In February and March 2012, unauthorized IP addresses accessed the Industrial Control System (ICS) network of a New Jersey air conditioning company, US Business 1. The intruders were able to access a backdoor into the ICS system that allowed access to the main control mechanism for the company’s internal heating, ventilation, and air conditioning (HVAC) units. US Business 1 was using the Tridium Niagara ICS system, which has been widely reported in the media to contain multiple vulnerabilities that could allow an attacker to remotely control the system.
Terrorists often conduct physical surveillance to identify suitable targets, determine vulnerabilities, plan attack methods, or assess the target’s security posture. In March 2010, David Coleman Headley pled guilty for his role in the November 2008 terrorist attacks in Mumbai, India by conducting video and photographic surveillance of potential targets, as well as later surveilling Danish newspaper offices–the target of another attack plot.
Terrorists and criminals may use photos or videos of potential targets to gain insight into security operations and details of facility operations, including traffic flow through and around facilities, opening times, and access requirements. In late 2000 and early 2001, convicted al-Oa’ida operative Dhiren Barot took extensive video footage and numerous photographs of sites in downtown New York City and Washington, DC in preparation for planned attacks. Photographs and video useful in planning an attack may include facility security devices (surveillance cameras, security locks, metal detectors, jersey walls and planters); security personnel; facility entrances and exits; and other features such as lighting, access routes, gates, roads, walkways, and bridges.
Terrorists overseas and in domestic attack plots have used various methods to acquire and store materials necessary to construct explosives. Najibullah Zazi, who pled guilty in 2010 to plotting to attack the New York subway system, made multiple, large-quantity purchases of chemical components needed to assemble the homemade explosive Triacetone Triperoxide (TATP)—6 bottles on one day and 12 bottles on a separate day—at beauty supply stores throughout the summer of 2009. Law enforcement and first responders should be aware that the possession, storage, or attempt to acquire unusual quantities of laboratory equipment, personal protective equipment, chemicals, and flammable accelerants—although legal to purchase and own—could provide indicators of preoperational attack planning.
(U//LES) FBI Sovereign Citizen Extremists Targeting Law Enforcement Creates Potential for Violent Traffic Stops
The FBI assesses with medium confidence, based on reliable source reporting and reports from other law enforcement agencies, some sovereign citizen extremistsb are making more specific plans to interfere with state and local law enforcement officers during traffic stops and, in some cases, intentionally initiating contact with law enforcement. The FBI assesses with medium confidence that a shift from reacting to law enforcement scrutiny1,2 to targeting police officers indicates an increased interest in harassing and intimidating police and may lead to potentially hostile confrontations.
DHS and FBI Call for Increased Vigilance in Jewish Communities Following Israel’s Recent Military Actions
Last Friday, officials from the U.S. Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) hosted a teleconference with the directors of fusion centers around the country as well as the Major City Intelligence Commanders across to discuss the “heightened tensions in the Middle East due to the on-going military actions between Israel and Hamas.” A bulletin from the New York State Intelligence Center (NYSIC) described the conference call, stating that the DHS and FBI representatives emphasized that there is “currently no credible or specific information suggesting any violent actions in the United States as a result of these tensions” but requested increased vigilance from “law enforcement in regions where Jewish consulates or large Jewish populations exist was encouraged, and law enforcement officials on the teleconference from those areas discussed measures being taken to ensure the safety and security of their local communities, which included increased law enforcement presence, community outreach and encouraging reporting of suspicious activities.”
(U//FOUO) DHS-FBI Bulletin: No Specific Threats to American Jewish Community, Despite Recent World Events
This Joint Intelligence Bulletin (JIB) provides law enforcement and private sector safety officials with an evaluation of potential terrorist threats to Jewish organizations, facilities, and personnel in the United states. The information is provided to support the activities of DHS and FBI and to assist federal. state, local, tribal, and territorial government counterterrorism and first responder officials to deter, prevent, preempt, or respond to terrorist attacks in the United States.
A presentation on recent cyber attacks on the U.S. financial industry included in a collection of documents provided to banks and financial institutions by a local branch of the FBI Cyber Division office and distributed by the Oklahoma Bankers Association.
Terrorist groups, including al-Qa‘ida, and violent extremists have considered using or have possessed cyanide compounds. Cyanides probably appeal to terrorists because of their toxicity, availability, and ease of dissemination. Some of the cyanide tactics that have been considered by terrorists include mixing it with oils and lotions for use as a contact poison, contaminating food or water supplies, or by using it in an improvised chemical dispersal device.
Tens of thousands of dams, levees, navigation locks, industrial waste impoundments, and other water retention and control structures are located throughout the United States. Due to their iconic nature and potential impact on public safety, these structures present attractive targets for terrorist activity. Explosive attacks pose a significant threat, as evidenced by past plots against foreign infrastructure targets. Cyber intrusions present another concern and could be used to sabotage or control site operations. The FBI is interested in any information that could help mitigate threats to the security of dams or other water retention and control infrastructure.
Maritime transportation infrastructure—to include watercraft, seaports, harbors, and waterways—is vital to the United States’ economy and national security. Maritime shipping accounts for ninety-nine percent of all US overseas trade. Additionally, passenger ships transport more than 140 million people to and from US ports each year. Countless vacationers enjoy maritime recreation on US lakes and beaches. All of these activities depend upon safe and open waterways, which the FBI defends from a variety of criminal and national security threats. A top concern is that past attacks on foreign passenger ferries and cargo liners could inspire similar action against US commercial vessels. Additional threats to maritime security include: contraband smuggling, human trafficking, piracy and crimes at sea, and cyber attacks against maritime information systems.
Terrorists might use disguises, fraudulent or stolen credentials, and cloned or repurposed vehicles to gain access to restricted areas, to blend in with their surroundings when conducting surveillance, or to conceal other activities while planning or executing an attack. Anders Breivik, the gunman who was sentenced to 21 years in prison for the July 2011 attack on the Workers’ Youth League summer camp in Norway, wore a police uniform and displayed false identification to gain unauthorized access to the camp. Depending on the target, disguises might be aimed at impersonating law enforcement, emergency services, or officials of an institution who have legitimate access to secured/restricted sites.
Known or possible terrorists have displayed suspicious behaviors while staying at hotels overseas—including avoiding questions typically asked of hotel registrants; showing unusual interest in hotel security; attempting access to restricted areas; and evading hotel staff. These behaviors also could be observed in U.S. hotels, and security and law enforcement personnel should be aware of the potential indicators of terrorist activity.
‘Going Dark’ is a Law Enforcement (LE) initiative to address the gap between the legal authority and practical ability of LE to conduct lawfully-authorized electronic surveillance. Problems highlighted by the Going Dark initiative include LE’s difficulty in receiving information from some technology companies, and criminal’s use of advanced technologies and techniques that can complicate carrying out of lawfully-authorized court orders to conduct electronic surveillance.
Last month, Cryptome quietly posted a 2007 draft of the Federal Bureau of Investigation’s vision statement for the Domestic Communications Assistance Center (DCAC). The document, which has received no media attention, offers the most in depth view yet of the DCAC and its functions. In May, CNET correspondent Declan McCullagh disclosed the existence of the DCAC, which he described as having a mandate “covering everything from trying to intercept and decode Skype conversations to building custom wiretap hardware or analyzing the gigabytes of data that a wireless provider or social network might turn over in response to a court order.” The vision statement obtained by Cryptome describes the general functions and organization of the DCAC as well as the FBI’s national electronic surveillance (ELSUR) strategy.
Terrorists may attempt to breach secured perimeters or gain unauthorized access to facilities, sensitive locations, or restricted areas for preoperational activity or to conduct an attack. Timothy McVeigh breached a locked storage shed at a Kansas rock quarry with a battery-operated drill and stole explosives that were later used in the 1995 Oklahoma City bombing. Attempts at intrusion could take the form of trespassing, forced entry, or impersonation of authorized personnel and could possibly involve the assistance of knowledgeable ‘insiders.”
Terrorists may use small aircraft flyovers to conduct preoperational activities such as reconnaissance or rehearsals for planned attacks. When suspicious flyovers occur, law enforcement and first responders should report the key attributes of the flight and the aircraft for timely identification (time of day, location and direction of flight, facility overflown, aircraft size, markings, color scheme, tail number, number of windows, placement of wings or rotor, number of engines, and weather) to the Federal Aviation Administration (FAA) through a local Air Traffic Control facility or office, a local Flight Standards District Office, or directly to the FAA’s Domestic Events Network at 202 493 5107, and the Transportation Security Administration. The FAA is often best able to distinguish between legitimate air traffic and suspicious flight operations that warrant further investigation.
(U//FOUO) FBI Counterfeit and Substandard Lithium Batteries Pose Serious Health Risks to Law Enforcement
The FBI assesses with high confidence, based on multiple incident reports from a collaborative source with direct access to the information, that counterfeit and substandard lithium batteries pose a serious health and safety risk to consumers, specifically law enforcement officers, emergency medical services providers, and military personnel who use these batteries extensively. The FBI has received numerous reports of such batteries, which are not manufactured with the safety mechanisms of legitimate US branded-batteries, spontaneously combusting while being used, transported, or stored, resulting in serious injuries to consumers and damage to tactical equipment and property.
Cold packs, packaged and sold commercially, contain chemicals—usually 30 to 85 grams of ammonium nitrate or urea—that, when extracted in sufficient quantity, can be used as precursors for improvised explosives. The chemicals are packaged in prill form, and can be used directly or ground into powder when being used in homemade explosive production. Five hundred packs would yield 30 to 90 pounds of precursor material for use in an improvised explosive device (IED).
The Department of Homeland Security and Federal Bureau of Investigation are warning business owners and emergency personnel around the country to be on the look out for terrorists and criminals asking too many questions. In a bulletin from earlier this year, DHS and FBI warned that terrorists and criminals often exhibit the highly suspicious behavior of asking “pertinent, intrusive or probing questions” about security and operations at sensitive facilities. According to the document, terrorists or criminals “may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees or their associates” and that this type of questioning by individuals “with no apparent need for the information” can provide an “early warning of a potential attack.”
Terrorist or criminals may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees, and their associates. Persistent, intrusive or probing questions about security, operations or other sensitive aspects of a facility by individuals with no apparent need for the information could provide early warning of a potential attack.
An early April 2012 suicide bombing of a theater in Somalia and a violent extremist communication advocating attacks on US theaters highlight terrorists’ continued interest in attacking such venues. Although we have no specific or credible information indicating that terrorists plan to attack theaters in the United States, terrorists may seek to emulate overseas attacks on theaters here in the United States because they have the potential to inflict mass casualties and cause local economic damage.
The National Gang Intelligence Center (NGIC) and the FBI’s Crimes Against Children Unit (CACU) assesses with medium confidence that gang activity is expanding towards juvenile prostitution primarily for its steady financial rewards and perceived low risk of law enforcement interaction. Historically, prison, street and outlaw motorcycle gangs profit from drug distribution and have recently become involved in non-traditional criminal activity such as mortgage fraud and identity theft. Some gangs appear to be diversifying their income by reducing or eliminating drug trafficking activities in favor of juvenile prostitution.
Though the United States has been engaged in a Global War on Terror for more than a decade, the U.S. Government surprisingly does not have a standardized definition of terrorism that is agreed upon by all agencies. The State Department, Federal Bureau of Investigation and a number of other government agencies all utilize differing definitions of what constitutes an act of terrorism. This lack of agreement has allowed individual agencies to present vastly different and, in some cases, far more inclusive definitions of terrorist acts enabling the use of expanded law enforcement and investigative procedures that might not be applicable in other agencies. In fact, some agencies have presented a definition of terrorism so expansive as to include a number of activities that are not traditionally associated with terrorism or terrorist organizations.
Al-Qaida in the Arabian Peninsula (AQAP) has released issue 9 of its English-language “Inspire” Magazine. There is a portion of the magazine dedicated to attacking the United States by starting wildfires. The article instructs the audience to look for two necessary factors for a successful wildfire, which are dryness and high winds to help spread the fire. Specific fire conditions that are likely to spread fire quickly are Pinewood, crownfires (where the trees and branches are close together), and steep slope fires (fire spreads faster going up a slope).