On April 15, 2013, two pressure cooker bombs placed near the finish line of the Boston Marathon detonated within seconds of each other, killing three and injuring more than two hundred people. Law enforcement officials identified brothers Tamerlan and Dzhokhar Tsarnaev as primary suspects in the bombings. After an extensive search for the then-unidentified suspects, law enforcement officials encountered Tamerlan and Dzhokhar Tsarnaev in Watertown, Massachusetts. Tamerlan Tsarnaev was shot during the encounter and was pronounced dead shortly thereafter. Dzhokhar Tsarnaev, who fled the scene, was apprehended the following day and remains in federal custody.
Impersonation by assuming the identity, behavior, or appearance of first responders can allow terrorists access to restricted or secure locations, including the scene of emergencies when unchallenged. This access can allow terrorists the ability to conduct pre-operational surveillance or carry out a primary attack or a secondary attack against first responders. The method of impersonation may not be limited to the use of uniforms, clothing, badges and identification; civilian vehicles may be accessorized to appear as legitimate emergency vehicles.
Recent incidents in the Homeland demonstrate that consumer fireworks—widely used during the upcoming 4 July 2013 celebrations—can be misused by criminals and violent extremists to construct improvised explosive devices (IEDs). Consumer fireworks are defined as devices that produce audible and visible effects by combustion, containing between 50-130 milligrams of explosive material. They are banned in Delaware, Massachusetts, New Jersey, and New York.
Within DHS, this overarching responsibility for critical infrastructure protection is delegated to the National Protection and Programs Directorate’s (NPPD) Office of Infrastructure Protection (IP), specifically the Sector-Specific Agency Executive Management Office (SSA EMO) CF Branch for commercial facilities. Serving as the Sector-Specific Agency (SSA) for the CF Sector, the CF Branch works with its partners to address and highlight low-cost preparedness and risk management options in the products and tools it makes available to the private sector. For example, the CF SSA has been working to produce a suite of protective measures guides that provide an overview of best practices and protective measures designed to assist owners and operators in planning and managing security at their facilities or events. The Protective Measures Guide for the U.S. Outdoor Venues Industry is one of these guides and reflects the special considerations and challenges posed by the Outdoor Venues Subsector.
Malicious actors may leverage the Internet to gain information against a potential target to support pre-operational planning efforts for kinetic or cyber attacks. Malicious actors can use Internet search engines for information such as maps, company photographs or blueprints, and gain additional details from social media sites and Web blogs. Some actors may use more sophisticated techniques—such as phishing, spear phishing, or actual penetration of an organization’s network or devices—which can be used to gather personal, sensitive, or proprietary data.
(U//FOUO) DHS-FBI Report: Idaho Man Arrested for Providing Material Support to Islamic Movement of Uzbekistan
This Joint Intelligence Bulletin (JIB) provides information on the 16 May 2013 arrest of Idaho-based Uzbekistan national Fazliddin Kurbanov by the FBI Boise Joint Terrorism Task Force (JTTF). On 16 May, Kurbanov was charged under two indictments alleging terrorism, one each in the United States District Court, District of Idaho and United States District Court, District of Utah. FBI and DHS are providing this information to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and the private sector in deterring, preventing, or disrupting terrorist attacks against the United States. All events described in this JIB are taken from the criminal indictment. The charges contained in the indictment are mere allegations. As in any criminal case, the defendant is presumed innocent until proven guilty in a court of law.
Terrorists and violent extremists have used—or considered using—diversionary tactics in terrorist attacks overseas. Diversionary tactics are often used to draw security forces and first responders away from the intended primary target of the attack and may be used as part of a complex or multi-pronged attack. Diverting first responders to a location other than the primary target of an attack delays the response and the provision of medical care to victims, and depletes first responder resources.
The National Counterterrorism Center (NCTC) warned in November of last year that precursor components needed to produce improvised explosive devices (IEDs) are “widely and legally available in sufficient quantities through a variety of sources” in the U.S. and are difficult to regulate due to their legitimate uses.
A facilitated brainstorming session was convened to identify and examine the most common misconceptions about conventional Homeland plotting. These misconceptions stemmed from inquiries received from Federal, state, local, tribal, and private-sector consumers and from articles published by outside experts and in the media. Analysts identified the following six misconceptions as the most common and compared them with current analytic lines.
This Joint Intelligence Bulletin provides law enforcement and private sector safety officials with protective measures in light of the recent explosions that took place at the 2013 Boston Marathon in Boston, Massachusetts. The information is provided to support the activities of DHS and FBI and to assist federal, state, local, tribal, and territorial government counterterrorism and first responder officials and the private sector to deter, prevent, preempt, or respond to terrorist attacks in the United States.
This Joint Intelligence Bulletin provides information on the devices used in the 15 April 2013 Boston Marathon explosions. The information is intended to provide aid in identifying devices and to support the activities of DHS and FBI and to assist federal, state, local, tribal, and territorial government counterterrorism and first responder officials and the private sector to deter, prevent, preempt, or respond to terrorist attacks in the United States.
The FBI assesses with high confidence recreationally used exploding targets (ETs), commonly referred to as tannerite, or reactive targets, can be used as an explosive for illicit purposes by criminals and extremists and explosive precursor chemicals (EPCs) present in ETs can be combined with other materials to manufacture explosives for use in improvised explosive devices (IEDs).
Expressed or implied threats by an individual or a group communicating intent to commit acts of terrorism or violence or advocating violence against a person, population, or to damage or destroy a facility can be an indicator of pre-operational attack planning. For example, in 2010 a Virginia-based US person pled guilty to communicating threats after he posted a video to the Internet encouraging violent extremists to attack the creators of a television show, including highlighting their residence and urging online readers to “pay them a visit.” He also admitted to soliciting others to desensitize law enforcement by placing suspicious looking but innocent packages in public places, which could then be followed up by real explosives.
Stolen, cloned, or repurposed commercial or official vehicles—such as police cars, ambulances, and public utility service trucks—have been used in terrorist attacks. These vehicles could facilitate terrorist access to restricted and hardened targets as well as to emergency scenes. The use of these vehicles can provide individuals the ability to approach targets to conduct pre-operational surveillance or carry out primary attacks or secondary attacks against first responders.
The National Counterterrorism Center (NCTC) is warning law enforcement and first responders that urban exploration, an activity that involves trying to gain access to restricted or abandoned man-made structures, can provide useful information for terrorists conducting surveillance of a potential target. Also known as “building hacking”, urban exploration has been around in its modern form for decades, tracing some its more recent history to post-war exploration of the Parisian catacombs and members of MIT’s Tech Model Railroad Club Signals and Power Subcommittee, who organized explorations of steam tunnels and rooftops around campus in the late 1950s.
(U//FOUO) National Counterterrorism Center: Urban Exploration Offers Insight on Infrastructure Vulnerabilities
Urban Explorers (UE)—hobbyists who seek illicit access to transportation and industrial facilities in urban areas—frequently post photographs, video footage, and diagrams on line that could be used by terrorists to remotely identify and surveil potential targets. Advanced navigation and mapping technologies, including three dimensional modeling and geo-tagging, could aid terrorists in pinpointing locations in dense urban environments. Any suspicious UE activity should be reported to the nearest State and Major Area Fusion Center and to the local FBI Joint Terrorism Task Force.
Terrorists are attempting to recruit new members in the United States and overseas to support their operations, obtain funding, and conduct terrorist attacks. For example, in May 2012, Maryland-based Mohammad Hassan Khalid pled guilty to attempting to use the Internet to recruit individuals who had the ability to travel to and around Europe to conduct terrorist acts, in addition to providing logistical and financial support to terrorists. In prior cases of recruitment, individuals who were willing to participate in terrorist acts became involved with known and suspected terrorists, participated in paramilitary training abroad, or tried to acquire small arms and build explosives.
This product analyzes major terror attacks on hotels and provides a strategic-level assessment of the groups, tactics, and frequency of global terror attacks against hotels from 2002 – 2011. Additionally, the product identifies the deadliest types of attacks, comparing casualty counts and attack methods. The product was derived from media reporting and unclassified, for official use only sources.
This study provides a conceptual foundation for understanding different far-right groups and then presents the empirical analysis of violent incidents to identify those perpetrating attacks and their associated trends.
Terrorists may attempt to steal or divert precursor materials, uniforms, identification, blueprints, documents, access cards, facility vehicles, or other items–possibly with the help of knowledgeable insiders–for use in pre-operational planning or attacks. Emilio Suarez Trashorras, a Spanish national convicted for his role in the 2004 Madrid train bombings, stole the explosives used in the attack and the vehicles used to transport the explosives from a mining company where he worked.
(U//FOUO) National Counterterrorism Center Special Report: IED Targeting of First Response Personnel
Although most terrorist IED attacks outside war zones target civilians or symbols of authority and usually involve a single device, some are designed specifically to target emergency response personnel. The most common tactics involve using secondary or tertiary devices in tiered or sequential attacks intended to kill or maim response personnel after they arrive on the scene of an initial IED incident.
The majority of state and local participant feedback on training that DHS or DOJ provided or funded and that GAO identified as CVE-related was positive or neutral, but a minority of participants raised concerns about biased, inaccurate, or offensive material. DHS and DOJ collected feedback from 8,424 state and local participants in CVE-related training during fiscal years 2010 and 2011, and 77—less than 1 percent—provided comments that expressed such concerns. According to DHS and DOJ officials, agencies used the feedback to make changes where appropriate. DOJ’s Federal Bureau of Investigation (FBI) and other components generally solicit feedback for more formal, curriculum-based training, but the FBI does not require this for activities such as presentations by guest speakers because the FBI does not consider this to be training. Similarly, DOJ’s United States Attorneys’ Offices (USAO) do not require feedback on presentations and similar efforts. Nevertheless, FBI field offices and USAOs covered about 39 percent (approximately 9,900) of all participants in DOJ CVE-related training during fiscal years 2010 and 2011 through these less formal methods, yet only 4 of 21 FBI field offices and 15 of 39 USAOs chose to solicit feedback on such methods. GAO has previously reported that agencies need to develop systematic evaluation processes in order to obtain accurate information about the benefits of their training. Soliciting feedback for less formal efforts on a more consistent basis could help these agencies ensure their quality.
The Central Florida Intelligence eXchange (CFIX) recently received a brief from the Arizona Counter Terrorism Information Center (ACTIC – TLO Program) that included a report of a stolen ambulance in Phoenix, AZ. At the request of an Intelligence Liaison Officer (ILO) in the Central Florida region (R-5 Hospital/Medical Sector), CFIX was asked to collect, research, analyze and develop a ‘Situation Brief’ based on this report to determine if this was a significant trend that could cause concern for Region 5 partners.
In light of the upcoming 2012 US presidential election, NYSIC is providing a snapshot of four historical cases where terrorists conducted attacks in conjunction with upcoming local or national elections, including the tactics, techniques, and procedures (TTP) used and how the attacks met or failed to meet the terrorists’ goals of altering the outcome of the election.