This product addresses the recent wave of CryptoWall (not to be confused with “CryptoLocker”) ransomware infections throughout the United States. Included are prevention and incident response mitigation strategies, as well as a description of the malware and helpful sources.
First responders, such as law enforcement, emergency medical services (EMS), and firefighters, often arrive at incidents completely focused on the emergency at hand. Whether it is a fire, a chest pain complaint, or a vehicular accident, the first responders prepare for certain events to take place during emergency situations and personal safety is a priority throughout the response. Unfortunately, in the past few years there are have been several occurrences where first responders became the victims of ambushes while performing their duties to protect citizens and save lives.
Over the last week there have been three attacks – one in Canada and two in the United States – in which law enforcement officers were targeted, leading to the death of five officers and one civilian. Based upon reporting it appears all the suspects in these incidents were motivated by elements of a far right anti-government ideology with a particular fixation on law enforcement. While it is unknown whether this spike is indicative of a long term increasing trend, it is significant from a near term perspective due to the short time frame and purposeful targeting of law enforcement.
Incidents involving the theft of fuel (gasoline, diesel, kerosene, ethanol, etc.) from fuel storage tanks have been reported across the United States. Fuel theft has significant health and safety implications, including risk for spills, fires, and explosions. Fuel thieves typically do not adhere to security standards or practices, and may inadvertently expose fuel to a hot engine, lit cigarette, or ignition source. First responders and other maintenance personnel also may be exposed to fuels through skin contact or inhalation routes during recovery and/or cleanup operations, which can result in potential health effects.
(U//FOUO) Colorado Information Analysis Center Bulletin: Vulnerabilities in Knox-Box Key Entry Systems
The Knox-Box® rapid entry system is an access control system utilized by public safety agencies. This system allows facilities to securely store entry keys or cards on site for first responders. First responders utilize a master key that unlocks all Knox boxes within their jurisdiction. Currently there are over 3.5 million Knox-Box rapid entry systems in use nationwide and over 11,500 fire departments in North America that use the Knox-Box rapid entry system. In one Colorado fire district there are over 4,000 Knox-Box systems in use within the local, state, and federal government which includes; energy, water, postal, emergency services, defense, transportation, and communication sectors. Unauthorized access to the system would allow individuals to bypass physical security measures at the site. The unauthorized individuals would also be able to duplicate keys, or remove entry keys or cards which would delay first responders.
The State of Colorado legalized medical marijuana in 2012 and recreational marijuana in 2014. There has been an increased amount of marijuana infused products sold to the public. The products range from fruit chewz, gummiez, cupcakes, truffles, rice krispy treats, butter, and banana bread. It is extremely difficult to differentiate between marijuana infused products and non-infused products if the original packaging is not with the product.
(U//FOUO) New Jersey Fusion Center Bulletin: Suspicious Activity Regarding the Electrical Grid in New Jersey
In the past year, the NJ Suspicious Activity Reporting System (NJ SARS) has received multiple reports of intrusions at electrical grid facilities in New Jersey. The NJ ROIC currently has no indication of any specific threats associated with these incidents, but provides this information for situational awareness and requests information on any similar, previously unreported incidents in New Jersey.
Information Sharing Environment Strategic Implementation Plan for the National Strategy for Information Sharing and Safeguarding
In December 2012 the President signed the National Strategy for Information Sharing and Safeguarding (Strategy) which is anchored on the 2010 National Security Strategy and builds upon the 2007 National Strategy for Information Sharing. The Strategy provides guidance for more effective integration and implementation of policies, processes, standards, and technologies to promote secure and responsible national security information sharing. This document provides a higher-level overview of a longer, more detailed implementation plan for the Strategy, and is intended to assist in briefing senior policy makers on plans, progress, and performance related to achieving the vision of the NSISS.
On Saturday, September 21, 2013, members of Al Shabaab, a Somali based Islamic terrorist organization affiliated with the international Al Qaeda network, executed a complex terrorist attack on an upscale shopping mall in Nairobi, Kenya. The attackers simultaneously entered the mall from two different entrances, shooting shoppers with assault rifles and throwing hand grenades. The terrorists remained in the mall, engaging government security forces for the next four days, resulting in a major fire and partial collapse of the mall. The Kenyan government has officially reported 72 deaths and more than 200 injured as a result of the attack. A significant number of those killed and injured were foreign citizens, including 6 U.S. citizens who were injured in the attack.
The purpose of this bulletin is to provide awareness and a basic understanding of the “Hidden Internet” to investigators in the field, as well as provide some examples of how the Hidden Internet can be exploited by criminal elements. While the term “Hidden Internet” can be used in a broader context and refer to other internet terms such as the “Deep Web” or “Deepnet,” for the purpose of this bulletin the term “Hidden Internet” will refer to the hidden services provided by the TOR project to internet users, specifically relating to the Silk road website and use of Bitcoins.
A collection of hundreds of emails from the City of Oakland relating to the construction of the City/Port of Oakland Joint Domain Awareness Center. The files were obtained through a public records request made by members of Occupy Oakland. The emails range in date from September 2013 to December 2013.
From November through December 2013, CDC has received a number of reports of severe respiratory illness among young and middle-aged adults, many of whom were infected with influenza A (H1N1) pdm09 (pH1N1) virus. Multiple pH1N1-associated hospitalizations, including many requiring intensive care unit (ICU) admission, and some fatalities have been reported. The pH1N1 virus that emerged in 2009 caused more illness in children and young adults, compared to older adults, although severe illness was seen in all age groups. While it is not possible to predict which influenza viruses will predominate during the entire 2013- 14 influenza season, pH1N1 has been the predominant circulating virus so far. For the 2013-14 season, if pH1N1 virus continues to circulate widely, illness that disproportionately affects young and middle-aged adults may occur.
In the year since Sandy Hook, there have been a combined total of 22 actual school attacks and disrupted plots nationwide with some of the attacks resulting in the deaths of students and school personnel. The New Jersey Regional Operations Intelligence Center (ROIC) has examined recent reporting on the Sandy Hook attack and the incidents over the last year and provides the following analysis to law enforcement, school resource officers (SROs), and administrators to assist in school security planning efforts.
Hundreds of emails from the City of Oakland relating to the construction of the City/Port of Oakland Joint Domain Awareness Center. The files were scanned from printouts held in a series of folders by the City of Oakland and were obtained via a public records request made by members of Occupy Oakland. The emails were the source material for a recent story in the East Bay Express by Darwin BondGraham stating that the City of Oakland had allowed the Domain Awareness Center’s prime contractor Science Applications International Corporation (SAIC) to perjure themselves by signing a disclosure form claiming that the company was in compliance with the city’s Nuclear Weapons Free Zone Ordinance which prohibits the city from doing business with contractors that are connected to the production or use of nuclear weapons. According to the article, SAIC has had a number of contracts relating to nuclear weapons for more than a decade, including a May 2013 U.S. Navy contact for “engineering services, testing, and integration for nuclear command control and communication (NC3) messaging systems.”
One of the most serious threats facing New Jersey and the entire U.S. Homeland continues to be that of the active shooter, regardless of motivation, who by the very nature of their associated tactics, techniques, and procedures, pose a serious challenge to security personnel based on their ability to operate independently, making them extremely difficult to detect and disrupt before conducting an attack.
The New Jersey Regional Operations Intelligence Center (NJ ROIC) provides the following updated analysis of mass shootings in the last year (December 2012 to October 2013) in order to provide law enforcement personnel, security managers and emergency personnel with identified commonalities and trends, as well as indicators of potential violence.
Scans of all invoices related to the City of Oakland’s contract with Science Applications International Corporation for the construction of the City/Port of Oakland Joint Domain Awareness Center. The documents were collected in a binder held by the City of Oakland and obtained via a public records request made by members of Occupy Oakland. The invoices are organized by month and range in date from March to July 2013.
(U//FOUO) Colorado Information Analysis Center: Butane Hash Oil Production Poses Risks to First Responders
This Brief was produced to alert emergency medical responders and healthcare providers to the dangerous levels of toxicity that can be presented by patients who have smoked alcohol. Although this practice is dangerous, it is not illegal. It is being practiced by young adults all over the country and causing serious medical emergencies and deaths as a result. Because this is a returning trend, unfamiliar to health care providers, there is no statistical data available concerning hospitalizations and deaths. The below information was assembled from open source research and can be duplicated and shared for the purposes of awareness and education.
A statistical analysis of school shootings released in August by the Los Angeles Joint Regional Intelligence Center (LAJRIC) studied school shootings throughout the U.S. from January 2008 to August 2013. In that five-year span, there were 85 school shootings that took place in 29 states, a majority of the country, with most states experiencing between one and three incidents over the last five years. California ranked highest with 18 incidents, followed by Michigan and Tennessee. The majority of school shootings, about 52%, took place at high schools, with the rest equally distributed between colleges/universities and elementary/middle schools.
From January 2008 to August 2013, 85 school shootings took place across the United States involving 97 attackers. Incidents analyzed met the definition of targeted school violence, including gang‐related shootings. “Targeted violence” is any incident of violence where an attacker selects a particular target prior to the violent attack. The number of incidents peaked at 29 in 2009 and have decreased to an average of 14 per year; two incidents have occurred this year to date.