FBI Notifications: Malicious Cyber Actors Targeting U.S. Government Networks and Employees

FBI-SpearPhishingTargeting

The FBI and NCIS believe a group of cyber actors have been using various social networking sites to conduct spear phishing activities since at least 2011. FBI and NCIS investigation to date has uncovered 56 unique Facebook personas, 16 domains, and a group of IP addresses associated with these actors. These personas typically would attempt to befriend specific types of individuals such as government, military, or cleared defense contractor personnel. After establishing an online friendship the actor would send a malicious link (usually through one of the associated domains) to the victim, either through e-mail or in a chat on the social networking site eventually compromising the target’s computer.

International Biometrics and Identification Association Draft Privacy Best Practices for Commercial Biometrics

IBIA-PrivacyBestPractices

One fact should not be lost in this discussion. As has always been the case, new methods of authenticating identity, like biometric identification, are necessary to augment existing conventions and meet current needs. Biometric technologies do this and, as a major privacy‐enhancing technology, preserve privacy at the same time. The facial template itself, like other biometric templates, provides no personal information. Indeed, protecting the non‐biometric personal information is enhanced through the use of biometric verification of identity to limit data access to only authorized persons. Biometrics can provide a unique tool to protect and enhance both identity security and privacy and to protect against fraud and identity theft, especially as a factor in identity verification. When your personal data are protected by access mechanisms that include one or more biometric factors, it becomes much more difficult for someone else to gain access to your personal data and applications because no one else has your unique biometric attributes. This enables legitimate access and reduces the risk that a person can steal your identity and, posing as you, collect benefits; board an airplane; get a job; gain access to your personal data, etc.

(U//FOUO) Pennsylvania Fusion Center Bulletin: Targeting First Responders

PACIC-TargetingFirstResponders

First responders, such as law enforcement, emergency medical services (EMS), and firefighters, often arrive at incidents completely focused on the emergency at hand. Whether it is a fire, a chest pain complaint, or a vehicular accident, the first responders prepare for certain events to take place during emergency situations and personal safety is a priority throughout the response. Unfortunately, in the past few years there are have been several occurrences where first responders became the victims of ambushes while performing their duties to protect citizens and save lives.

(U//FOUO) New York Fusion Center Bulletin: Recent Spike in Violence Targeting Law Enforcement

NYSIC-TargetingLawEnforcement

Over the last week there have been three attacks – one in Canada and two in the United States – in which law enforcement officers were targeted, leading to the death of five officers and one civilian. Based upon reporting it appears all the suspects in these incidents were motivated by elements of a far right anti-government ideology with a particular fixation on law enforcement. While it is unknown whether this spike is indicative of a long term increasing trend, it is significant from a near term perspective due to the short time frame and purposeful targeting of law enforcement.

(U//FOUO) DHS-FBI-NCTC Bulletin: Terrorists Continued Interest in Targeting Mass Transit

DHS-FBI-NCTC-MassTransit

Terrorists in late December 2013 conducted three attacks targeting people using public transportation systems in Russia, emphasizing terrorists’ persistent interest in attacking locations where large congregations of people are confined to small, often enclosed spaces. Russian officials claim North Caucasus-based violent extremists associated with the Imirat Kavkaz (IK) probably conducted these attacks to embarrass the Russian government in the build-up to the 2014 Olympic Games in Sochi. The IK, a violent extremist group based in Russia, has no known capability in the Homeland and is unlikely to directly target Western interests overseas.

(U//FOUO) Washington D.C. Fusion Center Bulletin: Nationwide Fuel Theft Trend

WRTAC-FuelThefts

Incidents involving the theft of fuel (gasoline, diesel, kerosene, ethanol, etc.) from fuel storage tanks have been reported across the United States. Fuel theft has significant health and safety implications, including risk for spills, fires, and explosions. Fuel thieves typically do not adhere to security standards or practices, and may inadvertently expose fuel to a hot engine, lit cigarette, or ignition source. First responders and other maintenance personnel also may be exposed to fuels through skin contact or inhalation routes during recovery and/or cleanup operations, which can result in potential health effects.

U.S. Air Force Instruction: Domestic Imagery Requests for U.S. Missions

USAF-DomesticImagery

Operations involving DI support using ISR/OPSRECCE/RPA involve a balancing of fundamental interests: conducting aircrew training in support of national security objectives and providing incident awareness and assessment support when requested while also protecting individual rights guaranteed by the Constitution and the laws of the U.S. The primary objective of the ACCI is to ensure that ACC units conducting DI missions within U.S. do not infringe on or violate the Constitutional or privacy rights of U.S. persons. Commanders, inspectors general, and judge advocates at all levels must be cognizant of DI policies.

Bilderberg Association Annual Reports 2011-2013

bilderberg-association

Several annual reports for the Bilderberg Association from 2011-2013 made available through the U.K. Charities Commission. The Bilderberg Association is one of several international non-profit affiliates of the group known as Bilderberg Meetings. The U.S. affiliate is called American Friends of Bilderberg, Inc. and is a registered non-profit in the State of New York.

FBI Chinese Military Hacking Indictments Private Industry Notifications

FBI-ChineseIndictmentAlert-1_Page_1

Today the Western District of Pennsylvania unsealed an indictment naming five members of the People’s Liberation Army of the People’s Republic of China on 31 counts, including conspiring to commit computer fraud (18 U.S.C. §§ 371, 1030), accessing a computer without authorization for the purpose of commercial advantage and private financial gain (18 U.S.C. § 1030(a)(2)(C), (c)(2)(B)), damaging computers through the transmission of code and commands (18 U.S.C. § 1030(a)(5)), aggravated identity theft (18 U.S.C. § 1028A), economic espionage (18 U.S.C. § 1831(a)(1)), and theft of trade secrets (18 U.S.C. § 1832(a)(1)). Each of the defendants provided his individual expertise to a conspiracy to penetrate the computer networks of six US companies while those companies were engaged in negotiations or joint ventures with or were pursuing legal action against state-owned enterprises in China. The following technical details are indicators released in the indictment related to these actors’ activity.

National Counterterrorism Center Enhanced Safeguards Decision Matrix

ODNI-Safeguards

The DNI, D/NCTC and the Attorney General approved revised Attorney General Guidelines for NCTC’s handling of US Person (USP) information in March 2012. These revised NCTC Attorney General Guidelines (“NCTC’s AGGs”) govern NCTC’s access, retention, use, and dissemination of datasets identified as including non-terrorism information and information pertaining exclusively to domestic terrorism, and provide NCTC with the authority to retain USP information for up to five years (unless a shorter period is required by law, executive order, regulation, international agreement, etc.). During this temporary retention and assessment period, additional safeguards and protections are applied to this data, to include baseline (and potentially enhanced) safeguards, as well as additional compliance, auditing, reporting and oversight mechanisms.

(U//FOUO) U.S. Army Tactical Combat Casualty Care Handbook August 2013

CALL-TCCC

Tactical Combat Casualty Care (TCCC) is the pre-hospital care rendered to a casualty in a tactical, combat environment. The principles of TCCC are fundamentally different from those of traditional civilian trauma care, which is practiced by most medical providers and medics. These differences are based on both the unique patterns and types of wounds that are suffered in combat and the tactical environment medical personnel face in combat. Unique combat wounds and tactical environments make it difficult to determine which intervention to perform at what time. Besides addressing a casualty’s medical condition, responding medical personnel must also address the tactical situation faced while providing casualty care in combat. A medically correct intervention performed at the wrong time may lead to further casualties. Stated another way, “good medicine may be bad tactics,” which can get the rescuer and casualty killed. To successfully navigate these issues, medical providers must have skills and training focused on combat trauma care, as opposed to civilian trauma care.

Joint and Coalition Operational Analysis (JCOA) Drone Strikes Civilian Casualty Considerations

JCOA-DroneStrikesSummary

The US government has described drone airstrikes in operations outside declared theaters of armed conflict as surgical and causing minimal civilian casualties. Analysis of air operations in Afghanistan, combined with a review of open-source reports for drone strikes in Pakistan, suggest that these fell short of intended goals. Specifically, drone strikes in Afghanistan were seen to have close to the same number of civilian casualties per incident as manned aircraft, and were an order of magnitude more likely to result in civilian casualties per engagement. Specific causal factors were identified that contributed to the relative propensity of drones to cause civilian casualties. Tailored training that addresses these causal factors could aid in reducing civilian casualties in engagements involving drones. While processes and operating forces in Afghanistan can differ from those in operations outside declared theaters of armed conflict, the factors above suggest that a dedicated analysis of civilian casualties in such operations would be worthwhile.

(U//FOUO) Colorado Information Analysis Center Bulletin: Vulnerabilities in Knox-Box Key Entry Systems

CIAC-KnoxBoxVulnerabilities

The Knox-Box® rapid entry system is an access control system utilized by public safety agencies. This system allows facilities to securely store entry keys or cards on site for first responders. First responders utilize a master key that unlocks all Knox boxes within their jurisdiction. Currently there are over 3.5 million Knox-Box rapid entry systems in use nationwide and over 11,500 fire departments in North America that use the Knox-Box rapid entry system. In one Colorado fire district there are over 4,000 Knox-Box systems in use within the local, state, and federal government which includes; energy, water, postal, emergency services, defense, transportation, and communication sectors. Unauthorized access to the system would allow individuals to bypass physical security measures at the site. The unauthorized individuals would also be able to duplicate keys, or remove entry keys or cards which would delay first responders.

Department of Justice White Paper on Sharing Cyberthreat Information

DoJ-SharingCyberthreats

Improved information sharing is a critical component of bolstering public and private network owners’ and operators’ capacity to protect their networks against evolving and increasingly sophisticated cyber threats. As companies continue to adopt the newest technologies, these threats will only become more diverse and difficult to combat. Ensuring that information concerning cyber threats that U.S. companies detect on their domestic networks can be quickly shared will assist those companies in identifying new threats and implementing appropriate preventative cybersecurity measures. But sharing must occur without contravening federal law or the protections afforded individual privacy and civil liberties. In the interest of advancing discussions in this important area, DOJ has prepared this paper providing its views on whether the Stored Communications Act (18 U.S.C. § 2701 et seq.) (SCA) restricts network operators from voluntarily sharing aggregated data with the government that would promote the protection of information systems. We hope that this analysis will help companies make informed decisions about what information legally may be shared with the government to promote cybersecurity.