Department of Justice White Paper on Sharing Cyberthreat Information

DoJ-SharingCyberthreats

Improved information sharing is a critical component of bolstering public and private network owners’ and operators’ capacity to protect their networks against evolving and increasingly sophisticated cyber threats. As companies continue to adopt the newest technologies, these threats will only become more diverse and difficult to combat. Ensuring that information concerning cyber threats that U.S. companies detect on their domestic networks can be quickly shared will assist those companies in identifying new threats and implementing appropriate preventative cybersecurity measures. But sharing must occur without contravening federal law or the protections afforded individual privacy and civil liberties. In the interest of advancing discussions in this important area, DOJ has prepared this paper providing its views on whether the Stored Communications Act (18 U.S.C. § 2701 et seq.) (SCA) restricts network operators from voluntarily sharing aggregated data with the government that would promote the protection of information systems. We hope that this analysis will help companies make informed decisions about what information legally may be shared with the government to promote cybersecurity.

(U//FOUO) Colorado Information Analysis Center Bulletin: Marijuana Infused Edibles

CIAC-MarijuanaEdibles

The State of Colorado legalized medical marijuana in 2012 and recreational marijuana in 2014. There has been an increased amount of marijuana infused products sold to the public. The products range from fruit chewz, gummiez, cupcakes, truffles, rice krispy treats, butter, and banana bread. It is extremely difficult to differentiate between marijuana infused products and non-infused products if the original packaging is not with the product.

Restricted U.S. Army Civil Affairs Soldier Training Manual

USArmy-CivilAffairsSoldier

This manual provides the information necessary for Civil Affairs (CA) Soldiers to train for military occupational specialty (MOS) proficiency and includes self-development information that can assist the Soldier in lifelong learning and career development. An overview of the Army training process details the linkage and importance of the various elements that comprise the Army training process.

(U//FOUO) DHS Violent Extremist Profile: Walter Bond

DHS-WalterBond

Walter Bond’s path to animal rights extremism was driven by witnessing what he perceived as animal abuse and by frustration stemming from his perception that lawful, nonviolent actions appeared to have little impact on advancing the goals of the animal rights movement.* Prior to becoming violent to advance animal rights, Bond showed a tendency to use violence to advance other beliefs, such as protesting illicit drug sales by committing arson against a drug trafficker’s home and protesting against religion by burning a pentagram symbol inside a church.

(U//FOUO) U.S. Marine Corps Cordon and Search Lessons Learned Report

MCCLL-CordonSearch

Cordon and search missions have been an almost daily activity in conjunction with other tactical operations within Stability and Support Operations (SASO) in both OEF and OIF. As in all tactical operations, units refined individual tactics, techniques and procedures (TTP) to meet the requirements of the situations they encountered. Cordon and search activities were not always conducted as discreet missions but as supporting operations within SASO, and can begin as less invasive “cordon and knock” efforts to gain information, and rapidly evolve into “cordon and raid” or “cordon and destroy” as the tactical situation dictates. While these terms may not be found in doctrinal references, units in their observations use them.

U.S. Marine Corps Irregular Warfare Capability Based Assessment Report

USMC-IrregularWarfareCBA

Center for Irregular Warfare Integration Division (CIWID) was directed to conduct a Capabilities Based Assessment (CBA) on Irregular Warfare (IW) to ensure that the Marine Corps is properly postured to conduct IW operations and activities in the future. This document provides the results of the analysis and the recommended way ahead. The IW CBA message directed CIWID to “provide insights/observations after each phase of the study which may be used in support of future force structure deliberations.”

U.S. Air Force Remotely Piloted Aircraft (RPA) Vector Report 2013-2038

USAF-RPA-Vector

Both the current fiscal and future operational environments facing the Air Force influence the landscape for investments in the development and fielding of new technologies. This document refines the Air Force strategic vision for the future of RPA and reemphasizes the inherent potential and emerging capabilities of small unmanned aircraft systems (SUAS). The RPA Vector outlines concepts and capabilities needed over the next 25 years. It can inform the capabilities planning and requirements development process as well as inform the CFLIs as they execute their responsibilities for implementation planning in the plans, programming, budgeting and execution process.

Identity Dominance: The U.S. Military’s Biometric War in Afghanistan

biometrics-reader.jpg

For years the U.S. military has been waging a biometric war in Afghanistan, working to unravel the insurgent networks operating throughout the country by collecting the personal identifiers of large portions of the population. A restricted U.S. Army guide on the use of biometrics in Afghanistan obtained by Public Intelligence provides an inside look at this ongoing battle to identify the Afghan people.

(U//FOUO) U.S. Army Commander’s Guide to Biometrics in Afghanistan

CALL-AfghanBiometrics

Biometrics capabilities on the tactical battlefield enable a wide variety of defensive and offensive operations. Biometrics help ensure enemy personnel, criminals, and other undesirable elements are not allowed access to our facilities, hired to provide services, or awarded contracts. Biometrics is used to vet members of the Afghan government and military with whom our forces interact. Unfortunately, biometrics capabilities we put in the hands of Soldiers, Marines, Sailors, and Airmen — and that we ask unit commanders to employ — are relatively recent additions to the list of capabilities our military employs on the battlefield today.

Intelligence Community Inspector General Report on Boston Marathon Bombings

IC-IG-BostonBombingReport

On April 15, 2013, two pressure cooker bombs placed near the finish line of the Boston Marathon detonated within seconds of each other, killing three and injuring more than two hundred people. Law enforcement officials identified brothers Tamerlan and Dzhokhar Tsarnaev as primary suspects in the bombings. After an extensive search for the then-unidentified suspects, law enforcement officials encountered Tamerlan and Dzhokhar Tsarnaev in Watertown, Massachusetts. Tamerlan Tsarnaev was shot during the encounter and was pronounced dead shortly thereafter. Dzhokhar Tsarnaev, who fled the scene, was apprehended the following day and remains in federal custody.

DHS National Cybersecurity and Communications Integration Center Heartbleed Advisories

NCCIC-Heartbleed

Security researchers from Google Security recently discovered a vulnerability with the Heartbeat extension (RFC6520) to OpenSSL’s Transport Layer Security (TLS) and the Datagram Transport Layer Security (DTLS) protocols. According to open source reports, the vulnerability has existed within certain OpenSSL frameworks since at least 2012. The Heartbeat extension is functionally a “keep-alive” between end-users and the secure server. It works by sending periodic “data pulses” of 64KB in size to the secure server and once the server receives that data; it reciprocates by re-sending the same data at the same size. The out-of-bounds “read” vulnerability exists because the Heartbeat extension in OpenSSL versions 1.0.1 through and 1.0.2-beta (including 1.0.1f and 1.0.2-beta1) do not properly validate the data being sent from the end-user. As a result, a malicious actor could send a specially-crafted heartbeat request to the vulnerable server and obtain sensitive information stored in memory on the server. Furthermore, even though each heartbeat only allows requests to have a data size limited to 64KB segments, it is possible to send repeated requests to retrieve more 64KB segments, which could include encryption keys used for certificates, passwords, usernames, and even sensitive content that were stored at the time. An attacker could harvest enough data from the 64KB segments to piece together larger groupings of information which could help an attacker develop a broader understanding of the information being acquired.

National Institute of Justice Through-the-Wall Sensors Best Practices for Law Enforcement

NIJ-ThroughWallSensors

The National Institute of Justice (NIJ) Sensor, Surveillance, and Biometric Technologies (SSBT) Center of Excellence (CoE) has undertaken a best practices report of through-the-wall sensor (TTWS) devices for operation by law enforcement and first responder agencies in the United States. These devices use a form of radar to detect movement behind barriers. The ability to sense the presence of individuals through common building materials can be useful during rescue operations, law enforcement operations and other tactical scenarios. This report provides advice, tactics and information related to the use of TTWS in operational settings. The information provides law enforcement individuals and organizations with a better understanding of the capabilities and limitations of available TTWS equipment. When put into practice, an agency can make the most of the technology and improve the outcome and safety of operational scenarios in which it is deployed. The best practices report focuses on the use of commercially available TTWS devices suitable for law enforcement or emergency response applications.

(U//FOUO) DHS-FBI-NCTC Bulletin: Fake Help Desk Scams an Ongoing Problem

DHS-FBI-NCTC-FakeHelpDesk

Law enforcement continues to see reporting of malicious cyber actors using fake help desk scams, also known as technical support scams. These scams, if successful, seek to compromise and take control of computer systems. Malicious cyber actors send users an e-mail or they make cold calls, purportedly representing a help desk from a legitimate software or hardware vendor. The malicious cyber actors try to trick users into believing that their computer is malfunctioning—often by having them look at a system log that typically shows scores of harmless or low-level errors—then convincing them to download software or let the “technician” remotely access the personal computer to “repair” it.