Public Intelligence

Terrorists and violent extremists have used—or considered using—diversionary tactics in terrorist attacks overseas. Diversionary tactics are often used to draw security forces and first responders away from the intended primary target of the attack and may be used as part of a complex or multi-pronged attack. Diverting first responders to a location other than the primary target of an attack delays the response and the provision of medical care to victims, and depletes first responder resources.

This handbook provides the tactical operator, commander, and battle staff with information on planning, executing, assessing, and sustaining information operations (IO). The handbook is based on observations collected in Iraq during July and August 2004 by an IO collection and analysis team (CAAT). The application of this tool is both for training and real-world events the Soldier may encounter in the Iraqi area of operations.

A Defense Security Service presentation from December 2012 outlining information and statistics on defense industrial base cyber incidents and intrusions.

Websites and emails referencing the Boston Marathon bombing should be viewed with caution, as malicious actors are using the incident to disseminate malware and conduct fraud. While other agencies investigate the frauds, the NJ ROIC provides this information for situational awareness.

Nation-state adversaries regularly use accounts on popular social networking sites to facilitate social engineering against DoD members. Information disclosed or discovered on social networking sites creates a significant operations security (OPSEC) concern and in the context of a wide spread collection effort could be by adversaries to form a classified picture.

Approximately fifty million students attend nearly 100,000 public elementary and secondary schools throughout the Nation. Elementary and secondary schools are relatively open-access, limited egress congregation points for children, and have been successfully targeted by terrorists in the past.

A facilitated brainstorming session was convened to identify and examine the most common misconceptions about conventional Homeland plotting. These misconceptions stemmed from inquiries received from Federal, state, local, tribal, and private-sector consumers and from articles published by outside experts and in the media. Analysts identified the following six misconceptions as the most common and compared them with current analytic lines.

This Joint Intelligence Bulletin provides law enforcement and private sector safety officials with protective measures in light of the recent explosions that took place at the 2013 Boston Marathon in Boston, Massachusetts. The information is provided to support the activities of DHS and FBI and to assist federal, state, local, tribal, and territorial government counterterrorism and first responder officials and the private sector to deter, prevent, preempt, or respond to terrorist attacks in the United States.

This Joint Intelligence Bulletin provides information on the devices used in the 15 April 2013 Boston Marathon explosions. The information is intended to provide aid in identifying devices and to support the activities of DHS and FBI and to assist federal, state, local, tribal, and territorial government counterterrorism and first responder officials and the private sector to deter, prevent, preempt, or respond to terrorist attacks in the United States.

This is an update of an RCR published on 1 July 2010. Rudimentary improvised explosive devices (IEDs) using pressure cookers to contain the initiator, switch, and explosive charge frequently have been used in Afghanistan, India, Nepal, and Pakistan. Pressure cookers are common in these countries, and their presence probably would not seem out of place or suspicious to passersby or authorities. Presence in an unusual location—or if noticed in a contanier such as a backpack—should be treated as suspicious.

The FBI assesses with high confidence recreationally used exploding targets (ETs), commonly referred to as tannerite, or reactive targets, can be used as an explosive for illicit purposes by criminals and extremists and explosive precursor chemicals (EPCs) present in ETs can be combined with other materials to manufacture explosives for use in improvised explosive devices (IEDs).

Recent FBI intelligence from multiple FBI HUMINT sources indicates a shift in Los Zetas recruiting methods and reliance on non-traditional associates. Past, accurate FBI reporting indicated Los Zetas previously focused its recruitment on members with prior specialized training, such as ex-military and ex-law enforcement officers, and not on US-based gangs or US persons in order to maintain a highly-disciplined and structured hierarchy. This hierarchy, which resembled a military-style command and control structure, facilitated drug trafficking operations and maintained lines of authority. However, current FBI reporting indicates that Los Zetas is recruiting and relying on non-traditional, non-military trained associates—US-based prison and street gangs and non-Mexican nationals—to perform drug trafficking and support operations in Mexico and in the United States.

This report is a continuation of the collection effort on units supporting operations in Afghanistan as directed by the Deputy Commandant for Combat Development and Integration. The collection sought to examine the mission, scope, successes, shortfalls, equipment, manning and emerging issues associated with 4th Light Armored Reconnaissance Battalion (4th LAR) operations. Interviews of 28 commanders and staff were conducted at various camps and bases in Afghanistan from December 2009 – April 2010.

Expressed or implied threats by an individual or a group communicating intent to commit acts of terrorism or violence or advocating violence against a person, population, or to damage or destroy a facility can be an indicator of pre-operational attack planning. For example, in 2010 a Virginia-based US person pled guilty to communicating threats after he posted a video to the Internet encouraging violent extremists to attack the creators of a television show, including highlighting their residence and urging online readers to “pay them a visit.” He also admitted to soliciting others to desensitize law enforcement by placing suspicious looking but innocent packages in public places, which could then be followed up by real explosives.

This After Action Report/Improvement Plan covers the public health response in Washington to the disaster in Japan that began with the earthquake off of Japan’s northeastern coast on March 11, 2011. The 9.0 earthquake caused widespread devastation throughout Japan, and the resulting tsunami crippled the nation even further. The Fukushima Nuclear Power Plant, located in Fukushima Prefecture of Japan, was severely damaged by the earthquake and tsunami, creating a radiological disaster. The tsunami from the earthquake also made landfall across the Pacific Ocean including coastal areas of Washington state. The radiological release at the Fukushima Nuclear Power Plant was due to the loss of cooling capability in the reactor cores, causing a partial melt down of nuclear fuel, a buildup of hydrogen gas in containment that had to be vented, and resulting explosions that caused radioactivity from damaged fuel to enter the atmosphere and be carried by the jet stream to the Pacific Northwest. For the state of Washington, responding to potential public health and medical impacts of both the tsunami and radiation issues from the earthquake in Japan culminated in many lessons learned— strengths as well as areas in need of improvement. Those lessons learned are captured in this after action report.

The Oregon response to the Japan Radiation Event was a real-time response triggered by the Tohuku Earthquake and Tsunami of March 11, 2011. Damage caused by the tsunami to the Oregon coast did not necessitate a state Public Health response. Rather, state PH focused primarily on the health and medical informational needs of the public, public health and medical partners and other state agencies and tribes. OPHD initially responded in an ad hoc manner. It was subsequently determined that a more effective approach would be to establish an Incident Management Team and activate the Agency Operations Center, which were accomplished on 16 March and 21 March respectively. Agency Operations Center and Public Health Information Center operations worked well, with enhanced cooperation demonstrated in message development and interaction with the media. Use of HAN, links on the OHA website to FAQs and statistical data, rapid translation of messages into 6 languages, teleconferences with LHDs, tribes, PIOs and Region X Federal and state partners and Oregon Emergency Management facilitated calls with sister state agencies resulted in consistent information being provided. The major deficiency in the process was the lack of clarity and responsiveness from the national headquarters of federal agencies (EPA, FDA).

Stolen, cloned, or repurposed commercial or official vehicles—such as police cars, ambulances, and public utility service trucks—have been used in terrorist attacks. These vehicles could facilitate terrorist access to restricted and hardened targets as well as to emergency scenes. The use of these vehicles can provide individuals the ability to approach targets to conduct pre-operational surveillance or carry out primary attacks or secondary attacks against first responders.

A DHS presentation from March 11, 2013 regarding the implementation of Executive Order 13636 “Improving Critical Infrastructure Cybersecurity” authored by the Cyber-Dependent Infrastructure Identification Working Group (CDIIWG).

This Special Product was produced in response to reports of Department of Defense (DoD) personnel becoming victims of internet-based extortion scams known as sextortion. Its purpose is to inform United States Air Force (USAF) personnel of this new online scam and offer mitigating steps that can reduce the chances of becoming a victim.

Urban Explorers (UE)—hobbyists who seek illicit access to transportation and industrial facilities in urban areas—frequently post photographs, video footage, and diagrams on line that could be used by terrorists to remotely identify and surveil potential targets. Advanced navigation and mapping technologies, including three dimensional modeling and geo-tagging, could aid terrorists in pinpointing locations in dense urban environments. Any suspicious UE activity should be reported to the nearest State and Major Area Fusion Center and to the local FBI Joint Terrorism Task Force.

In January 2009 the Army’s authority to unilaterally apprehend and detain insurgents in Iraq expired. The Army now operates in Iraq at the invitation of the Government of Iraq (GOI). The change in the Army’s authority heightens the guiding principle of working by, with, and through the Iraqi Security Forces (ISF). The Army must work within the Iraqi rule of law when dealing with insurgents who threaten U.S. forces. It requires the Army to work with the ISF and the Iraqi court system to remove insurgents from the street. The Army must learn how the Iraqi system is structured and how its courts operate. The Army must also help educate the Iraqi courts, particularly the judges, on the science of how Americans collect and process evidence (forensics). Educating the judges on forensics is important to the Army having its day in court and its evidence entered into the proceeding against the insurgents.

DHS/I&A is interested in the following SAR topics, which have been updated based on current issues of national interest. Previous topics remain relevant, and law enforcement, first responders, and other homeland security professionals should continue to submit reports on these issues. Per the SAR Functional Standard, only information validated as reasonably indicative of preoperational planning related to terrorism should be reported as a SAR. I&A is reviewing SAR reports on these topics but would welcome any additional context, ideas or local analysis on these topics and opportunities for joint production.

A Center for Army Lessons Learned smart card from 2010 detailing procedures for conducting traffic control point operations.

During recent weeks, various sources in law enforcement and media outlets have been reporting phone kidnapping scams occurring in Central and Northern New Jersey and New York. In most incidents, scammers have alleged that a member of the phone scam victim’s family had been involved in a car accident and claimed to have taken the victim’s family member hostage. The scammers then claim they will drop their hostage at a hospital after a certain amount of money (usually $1500‐2000) is wired via Western Union to the scammers, as restitution for damage to the scammer’s vehicle. In addition, the scammers state that they have the hostage’s cell phone and any attempts to call the cell phone or disengage from the conversation will result in the murder or beating of the hostage.

Terrorists are attempting to recruit new members in the United States and overseas to support their operations, obtain funding, and conduct terrorist attacks. For example, in May 2012, Maryland-based Mohammad Hassan Khalid pled guilty to attempting to use the Internet to recruit individuals who had the ability to travel to and around Europe to conduct terrorist acts, in addition to providing logistical and financial support to terrorists. In prior cases of recruitment, individuals who were willing to participate in terrorist acts became involved with known and suspected terrorists, participated in paramilitary training abroad, or tried to acquire small arms and build explosives.