Detecting the Enemy Within

Newspaper headlines and the nightly news are filled with stories of lone wolves, terrorist cells and foreign terrorist fighters (FTFs) recounting recent attacks or attacks that have been averted. All are part of the growing threat of homegrown terrorism in the U.S. and detecting these terrorists before they strike presents unique challenges. To successfully identify a homegrown terrorist and be able to stop an attack before it happens, compliance professionals and law enforcement must work together.

Lone Wolf and Wolf Packs

While attacks by a lone wolf or a wolf pack—usually consisting of a group of six or less—are carried out by few people with relatively small amounts of money, the damage they wreak can be massive. The October 2014 shooting of a Canadian soldier outside of the Parliament building in Ottawa; the March 2011 killing of two members of the U.S. military at the Frankfurt Airport by a man who was pushed to action by terrorist propaganda; and the November 2009 killing of 13 people and wounding of 32 others at Fort Hood in Texas are just a few examples of the devastation caused by a single individual. The July 2005 underground bombings in London that left 56 people dead and 700 injured and the 17 people killed during the January 2015 attacks in Paris are stark examples of what small groups can do.

The reason why it is difficult to identify homegrown terrorists was summed up in a June 2006 speech by the then Federal Bureau of Investigations Director Robert S. Mueller III, regarding a foiled terrorist attempt in Toronto. “Like the terrorists responsible for both the London and the Madrid bombings, the Toronto suspects lived in the area they intended to attack,” Mueller said. “They were not sleeper operatives sent on suicide missions; they were students and business people and members of the community. They were persons who, for whatever reason, came to view their home country as the enemy.”1

In addition to being able to blend in with the community in which they live, usual red flags that point to potential terrorist activity are missing from a lone wolf scenario. This type of terrorist can be self-sustained and is not seeking an outside funding source, according to Mike Loughnane, a counter-terrorist financing consultant and senior instructor at Innovative Analytics and Training, LLC., where he trains students from the government, defense and private sectors in counter threat financing. Loughnane draws from his 27 years of experience in financial crime investigations with the Office of the Inspector General for the Department of Transportation and the Environmental Protection Agency to provide his students with the tools to find threat finance patterns or in other words, “a needle in a haystack of needles.”

“From an identification perspective they [lone wolf terrorists] are difficult to detect because they know that to achieve what they want they have to stay under the radar,” Loughnane said. “They are usually living in such a quiet environment which makes it hard to find anything that points them out. If they are in a group, it is usually small. They don’t need social media to communicate, they can meet in person.”

Financial institutions are the first responders for both business and for regulatory reasons

Because they are not dependent on social media for communication or fundraising, lone wolf terrorists often do not leave an online footprint that could be tracked by law enforcement. Instead of looking at traditional red flags, Bank Secrecy Act/anti-money laundering (BSA/AML) compliance professionals and law enforcement must work in close collaboration with a wide range of stakeholders to identify this threat. The work starts with compliance personnel who must spot the unusual activity and report it to law enforcement for investigation. “Western style law enforcement has a reactive structure that is based on constitutional rights and the right to privacy,” Loughnane said. “Financial institutions are the first responders for both business and for regulatory reasons. They must be the actor and then the law responds.”

The collaboration does not end with detection of the potential terrorist activity. During the investigation, law enforcement can gain valuable information by continuing to work closely with the financial institution. Looking at a suspect’s financial transactions to see not only what was bought, but where it was purchased and how it fits into the area in which the potential terrorist lives and works can uncover hidden red flags. “That is one of the lessons learned from [the Oklahoma City bomber] Timothy McVeigh,” Loughnane said. “Look for the anomaly. He should have been detected not only because of the quantity of fertilizer he bought, but also his buying of commercial grade fertilizer.”

Homegrown and Educated Abroad

FTFs are individuals that are radicalized within the U.S. by online propaganda, usually through social media, who travel overseas to train and fight. They then come back to the U.S. with the goal of carrying out terrorist plots at home. “They come back with new skill sets and with the ideological concerns [of the jihadist group],” Loughnane said. “They have grown in the group and may act more aggressively at home.”

Unlike the lone wolf, FTFs usually leave a very large online footprint as they become indoctrinated and gather information on how to join the terror group’s training camps. FTFs also have common financial patterns that can serve as red flags for both financial institutions and law enforcement.

Flags to look for include:

  • Unusual fundraising activities, especially with teenagers and young adults. “ISIL gives them very specific instructions—it is up to you to fund yourself and get here,” Loughnane said. “You may see a pattern where they are putting money or collecting money in a way they haven’t in the past. You have to ask if the activity is consistent with the person they claim to be;”
  • The purchase of airline tickets to Syria or other areas surrounding the territory held by the Islamic State of Iraq and the Levant (ISIL);
  • A recent request for a passport; and
  • Calls or trips to known centralized communication points for the terrorist group within the U.S.

Even if they do not raise red flags before they leave the U.S., FTFs can be detected by their funding and spending patterns while overseas or once they return to the U.S. According to Jeff Ross, senior vice president, BSA/AML Office of Foreign Assets Control (OFAC) officer of Green Dot Corporation/Green Dot Bank, other red flags to look for include:

  • Aberrations in any foreign spending or loading patterns for prepaid cards or accounts they may have.
  • The location that prepaid cards are bought, loaded and used. Look both for cards purchased and loaded in the U.S. with withdrawals in foreign locations and also for Visa/Mastercard/Discover-branded prepaid cards issued by foreign banks and loaded via foreign transfers but that are transacting in the U.S. Ross is particularly emphatic that U.S. law enforcement needs to have a firm grasp of all such foreign-issued general purpose reloadable prepaid cards and card programs that might be doing business in the U.S.
  • Money being transferred onto a prepaid card or bank account issued or established in the U.S. from a foreign location.

According to Steve Gurdak, supervisor of a suspicious activity report (SAR) review team in Virginia and a former police detective with 30 years of experience specializing in financial crimes, other red flags include:

  • Account activities that do not match the account holder’s occupation, for example, a student with numerous wire transfers in and cash withdrawals, but no educational expenses;
  • Unverifiable employment within an ethnic community; and
  • Any account holders being supported by another person for no obvious reason. “If not family, the motivation needs to be considered or investigated,” Gurdak said. “Again, the details of who, how and what living expenses are being paid needs to be scrutinized.”

To help recognize potential homegrown terrorist, Gurdak recommends that financial institutions build a relationship with local law enforcement for training. “Co-training with law enforcement to recognize this activity provides an opportunity for each side (law enforcement and BSA/AML compliance) to learn from the other,” Gurdak said.

It is a Joint Effort

With ISIL calling for followers within Western countries to launch attacks against the military, the government and civilians, the problem of homegrown terror attacks will continue to grow. Law enforcement and compliance professionals in financial institutions need to know the subtle signs that point to a homegrown terrorist and be willing to work closely together to detect and stop a potential attack.

“Be more aware of the signs and the indicators and patterns,” Loughnane said. “Learn from our past mistakes and our past successes and share those and new information with as wide a group as appropriate to enhance the collaborative effort.”

Deborah Hitzeroth, CAMS-FCI, BSA/AML compliance officer, United States Postal Service, Washington, D.C., USA,

The views expressed in this paper are solely those of the author in her private capacity and do not in any way represent the views of her employer or any other entity related directly or indirectly with the author.

  1. Robert S. Mueller, The Threat of Homegrown Terrorism Speech, The Federal Bureau of Investigation, June 23, 2006,

Leave a Reply