Public Intelligence

The National Counterterrorism Center (NCTC) warned in November of last year that precursor components needed to produce improvised explosive devices (IEDs) are “widely and legally available in sufficient quantities through a variety of sources” in the U.S. and are difficult to regulate due to their legitimate uses.

A facilitated brainstorming session was convened to identify and examine the most common misconceptions about conventional Homeland plotting. These misconceptions stemmed from inquiries received from Federal, state, local, tribal, and private-sector consumers and from articles published by outside experts and in the media. Analysts identified the following six misconceptions as the most common and compared them with current analytic lines.

This Joint Intelligence Bulletin provides law enforcement and private sector safety officials with protective measures in light of the recent explosions that took place at the 2013 Boston Marathon in Boston, Massachusetts. The information is provided to support the activities of DHS and FBI and to assist federal, state, local, tribal, and territorial government counterterrorism and first responder officials and the private sector to deter, prevent, preempt, or respond to terrorist attacks in the United States.

This Joint Intelligence Bulletin provides information on the devices used in the 15 April 2013 Boston Marathon explosions. The information is intended to provide aid in identifying devices and to support the activities of DHS and FBI and to assist federal, state, local, tribal, and territorial government counterterrorism and first responder officials and the private sector to deter, prevent, preempt, or respond to terrorist attacks in the United States.

The FBI assesses with high confidence recreationally used exploding targets (ETs), commonly referred to as tannerite, or reactive targets, can be used as an explosive for illicit purposes by criminals and extremists and explosive precursor chemicals (EPCs) present in ETs can be combined with other materials to manufacture explosives for use in improvised explosive devices (IEDs).

Expressed or implied threats by an individual or a group communicating intent to commit acts of terrorism or violence or advocating violence against a person, population, or to damage or destroy a facility can be an indicator of pre-operational attack planning. For example, in 2010 a Virginia-based US person pled guilty to communicating threats after he posted a video to the Internet encouraging violent extremists to attack the creators of a television show, including highlighting their residence and urging online readers to “pay them a visit.” He also admitted to soliciting others to desensitize law enforcement by placing suspicious looking but innocent packages in public places, which could then be followed up by real explosives.

Stolen, cloned, or repurposed commercial or official vehicles—such as police cars, ambulances, and public utility service trucks—have been used in terrorist attacks. These vehicles could facilitate terrorist access to restricted and hardened targets as well as to emergency scenes. The use of these vehicles can provide individuals the ability to approach targets to conduct pre-operational surveillance or carry out primary attacks or secondary attacks against first responders.

The National Counterterrorism Center (NCTC) is warning law enforcement and first responders that urban exploration, an activity that involves trying to gain access to restricted or abandoned man-made structures, can provide useful information for terrorists conducting surveillance of a potential target. Also known as “building hacking”, urban exploration has been around in its modern form for decades, tracing some its more recent history to post-war exploration of the Parisian catacombs and members of MIT’s Tech Model Railroad Club Signals and Power Subcommittee, who organized explorations of steam tunnels and rooftops around campus in the late 1950s.

Urban Explorers (UE)—hobbyists who seek illicit access to transportation and industrial facilities in urban areas—frequently post photographs, video footage, and diagrams on line that could be used by terrorists to remotely identify and surveil potential targets. Advanced navigation and mapping technologies, including three dimensional modeling and geo-tagging, could aid terrorists in pinpointing locations in dense urban environments. Any suspicious UE activity should be reported to the nearest State and Major Area Fusion Center and to the local FBI Joint Terrorism Task Force.

Terrorists are attempting to recruit new members in the United States and overseas to support their operations, obtain funding, and conduct terrorist attacks. For example, in May 2012, Maryland-based Mohammad Hassan Khalid pled guilty to attempting to use the Internet to recruit individuals who had the ability to travel to and around Europe to conduct terrorist acts, in addition to providing logistical and financial support to terrorists. In prior cases of recruitment, individuals who were willing to participate in terrorist acts became involved with known and suspected terrorists, participated in paramilitary training abroad, or tried to acquire small arms and build explosives.

This product analyzes major terror attacks on hotels and provides a strategic-level assessment of the groups, tactics, and frequency of global terror attacks against hotels from 2002 – 2011. Additionally, the product identifies the deadliest types of attacks, comparing casualty counts and attack methods. The product was derived from media reporting and unclassified, for official use only sources.

This study provides a conceptual foundation for understanding different far-right groups and then presents the empirical analysis of violent incidents to identify those perpetrating attacks and their associated trends.

Terrorists may attempt to steal or divert precursor materials, uniforms, identification, blueprints, documents, access cards, facility vehicles, or other items–possibly with the help of knowledgeable insiders–for use in pre-operational planning or attacks. Emilio Suarez Trashorras, a Spanish national convicted for his role in the 2004 Madrid train bombings, stole the explosives used in the attack and the vehicles used to transport the explosives from a mining company where he worked.

Although most terrorist IED attacks outside war zones target civilians or symbols of authority and usually involve a single device, some are designed specifically to target emergency response personnel. The most common tactics involve using secondary or tertiary devices in tiered or sequential attacks intended to kill or maim response personnel after they arrive on the scene of an initial IED incident.

The majority of state and local participant feedback on training that DHS or DOJ provided or funded and that GAO identified as CVE-related was positive or neutral, but a minority of participants raised concerns about biased, inaccurate, or offensive material. DHS and DOJ collected feedback from 8,424 state and local participants in CVE-related training during fiscal years 2010 and 2011, and 77—less than 1 percent—provided comments that expressed such concerns. According to DHS and DOJ officials, agencies used the feedback to make changes where appropriate. DOJ’s Federal Bureau of Investigation (FBI) and other components generally solicit feedback for more formal, curriculum-based training, but the FBI does not require this for activities such as presentations by guest speakers because the FBI does not consider this to be training. Similarly, DOJ’s United States Attorneys’ Offices (USAO) do not require feedback on presentations and similar efforts. Nevertheless, FBI field offices and USAOs covered about 39 percent (approximately 9,900) of all participants in DOJ CVE-related training during fiscal years 2010 and 2011 through these less formal methods, yet only 4 of 21 FBI field offices and 15 of 39 USAOs chose to solicit feedback on such methods. GAO has previously reported that agencies need to develop systematic evaluation processes in order to obtain accurate information about the benefits of their training. Soliciting feedback for less formal efforts on a more consistent basis could help these agencies ensure their quality.

The Central Florida Intelligence eXchange (CFIX) recently received a brief from the Arizona Counter Terrorism Information Center (ACTIC – TLO Program) that included a report of a stolen ambulance in Phoenix, AZ. At the request of an Intelligence Liaison Officer (ILO) in the Central Florida region (R-5 Hospital/Medical Sector), CFIX was asked to collect, research, analyze and develop a ‘Situation Brief’ based on this report to determine if this was a significant trend that could cause concern for Region 5 partners.

In light of the upcoming 2012 US presidential election, NYSIC is providing a snapshot of four historical cases where terrorists conducted attacks in conjunction with upcoming local or national elections, including the tactics, techniques, and procedures (TTP) used and how the attacks met or failed to meet the terrorists’ goals of altering the outcome of the election.

Eight presentations used in the State and Local Anti-Terrorism Training (SLATT) program for law enforcement, which is supported by grants from the Department of Justice’s Bureau of Justice Assistance.

Some homegrown violent extremists (HVE) have targeted US law-enforcement entities and have used publicly available information to counter these entities’ CT tactics and security practices. Law-enforcement entities are being identified by these extremists as both strategic targets and targets of opportunity, mainly because a core element of HVE subculture perceives that persecution by US law enforcement reflects the West’s inherent aggression toward Islam, which reinforces the violent opposition by HVEs to law enforcement.

The National Operations Center (NOC), within the Office of Operations Coordination and Planning (OPS), operates the NOC Counterterrorism Operations Desk (NCOD) and serves as the primary DHS point of contact to streamline counterterrorism Requests for Information (RFIs). The NCOD Database is a tracking tool used by NCOD Officers to track all counterterrorism related incoming and outgoing inquiries. OPS has conducted this Privacy Impact Assessment (PIA) because the NCOD Database contains personally identifiable information (PII).

Terrorists may attempt to breach secured perimeters or gain unauthorized access to facilities, sensitive locations, or restricted areas for preoperational activity or to conduct an attack. Timothy McVeigh breached a locked storage shed at a Kansas rock quarry with a battery-operated drill and stole explosives that were later used in the 1995 Oklahoma City bombing. Attempts at intrusion could take the form of trespassing, forced entry, or impersonation of authorized personnel and could possibly involve the assistance of knowledgeable ‘insiders.”

Terrorists may use small aircraft flyovers to conduct preoperational activities such as reconnaissance or rehearsals for planned attacks. When suspicious flyovers occur, law enforcement and first responders should report the key attributes of the flight and the aircraft for timely identification (time of day, location and direction of flight, facility overflown, aircraft size, markings, color scheme, tail number, number of windows, placement of wings or rotor, number of engines, and weather) to the Federal Aviation Administration (FAA) through a local Air Traffic Control facility or office, a local Flight Standards District Office, or directly to the FAA’s Domestic Events Network at 202 493 5107, and the Transportation Security Administration. The FAA is often best able to distinguish between legitimate air traffic and suspicious flight operations that warrant further investigation.

The objective of this project is to create and manage a comprehensive dataset of groups and movements that have used terrorist tactics within the United States – at some point between 1970 and 2007 – to achieve political, religious, social or economic goals. These data will be integrated into the Terrorist and Extremist Violence in the United States (TEVUS) database in the near future as part of the larger Integrating U.S. Security Databases (IUSSD) project.

Past statements from al‐Qa’ida Central, as well as their franchise groups, highlight the importance of targeting the U.S. economy as part of their strategy of confronting the West. Most recently, militant propagandists, such as Adam Gadahn, American mouthpiece for Al‐Qa’ida in Pakistan, have made statements advising Muslims in the West to “…undermine the West’s already struggling economies with…targeted attacks on symbols of capitalism which will shake consumer confidence and stifle spending”. Additionally, in November 2010, al‐Qa’ida in the Arabian Peninsula introduced the “strategy of a thousand cuts”, where they encouraged their mujahideen brothers to “attack the enemy with smaller, but more frequent operations…the aim is to bleed the enemy to death”.

The Department of Homeland Security and Federal Bureau of Investigation are warning business owners and emergency personnel around the country to be on the look out for terrorists and criminals asking too many questions. In a bulletin from earlier this year, DHS and FBI warned that terrorists and criminals often exhibit the highly suspicious behavior of asking “pertinent, intrusive or probing questions” about security and operations at sensitive facilities. According to the document, terrorists or criminals “may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees or their associates” and that this type of questioning by individuals “with no apparent need for the information” can provide an “early warning of a potential attack.”