A series of trading cards released by Immigration and Customs Enforcement Homeland Security Investigations in March 2014 intended to raise awareness among children and young adults of issues related to cybersecurity and online sexual predators.
We analyzed these locations to determine the factors pushing child migration to the US Border. We assess these reasons vary regionally. For example, many Guatemalan children come from rural areas, indicating they are probably seeking economic opportunities in the US. Salvadoran and Honduran children, on the other hand, come from extremely violent regions where they probably perceive the risk of traveling alone to the US preferable to remaining at home. This violence, combined with poor economies and other secondary factors will make stemming the flow of UACs to the US a very complex issue to address.
(U//FOUO) Utah Fusion Center Bulletin: New Ransomware “CryptoWall” Rapidly Infecting Systems Across the U.S.
First responders, such as law enforcement, emergency medical services (EMS), and firefighters, often arrive at incidents completely focused on the emergency at hand. Whether it is a fire, a chest pain complaint, or a vehicular accident, the first responders prepare for certain events to take place during emergency situations and personal safety is a priority throughout the response. Unfortunately, in the past few years there are have been several occurrences where first responders became the victims of ambushes while performing their duties to protect citizens and save lives.
Over the last week there have been three attacks – one in Canada and two in the United States – in which law enforcement officers were targeted, leading to the death of five officers and one civilian. Based upon reporting it appears all the suspects in these incidents were motivated by elements of a far right anti-government ideology with a particular fixation on law enforcement. While it is unknown whether this spike is indicative of a long term increasing trend, it is significant from a near term perspective due to the short time frame and purposeful targeting of law enforcement.
Terrorists in late December 2013 conducted three attacks targeting people using public transportation systems in Russia, emphasizing terrorists’ persistent interest in attacking locations where large congregations of people are confined to small, often enclosed spaces. Russian officials claim North Caucasus-based violent extremists associated with the Imirat Kavkaz (IK) probably conducted these attacks to embarrass the Russian government in the build-up to the 2014 Olympic Games in Sochi. The IK, a violent extremist group based in Russia, has no known capability in the Homeland and is unlikely to directly target Western interests overseas.
Incidents involving the theft of fuel (gasoline, diesel, kerosene, ethanol, etc.) from fuel storage tanks have been reported across the United States. Fuel theft has significant health and safety implications, including risk for spills, fires, and explosions. Fuel thieves typically do not adhere to security standards or practices, and may inadvertently expose fuel to a hot engine, lit cigarette, or ignition source. First responders and other maintenance personnel also may be exposed to fuels through skin contact or inhalation routes during recovery and/or cleanup operations, which can result in potential health effects.
(U//FOUO) Colorado Information Analysis Center Bulletin: Vulnerabilities in Knox-Box Key Entry Systems
The Knox-Box® rapid entry system is an access control system utilized by public safety agencies. This system allows facilities to securely store entry keys or cards on site for first responders. First responders utilize a master key that unlocks all Knox boxes within their jurisdiction. Currently there are over 3.5 million Knox-Box rapid entry systems in use nationwide and over 11,500 fire departments in North America that use the Knox-Box rapid entry system. In one Colorado fire district there are over 4,000 Knox-Box systems in use within the local, state, and federal government which includes; energy, water, postal, emergency services, defense, transportation, and communication sectors. Unauthorized access to the system would allow individuals to bypass physical security measures at the site. The unauthorized individuals would also be able to duplicate keys, or remove entry keys or cards which would delay first responders.
The State of Colorado legalized medical marijuana in 2012 and recreational marijuana in 2014. There has been an increased amount of marijuana infused products sold to the public. The products range from fruit chewz, gummiez, cupcakes, truffles, rice krispy treats, butter, and banana bread. It is extremely difficult to differentiate between marijuana infused products and non-infused products if the original packaging is not with the product.
Walter Bond’s path to animal rights extremism was driven by witnessing what he perceived as animal abuse and by frustration stemming from his perception that lawful, nonviolent actions appeared to have little impact on advancing the goals of the animal rights movement.* Prior to becoming violent to advance animal rights, Bond showed a tendency to use violence to advance other beliefs, such as protesting illicit drug sales by committing arson against a drug trafficker’s home and protesting against religion by burning a pentagram symbol inside a church.
Security researchers from Google Security recently discovered a vulnerability with the Heartbeat extension (RFC6520) to OpenSSL’s Transport Layer Security (TLS) and the Datagram Transport Layer Security (DTLS) protocols. According to open source reports, the vulnerability has existed within certain OpenSSL frameworks since at least 2012. The Heartbeat extension is functionally a “keep-alive” between end-users and the secure server. It works by sending periodic “data pulses” of 64KB in size to the secure server and once the server receives that data; it reciprocates by re-sending the same data at the same size. The out-of-bounds “read” vulnerability exists because the Heartbeat extension in OpenSSL versions 1.0.1 through and 1.0.2-beta (including 1.0.1f and 1.0.2-beta1) do not properly validate the data being sent from the end-user. As a result, a malicious actor could send a specially-crafted heartbeat request to the vulnerable server and obtain sensitive information stored in memory on the server. Furthermore, even though each heartbeat only allows requests to have a data size limited to 64KB segments, it is possible to send repeated requests to retrieve more 64KB segments, which could include encryption keys used for certificates, passwords, usernames, and even sensitive content that were stored at the time. An attacker could harvest enough data from the 64KB segments to piece together larger groupings of information which could help an attacker develop a broader understanding of the information being acquired.
Law enforcement continues to see reporting of malicious cyber actors using fake help desk scams, also known as technical support scams. These scams, if successful, seek to compromise and take control of computer systems. Malicious cyber actors send users an e-mail or they make cold calls, purportedly representing a help desk from a legitimate software or hardware vendor. The malicious cyber actors try to trick users into believing that their computer is malfunctioning—often by having them look at a system log that typically shows scores of harmless or low-level errors—then convincing them to download software or let the “technician” remotely access the personal computer to “repair” it.
(U//FOUO) New Jersey Fusion Center Bulletin: Suspicious Activity Regarding the Electrical Grid in New Jersey
In the past year, the NJ Suspicious Activity Reporting System (NJ SARS) has received multiple reports of intrusions at electrical grid facilities in New Jersey. The NJ ROIC currently has no indication of any specific threats associated with these incidents, but provides this information for situational awareness and requests information on any similar, previously unreported incidents in New Jersey.
The higher education community in the United States consists of more than 11,000 higher education institutions that collectively serve more than 17 million students, employ more than 3.4 million faculty and staff, and have combined budgets approaching $360 billion. Higher education institutions range in size from small institutions with fewer than 100 students to large universities with tens of thousands of students and faculty occupying campuses the size of a small town or city. Institution grounds are generally open-access, with varying levels of security within the campus.
Facility security measures, such as interior control points or exterior barriers, may require first responders to adjust normal protocols and procedures to operate rapidly during emergencies. The timeline below is an overview of attacks and plots against US-based facilities with varying levels of security. The diversity of tactics and targets used underscores the need for interagency exercises and training that incorporates multiple scenarios to account for building security measures likely to be encountered.
Since at least January 2012, criminals are using telephony-based denial-of-service (TDoS) combined with extortion scams to phone an employee’s office and demand the employee repay an alleged loan. If the victim does not comply, the criminals initiate TDoS attacks against the employer’s phone numbers. TDoS uses automated calling programs—similar to those used by telemarketers—to prevent victims from making or receiving calls.
On Saturday, September 21, 2013, members of Al Shabaab, a Somali based Islamic terrorist organization affiliated with the international Al Qaeda network, executed a complex terrorist attack on an upscale shopping mall in Nairobi, Kenya. The attackers simultaneously entered the mall from two different entrances, shooting shoppers with assault rifles and throwing hand grenades. The terrorists remained in the mall, engaging government security forces for the next four days, resulting in a major fire and partial collapse of the mall. The Kenyan government has officially reported 72 deaths and more than 200 injured as a result of the attack. A significant number of those killed and injured were foreign citizens, including 6 U.S. citizens who were injured in the attack.
The purpose of this bulletin is to provide awareness and a basic understanding of the “Hidden Internet” to investigators in the field, as well as provide some examples of how the Hidden Internet can be exploited by criminal elements. While the term “Hidden Internet” can be used in a broader context and refer to other internet terms such as the “Deep Web” or “Deepnet,” for the purpose of this bulletin the term “Hidden Internet” will refer to the hidden services provided by the TOR project to internet users, specifically relating to the Silk road website and use of Bitcoins.
From November through December 2013, CDC has received a number of reports of severe respiratory illness among young and middle-aged adults, many of whom were infected with influenza A (H1N1) pdm09 (pH1N1) virus. Multiple pH1N1-associated hospitalizations, including many requiring intensive care unit (ICU) admission, and some fatalities have been reported. The pH1N1 virus that emerged in 2009 caused more illness in children and young adults, compared to older adults, although severe illness was seen in all age groups. While it is not possible to predict which influenza viruses will predominate during the entire 2013- 14 influenza season, pH1N1 has been the predominant circulating virus so far. For the 2013-14 season, if pH1N1 virus continues to circulate widely, illness that disproportionately affects young and middle-aged adults may occur.
(U//FOUO) DHS Bulletin: Self-identified Anarchist Extremists Target Urban Gentrification Sites with Arson
This Note analyzes the recent use of arson by anarchist extremists targeting urban development sites they describe as negatively impacting lower income residents through “gentrification.” This information is provided to enable federal, state, local, tribal, and territorial law enforcement; first responders; and private sector security officials to identify, preempt, prevent, or respond to intentional acts targeting urban development sites by anarchist extremist campaigns.