Can western intel agencies spy on Hezbollah via crypto?
Although branded as a safe and secure mode of transaction, cryptocurrency networks are still vulnerable to hacking. In sanctions-hit and economic crisis-ridden Lebanon, this poses an existential threat to all Lebanese.
By Kit Klarenberg
December 20 2022
Photo Credit: The Cradle

Editor’s note: Hezbollah sources queried by The Cradle had no comment on this story, nor did they confirm that cryptocurrencies were a mode of transaction for the movement. It is worth noting that while ‘Anomaly Six’ claims it can and has compromised crypto transactions by Hezbollah members, there is no actual evidence that they have done so.

Beirut’s long-running, slow-burn financial crisis, and a welter of western sanctions, have in recent years compelled Lebanon’s resistance movement, Hezbollah, to turn to cryptocurrency. The asset allows users to conduct business outside traditional financial structures, theoretically in secret.

In practice, this is not exactly the case, as leaked documents reviewed by The Cradle expose how western intelligence services can track transactions, using an illegal spying technology that puts the privacy and security of every Lebanese citizen at risk.

The sanctions, mainly imposed by the US against Hezbollah and its supporters, are almost too numerous to list. Punitive measures have been directly applied to the movement on a variety of bases, and over the course of this year, these penalties have been repeatedly expanded to include the individuals, organizations and funding sources that constitute its political and economic support networks domestically and internationally, including its accountant.

Bypassing sanctions

Cryptocurrencies provide a means by which Hezbollah can circumvent these measures, by covertly making and receiving payments, and skirting import and export bans. Since its launch, Bitcoin and its peers have been marketed and sold on the high levels of anonymity they grant senders and recipients. While transactions can be monitored at every stage via publicly accessible blockchain records, the individuals and/or organizations at either end are supposed to be incognito.

It is precisely for this reason that cryptocurrency has increasingly come under intense interest to western intelligence services, with CIA chief William Burns openly confirming in May 2021 that the Agency was engaged in “a number of different projects” focused on the asset. The nature of these efforts isn’t certain, but the clandestine sales pitches of shadowy private spying firm Anomaly Six shed potential light on Langley’s capabilities in this regard.

Anomaly Six embeds software development kits, or SDKs, in hundreds of popular smartphone and Internet-of-Things (IoT) apps, then carves through layers of “anonymized” data these apps generate in order to uncover sensitive information about any user it chooses anywhere on Earth. The company brags about its ability to simultaneously monitor roughly three billion smartphone devices – equivalent to a fifth of the world’s population – in real-time.

‘Hezbollah Crypto Wallet’

One leaked Anomaly Six pitch deck offers several working studies of how services “can be used in multiple use cases to support cyber intelligence and operational use end states.” Chief among these examples is the company tracking the movements of “devices connected to Hezbollah Crypto Wallet IPs.”

The document declares one of many areas in which Anomaly Six “stands alone” in the private spying sphere is its ability to “cross reference our data to match IoT devices to IP addresses they have been associated with.” IP is “one of 37 fields in which A6 captures data for a much more refined and holistic data approach.”

Having been provided with a list of IP addresses “associated with a Hezbollah cryptocurrency wallet” by an unstated source, Anomaly Six identified 1,573 IoT devices associated with the wallet:

“Further analysis was done with this data to determine the devices that were most active as well as those devices that were connected to more than one Hezbollah IP of interest.”

“The majority of the device data here is in and around Beirut with some travel within Lebanon proper as well as one device that transits to Istanbul,” the document continues.

Anomaly Six’s alleged tracking of a ‘Hezbollah member’ between Lebanon and Turkey.

“They have all been connected to various Hezbollah associates IPs. The device that travels to Istanbul transits through the secondary airport but spent multiple days at the Conrad Istanbul Bosporus Hotel.”

By drilling down on “a few” separate IoT devices associated with “multiple nefarious” IPs, Anomaly Six was able to determine the owners’ identities, due to the “patterns of life” discernible from their “travel patterns”, including “bed down locations” – in other words, where these people sleep.

This data trove could, the company suggested, “be used to support intelligence and operations for multiple government strategic, operational, and tactical end states.”

Crypto as a life-line for Lebanon

Washington aggressively enforces its assorted sanctions regimes globally, and is prepared to harshly penalize anyone helping its targets circumvent restrictions. For example, Colombian businessman Alex Saab is currently being tried in a US court for selling food to the heavily sanctioned Venezuelan government, having been effectively kidnapped from Cape Verde in October 2020.

As the US government has proscribed both Hezbollah’s political and military wings as terrorist groups, it is likely the White House would seek to crack down even more harshly on an individual or organization transacting with the movement via cryptocurrency. Which is deeply disturbing, as this could feasibly extend to every resident of Lebanon, given Hezbollah forms part of the government, and enjoys significant popular support in elections.

Beirut’s long-running financial crisis has seen inflation push the cost of basic goods to extraordinary heights, while the value of the pound to the US dollar has dropped to 45,000 from a once-stable 1,500 three years ago. In turn, a number of Lebanese citizens have become cryptocurrency miners, using the proceeds to purchase otherwise unaffordable or ill-accessible necessities, and goods and services from one another. Its use is so widespread among the general public, western media has spoken of a financial “revolution” having taken place.

‘Terroristic transactions’

Hezbollah is a major provider of social programs in Lebanon, including funding the creation and maintenance of schools and hospitals, developing medicines, and delivering agricultural services. Given the country’s economic woes, it is unsurprising the movement would likewise turn to cryptocurrency, in order to ensure the uninterrupted provision of these vital services to the country’s poorest, in particular the Shia community.

There is no evidence to suggest that the cryptocurrency used by Hezbollah is put to terrorist purposes, even under the west’s extremely fluid, and ever-shifting definition of the term. Yet, the US remains obsessed with the specter of Bitcoin et al being used to finance insurrectionary operations globally.

This raises the disturbing prospect of any individual or organization in receipt of cryptocurrency funds from Hezbollah, or vice versa, being branded a sanctions buster and/or terrorist sponsor or collaborator, if they are caught up in Anomaly Six’s global surveillance dragnet, with drastic repercussions.

In the leaked sales pitch, the company is keen to stress it is “not explicitly saying” the devices it linked to “terrorist financiers,” but they had nonetheless “all been connected to various Hezbollah associates IPs” – implying the two are one and the same.

False intelligence?

Furthermore, there are reasons to believe that, despite Anomaly Six’s boasts of peerless precision, its technology could falsely incriminate innocent people. A separate leaked sales pitch from the company details how, based on smartphone data, it was able to identify an individual who reportedly made multiple trips to North Korea, right down to where they worked, their home address, marital status, names and photos of their children, and the schools and universities they attend.

When contacted by a media outlet, the individual, an academic, strenuously refuted the suggestion they’d ever traveled to Pyongyang. If their denials are sincere, then another individual’s movements were erroneously linked to them.

For all we know, the Anomaly Six leaks could also be a targeted psychological operation to deter widespread usage of crypto, which threatens to curtail the west’s ability to monitor global financial transactions.

Sinisterly, the company states in other leaked files that its technology is perfect for both “counterintelligence” and “source development” purposes. The academic – and their family – could thus have been targeted by western intelligence agencies for surveillance, recruitment, harassment or worse, on a completely false prospectus.

With Beirut confirmed to be in Anomaly Six’s crosshairs, the same risk now applies to all Lebanese citizens.

The views expressed in this article do not necessarily reflect those of The Cradle.
Kit Klarenberg
Kit Klarenberg
More from this author
Most Popular