Tag Archive for Department of Homeland Security

(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Attempted Breaches/Intrusions

Terrorists may attempt to breach secured perimeters or gain unauthorized access to facilities, sensitive locations, or restricted areas for preoperational activity or to conduct an attack. Timothy McVeigh breached a locked storage shed at a Kansas rock quarry with a battery-operated drill and stole explosives that were later used in the 1995 Oklahoma City bombing. Attempts at intrusion could take the form of trespassing, forced entry, or impersonation of authorized personnel and could possibly involve the assistance of knowledgeable ‘insiders.”

(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Aviation Flyovers

Terrorists may use small aircraft flyovers to conduct preoperational activities such as reconnaissance or rehearsals for planned attacks. When suspicious flyovers occur, law enforcement and first responders should report the key attributes of the flight and the aircraft for timely identification (time of day, location and direction of flight, facility overflown, aircraft size, markings, color scheme, tail number, number of windows, placement of wings or rotor, number of engines, and weather) to the Federal Aviation Administration (FAA) through a local Air Traffic Control facility or office, a local Flight Standards District Office, or directly to the FAA’s Domestic Events Network at 202 493 5107, and the Transportation Security Administration. The FAA is often best able to distinguish between legitimate air traffic and suspicious flight operations that warrant further investigation.

DHS Infrastructure Protection Note: Performance Venues – Indicators of Violence and Protective Measures

Performance venues include theaters, concert halls, auditoriums, and amphitheaters, ranging in size and function from small neighborhood movie theaters or community playhouses to high-capacity venues in major metropolitan areas. Performance venues are relatively open-access, limited egress facilities and have been successfully targeted in the past.

DHS-University of Maryland Study: Profiles of Perpetrators of Terrorism – United States (PPT-US)

The objective of this project is to create and manage a comprehensive dataset of groups and movements that have used terrorist tactics within the United States – at some point between 1970 and 2007 – to achieve political, religious, social or economic goals. These data will be integrated into the Terrorist and Extremist Violence in the United States (TEVUS) database in the near future as part of the larger Integrating U.S. Security Databases (IUSSD) project.

(U//FOUO) DHS-FBI Bulletin: Potential Use of Cold Packs in Improvised Explosives

Cold packs, packaged and sold commercially, contain chemicals—usually 30 to 85 grams of ammonium nitrate or urea—that, when extracted in sufficient quantity, can be used as precursors for improvised explosives. The chemicals are packaged in prill form, and can be used directly or ground into powder when being used in homemade explosive production. Five hundred packs would yield 30 to 90 pounds of precursor material for use in an improvised explosive device (IED).

DHS, FBI Warn Law Enforcement of Terrorists Asking Questions

The Department of Homeland Security and Federal Bureau of Investigation are warning business owners and emergency personnel around the country to be on the look out for terrorists and criminals asking too many questions. In a bulletin from earlier this year, DHS and FBI warned that terrorists and criminals often exhibit the highly suspicious behavior of asking “pertinent, intrusive or probing questions” about security and operations at sensitive facilities. According to the document, terrorists or criminals “may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees or their associates” and that this type of questioning by individuals “with no apparent need for the information” can provide an “early warning of a potential attack.”

(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Terrorists Eliciting Information

Terrorist or criminals may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees, and their associates. Persistent, intrusive or probing questions about security, operations or other sensitive aspects of a facility by individuals with no apparent need for the information could provide early warning of a potential attack.

(U//FOUO) DHS-FBI Bulletin: Terrorist Interest in Attacking Theaters and Mass Gatherings

An early April 2012 suicide bombing of a theater in Somalia and a violent extremist communication advocating attacks on US theaters highlight terrorists’ continued interest in attacking such venues. Although we have no specific or credible information indicating that terrorists plan to attack theaters in the United States, terrorists may seek to emulate overseas attacks on theaters here in the United States because they have the potential to inflict mass casualties and cause local economic damage.

Homeland Security Warns of Terrorist Wildfire Attacks

The Federal Bureau of Investigation, Department of Homeland Security and fusion centers around the country are warning that terrorists are interested in using fire as a weapon, particularly in the form of large-scale wildfires near densely populated areas. A newly released DHS report states that for more than a decade “international terrorist groups and associated individuals have expressed interest in using fire as a tactic against the Homeland to cause economic loss, fear, resource depletion, and humanitarian hardship.” The report notes that the tactical use of fire as a weapon is “inexpensive and requires limited technical expertise” and “materials needed to use fire as a weapon are common and easily obtainable, making preoperational activities difficult to detect and plot disruption and apprehension challenging for law enforcement.”

(U//FOUO) DHS Terrorist Interest in Using Fire as a Weapon

International terrorist groups and violent extremists have long shown interest in using fire as a weapon due to the low cost and limited technical expertise required, the potential for causing large-scale damage, and the low risk of apprehension. Recent encouragement of use of this tactic by terrorist groups and violent extremists in propaganda materials and extremist Web forums is directed at Western audiences and supports Homeland attacks.

The Continually Expanding Definition of Terrorism

Though the United States has been engaged in a Global War on Terror for more than a decade, the U.S. Government surprisingly does not have a standardized definition of terrorism that is agreed upon by all agencies. The State Department, Federal Bureau of Investigation and a number of other government agencies all utilize differing definitions of what constitutes an act of terrorism. This lack of agreement has allowed individual agencies to present vastly different and, in some cases, far more inclusive definitions of terrorist acts enabling the use of expanded law enforcement and investigative procedures that might not be applicable in other agencies. In fact, some agencies have presented a definition of terrorism so expansive as to include a number of activities that are not traditionally associated with terrorism or terrorist organizations.

DHS Report: Criminals and Hacktivists May Use 2012 Summer Olympics as Platform for Cyberattacks

Scams, malware campaigns and attacks will continue to grow in scale and complexity as the 27 July opening ceremony in London draws near. Event organizers, sponsors and British authorities continue to increase their physical and cybersecurity awareness as the event approaches. Information systems supporting the Games, transport infrastructure, law enforcement communications, financial operations and similar will become prime targets for criminals. A collective of approximately eighty-seven UK banks exercised their ability to withstand cyber attacks last November. Olympic organizers anticipated cyber threats and began testing their cybersecurity posture during ‘technical rehearsals’ by running scenarios from their Technology Operations Center (TOC) situated on Canary Wharf. The TOC will be manned with over one hundred personnel continuously monitoring critical applications, such as the Commentator Information System, organizers’ intranet, and a telecom infrastructure encompassing 900 servers, 1,000 network and security devices, and 9,500 computers. In addition, British law enforcement organizations have been collaborating with the U.S. Secret Service and other industry experts to understand attack vectors, detection methods and mitigation strategies to combat the threat. However, the cyber implications are more expansive than localized attacks against systems and encompass globally distributed Olympic-themed malware, spam campaigns and scams.

(U//FOUO) DHS Wireless Medical Devices/Healthcare Cyberattacks Report

The expanded use of wireless technology on the enterprise network of medical facilities and the wireless utilization of MDs opens up both new opportunities and new vulnerabilities to patients and medical facilities. Since wireless MDs are now connected to Medical information technology (IT) networks, IT networks are now remotely accessible through the MD. This may be a desirable development, but the communications security of MDs to protect against theft of medical information and malicious intrusion is now becoming a major concern. In addition, many HPH organizations are leveraging mobile technologies to enhance operations. The storage capacity, fast computing speeds, ease of use, and portability render mobile devices an optimal solution.

(U//FOUO) DHS-FBI Intelligence Bulletin on Homegrown Extremist Retaliation for Afghan Massacre

This Joint Intelligence Bulletin is intended to increase awareness and provide understanding of the nature of potentially emergent threats in response to the alleged killing of civilians by a US soldier in Afghanistan and the burning of Korans and other religious documents on a military base. This Information is provided to support the activities of FBI and DHS and to assist federal, state, local, tribal, and territorial counterterrorism and law enforcement officials and the private sector to prevent or respond to terrorist attacks against the United States.

(U//FOUO) DHS Chemical Facilities Threat Assessment

The DHS Homeland Infrastructure Threat and Risk Analysis Center produced this threat assessment to support implementation of 6 Code of Federal Regulations Part 27, “Chemical Facility Anti-Terrorism Standards (CFATS).” This assessment describes the potential terrorist threat to the chemical and petroleum facilities regulated under CFATS and determined to be high risk by the Secretary of Homeland Security. It does not address facilities that may hold threshold quantities of the chemicals listed in CFATS that fall outside its scope, such as public water facilities or facilities regulated under the Maritime Transportation Security Act of 2002. Nor does it address the transportation of chemicals, which is regulated under other authorities. Potential terrorist tactics against such facilities—based on DHS’ knowledge of terrorist intentions and capabilities—are included to aid industry security personnel in implementing security measures at their facilities.

(U//FOUO) DHS Terrorist Use of Improvised Incendiary Devices and Attack Methods

Improvised incendiary devices (IIDs) typically are less expensive to make than improvised explosive devices but still are capable of creating mass casualties and causing widespread fear and panic. Improvised incendiary devices (IIDs) can be constructed easily from everyday materials available at hardware and grocery stores. IIDs can be used against many types of infrastructure targets; violent extremists have used them successfully in attacks in the United States and overseas.

DHS Media Monitoring Desktop Reference Manual

A manual for the Department of Homeland Security’s Media Monitoring Capability that was reportedly obtained by EPIC via a FOIA request. The manual has been slightly redacted by DHS to remove names and contact information and the URL of the Network Operations Center Media Monitoring Capability reporting website. This website has been listed in three of the four publicly available manuals as an example of a website monitored by DHS.

(U//FOUO) DHS Infrastructure Protection Note: Evolving Threats to the Homeland

The Office of Infrastructure Protection (IP) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produces Infrastructure Protection Notes to address issues impacting the infrastructure protection community’s risk environment from terrorist threats and attacks, natural hazards, and other events. Based on the analysis within the DHS Office of Intelligence and Analysis product Evolution of the Terrorist Threat to the United States this IP Note outlines the evolution of terrorist threats and impacts to the Nation’s critical infrastructure.

(U//FOUO) DHS Mass Transit and Passenger Railroad Systems Terrorist Attack Preparedness Info Regarding a Realistic Threat

Terrorist attack tactics used against mass transit and passenger railroad systems abroad provide insights that can assist law enforcement officers in securing these critical infrastructure assets. The chart below highlights common tactics noted in attempted or successful use of explosive or incendiary devices against mass transit or passenger railroad systems in attacks conducted between March 2004 and November 2009. The information about these attacks provides insights into device type, selection, and construction and can help law enforcement identify patterns and develop protective measures. Analysis shows terrorists have timed attacks during periods of peak ridership; used multiple, coordinated, drop-and-leave devices in identical or similar baggage; and placed devices inside rail cars to cause casualties among passengers.

DHS Testimony on Social Networking and Media Monitoring

Social media are web-based and mobile technologies that turn communication into an interactive dialogue in a variety of online fora. It may be appropriate for the government, including DHS, to use social media for a variety of reasons. The President has challenged his Administration to use technology and tools to create a more efficient, effective, and transparent government1. DHS recognizes that the use of social media by government actors must occur with appropriate privacy, civil rights, and civil liberties protections; whether DHS is disclosing its informationand press releases via social media platforms like Twitter and Facebook, reviewing news feeds for situational awareness, or researching identified, discrete targets for legitimate investigatory purposes. Accordingly, DHS has created Department-wide standards designed to protect privacy, civil rights, and civil liberties in each category of its use.

(U//FOUO) DHS-FBI Warning: Terrorist Use of Vehicle Ramming Tactics

Terrorists overseas have suggested conducting vehicle ramming attacks—using modified or unmodified vehicles—against crowds, buildings, and other vehicles. Such attacks could be used to target locations where large numbers of people congregate, including sporting events, entertainment venues, or shopping centers. Vehicle ramming offers terrorists with limited access to explosives or weapons an opportunity to conduct a Homeland attack with minimal prior training or experience.

(U//FOUO) DHS London Officials Issue Heroin Anthrax Alert March 2010

On 5 February 2010, the UK Health Protection Agency (HPA)—an official British Government agency—announced the confirmation of one case in England of a heroin user testing positive for anthrax. HPA also said 19 cases of anthrax had been confirmed so far in Scotland and that the heroin, or a contaminated cutting agent mixed with the heroin, was the likely source of infection.

DHS-University of Maryland Study: Hot Spots of Terrorism and Other Crimes in the United States 1970 to 2008

While efforts are increasingly aimed at understanding and identifying “hot spots” of ordinary crime, little is known about the geographic concentration of terrorist attacks. What areas are most prone to terrorism? Does the geographic concentration of attacks change over time? Do specific ideologies motivate and concentrate terrorist attacks? Moreover, what factors increase the risk that an attack will occur in a particular area? Using recently released data from the Global Terrorism Database, we address these gaps in our knowledge by examining county-level trends in terrorist attacks in the United States from 1970 through 2008.