Department of Homeland Security

(U//LES) Northern California Fusion Center Bulletin: Recreational Drones Create Problems for Law Enforcement

NCRIC-DroneProblems

The expansion of Unmanned Aerial Vehicle (UAV) operations for military purposes in the last decade has driven growth in the commercial UAV industry where. the casual enthusiast can now purchase a ready-to-fly system for less than $300. These UAVs can be accessorized for varied purposes such as cinematography, agricultural monitoring, wildlife tracking, site surveillance, and potentially even for kinetic attacks with a firearm or improvised explosive. This Advisory Bulletin addresses an observed increase in UAV use by ordinary citizens, outlining capabilities and implications for the law enforcement community. The NCRIC has not received any specific or credible UAV threats in our 15-county AOR and presents the following information for situational awareness purposes.

(U//FOUO) DHS-FBI-NCTC Bulletin: Malicious Cyber Actors Use Advanced Search Techniques

DHS-FBI-NCTC-GoogleDorking

Malicious cyber actors are using advanced search techniques, referred to as “Google dorking,” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks. “Google dorking” has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities. By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.

DHS National Cybersecurity and Communications Integration Center Bulletin: Hotel Business Centers Keyloggers

NCCIC-HotelMalware

The following is an advisory for owners, managers and stakeholders in the hospitality industry, which highlights recent data breaches uncovered by the United States Secret Service (USSS). The attacks were not sophisticated, requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software. The malicious actors were able to utilize a low-cost, high impact strategy to access a physical system, stealing sensitive data from hotels and subsequently their guest’s information. The NCCIC and the USSS have provided some recommendations at the end of this document that may help prevent similar attacks on publicly available computers.

(U//LES) DHS Assessment: Domestic Violent Extremists Pose Increased Threat to Law Enforcement and Government Officials

DHS-DomesticViolentExtremists

After years of only sporadic violence from violent domestic extremists motivated by anti-government ideologies, I&A has seen a spike within the past year in violence committed by militia extremists and lone offenders who hold violent anti-government beliefs. These groups and individuals recognize government authority but facilitate or engage in acts of violence due to their perception that the United States Government is tyrannical and oppressive, coupled to their belief that the government needs to be violently resisted or overthrown. Historically, spikes in violence have followed high-profile confrontations involving the United States Government, such as Ruby Ridge and Waco. The April 20 14 Bunkerville, Nevada standoff likely represents a similar event that could inspire further violence.

(U//FOUO) New Jersey Fusion Center: Potential Threats to Government Officials in New Jersey

NJROIC-ThreatsGovernmentOfficials

The FBI San Antonio Division recently reported that groups of young individuals in Texas, and possibly other states, were attempting to elicit information regarding residences of firefighters, military personnel, police officers, etc. The subjects knocked on neighborhood doors, telling residents they worked for an organization that helps young people with public speaking by sending them out to contact random people at their homes and ask about their professions. The youths reportedly received points based on the professions they located, with the potential of winning a college scholarship and a large sum of money. Police officer had the highest point value.

(U//LES) Los Angeles Fusion Center: Identifying Mexican Mafia Members and Associates

LAJRIC-MexicanMafiaMembers

Humming bird and Marilyn Monroe tattoos may have a nexus to the Mexican Mafia, while “G Shields” (Aztec warrior shields) and mariposas (butterflies) may be decreasing in popularity. As certain tattoos sported by Mexican Mafia members and supporters become mainstream, and because California Department of Corrections is known to use certain tattoos as validation points, Mexican Mafia members may introduce new tattoos to make it difficult for law enforcement and correctional officers to identify membership or affiliation with the group. Tattoos are also increasingly disguised within other tattoos, which can make them more difficult to easily identify.

DHS Infrastructure Sector Resilience Report: Electric Power Delivery

DHS-ElectricPowerResiliency

The Department of Homeland Security Office of Cyber and Infrastructure Analysis (DHS/OCIA) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produces Sector Resilience Reports to improve partner understanding of the interdependencies and resilience of certain sectors. Specifically, this report provides a brief overview of the electric power system, and analysis of key electric power system dependencies and interdependencies. Additionally, this product includes an assessment of, and best practices for, improving community, system, and facility resilience. This Sector Resilience Report was produced to complement other sector-specific guidance, analysis, and scholarly papers on infrastructure resilience by applying data obtained from DHS site visits and assessments analyzing the resilience of critical infrastructure assets and systems.

(U//FOUO) DHS-FBI-NCTC Bulletin: Medical Treatment Presents Opportunity for Discovery of Violent Extremist Activities

DHS-FBI-NCTC-MedicalTreatmentExtremists

Efforts to gain expertise with explosive, incendiary, and chemical/biological devices may lead to injuries and emergency treatment, which may provide potential indicators of violent extremist activities to responding emergency medical service (EMS) personnel. Scene size-up and patient assessment provide first responders the opportunity to view both the scene and any patient injuries. EMS personnel and other first responders should consider the totality of information gleaned through direct observation and the statements of patients, witnesses, and bystanders to evaluate whether an injury is a genuine accident or related to violent extremist activity.

DHS Unaccompanied Alien Children (UACs) 2014 Location of Origin Map

DHS-UAC-Map

We analyzed these locations to determine the factors pushing child migration to the US Border. We assess these reasons vary regionally. For example, many Guatemalan children come from rural areas, indicating they are probably seeking economic opportunities in the US. Salvadoran and Honduran children, on the other hand, come from extremely violent regions where they probably perceive the risk of traveling alone to the US preferable to remaining at home. This violence, combined with poor economies and other secondary factors will make stemming the flow of UACs to the US a very complex issue to address.

(U//FOUO) Pennsylvania Fusion Center Bulletin: Targeting First Responders

PACIC-TargetingFirstResponders

First responders, such as law enforcement, emergency medical services (EMS), and firefighters, often arrive at incidents completely focused on the emergency at hand. Whether it is a fire, a chest pain complaint, or a vehicular accident, the first responders prepare for certain events to take place during emergency situations and personal safety is a priority throughout the response. Unfortunately, in the past few years there are have been several occurrences where first responders became the victims of ambushes while performing their duties to protect citizens and save lives.

(U//FOUO) New York Fusion Center Bulletin: Recent Spike in Violence Targeting Law Enforcement

NYSIC-TargetingLawEnforcement

Over the last week there have been three attacks – one in Canada and two in the United States – in which law enforcement officers were targeted, leading to the death of five officers and one civilian. Based upon reporting it appears all the suspects in these incidents were motivated by elements of a far right anti-government ideology with a particular fixation on law enforcement. While it is unknown whether this spike is indicative of a long term increasing trend, it is significant from a near term perspective due to the short time frame and purposeful targeting of law enforcement.

(U//FOUO) DHS-FBI-NCTC Bulletin: Terrorists Continued Interest in Targeting Mass Transit

DHS-FBI-NCTC-MassTransit

Terrorists in late December 2013 conducted three attacks targeting people using public transportation systems in Russia, emphasizing terrorists’ persistent interest in attacking locations where large congregations of people are confined to small, often enclosed spaces. Russian officials claim North Caucasus-based violent extremists associated with the Imirat Kavkaz (IK) probably conducted these attacks to embarrass the Russian government in the build-up to the 2014 Olympic Games in Sochi. The IK, a violent extremist group based in Russia, has no known capability in the Homeland and is unlikely to directly target Western interests overseas.

(U//FOUO) Washington D.C. Fusion Center Bulletin: Nationwide Fuel Theft Trend

WRTAC-FuelThefts

Incidents involving the theft of fuel (gasoline, diesel, kerosene, ethanol, etc.) from fuel storage tanks have been reported across the United States. Fuel theft has significant health and safety implications, including risk for spills, fires, and explosions. Fuel thieves typically do not adhere to security standards or practices, and may inadvertently expose fuel to a hot engine, lit cigarette, or ignition source. First responders and other maintenance personnel also may be exposed to fuels through skin contact or inhalation routes during recovery and/or cleanup operations, which can result in potential health effects.

(U//FOUO) Colorado Information Analysis Center Bulletin: Vulnerabilities in Knox-Box Key Entry Systems

CIAC-KnoxBoxVulnerabilities

The Knox-Box® rapid entry system is an access control system utilized by public safety agencies. This system allows facilities to securely store entry keys or cards on site for first responders. First responders utilize a master key that unlocks all Knox boxes within their jurisdiction. Currently there are over 3.5 million Knox-Box rapid entry systems in use nationwide and over 11,500 fire departments in North America that use the Knox-Box rapid entry system. In one Colorado fire district there are over 4,000 Knox-Box systems in use within the local, state, and federal government which includes; energy, water, postal, emergency services, defense, transportation, and communication sectors. Unauthorized access to the system would allow individuals to bypass physical security measures at the site. The unauthorized individuals would also be able to duplicate keys, or remove entry keys or cards which would delay first responders.

(U//FOUO) Colorado Information Analysis Center Bulletin: Marijuana Infused Edibles

CIAC-MarijuanaEdibles

The State of Colorado legalized medical marijuana in 2012 and recreational marijuana in 2014. There has been an increased amount of marijuana infused products sold to the public. The products range from fruit chewz, gummiez, cupcakes, truffles, rice krispy treats, butter, and banana bread. It is extremely difficult to differentiate between marijuana infused products and non-infused products if the original packaging is not with the product.

(U//FOUO) DHS Violent Extremist Profile: Walter Bond

DHS-WalterBond

Walter Bond’s path to animal rights extremism was driven by witnessing what he perceived as animal abuse and by frustration stemming from his perception that lawful, nonviolent actions appeared to have little impact on advancing the goals of the animal rights movement.* Prior to becoming violent to advance animal rights, Bond showed a tendency to use violence to advance other beliefs, such as protesting illicit drug sales by committing arson against a drug trafficker’s home and protesting against religion by burning a pentagram symbol inside a church.

DHS National Cybersecurity and Communications Integration Center Heartbleed Advisories

NCCIC-Heartbleed

Security researchers from Google Security recently discovered a vulnerability with the Heartbeat extension (RFC6520) to OpenSSL’s Transport Layer Security (TLS) and the Datagram Transport Layer Security (DTLS) protocols. According to open source reports, the vulnerability has existed within certain OpenSSL frameworks since at least 2012. The Heartbeat extension is functionally a “keep-alive” between end-users and the secure server. It works by sending periodic “data pulses” of 64KB in size to the secure server and once the server receives that data; it reciprocates by re-sending the same data at the same size. The out-of-bounds “read” vulnerability exists because the Heartbeat extension in OpenSSL versions 1.0.1 through and 1.0.2-beta (including 1.0.1f and 1.0.2-beta1) do not properly validate the data being sent from the end-user. As a result, a malicious actor could send a specially-crafted heartbeat request to the vulnerable server and obtain sensitive information stored in memory on the server. Furthermore, even though each heartbeat only allows requests to have a data size limited to 64KB segments, it is possible to send repeated requests to retrieve more 64KB segments, which could include encryption keys used for certificates, passwords, usernames, and even sensitive content that were stored at the time. An attacker could harvest enough data from the 64KB segments to piece together larger groupings of information which could help an attacker develop a broader understanding of the information being acquired.

(U//FOUO) DHS-FBI-NCTC Bulletin: Fake Help Desk Scams an Ongoing Problem

DHS-FBI-NCTC-FakeHelpDesk

Law enforcement continues to see reporting of malicious cyber actors using fake help desk scams, also known as technical support scams. These scams, if successful, seek to compromise and take control of computer systems. Malicious cyber actors send users an e-mail or they make cold calls, purportedly representing a help desk from a legitimate software or hardware vendor. The malicious cyber actors try to trick users into believing that their computer is malfunctioning—often by having them look at a system log that typically shows scores of harmless or low-level errors—then convincing them to download software or let the “technician” remotely access the personal computer to “repair” it.

(U//FOUO) New Jersey Fusion Center Bulletin: Suspicious Activity Regarding the Electrical Grid in New Jersey

NJROIC-ElectricGridThreats

In the past year, the NJ Suspicious Activity Reporting System (NJ SARS) has received multiple reports of intrusions at electrical grid facilities in New Jersey. The NJ ROIC currently has no indication of any specific threats associated with these incidents, but provides this information for situational awareness and requests information on any similar, previously unreported incidents in New Jersey.