering and know-your-customers laws.
    Could you expand on that very briefly?
    Mr. Sheridan. Yes, sir. Thank you for that question.
    What my written testimony was meant to encapsulate is the 
ecosystem of what we refer to as digital money. We see in a lot 
of these conversations that the terms related to the different 
platforms are used interchangeably: Virtual currency, digital 
currency, cryptocurrency. We in the Secret Service use the term 
``digital money,'' because that encapsulates all forms, to 
include cryptocurrency and the most commonly referred to coins, 
such as Bitcoin, Ethereum, Tether, and so forth.
    The true definition really comes down to the technology 
used to create it, the regulations that apply, whether or not 
it is legal tender. But, for us, it comes down to how it is 
used.
    So the written testimony is meant to describe in more 
detail how it is used, as my colleague has identified, to on-
ramp from legal tender to digital money, how it is used 
laterally for legal and illicit means, and how it is off-
ramped, converted away from a digital platform to legal tender.
    The exchangers that were referenced are certainly integral 
to that. These are the ways in which we in law enforcement find 
are primary means to engage for identification and further 
information related to the digital money that is used.
    Mr. Guest. Switching gears very quickly, back in April, 
there was an announcement that the Secret Service was going to 
partner with the Mississippi attorney general's office, various 
other local law enforcement agencies, in establishing a 
Mississippi Cyber Fraud Task Force.
    My question is two-fold. One, can you talk a little bit 
about the importance of these task forces, how that serves as a 
force multiplier to what you are trying to do in the Secret 
Service?
    Then the other thing I want to follow up on is, it is my 
understanding that all of these agents will be trained at the 
National Computer Forensics Institute, which is located at 
Hoover, Alabama. I am very familiar with that institute. But 
can you talk a little bit about the mission of that institute 
and the important role that that organization serves?
    Mr. Sheridan. Yes, sir. The Cyber Fraud Tasks Forces are 
our global network of investigative task forces staffed by not 
only our special agent personnel but our professional work 
force of subject-matter experts from our Investigative Services 
Division, our network intrusion forensics analysts. These are 
our touchpoints to the local communities, to your constituents, 
that bring the information back to our Global Investigative 
Operations Center to make the whole Secret Service approach to 
our investigations.
    As you said, sir, a lot of what we do on that local level 
is through the National Computer Forensics Institute. As you 
are aware, that is the only Federal facility to train and equip 
State, local, territorial, Tribal officers, judges, and 
prosecutors. Those officers and law enforcement entities are 
really the first responders. They are the front line, they are 
the surge capacity in this fight against the complex cyber-
enabled fraud.
    We are very grateful for the support of Congress for the 
growth of that facility. We have trained over 16,000 of those 
law enforcement officials. But, as you are aware, that 
facility's authorization is due to sunset in 2022, and we would 
greatly appreciate the support to continue its authorization, 
not only domestically but to expand that same training to our 
foreign partners to take this fight globally, to have that 
surge capacity on the global scale.
    Mr. Guest. As it relates to the National Computer Forensics 
Institute, do you feel that it serves as a key component in our 
fight against cyber crime?
    Mr. Sheridan. Sir, I could not agree with you more 
wholeheartedly on that question. It trains, equips State, local 
officers to be the first line of defense, the first people that 
your constituents are primarily going to call.
    With their support--as I mentioned, partnerships in the 
Secret Service--and shoulder-to-shoulder with us, this is how 
we are going to beat this adversary and how we are going to get 
more competent at combating these types of fraud schemes.
    Mr. Guest. As I understand your testimony, Director 
Sheridan, you believe it is crucial that Congress not only 
reauthorize this program but that we robustly fund what is 
going on there at the National Computer Forensics Institute. Is 
that correct?
    Mr. Sheridan. Yes, sir. I think that is imperative in this 
fight.
    Mr. Guest. Thank you, Madam Chairman. I yield back.
    Ms. Slotkin. Perfect timing.
    The Chair recognizes for 5 minutes the gentleman from 
California, Mr. Swalwell.
    Mr. Swalwell. Thank you. I thank the Chairwoman for holding 
this critical hearing as the dashboard is blinking for 
America's businesses as it relates to ransomware attacks.
    In many ways, this feels like a pre-September 11 
environment for businesses, in that you have all the signs 
there that, you know, we are going to continue to face attacks, 
perhaps ones that could shut down for a protracted period of 
time critical infrastructure. You have these attacks being 
launched from foreign countries that are not our allies. It is 
unclear whether they are state-sponsored, but they are 
certainly state-enabled, because countries are looking the 
other way and aren't cooperating with us or INTERPOL in 
apprehending and stopping the hackers.
    So I wanted to first invoke a Bay Area business leader, 
John Chambers, who used to be the CEO at Cisco. He recently 
said that more than 65,000 ransomware attacks are expected to 
happen this year, at an average cost to small and medium-size 
businesses of $170,000 each.
    Kevin Mandia, the CEO of FireEye, recently said, ``There is 
a direct correlation between ransomware and the anonymity of 
digital currency.'' While I certainly am a supporter of 
cryptocurrency and blockchain technologies, I want to make sure 
that they are not contributing to or enabling these attacks.
    So the question I have first: Is anonymous cryptocurrency 
hindering your office's abilities at DHS to respond to cyber 
attacks? Mr. Eisert.
    Mr. Eisert. Thank you for that question. To get to your 
point about the use of virtual currencies in ransomware, the 
biggest hurdle is already taken care of with those illicit 
actors. The payer is on-ramping that money into the system for 
him. That is usually where we have our greatest success, as I 
discussed before.
    As for the fight against network intrusion, H&I has the 
Cyber Crimes Center, which supports cyber-enabled crimes as 
well as cyber crime directly. Within the Cyber Crimes Center, 
we have a network intrusion program; we call it Operation Cyber 
Centurion. What Cyber Centurion does is, we have trained 
special agents around the country with specific software and 
tools, and we scan and detect vulnerabilities in the 
infrastructure.
    So we will scan the open net for vulnerabilities that have 
been published by our sister agency, CISA, where, when we 
identify those vulnerabilities, we will reach out to those 
organizations and say, ``Hey, you have a gap here,'' or, ``Hey, 
you have a gap inside your system right now,'' and then we will 
proactively do an investigation with that.
    Mr. Swalwell. Thank you, Mr. Eisert.
    To follow up on that, how much does it help when a business 
reports to you that they have been attacked? How does that 
factor into whether you think we should have mandatory 
reporting, whether it is in critical infrastructure space or 
just business-wide in America? What information do you yield 
when you learn about a ransomware attack?
    Mr. Eisert. The more dots we have out there, the more 
connections we can make. So, with the increased reporting, 
either it be from the financial arena or just in the trend of 
money laundering and everything else, or private industry on 
how they have been hacked, when we have more bits of evidence 
and information, we can connect to bigger networks. So it would 
be extreme help to have that information.
    Mr. Swalwell. I know there is a lot that we can do, you 
know, left of boom, as far as, like, the hygiene requirements 
that we have, particularly of, you know, U.S. Government 
vendors and contractors. But on the right-of-boom side, what 
are you doing to make sure that businesses are comfortable 
working with DHS or the Bureau?
    You know, the concern I have heard from some vendors is, 
you know, we don't want to open our books up to the FBI or DHS; 
you know, who knows what we have done inadvertently that could 
put us, you know, on their radar. We don't want them thinking 
that way. We want them to trust the Government, that the 
Government can be a part of understanding the attack and, 
ideally, have the capability to shut it down.
    So what are you doing to try and earn the trust of 
businesses who are victims?
    Mr. Eisert. Again, thank you for that question.
    Well, we partner tremendously with our brothers and sisters 
in FBI and CISA in this world. We do a lot of outreach. I spoke 
earlier about Operation Cornerstone, which does a lot of 
outreach to private industries to let them know who we are, 
what we can do, how we can help. With that comes a level of 
comfortability.
    I can't speak for the other agencies on what they do 
independently, but I think it is important that we continue to 
work together and show that we are in this with one fight.
    Mr. Swalwell. Great. Thank you.
    Thank the Chair for the hearing. I yield back.
    Ms. Slotkin. Thank you.
    The Chair recognizes for 5 minutes the gentleman from the 
greatest State in the Union, Michigan, Mr. Meijer.
    Mr. Meijer. Amen. Thank you, Madam Chair.
    Then thank you to our witnesses for testifying here today 
and sharing a little bit more of your knowledge and experience 
and understanding on this critical issue that has obviously 
been in the news because of ransomware but has been an issue 
more broadly.
    As Ranking Member of this committee's Oversight 
Subcommittee, I always want to make sure that our Government is 
functioning as efficiently and as adequately as possible so 
that we can be most effective in combating terrorism.
    You know, we have before us three different subcomponents 
of the Department of Homeland Security represented. So I will 
allow whoever feels most well-equipped to answer this question 
to do so.
    But I want to understand, with all of the different Federal 
entities engaged in countering terrorism financing and the 
illicit financial activities that help contribute toward it, 
can you provide a little bit more clarity on which specific 
agencies are responsible for tracking which activities? So what 
are the left and right limits not only of your own entities but 
also how you engage with the broader intelligence and law 
enforcement community in these efforts?
    Mr. Sheridan. Sir, if I could, I will start conceptually 
first.
    We do recognize the fact that there are certainly 
overlapping authorities, to some extent, and responsibilities. 
But we in law enforcement view it as a team sport. There is 
more than enough work to go around. It is essential that we 
have that level of partnership and collaboration due to the 
complexity and the scope and scale of our adversary.
    We have institutional deconfliction and information-sharing 
mechanisms in place to ensure we aren't being wasteful in any 
way and being good stewards of the American taxpayer dollar, to 
your concern.
    More on a tactical approach, I will speak for the Secret 
Service, in that our role is focused on protecting the Nation's 
financial infrastructure and financial payment systems, so we 
will investigate crimes that violate U.S. law related to those.
    Because of those information-sharing mechanisms we have in 
place through our task forces, with my colleagues here at the 
table, as well as all of Federal and State and local law 
enforcement, we are able to share information and case 
coordination as an investigation comes up that may not focus on 
those payment systems.
    Mr. Eisert. If I may add to that, primacy within the Joint 
Terrorism Task Force lays with the FBI. So they will always 
have primacy when it comes to terrorism and terrorism 
financing. But, like my colleague said, a lot of us bring 
unique authorities to the table.
    H&I is the largest Federal contributor to the FBI's Joint 
Terrorism Task Force. It speaks specifically about those 
authorities. Fifty percent, almost 50 percent, of all 
disruptions within the Joint Terrorism Task Force fall within 
the authorities that HSI bring to the table--so, for instance, 
the UC activity, the undercover activity, that we have; full 
use of Bank Secrecy Act data that we have; full access to trade 
data.
    So each agency is bringing their particular skill set.
    Ms. Dobitsch. I will just add as well, I think, from the 
intelligence perspective, I&A is really serving as the bridge 
between the intelligence community and our State and local law 
enforcement partners.
    The first step really is access to that data, making sure 
that everyone involved in this fight has access to that data 
and that it is integrated in a way that we could use technology 
to quickly identify those threats.
    We think it is critical--particularly as we talked about 
how big cryptocurrency is and the use of digital currencies, it 
requires a sophisticated understanding and expertise but 
technology to be able to quickly comb through the data and 
figure out what we should be looking at. So it is really the 
access and the integration that is critical.
    Oftentimes we have local law enforcement information that 
is filling intelligence gaps and intelligence information that 
is helping local law enforcement understand what those 
vulnerabilities are.
    Mr. Meijer. Thank you all for your responses to that to 
better help, kind-of, flesh out that universe from a top-down 
level. I am heartened to hear on both the access side and the 
information-sharing side and on the deconfliction-mechanism 
side that those have been adequately addressed.
    I guess, when it comes to resources and capabilities--and 
then my time is running short here, but are there any concerns 
that there may be either gaps in enforcement, gaps in 
collection, or gaps in capabilities that we should be working 
to address?
    Mr. Eisert. Specific to the virtual currency problem set, 
the current regulations doesn't encapsulate the whole virtual 
currency. Virtual currency AML and know-your-customer stuff 
does not mirror traditional banking industry AML.
    Mr. Meijer. Then, with that, Madam Chair, my time has 
expired, and I yield back.
    Ms. Slotkin. Thank you.
    I will just note for the Members that we will do a quick 
second round here.
    But the Chair recognizes for 5 minutes the gentleman from 
New Jersey, Mr. Gottheimer.
    Mr. Gottheimer. Thank you, Chairwoman Slotkin, for 
organizing this very important hearing.
    Thank you to each of the witnesses for being here today and 
for the work you and your colleagues do to help counter the 
illicit use of cryptocurrencies.
    I am concerned about the increasing attractiveness of 
cryptocurrencies to two types of illicit actors: One, foreign 
terrorist organizations such as Hamas, Hezbollah, and ISIS, 
and, second, to the use of domestic White supremacists like the 
Proud Boys and other violent extremist groups which were 
involved in the January 6 attack on the Capitol.
    If it is OK, I will start with you, Ms. Dobitsch. How does 
our ability to pursue the illicit use of cryptocurrencies 
differ between these two types of actors? Is it easier to shut 
down, seize the assets of, and bring charges against foreign 
terrorist organizations compared to domestic violent 
extremists?
    Ms. Dobitsch. Thank you, sir.
    I would say that it is complex from both perspectives, in 
part because of the anonymity that cryptocurrency and other 
digital currencies provide. Even if we can see the transaction, 
we often don't know who the transaction--or who is receiving 
that and then what the ultimate purpose of that resource is.
    So it is difficult even from a foreign terrorist 
perspective to be able to track that money as it relates to it 
ultimately resulting in the purchase of a weapon or some kind 
of facilitation of an operation.
    From the domestic violent extremist angle, certainly we are 
seeing an increase in calls for fundraising and donations using 
cryptocurrency, but we have a difficult time really trying to 
translate that to violence and understanding how that resource 
is being translated into a plot or an operation here in the 
homeland.
    Mr. Gottheimer. Thank you. But, compared to cash, is it 
easier to track, or it is still more difficult because you 
can't really understand the purpose of it?
    Ms. Dobitsch. I would defer to my law enforcement 
colleagues on which one is more or less----
    Mr. Gottheimer. I guess I will turn to Mr. Eisert on that 
one, or Mr. Sheridan I guess. I don't know. Who do you think is 
better on that one?
    Mr. Sheridan. Is your question about----
    Mr. Gottheimer. I guess it is a Secret Service question, so 
cash----
    Mr. Sheridan. Is your question about tracking, sir?
    Mr. Gottheimer. Yes.
    Mr. Sheridan. By its nature, digital money is easier to 
track, because there is a digital trail and actual evidence 
related to its use and each step it takes along the blockchain 
as it moves.
    Mr. Gottheimer. If I can stick with you, if that is OK, how 
can we eliminate barriers and friction for law enforcement to 
make it easier for us to keep up with ever-evolving digital 
assets and technologies? Is there anything you think we should 
be doing straightaway?
    Mr. Sheridan. For us, it would be resourcing in the basic 
concepts of people, process, and technology.
    We need to increase our work force, not only in volume but 
in capabilities, on the law enforcement side as well as the 
subject-matter experts, our professional work staff that we 
hire. We have a great team of computer scientists, folks with 
the capabilities to conduct blockchain analysis and crypto 
tracing, but we need more of them.
    We need to keep pace with the adversary. We need to grow 
into the international locations where we don't have as strong 
a presence, because this is a transnational crime.
    We need to get better at our processes, to modernize and 
have more advanced capabilities to handle the volume of data 
that we are seeing, because there is such a significant trading 
and movement related to these currencies.
    We also need to modernize our technologies related to our 
task forces throughout the globe.
    Mr. Gottheimer. Thank you, sir.
    Mr. Eisert, would you describe the role undercover HSI 
agents placed in last year's seizure of millions of dollars in 
cryptocurrencies from terrorists, including ISIS, al-Qaeda, and 
Hamas, if you don't mind? Thanks.
    Mr. Eisert. Absolutely. Excuse me, though, if I stay vague. 
There is a lot of undercover activity and Classified 
information that we are happy to host a separate meeting on.
    Mr. Gottheimer. Of course.
    Mr. Eisert. But those initial leads, if I can just bulk 
them together--they ran parallel and were very similar--those 
initial leads came through the Intelligence Committee as well 
as some reporting from watchdog organizations.
    Upon identifying the illicit intent of those organizations, 
we approached each of those organizations with multiple 
undercover personas, engaged them in conversation to get the 
intent of what the purpose of the money was, at which point we 
started to identify the Bitcoin wallets that they asked for.
    Throughout the investigation, their methods changed, but 
with each method change we just identified a new branch of 
tracing that we had to run and go do, bringing it right to the 
end, bringing it right to the culmination of the seizure of 
about $10 million in both cases.
    Mr. Gottheimer. Excellent. I appreciate that. I would enjoy 
a briefing in a Classified setting on that.
    Mr. Eisert. Excellent.
    Mr. Gottheimer. Thank you so much.
    I yield back. Thank you, Chairwoman.
    Ms. Slotkin. Thank you.
    We will now turn to a second round. I will recognize myself 
for some questions.
    So two very different questions. One is on this idea that 
our companies, our organizations, even local governments are 
not mandated reporters when it comes to the attacks that they 
withstand.
    So, for instance, a big box store could be hacked and have 
a ton of all of our personal data taken and then pay a ransom 
for that money, potentially through cryptocurrency, and not 
have to report that to the very individuals who had their 
information stolen, not have to report that to law enforcement, 
not have to actually say anything. We have seen examples of 
companies who have waited 6 months, a year, et cetera, to 
actually come forward and say something about this.
    Tell me, for the folks in law enforcement, what that does 
to your ability to actually help go after these guys. Do you 
believe that companies and organizations should be mandated 
reporters when they are the victim of a hacking or ransomware 
attack?
    Mr. Sheridan.
    Mr. Sheridan. Thank you, ma'am. That is an extremely 
important question. We, yes, support reporting in all instances 
to law enforcement, regardless of agency or which law 
enforcement entity it is reported to.
    I do believe there are some misconceptions about law 
enforcement's role in this, as was referenced earlier, that 
perhaps law enforcement creates an intrusion or creates some 
type of vulnerability to systems.
    We view our investigative mission as part of the prevention 
process. We will work with organizations and whatever third 
party they have as part of their security team in a 
collaborative sense.
    Reporting to us will help make systems stronger, will help 
identify areas of weakness, the attack vectors, the indicators 
of compromise. It will prevent future attacks not only to that 
individual organization but perhaps other organizations that 
may have similar vulnerabilities.
    Ms. Slotkin. Yes.
    You know, I talk to people in my district, and they feel 
like their data, their information, they are on the front lines 
of, kind-of, a cyber war. They are asking me constantly, you 
know, are we doing something about this? Is my Government 
helping to stop these attacks?
    A lot of people took notice when the Colonial Pipeline was 
attacked and ransomed, when, you know, we got money back 
through the FBI acting to grab some of that money back. It felt 
like the first time we were punching back--in a public way, 
right? Of course, there are lots of that things I know you 
can't talk about that, and we are glad to not talk about them.
    But help explain to, again, that farmer in the middle of my 
district who is asking about cybersecurity. Convince him that 
their Government is doing something about the fact that they 
are being constantly attacked.
    Mr. Sheridan. Yes, ma'am.
    Well, it starts, as was referenced earlier, with the 
National Computer Forensics Institute. We have trained over 
16,000 State and local officers to be the first responders to 
these events. It starts with contacting them, contacting law 
enforcement.
    There are multiple tools within our organizations and our 
partners in order to interdict and stop in real time some of 
these victimizations that are occurring, not only within the 
network itself but in terms of the transfer of the funds that 
have been taken by these illicit actors.
    Within the Secret Service, we have our Global Rapid 
Response and Incident Tracking Team that is able to 
domestically stop wire transfers if notified within a certain 
amount of time. Since its inception in----
    Ms. Slotkin. If notified. Uh-huh.
    Mr. Sheridan. If notified.
    Ms. Slotkin. Right.
    Mr. Sheridan. If it is notified, since 2019, we have 
intercepted more than $80 million in transit to prevent it from 
going to illicit actors.
    Within the Department of Treasury, FinCEN has their Rapid 
Response Program. Similarly, that is more internationally 
focused, but, over the past 4 years, we have an 82 percent 
success rate working with FinCEN if notified within a 72-hour 
window, primarily within a 48-hour window. The success rate 
drops dramatically depending on the amount of time that has 
lapsed. But we have been able to interdict more than $385 
million from going to criminal actors.
    Within the Secret Service, we have our own Asset Forfeiture 
Branch that returns victim funds to victims if we are notified, 
if we are able to participate in the investigation and find the 
illicit funds in transit.
    Ms. Slotkin. So that is super-helpful and connects the two 
questions, right, that you all can actually do some real things 
if you are notified, but our current system does not require 
organizations or companies to notify anybody if their data has 
been taken, if there has been ransom.
    So I appreciate that and would offer that we could do with 
a little bit more public talk and discussion from you all about 
what you are doing, because it sounds like it is more than the 
average citizen knows, and they want to know that their 
Government is protecting them.
    So, with that, I yield to the gentleman from Texas, Mr. 
Pfluger.
    Mr. Pfluger. Thank you, Madam Chair.
    Kind-of discussing a similar topic, you know, attribution 
seems to be one of the toughest things to get after. So, 
whether it is mandatory or whether this public-private 
partnership encourages people because they know that, if the 
assets that they have potentially lost are going to be returned 
to them, then hopefully that will also drive a motivation to 
report--and especially if the education is out there and we 
have forums where they understand that, you know, your agencies 
offer them something to prevent this type of activity from 
happening.
    But let me kind-of focus in on the National Computer 
Forensics Institute and why it is valuable to the Secret 
Service in your investigations and what more it can be doing 
and how can we in Congress support you.
    Mr. Sheridan.
    Mr. Sheridan. Yes, sir. Thank you for the question.
    We are very, very grateful for Congress's support to this 
date regarding NCFI. It has been phenomenal to see the growth 
in that program and the number of people and State and local 
officers, judges, and prosecutors that have been trained there, 
over 16,000 to date.
    We are currently training about 3,000 a year. Projected 
estimates are almost twice that, but we are limited by not only 
the authorization that is pending in 2022 to sunset but the 
current resourcing that we have to that facility.
    We think we can double our capacity in terms of training, 
as well as expand into international areas, which I think is 
imperative for us to be stronger globally with our law 
enforcement partners around the world in order to combat this.
    Mr. Pfluger. Well, thank you.
    Just a question for any of you that wants to comment on 
this. How closely linked are terrorist organizations and these 
ransomware attacks that we are seeing, which are not new, but 
some of them are being publicized, especially the ones that are 
happening toward critical infrastructure, whether it is our 
food supply, our energy supply? How closely linked, and what is 
the projected or estimated threat, as you see it with your 
crystal ball, in the future?
    Ms. Dobitsch. So, to date, we haven't seen really any 
connections between ransomware attacks and terrorist groups or 
associates.
    But what we would underscore is, as we discussed earlier, 
that rapid ability to adapt that we have seen demonstrated by 
the broad range of terrorist groups. In addition to that, we 
call it the copycat trend. Terrorist groups often adopt 
tactics, techniques, and procedures from other malicious actors 
that they see as beneficial to them.
    So, again, as terrorists' use of cryptocurrency and digital 
currencies becomes more commonplace, certainly we could expect 
to see them using ransomware as a means to fund their 
operations.
    In addition to that, we are increasingly seeing cyber 
criminals offer ransomware as a service. So individuals can buy 
a service on the dark web, and we often don't know who the 
actor is that is paying for that service.
    So there are many opportunities for terrorists to exploit 
ransomware to support their operations.
    Mr. Pfluger. Again, probably underscoring the NCFI, your 
role that you play there.
    I would just say, based on that response, that I don't 
think--our position on this has to be incredibly strong. The 
responses that we as a country levy upon bad actors, criminal 
organizations, terrorist organizations, malign actors anywhere, 
state or non-state--it is not limited to 16 industries in this 
country; it is going to be across the board. Our response has 
got to be strong. I hope that this committee will continue to 
take that up and investigate this.
    With that, Madam Chair, I will yield back.
    Ms. Slotkin. The Chair recognizes the gentleman from New 
Jersey, Mr. Malinowski.
    Mr. Malinowski. Thank you, Madam Chair.
    So I am still not convinced this market in cryptocurrency 
should even exist, but let's talk about regulation for a 
moment.
    The Treasury Department recently announced that it would be 
requiring cryptocurrency transactions I believe over $10,000 to 
be reported to the IRS. Is that correct?
    Mr. Eisert. I believe there is proposed legislation.
    Mr. Malinowski. It is proposed, right. So that does require 
action from us? Or is this something that----
    Mr. Eisert. I would have to defer to Treasury on that.
    Mr. Malinowski. OK.
    In principle, would that at least help to address the 
challenge that Chairwoman Slotkin referred to, in the sense 
that presumably a company making a ransom payment of over 
$10,000 would then at least have to report that to the IRS?
    Mr. Eisert. I would say depending on how the regulation is 
written.
    Mr. Malinowski. Right.
    Mr. Eisert. If we want to take mainstream financial 
institutions and how regulations are written now, if cash was 
to go into the system, there would be a requirement. Right now, 
the mainstream regulation revolves around cash.
    Mr. Malinowski. OK.
    Mr. Eisert. If it mirrored it with virtual currency, then 
yes.
    Mr. Malinowski. That would presumably be helpful to you 
all.
    Mr. Eisert. Extremely.
    Mr. Malinowski. Yes. OK. Most ransomware payments would be 
over $10,000, just in the current scheme of things, so it would 
probably capture a significant share of, if not all, ransomware 
payments.
    Other ideas? Should the SEC be given the authority to 
regulate cryptocurrency exchanges? Is that something that the 
administration is considering proposing?
    Mr. Sheridan. So, sir, the challenge with regulation that 
we see is, because digital money is used in so many different 
capacities, depending on the technology that is used to create 
it and, essentially, how it is employed, there is no one 
regulatory agency that currently has oversight. Sometimes it is 
a commodity, sometimes it is a security, a derivative, legal 
tender.
    So regulation is certainly important, as my colleague has 
identified. The anti-money-laundering laws, know-your-customer, 
countering of financing of terrorism, the anti-money-laundering 
law of 2020 have all been instrumental in helping tamp down 
criminal activity related to this. But, from a law enforcement 
perspective, we are not regulatory in nature, and our 
perspective would be to grow authorities related to our 
investigative and statutory capabilities as opposed to 
regulatory capabilities.
    There is some concern, as also was referenced, about the 
dual-edged nature of overregulation that may push illicit use 
and criminal actors deeper into anonymizing methods and corners 
of the internet that would make it more difficult for law 
enforcement.
    Mr. Malinowski. OK. Well, you know, we would very much 
value, I think, your guidance in finding that sweet spot, if 
the answer is going to be greater regulation.
    I presume that you would agree that, whatever rules we come 
up with, they should be broadly harmonized across the 50 States 
but also internationally. I wonder if you know of any examples 
outside the United States of regulatory steps that other 
governments, partner governments, have taken that you think 
might be helpful to emulate or, on the contrary, helpful not to 
emulate.
    Mr. Eisert. Sure. Thank you.
    Homeland Security Investigations sits on working groups 
with the Financial Action Task Force, FATFs, which is a 
conglomerate of countries and regulatory bodies. In this 
working group, we discuss those exact things--where should we 
be going? Many of the regulations you are seeing proposed and 
that have already come through are a result of those FATFs.
    You know, with that, the regulations and know-your-
customer, they are meant to root out bad actors, support OFAC 
fundings. At no point do they restrict legal transfer of these 
virtual currencies. So it is important to note that, no matter 
what has been proposed, nothing is restricting the use of 
virtual currency. It is just creating obtainable records to 
root out the bad actors.
    Mr. Malinowski. OK. Thank you.
    I yield back.
    Ms. Slotkin. The Chair recognizes the gentleman from 
Michigan, Mr. Meijer.
    Mr. Meijer. Thank you, Madam Chair.
    I just want to follow up on the earlier line of questioning 
that I had. Mr. Eisert, I think you mentioned that one of the--
you know, the gaps that you identify when it comes to specific 
and virtual currency problem sets. We have been talking about 
that a little bit.
    I want to drill down, because I think many who are watching 
or listening here today are familiar with Bitcoin. They have at 
least heard of Bitcoin, if they are not more broadly aware of 
blockchain and crypto. But Bitcoin, though it is the most well-
known and one of the largest by market--or the largest by 
market capitalization, it is one of, I think, over 5,000 
different cryptocurrencies. So you have not only, you know, 
some others that people may have heard of, like Litecoin, 
Ethereum, Doge, but also many, many, many old coins and then 
proposed stable coins as well.
    Ms. Dobitsch, in your report, you also said--or your 
testimony, you also said that newer and less popular 
cryptocurrencies are increasingly attractive to malicious 
actors because of their more stringent privacy and security 
features.
    I guess, how well-resourced do you feel to deal with the 
lesser-known cryptos, not just those who may be in the top, you 
know, 5 or 10 of market cap, but even the potential for the 
exploitation of some of these mini or micro cap 
cryptocurrencies?
    Mr. Eisert. The privacy coins create a challenge because of 
their hidden blockchain, their obscured blockchain. A lot of 
our data analytics aren't as thorough as it is with the open 
blockchains, and sometimes it is not thorough enough for us to 
bring it to a courtroom to do something.
    Luckily for us, because, as you mentioned, the market cap 
and the total volume of coin, the usability is not there. If 
you are looking at Monero, with maybe a market cap right now of 
40 to 50 million, if you are looking to move 3 million in 
Monero, you are using 10 percent of the market.
    So the usability is not there yet, and that is the scary 
part. The good thing is a lot of U.S. exchanges will not accept 
Monero because of its hidden blockchain. It won't meet their 
know-your-customer and AML policies.
    Mr. Meijer. Well, I actually want to follow up on that 
point, because, you know, when terrorists were aware that email 
traffic might be monitored, I mean, the way you get around that 
is you don't have that go through traffic, right? You have a 
draft, and then two parties both have access.
    I mean, what about a scenario where it is a super-micro-
mini cap where it is not usable as a currency but if a company 
were to invest, you know, $10 million into it and, prior to 
that investment, a terrorist or ransomware entity, you know, 
buys up the entirety of it, I mean, it is essentially 
functioning as a mechanism to pass that through. Because, once 
the money is in there, they could just sell whatever the gains 
are, and then, you know, all of the losses are borne by the 
entity that had purchased--that company paying that ransom.
    I mean, that would obviously be a scenario where, to Mr. 
Malinowski's reference to the proposed Treasury Department 
regulations, it would not qualify, because it isn't a transfer. 
It is merely a purchase that is held. But that asset, 
essentially like a balloon deflating, loses all value, and all 
the air is captured on the outside.
    I mean, is that a scenario you could foresee happening?
    Mr. Eisert. Yes, I am trying to track most of it.
    Some of the regulations being proposed--and, again, I 
really would prefer to yield to Treasury on something like 
that--is, if an unhosted wallet has an exchange with a 
regulated wallet, there would be a reporting mechanism. So that 
would capture some of that.
    As for an alt-coin or a privacy coin that an organization 
decides to use and pump a lot of money in, that is great; they 
are still going to have the problem of--I am going to keep 
using the term--``off-ramping'' it. That is where the AML, the 
anti-money-laundering, policies will take effect and capture.
    Mr. Meijer. Ms. Dobitsch, anything to add?
    Ms. Dobitsch. No, just that we have seen terrorist groups 
use privacy coins, including Monero. So it is certainly 
something that we are seeing.
    I would also note that, you know, thousands of 
cryptocurrencies; the advancements are daily. So the increased 
privacy, the increased anonymity of these occurs with the 
creation of every new Bitcoin. So it is certainly a challenge, 
I think, first, to understand what they are using and then to 
have greater insight into how they are actually using the 
currency.
    Mr. Meijer. OK.
    Well, I appreciate the additional ability to probe a little 
bit deeper there. It is clearly that, you know, Bitcoin 
presents its own challenges, but, in the broad, you know, 
ecosphere of various cryptocurrencies, especially when we get 
down to that very small end, the opportunities for exploitation 
are nearly limitless.
    With that, Madam Chair, my time has expired, and I yield 
back.
    Ms. Slotkin. With that, I thank the witnesses for their 
testimony and the Members for their questions.
    The Members of the subcommittee may have additional 
questions for the witnesses, and we ask that you respond 
expeditiously in writing to those questions.
    The Chair reminds Members that the subcommittee record will 
remain open for 10 business days.
    Without objection, the subcommittee stands adjourned.
    [Whereupon, at 11:39 a.m., the subcommittee was adjourned.]

                                 [all]