An intelligence assessment released last month by the Department of Homeland Security’s Office of Intelligence and Analysis found that a domestic terrorist attack conducted by individuals affiliated with or inspired by the Islamic State of Iraq and the Levant (ISIL) would most likely “employ tactics involving edged weapons, small arms, or improvised explosive devices (IEDs).” The assessment, which was obtained by Public Intelligence, was released in October following several recent attacks conducted in Europe and Australia by individuals sympathetic to ISIL. Based on a review of these and other planned attacks, analysts at DHS evaluated the tactics and targets, as well as operational security measures employed in order to determine “tactics, targets, and tradecraft that potentially could be used in the Homeland by individuals associated with or inspired” by ISIL.
The FBI Cyber Division has issued a notification to private industry and law enforcement to be aware of the potential for retaliatory cyber attacks following recent U.S. military actions in the Middle East. While the FBI has “no information at this time to indicate specific cyber threats to US networks or infrastructure in response to ongoing US military air strikes against the terrorist group known as the Islamic State of Iraq and the Levant (ISIL)” the bulletin states that the FBI believes that “extremist hackers and hacktivist groups, including but not limited to those aligned with the ISIL ideology, will continue to threaten and may attempt offensive cyber actions against the United States in response to perceived or actual US military operations in Iraq or Syria.”
“First time I ever saw an Afghan Police Station I thought it was something straight out of the dark ages, complete with zero electricity, mud structure, and no sewage drainage. Immediately I knew this mission would be challenging and wondered what the heck I got myself into?” This quote from a U.S. Army Captain is just one example of the unusually blunt assessments contained in the Joint Center for International Security Force Assistance (JCISFA) guide for advising the Afghan National Police (ANP). The 2010 version of the JCISFA ANP Mentor Guide, which was obtained by Public Intelligence along with a guide for troops assisting the Afghan National Army (ANA), contains a number of revealing observations on the often poor condition of Afghan National Security Forces, in particular the ANP.
A bulletin issued by the Department of Homeland Security, the FBI and the National Counterterrorism Center earlier this month warns law enforcement and private security personnel that malicious cyber actors can use “advanced search techniques” to discover sensitive information and other vulnerabilities in websites. The bulletin, titled “Malicious Cyber Actors Use Advanced Search Techniques,” describes a set of techniques collectively referred to as “Google dorking” or “Google hacking” that are used to refine search queries to provide more specific results.
An intelligence assessment released July 22 by the Department of Homeland Security Office of Intelligence and Analysis warns of an increasing trend of “anti-government violence” from what are described as “domestic violent extremists” inspired by the recent standoff at the Bundy Ranch in Bunkerville, Nevada. The report, titled “Domestic Violent Extremists Pose Increased Threat to Government Officials an Law Enforcement,” was originally obtained and published by Public Employees for Environmental Responsibility, a non-profit alliance of local state and federal resource professionals that has been advocating for criminal charges against Cliven Bundy and “militia snipers” involved in the April standoff with the Bureau of Land Management. In recent months, the report suggests that there has been a notable increase in violence from domestic extremists motivated by “anti-government ideologies.”
For years the U.S. military has been waging a biometric war in Afghanistan, working to unravel the insurgent networks operating throughout the country by collecting the personal identifiers of large portions of the population. A restricted U.S. Army guide on the use of biometrics in Afghanistan obtained by Public Intelligence provides an inside look at this ongoing battle to identify the Afghan people.
The Law Enforcement National Data Exchange (N-DEx) run by the FBI Criminal Justice Information Services (CJIS) Division now contains approximately 223 million records on nearly two billion entities. A FBI CJIS presentation from February 2014 posted on the website of the Integrated Justice Information Systems Institute includes detailed information on state and local data contributors including a tally of the total number of records contributed by state.
In the first weeks of 2013, police officers were combing through a bloody scene in the Indian state of Jharkhand where a dozen security personnel had died in a shootout with local rebels. The Naxalite fighters, who promote a Maoist ideology through their ongoing guerrilla conflict with the Indian government, had killed the men, including five Central Reserve Police Force members, in a gun battle days before. When local villagers and police tried to remove the bodies, a bomb went off killing four more people. After the incident, a group of doctors in nearby Ranchi were performing an autopsy on one of the bodies when they encountered something metal lodged inside the body. A bomb squad was called in and an explosive device triggered by shifts in pressure that had been sewn into the police officer’s body was successfully defused.
Public Intelligence has obtained the most recent version of the U.S. Civil-Military Strategic Framework for Afghanistan, the second revision of the document dated August 2013, detailing the U.S. government’s goals and priorities for rebuilding Afghan society. Issued by the U.S. Ambassador to Afghanistan James Cunningham and signed by the commander of U.S. forces Joseph Dunford, the framework covers U.S. priorities related to governance, the rule of law, socioeconomic development as well as the gradual transfer of authority to the Afghan government. When compared with a previous version of the framework from March 2012, also obtained by Public Intelligence, the document solidifies the prospect of long-term U.S. involvement in Afghanistan, removing optimistic statements about turnover dates and self-sustaining funding estimates and replacing them with measured assessments reinforcing the notion that U.S. and international forces will be present in Afghanistan far into the next decade.
A federal law passed in February 2012 to help middle class families by creating jobs and cutting payroll taxes included a section mandating the creation of a nationwide interoperable broadband communications system for law enforcement and first responders. The system, which is being created under the direction of the First Responder Network Authority (FirstNet), seeks to create a nationwide broadband network capable of being used for a variety of law enforcement purposes including remote surveillance, mobile biometric applications like field fingerprint scanning and facial recognition, as well as automated license plate reading. The system is currently in a pilot phase with less than a dozen locations around the country participating in the initial rollout of the FirstNet network. However, comments from FirstNet board members indicate that the future goals of the system include an interoperable network operating in all 56 states and territories of the U.S. that is capable of integration at the state, local and federal level.
Joint Chiefs of Staff Instruction Modifies Language on Collateral Damage Estimates for Drone Strikes
An updated instruction issued by the Chairman of the Joint Chiefs of Staff in October 2012 incorporates significantly modified language in numerous sections of the document that describe the process for estimating collateral damage prior to conducting drone strikes and other military actions. These subtle, but important changes in wording provide insight into the military’s attempts to limit expectations in regards to minimizing collateral damage and predicting the lethal effects of military operations.
A statistical analysis of school shootings released in August by the Los Angeles Joint Regional Intelligence Center (LAJRIC) studied school shootings throughout the U.S. from January 2008 to August 2013. In that five-year span, there were 85 school shootings that took place in 29 states, a majority of the country, with most states experiencing between one and three incidents over the last five years. California ranked highest with 18 incidents, followed by Michigan and Tennessee. The majority of school shootings, about 52%, took place at high schools, with the rest equally distributed between colleges/universities and elementary/middle schools.
A joint bulletin issued in early August by the Department of Homeland Security and FBI warns state and local law enforcement agencies to look out for people in possession of “large amounts” of weapons and ammunition, describing the discovery of “unusual amounts” of weapons as a potential indicator of criminal or terrorist activity.
Analysis conducted by the Central Florida Intelligence Exchange (CFIX) has found that 79% of mass shootings since 2011 have been perpetrated by individuals with “demonstrated signs of continuous behavioral health issues and mental illness.” In a July case study titled “Acts of Violence Attributed by Behavioral and Mental Health Issues”, CFIX analyzed 14 mass shooting incidents that occurred between 2011 and 2013 finding that only three of the shooters had no history of mental illness.
Since June, advanced persistent threat (APT) actors have been targeting the aviation industry and attempting to extract confidential information by sending “spear-phishing” emails designed to trick recipients into opening malicious attachments or follow links to infected websites. According to an FBI Cyber Division bulletin from July 8, “individuals associated with the air travel industry” have received an increased number of spear-phishing emails often using spoofed senders “in an attempt to make the e-mail appear more legitimate.”
In a restricted report issued in May, the DEA detailed the most recent findings from its heroin monitoring program, assessing the period from 2006 -2011. The report finds that heroin in the U.S. generally comes from two different places: South America and Mexico. If you live east of the Mississippi River, chances are that the heroin you’re buying is from South America. Heroin purchased on the West Coast is almost certainly trafficked from Mexico. Some heroin from Southwest Asia does make it to the U.S. However, the amount is minimal compared to other sources and the quality is relatively poor.
A recent version of the Department of Homeland Security’s National Risk Profile found that old and deteriorating infrastructure in the U.S. could pose significant risks to the nation and its economy. According to the report, insufficient funding of inspection and maintenance of critical infrastructure throughout the U.S. could create wide-ranging problems as the nation’s infrastructure continues to age. Along with pandemics and nuclear terrorism, a draft version of the DHS National Risk Profile for 2011 lists “aging infrastructure” as having a “potentially significant impact” on the nation’s critical infrastructure. The assessment states that “unusable, ineffectual, and deteriorating critical infrastructure, as well as the potential for exploitation of these vulnerabilities, increase risk . . . due to the inadvertent introduction of flaws, reduced inspection and maintenance workforce, and insufficient investment.” Moreover, this is not a limited threat, as the assessment states that the “entire United States is at risk from aging infrastructure that will eventually “affect all critical infrastructure sectors and ultimately reduce or erode their capacity and lifetimes in unexpected and unpredicted ways.”
The National Counterterrorism Center (NCTC) warned in November of last year that precursor components needed to produce improvised explosive devices (IEDs) are “widely and legally available in sufficient quantities through a variety of sources” in the U.S. and are difficult to regulate due to their legitimate uses.
The Department of Defense has issued an instruction clarifying the rules for the involvement of military forces in civilian law enforcement. The instruction establishes “DoD policy, assigns responsibilities, and provides procedures for DoD support to Federal, State, tribal, and local civilian law enforcement agencies, including responses to civil disturbances within the United States.” The new instruction titled “Defense Support of Civilian Law Enforcement Agencies” was released at the end of February, replacing several older directives on military assistance to civilian law enforcement and civil disturbances. The instruction requires that senior DoD officials develop “procedures and issue appropriate direction as necessary for defense support of civilian law enforcement agencies in coordination with the General Counsel of the Department of Defense, and in consultation with the Attorney General of the United States”, including “tasking the DoD Components to plan for and to commit DoD resources in response to requests from civil authorities for [civil disturbance operations].” Military officials are to coordinate with “civilian law enforcement agencies on policies to further DoD cooperation with civilian law enforcement agencies” and the heads of the combatant commands are instructed to issue procedures for “establishing local contact points in subordinate commands for purposes of coordination with Federal, State, tribal, and local civilian law enforcement officials.”
The U.S. Air Force Office of Special Investigations (AFOSI) is warning military personnel to avoid becoming victims of online sextortion scams using “sexual images (obtained either through enticement or malicious code)” to extort money from unsuspecting victims. “Cyber sextortion” is described as a growing problem among the military services with incidents being reported by “all Military Criminal Investigative Organizations” involving service members located at bases all over the world. The AFOSI report, released in February on a restricted basis, was recently posted online on the document-sharing website Scribd.
The National Counterterrorism Center (NCTC) is warning law enforcement and first responders that urban exploration, an activity that involves trying to gain access to restricted or abandoned man-made structures, can provide useful information for terrorists conducting surveillance of a potential target. Also known as “building hacking”, urban exploration has been around in its modern form for decades, tracing some its more recent history to post-war exploration of the Parisian catacombs and members of MIT’s Tech Model Railroad Club Signals and Power Subcommittee, who organized explorations of steam tunnels and rooftops around campus in the late 1950s.