Department of Homeland Security

DHS National Cybersecurity and Communications Integration Center: Suspicious “Invoic” Email Sent to Government Personnel

NCCIC-SuspiciousEmails

On 15 October 2014, a phishing email was dispersed to a wide variety of government employees. NCCIC has also received a number of reports indicating that members within the Education Sector and Financial Sector; International, State, Local, and Tribal organizations have also received similar email messages. The email suggested that the recipient had an unpaid debt and the attachment was an invoice showing the debt information. The subject line reads “UNPAID INVOIC” and the content simply instructs recipients to open the attachment which is a PDF file that is believed to be malicious. Rather than installing malware files from the PDF file itself, it appears to use embedded JavaScript within the file to redirect victims to a malicious website where additional malware can be installed.

(U//FOUO) DHS Intelligence Assessment: Potential Tactics and Targets in ISIL-Linked Western Attacks

DHS-ISIL-AttackTactics

This Assessment highlights the tactics, targets, and tradecraft that potentially could be used in the Homeland by individuals associated with or inspired by the Islamic State of Iraq and the Levant (ISIL); we do not address the likelihood of an attack against the United States by the group. This Assessment is intended to support the activities of DHS to assist federal, state, and local government counterterrorism and law enforcement officials, first responders, and private sector security partners in effectively deterring, preventing, preempting, or responding to terrorist attacks against the United States.

(U//FOUO) DHS Sensitive Compartmented Information Facility (SCIF) Construction Standards

DHS-SCIF-Standards

This handbook contains standard security designs and procedures common to Sensitive Compartmented Facilities (SCIF) and physical security construction standard and established by the Director National Intelligence (DNI) for protection of classified intelligence information. Users should refer to Director of Central Intelligence Directives (DCIDS) and other documents cited under Authorities for guidance on specific security functions.

(U//FOUO) CFIX Bulletin: Jihadist Propaganda Provides Guidance for Attacks on Law Enforcement

CFIX-LoneJihadistAttacks

Propaganda providing guidance and/or encouraging “individual jihad” or small cell operations against the West continues to be a prevalent theme in jihadist messaging. This bulletin was created by the CFIX in order to address recent propaganda from the Islamic State and its supporters which provides guidance on targeting law enforcement officers. The CFIX bases its analysis in this bulletin from open source reporting and internet postings with varying degrees of reliability, especially in regards to the true intention and capabilities of terrorist organizations and their supporters. This information is intended to support local, state and federal government agencies along with other entities in developing / prioritizing protective and support measures relating to an existing or emerging threat to homeland security.

(U//FOUO) Central Florida Information Exchange Brief: Ebola Guidance for Law Enforcement

CFIX-EbolaGuidance

The purpose of this brief is to provide law enforcement, first responders, corrections officers, and other personnel who interact with the general public, with guidance and protective measures when coming in contact with individuals demonstrating symptoms of the Ebola Virus Disease (EVD). Personnel who become familiar with the identification of possible exposure, proper response protocols and protective measures will be better prepared to respond, secure, transport and decontaminate to prevent further spread of this deadly disease.

DHS National Biosurveillance Integration Center Ebola Update October 14, 2014

DHS-NBIC-Ebola-2

The most recent U.S. case, announced on 12 October 2014 is the first reported domestic transmission in the U.S. Three of the American EVD patients recovered and were discharged from the hospital, while three remain hospitalized. One American died while receiving treatment in Nigeria. The Liberian EVD patient was not symptomatic upon arrival and determined not to be infectious during travel. The Liberian patient died while in isolation on 8 October 2014. On 11 October 2014, the CDC and the Department of Homeland Security’s Customs & Border Protection (CBP) began enhanced entry screening of passengers with recent travel to West Africa at New York’s JFK International Airport. Enhanced entry screening is scheduled to begin on 16 October 2014 at Washington-Dulles, Newark, Chicago-O’Hare, and Atlanta international airports. Based on the recent domestic transmission, state and federal officials are re- examining whether equipment and procedures were properly followed, and whether additional protective steps and guidance are needed. The CDC believes the U.S. medical, public health infrastructure/responses are sufficient to prevent the spread of the Ebola virus in the U.S.

DHS National Biosurveillance Integration Center Enterovirus EV-D68 Update October 2014

DHS-NBIC-Enterovirus

As of 3 October 2014, 43 states and the District of Columbia have reported 538 cases (+325 since 23 September 2014) of Enterovirus D68 (EV-D68) to the U.S. Centers for Disease Control and Prevention (CDC). Most of the cases have been identified among children; however, one case was identified in an adult. This outbreak was first announced in a media conference held on 8 September 2014. In this announcement, the CDC stated that EV-D68 was detected in clusters of individuals with respiratory illness in Kansas City, Missouri and Chicago, Illinois. Many of the initial identified cases had a history of asthma or wheezing. Recent increases in cases can be attributed to awareness of this issue among health officials and the amount of time necessary for disease investigation and confirmation. Current surveillance tools for influenza-like illness may not be appropriate for the detection of EV-D68 because many of the identified cases failed to develop fever. The CDC is involved in the ongoing investigation of a possible link between EV-D68 and acute paralysis. Furthermore, the CDC has identified EV-D68 in specimens from patients who have died, but the role of EV-D68 in these deaths remains unclear. EV-D68 has rarely been reported in the U.S. since first recognized in California in 1962. Enterovirus infections are not reportable in the U.S., so the illness is likely underreported because most enterovirus infections are self-limiting and do not require medical attention. The CDC estimates that non-polio enteroviruses are very common and are responsible for 10 to 15 million U.S. infections each year.

(U//FOUO) DHS National Risk Estimate: Risks to U.S. Critical Infrastructure from Insider Threat

DHS-NRE-InsiderThreats

The Department of Homeland Security’s (DHS) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produced this National Risk Estimate (NRE) to provide an authoritative, coordinated, risk-informed assessment of the key security issues faced by the Nation’s infrastructure protection community from malicious insiders. DHS used subject matter expert elicitations and tabletop exercises to project the effect of historic trends on risks over the next 3 to 5 years. In addition, DHS used alternative futures analysis to examine possible futures involving insider threats to critical infrastructure over the next 20 years. The results are intended to provide owners and operators a better understanding of the scope of the threat and can inform mitigation plans, policies, and programs, particularly those focused on high-impact attacks.

DHS National Biosurveillance Integration Center Ebola Update October 1, 2014

DHS-NBIC-Ebola

On 8 August, the International Health Regulations Emergency Committee of the World Health Organization (WHO) declared the ongoing epidemic of Ebola virus to be a Public Health Emergency of International Concern (PHEIC). According to the WHO, regional health authorities in western Africa have reported 7,178 cases of Ebola virus disease with 3,338 deaths to the WHO since the outbreak was first recognized in March 2014. On 30 September 2014, The U.S. Centers for Disease Prevention and Control (CDC) announced that an unidentified man, who is receiving treatment at Texas Health Presbyterian Hospital in Dallas, Texas, has been diagnosed with Ebola virus. All previous cases associated with the U.S. were diagnosed in West Africa. One patient died while in Nigeria, and four were diagnosed in West Africa before traveling to the U.S. for treatment.

(U//FOUO) New Jersey Fusion Center Special Events List September 2014

NJROIC-SpecialEventsSeptember2014_Page_03

The NJ Office of Homeland Security and Preparedness (OHSP) compiles a statewide list of special events that provides situational awareness to law enforcement, as well as to assist in local planning requirements. Special events include any event that attracts large numbers of participants and spectators in both a public or private venue. Examples include concerts, marathons, firework displays, community celebrations, visits by VIPs, sporting events, holiday gatherings, etc.

(U//LES) Northern California Fusion Center Bulletin: Recreational Drones Create Problems for Law Enforcement

NCRIC-DroneProblems

The expansion of Unmanned Aerial Vehicle (UAV) operations for military purposes in the last decade has driven growth in the commercial UAV industry where. the casual enthusiast can now purchase a ready-to-fly system for less than $300. These UAVs can be accessorized for varied purposes such as cinematography, agricultural monitoring, wildlife tracking, site surveillance, and potentially even for kinetic attacks with a firearm or improvised explosive. This Advisory Bulletin addresses an observed increase in UAV use by ordinary citizens, outlining capabilities and implications for the law enforcement community. The NCRIC has not received any specific or credible UAV threats in our 15-county AOR and presents the following information for situational awareness purposes.

(U//FOUO) DHS-FBI-NCTC Bulletin: Malicious Cyber Actors Use Advanced Search Techniques

DHS-FBI-NCTC-GoogleDorking

Malicious cyber actors are using advanced search techniques, referred to as “Google dorking,” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks. “Google dorking” has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities. By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.

DHS National Cybersecurity and Communications Integration Center Bulletin: Hotel Business Centers Keyloggers

NCCIC-HotelMalware

The following is an advisory for owners, managers and stakeholders in the hospitality industry, which highlights recent data breaches uncovered by the United States Secret Service (USSS). The attacks were not sophisticated, requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software. The malicious actors were able to utilize a low-cost, high impact strategy to access a physical system, stealing sensitive data from hotels and subsequently their guest’s information. The NCCIC and the USSS have provided some recommendations at the end of this document that may help prevent similar attacks on publicly available computers.

(U//LES) DHS Assessment: Domestic Violent Extremists Pose Increased Threat to Law Enforcement and Government Officials

DHS-DomesticViolentExtremists

After years of only sporadic violence from violent domestic extremists motivated by anti-government ideologies, I&A has seen a spike within the past year in violence committed by militia extremists and lone offenders who hold violent anti-government beliefs. These groups and individuals recognize government authority but facilitate or engage in acts of violence due to their perception that the United States Government is tyrannical and oppressive, coupled to their belief that the government needs to be violently resisted or overthrown. Historically, spikes in violence have followed high-profile confrontations involving the United States Government, such as Ruby Ridge and Waco. The April 20 14 Bunkerville, Nevada standoff likely represents a similar event that could inspire further violence.

(U//FOUO) New Jersey Fusion Center: Potential Threats to Government Officials in New Jersey

NJROIC-ThreatsGovernmentOfficials

The FBI San Antonio Division recently reported that groups of young individuals in Texas, and possibly other states, were attempting to elicit information regarding residences of firefighters, military personnel, police officers, etc. The subjects knocked on neighborhood doors, telling residents they worked for an organization that helps young people with public speaking by sending them out to contact random people at their homes and ask about their professions. The youths reportedly received points based on the professions they located, with the potential of winning a college scholarship and a large sum of money. Police officer had the highest point value.

(U//LES) Los Angeles Fusion Center: Identifying Mexican Mafia Members and Associates

LAJRIC-MexicanMafiaMembers

Humming bird and Marilyn Monroe tattoos may have a nexus to the Mexican Mafia, while “G Shields” (Aztec warrior shields) and mariposas (butterflies) may be decreasing in popularity. As certain tattoos sported by Mexican Mafia members and supporters become mainstream, and because California Department of Corrections is known to use certain tattoos as validation points, Mexican Mafia members may introduce new tattoos to make it difficult for law enforcement and correctional officers to identify membership or affiliation with the group. Tattoos are also increasingly disguised within other tattoos, which can make them more difficult to easily identify.

DHS Infrastructure Sector Resilience Report: Electric Power Delivery

DHS-ElectricPowerResiliency

The Department of Homeland Security Office of Cyber and Infrastructure Analysis (DHS/OCIA) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produces Sector Resilience Reports to improve partner understanding of the interdependencies and resilience of certain sectors. Specifically, this report provides a brief overview of the electric power system, and analysis of key electric power system dependencies and interdependencies. Additionally, this product includes an assessment of, and best practices for, improving community, system, and facility resilience. This Sector Resilience Report was produced to complement other sector-specific guidance, analysis, and scholarly papers on infrastructure resilience by applying data obtained from DHS site visits and assessments analyzing the resilience of critical infrastructure assets and systems.

(U//FOUO) DHS-FBI-NCTC Bulletin: Medical Treatment Presents Opportunity for Discovery of Violent Extremist Activities

DHS-FBI-NCTC-MedicalTreatmentExtremists

Efforts to gain expertise with explosive, incendiary, and chemical/biological devices may lead to injuries and emergency treatment, which may provide potential indicators of violent extremist activities to responding emergency medical service (EMS) personnel. Scene size-up and patient assessment provide first responders the opportunity to view both the scene and any patient injuries. EMS personnel and other first responders should consider the totality of information gleaned through direct observation and the statements of patients, witnesses, and bystanders to evaluate whether an injury is a genuine accident or related to violent extremist activity.

DHS Unaccompanied Alien Children (UACs) 2014 Location of Origin Map

DHS-UAC-Map

We analyzed these locations to determine the factors pushing child migration to the US Border. We assess these reasons vary regionally. For example, many Guatemalan children come from rural areas, indicating they are probably seeking economic opportunities in the US. Salvadoran and Honduran children, on the other hand, come from extremely violent regions where they probably perceive the risk of traveling alone to the US preferable to remaining at home. This violence, combined with poor economies and other secondary factors will make stemming the flow of UACs to the US a very complex issue to address.