(U//FOUO) DHS-FBI-NCTC Bulletin: Extortion Schemes Use Telephony-Based Denial-of-Service Attacks

DHS-FBI-NCTC-TDoSExtortion

Since at least January 2012, criminals are using telephony-based denial-of-service (TDoS) combined with extortion scams to phone an employee’s office and demand the employee repay an alleged loan. If the victim does not comply, the criminals initiate TDoS attacks against the employer’s phone numbers. TDoS uses automated calling programs—similar to those used by telemarketers—to prevent victims from making or receiving calls.

(U//FOUO) Kansas Intelligence Fusion Center Nairobi Westgate Mall Attack Lessons Learned

KIFC-WestgateAttack

On Saturday, September 21, 2013, members of Al Shabaab, a Somali based Islamic terrorist organization affiliated with the international Al Qaeda network, executed a complex terrorist attack on an upscale shopping mall in Nairobi, Kenya. The attackers simultaneously entered the mall from two different entrances, shooting shoppers with assault rifles and throwing hand grenades. The terrorists remained in the mall, engaging government security forces for the next four days, resulting in a major fire and partial collapse of the mall. The Kenyan government has officially reported 72 deaths and more than 200 injured as a result of the attack. A significant number of those killed and injured were foreign citizens, including 6 U.S. citizens who were injured in the attack.

U.N. Assistance Mission in Afghanistan (UNAMA) Protection of Civilians in Armed Conflict 2013 Annual Report

UNAMA-CivilianDeaths2013

Armed conflict in Afghanistan took an unrelenting toll on Afghan civilians in 2013. The United Nations Assistance Mission in Afghanistan (UNAMA) documented 8,615 civilian casualties (2,959 civilian deaths and 5,656 injured) in 2013, marking a seven percent increase in deaths, 17 percent increase in injured, and a 14 percent increase in total civilian casualties compared to 2012.

Google Inferring Events Based on Mob Source Video Patent

GoogleMobVideoPatent

Methods and systems are disclosed for inferring that an event of interest (e.g., a public gathering, a performance, an accident, etc.) has likely occurred. In particular, when there are at least a given number of video clips with similar timestamps and geolocation stamps uploaded to a repository, it is inferred that an event of interest has likely occurred, and a notification signal is transmitted (e.g., to a law enforcement agency, to a news organization, to a publisher of a periodical, to a public blog, etc.).

(U//LES) Virginia Fusion Center Bulletin: TOR, Bitcoins, Silk Road and the Hidden Internet

VFC-Tor

The purpose of this bulletin is to provide awareness and a basic understanding of the “Hidden Internet” to investigators in the field, as well as provide some examples of how the Hidden Internet can be exploited by criminal elements. While the term “Hidden Internet” can be used in a broader context and refer to other internet terms such as the “Deep Web” or “Deepnet,” for the purpose of this bulletin the term “Hidden Internet” will refer to the hidden services provided by the TOR project to internet users, specifically relating to the Silk road website and use of Bitcoins.

Privacy and Civil Liberties Oversight Board NSA Bulk Telephone Records Collection Report

PCLOB-Report

Section 215 is designed to enable the FBI to acquire records that a business has in its possession, as part of an FBI investigation, when those records are relevant to the investigation. Yet the operation of the NSA’s bulk telephone records program bears almost no resemblance to that description. While the Board believes that this program has been conducted in good faith to vigorously pursue the government’s counterterrorism mission and appreciates the government’s efforts to bring the program under the oversight of the FISA court, the Board concludes that Section 215 does not provide an adequate legal basis to support the program. There are four grounds upon which we find that the telephone records program fails to comply with Section 215. First, the telephone records acquired under the program have no connection to any specific FBI investigation at the time of their collection. Second, because the records are collected in bulk — potentially encompassing all telephone calling records across the nation — they cannot be regarded as “relevant” to any FBI investigation as required by the statute without redefining the word relevant in a manner that is circular, unlimited in scope, and out of step with the case law from analogous legal contexts involving the production of records. Third, the program operates by putting telephone companies under an obligation to furnish new calling records on a daily basis as they are generated (instead of turning over records already in their possession) — an approach lacking foundation in the statute and one that is inconsistent with FISA as a whole. Fourth, the statute permits only the FBI to obtain items for use in its investigations; it does not authorize the NSA to collect anything.

Oakland Police Department Urban Shield 2013 Protest Documentation

OPD-UrbanShield-2013-2_Page_01

The following documents were obtained via a public records request made by members of Occupy Oakland. The documents concern the Oakland Police Department response to protests against the 2013 Urban Shield homeland security exercise held in Alameda County. Urban Shield is an annual exercise series that features nearly fifty different training scenarios for law enforcement ranging from terrorist attacks conducted by “homegrown extremists” to hostage situations, fires and even natural disasters. The 2013 Urban Shield exercise involved dozens of federal, state and local law enforcement organizations, representatives of foreign countries such as Switzerland, Brazil, Bahrain, Jordan, as well as more than a dozen corporations including FedEx, Cisco Systems and Verizon Wireless. The documents are heavily redacted and include an operations plan, a presentation on Occupy Oakland, arrest reports and other miscellaneous documentation related to the protests.

Feds Tell Law Enforcement to Look Out for Dead Body Bombs

dead-body-bomb

In the first weeks of 2013, police officers were combing through a bloody scene in the Indian state of Jharkhand where a dozen security personnel had died in a shootout with local rebels. The Naxalite fighters, who promote a Maoist ideology through their ongoing guerrilla conflict with the Indian government, had killed the men, including five Central Reserve Police Force members, in a gun battle days before. When local villagers and police tried to remove the bodies, a bomb went off killing four more people. After the incident, a group of doctors in nearby Ranchi were performing an autopsy on one of the bodies when they encountered something metal lodged inside the body. A bomb squad was called in and an explosive device triggered by shifts in pressure that had been sewn into the police officer’s body was successfully defused.

(U//FOUO) U.S. Army Unified Exploitation Concept of Operations 2012-2018

USArmy-UnifiedExploitation

This CONOPS describes an overarching concept of operations for the 2012-2018 timeframe that provides a framework for “Unified Exploitation (UE)” operations and the basis to develop supporting capabilities. It establishes linkages to other Army concepts and describes how UE enables decisive action in support of unified land operations. This CONOPS describes the operational context and how commanders integrate supporting UE capabilities through Mission Command to produce an operational advantage. This CONOPS addresses the central military problem: the Army lacks a systematic approach to effectively integrate multiple organizations, disciplines, functions, and processes that support exploitation through their application of tactical, technical, and scientific capabilities. The absence of an organized exploitation framework to develop facts, actionable information or intelligence from collected enemy information, materials, or people, results in a knowledge void. This lack of knowledge may compromise our ability to execute commander directed, follow-on actions and represents tactical and perhaps even strategic opportunities lost.

NATO Afghan Ministry of Defense and Afghan National Army General Staff Master Ministerial Development Plan

unified-exploitation

At the International Conference on Afghanistan held in Bonn in December 2011 and again at the Chicago Summit in May 2012, the international community made a commitment to support Afghanistan in its Transformation Decade beyond 2014. Thus, as Afghan authorities assume the lead for security in all regions, and the NATO-led combat mission changes in scope, ministerial and institutional development will likely continue as an enduring mission. This mission is currently being conducted under the authority of Commander, NATO Training Mission-Afghanistan, Combined Security Transition Command- Afghanistan (NTM-A/CSTC-A) as a U.S. mission through bilateral agreements with Canada and the UK. Within the NTM-A/CSTC-A organization, the Deputy Commander- Army (DCOM-A), in coordination with the Ministry of Defense (MoD), generates and sustains the Afghan National Army (ANA), assists in the development of its leaders, and guides the establishment of an enduring institutional capacity in order to deliver a competent and capable Afghan security force. This plan will be reviewed and revised on an annual basis (in November of each year) to ensure that the advising effort and personnel resources are properly adjusted, as the institutional capability and capacity of the MoD and GS c:continues to develop.

(U//FOUO) Kansas Intelligence Fusion Center Bulletin: pH1N1 Emerging Infectious Disease

KIFC-pH1N1

From November through December 2013, CDC has received a number of reports of severe respiratory illness among young and middle-aged adults, many of whom were infected with influenza A (H1N1) pdm09 (pH1N1) virus. Multiple pH1N1-associated hospitalizations, including many requiring intensive care unit (ICU) admission, and some fatalities have been reported. The pH1N1 virus that emerged in 2009 caused more illness in children and young adults, compared to older adults, although severe illness was seen in all age groups. While it is not possible to predict which influenza viruses will predominate during the entire 2013- 14 influenza season, pH1N1 has been the predominant circulating virus so far. For the 2013-14 season, if pH1N1 virus continues to circulate widely, illness that disproportionately affects young and middle-aged adults may occur.

(U//FOUO) Committee on National Security Systems Recommendations for Implementing FICAM on U.S. Secret Networks

CNSS-ImplementingFICAM

Threats to Federal information systems are rising as demands for sharing of information and intelligence between Federal Departments and Agencies increase. It is essential that the Federal Government devise an approach that addresses both challenges without compromising the ability to achieve either objective. Developing a common governance framework and set of Identity, Credential, and Access Management (ICAM) capabilities that enhance the security of our systems by ensuring that only authorized persons and systems from different Federal components have access to necessary information is a high priority. The Federal Identity, Credential and Access Management (FICAM) Roadmap and Implementation Guidance was developed to address the need for secure information sharing capabilities across the breadth of the Federal Government.

(U//FOUO) Committee on National Security Systems Gap Analysis Between the FICAM and U.S. Secret Networks

CNSS-GapAnalysisFICAM

Over the past ten years, the Federal Government has made concerted advances in the development and implementation of Identity, Credential, and Access Management (ICAM). This progress includes capabilities designed to promote interoperability, assured information sharing, and efficiencies of scale across all agencies within the Federal Government. Recently, several high-visibility events have focused attention on classified networks with a renewed emphasis on information protection within the information sharing paradigm. Organizations must strive to ensure responsible sharing and safeguarding of classified information by employing advanced capabilities that enable a common level of assurance in information handling and sharing while ensuring the interoperability required to satisfy mission requirements.

DoJ Funded Study: Automated License Plate Recognition Systems Guidance for Law Enforcement

DoJ-IACP-ALPRs

Law enforcement officers are often searching for vehicles that have been reported stolen, are suspected of being involved in criminal or terrorist activities, are owned by persons who are wanted by authorities, have failed to pay parking violations or maintain current vehicle license registration, and any of a number of other factors. Law enforcement agencies throughout the nation are increasingly adopting automated license plate recognition (ALPR) technologies, which function to automatically capture an image of the vehicle’s license plate, transform that image into alphanumeric characters, compare the plate number acquired to one or more databases of vehicles of interest, and alert the officer when a vehicle of interest has been observed, all within a matter of seconds.

(U//FOUO) DHS Bulletin: Self-identified Anarchist Extremists Target Urban Gentrification Sites with Arson

DHS-AnarchistGentrificationArson

This Note analyzes the recent use of arson by anarchist extremists targeting urban development sites they describe as negatively impacting lower income residents through “gentrification.” This information is provided to enable federal, state, local, tribal, and territorial law enforcement; first responders; and private sector security officials to identify, preempt, prevent, or respond to intentional acts targeting urban development sites by anarchist extremist campaigns.