Terrorists are attempting to recruit new members in the United States and overseas to support their operations, obtain funding, and conduct terrorist attacks. For example, in May 2012, Maryland-based Mohammad Hassan Khalid pled guilty to attempting to use the Internet to recruit individuals who had the ability to travel to and around Europe to conduct terrorist acts, in addition to providing logistical and financial support to terrorists. In prior cases of recruitment, individuals who were willing to participate in terrorist acts became involved with known and suspected terrorists, participated in paramilitary training abroad, or tried to acquire small arms and build explosives.
Tag Archive for Suspicious Activity Reporting
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Testing of Cybersecurity
Terrorists or cyber criminals might try to discover vulnerabilities in computer systems by engaging in unauthorized testing of cybersecurity in order to exploit those vulnerabilities during an attack. These attempts might include port scanning, phishing, and password cracking. “Social engineering,” another technique, leverages unwitting insider access by eliciting information about operational and security procedures from employees, personnel, and their associates.
White House
White House National Strategy for Information Sharing and Safeguarding December 2012
Our national security depends on our ability to share the right information, with the right people, at the right time. This information sharing mandate requires sustained and responsible collaboration between Federal, state, local, tribal, territorial, private sector, and foreign partners. Over the last few years, we have successfully streamlined policies and processes, overcome cultural barriers, and better integrated information systems to enable information sharing. Today’s dynamic operating environment, however, challenges us to continue improving information sharing and safeguarding processes and capabilities. While innovation has enhanced our ability to share, increased sharing has created the potential for vulnerabilities requiring strengthened safeguarding practices. The 2012 National Strategy for Information Sharing and Safeguarding provides guidance for effective development, integration, and implementation of policies, processes, standards, and technologies to promote secure and responsible information sharing.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Bulletin: Indicators of Suspicious Chemical, Biological, and Radiological Activity
Law enforcement and first responders may encounter chemical, biological, or radiological (CBR) related material or equipment at private residences, businesses, or other sites not normally associated with such activities. There are legitimate reasons for possessing such material or equipment, but in some cases their presence can indicate intent or capability to build CBR weapons, particularly when other suspicious circumstances exist.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Theft/Loss/Diversion
Terrorists may attempt to steal or divert precursor materials, uniforms, identification, blueprints, documents, access cards, facility vehicles, or other items–possibly with the help of knowledgeable insiders–for use in pre-operational planning or attacks. Emilio Suarez Trashorras, a Spanish national convicted for his role in the 2004 Madrid train bombings, stole the explosives used in the attack and the vehicles used to transport the explosives from a mining company where he worked.
News
Washington Fusion Center Newsletters Detail Local Examples of Suspicious Activity Reporting
What kind of “suspicious” behaviors might put you in the sights of your local fusion center? A collection of Fusion Liaison Officer (FLO) reports from the Washington State Fusion Center (WSFC) obtained by police accountability activist Andrew Charles Hendricks via a Washington Public Records Act request provide insight into the mechanics of suspicious activity reporting at the local level. More than a dozen reports, which are minimally redacted, detail monthly reporting by the WSFC to its “statewide network of agency-selected law enforcement, fire-fighting and critical infrastructure agency representatives” that ensure “vital disciplines are incorporated into the fusion process by serving as the conduit through which homeland security and crime related information flows to the WSFC for assessment and analysis through the state homeland security Regional Intelligence Groups.” According to the State of Washington, the “end state” of the FLO program “is to have FLOs throughout the state in all aspects of law enforcement, fire service and critical infrastructure” to facilitate the flow of information both to and from the state fusion center.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Acquisition of Expertise
Terrorists may attempt to gain skills and knowledge necessary to plan and execute by obtaining specialized training, soliciting or stealing technical and proprietary information, or reaching out to academics and experts. In 2007, German police arrested three terrorist suspects for allegedly planning and preparing car bomb attacks against US citizens and interests in Germany. The suspects traveled to Pakistan where they received weapons and explosives training from a Pakistan-based Uzbek jihadist group called the Islamic Jihad Union.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Observation/Surveillance
Terrorists often conduct physical surveillance to identify suitable targets, determine vulnerabilities, plan attack methods, or assess the target’s security posture. In March 2010, David Coleman Headley pled guilty for his role in the November 2008 terrorist attacks in Mumbai, India by conducting video and photographic surveillance of potential targets, as well as later surveilling Danish newspaper offices–the target of another attack plot.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Photography
Terrorists and criminals may use photos or videos of potential targets to gain insight into security operations and details of facility operations, including traffic flow through and around facilities, opening times, and access requirements. In late 2000 and early 2001, convicted al-Oa’ida operative Dhiren Barot took extensive video footage and numerous photographs of sites in downtown New York City and Washington, DC in preparation for planned attacks. Photographs and video useful in planning an attack may include facility security devices (surveillance cameras, security locks, metal detectors, jersey walls and planters); security personnel; facility entrances and exits; and other features such as lighting, access routes, gates, roads, walkways, and bridges.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Materials Acquisition/Storage
Terrorists overseas and in domestic attack plots have used various methods to acquire and store materials necessary to construct explosives. Najibullah Zazi, who pled guilty in 2010 to plotting to attack the New York subway system, made multiple, large-quantity purchases of chemical components needed to assemble the homemade explosive Triacetone Triperoxide (TATP)—6 bottles on one day and 12 bottles on a separate day—at beauty supply stores throughout the summer of 2009. Law enforcement and first responders should be aware that the possession, storage, or attempt to acquire unusual quantities of laboratory equipment, personal protective equipment, chemicals, and flammable accelerants—although legal to purchase and own—could provide indicators of preoperational attack planning.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Misrepresentation
Terrorists might use disguises, fraudulent or stolen credentials, and cloned or repurposed vehicles to gain access to restricted areas, to blend in with their surroundings when conducting surveillance, or to conceal other activities while planning or executing an attack. Anders Breivik, the gunman who was sentenced to 21 years in prison for the July 2011 attack on the Workers’ Youth League summer camp in Norway, wore a police uniform and displayed false identification to gain unauthorized access to the camp. Depending on the target, disguises might be aimed at impersonating law enforcement, emergency services, or officials of an institution who have legitimate access to secured/restricted sites.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Bulletin: Indicators of Suspicious Behaviors at Hotels
Known or possible terrorists have displayed suspicious behaviors while staying at hotels overseas—including avoiding questions typically asked of hotel registrants; showing unusual interest in hotel security; attempting access to restricted areas; and evading hotel staff. These behaviors also could be observed in U.S. hotels, and security and law enforcement personnel should be aware of the potential indicators of terrorist activity.
Department of Justice
(U//LES) State and Local Anti-Terrorism Training (SLATT) Program: Terrorism Training for Law Enforcement
Eight presentations used in the State and Local Anti-Terrorism Training (SLATT) program for law enforcement, which is supported by grants from the Department of Justice’s Bureau of Justice Assistance.
United States
Information Sharing Environment Annual Report to the Congress 2012
The ISE is a partnership for responsible sharing of terrorism-related information between the law enforcement, public safety, defense, intelligence, homeland security, and diplomatic communities. It extends to all levels of government – federal, state, local, tribal, and territorial; and incorporates private sector partners and international allies.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Attempted Breaches/Intrusions
Terrorists may attempt to breach secured perimeters or gain unauthorized access to facilities, sensitive locations, or restricted areas for preoperational activity or to conduct an attack. Timothy McVeigh breached a locked storage shed at a Kansas rock quarry with a battery-operated drill and stole explosives that were later used in the 1995 Oklahoma City bombing. Attempts at intrusion could take the form of trespassing, forced entry, or impersonation of authorized personnel and could possibly involve the assistance of knowledgeable ‘insiders.”
News
Unravelling TrapWire: The CIA-Connected Global Suspicious Activity Surveillance System
A number of hacked emails from the private intelligence firm Stratfor have shed light on a global suspicious activity surveillance system called TrapWire, that is reportedly in use in locations around the world from the London Stock Exchange to the White House. The emails, which were released yesterday by WikiLeaks, provide information on the extent and operations of a system designed to correlate suspicious activity reports and other evidence that may indicate surveillance connected with a potential terrorist attack.
Corporate
Abraxas Corporation TrapWire Pre-Attack Terrorist Detection System Trademark Document
Trap Wire dramatically increases the ability to detect pre-attack preparations and to take appropriate action to detect, deter and intercept tenorist attacks. A visual monitor of the entire system-a map with dynamic status indicators for each entity connected to the Trap Wire network- facilitates the ability of decisionmakers to absorb vast quantities of information quickly and efficiently. The dynamic status indicators show the threat level at each facility and highlight those that have moved to a higher threat level over the preceding 24 hours. Security officials can thus focus on the highest priorities first, taking a proactive and collaborative approach to defense against attacks. The information collected by Trap Wire can also be shared with law enforcement agencies to assist in their counterterrorism efforts.
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Aviation Flyovers
Terrorists may use small aircraft flyovers to conduct preoperational activities such as reconnaissance or rehearsals for planned attacks. When suspicious flyovers occur, law enforcement and first responders should report the key attributes of the flight and the aircraft for timely identification (time of day, location and direction of flight, facility overflown, aircraft size, markings, color scheme, tail number, number of windows, placement of wings or rotor, number of engines, and weather) to the Federal Aviation Administration (FAA) through a local Air Traffic Control facility or office, a local Flight Standards District Office, or directly to the FAA’s Domestic Events Network at 202 493 5107, and the Transportation Security Administration. The FAA is often best able to distinguish between legitimate air traffic and suspicious flight operations that warrant further investigation.
News
DHS, FBI Warn Law Enforcement of Terrorists Asking Questions
The Department of Homeland Security and Federal Bureau of Investigation are warning business owners and emergency personnel around the country to be on the look out for terrorists and criminals asking too many questions. In a bulletin from earlier this year, DHS and FBI warned that terrorists and criminals often exhibit the highly suspicious behavior of asking “pertinent, intrusive or probing questions” about security and operations at sensitive facilities. According to the document, terrorists or criminals “may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees or their associates” and that this type of questioning by individuals “with no apparent need for the information” can provide an “early warning of a potential attack.”
Department of Homeland Security, Federal Bureau of Investigation
(U//FOUO) DHS-FBI Suspicious Activity Reporting Bulletin: Terrorists Eliciting Information
Terrorist or criminals may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees, and their associates. Persistent, intrusive or probing questions about security, operations or other sensitive aspects of a facility by individuals with no apparent need for the information could provide early warning of a potential attack.
Department of Justice
Suspicious Activity Reporting Line Officer Training Video
A video made by the Bureau of Justice Assistance and the International Association of Chiefs of Police. It is designed to inform law enforcement “line officers” of standards for reporting suspicious activity in furtherance of the Nationwide Suspicious Activity Reporting Initiative (NSI). The video and transcript were obtained from the website of the Department of Public Safety in New Mexico.
FEMA
FEMA Research Report: How to Improve Public’s Suspicious Activity Reporting
The Federal Emergency Management Agency’s (FEMA) Individual and Community Preparedness Division partnered with the International Association of Chiefs of Police (IACP) on a project to research and develop a strategy to improve the public’s awareness and reporting of suspicious activity. In early 2010, IACP conducted research of contemporary and historical practices intended to improve the public’s reporting of suspicious activity. The literature review showed that little research existed on the motivations and barriers that affect whether or not individuals report information to law enforcement. To close this gap in data, IACP developed a three phase primary research strategy. This report provides an overview of key research findings and provides insights and recommendations that support national and local campaigns.
News
Garbage Collectors Around the U.S. Trained to Report Suspicious Activity
Several newspapers in southern Florida are reporting that trash collectors are receiving training from their employer Waste Management to work with local law enforcement to report crimes and other suspicious activities. The training is part of a program called Waste Watch that is designed to leverage the fact that “drivers are familiar with their routes and are in the same neighborhoods every day” which “puts them in the unique position to spot unusual activity and anything out of the ordinary.” Press releases from Waste Management describe the program as a way of opening “channels of communication with the authorities to help keep them informed and alert of what’s happening in their city’s streets and alleys.”
New Jersey
New Jersey Office of Homeland Security Terrorism Awareness and Prevention Participant Guide
The New Jersey Office of Homeland Security and Preparedness is pleased to present this opportunity for you to learn more about terrorism awareness and prevention. This program is designed to raise the awareness of New Jersey citizens and workers so they can assist in combating terrorism by enhancing powers of observation and encouraging mutual assistance and concern. It involves the joint efforts of the federal, state and local agencies along with the residents of New Jersey. While our country tells us to be more aware no one is telling is how and for what. This leaves the possibility for misunderstanding, abuses, and prejudices to surface. This program will inform citizens of what to look for and that their observations should rely on the unusual or suspicious activities and behaviors. Citizens should never use race or religion as factors for reporting suspicious activity. You, the residents and workers of New Jersey, are our partners.
News
Do You Believe in Conspiracy Theories? You May Be a Terrorist
A flyer from a series created by the FBI and Department of Justice to promote suspicious activity reporting states that espousing conspiracy theories or anti-US rhetoric should be considered a potential indicator of terrorist activity. The document, part of a collection published yesterday by Public Intelligence, indicates that individuals who discuss “conspiracy theories about Westerners” or display “fury at the West for reasons ranging from personal problems to global policies of the U.S.” are to be considered as potentially engaging in terrorist activity. For an example of the kinds of conspiracy theories that are to be considered suspicious, the flyer specifically lists the belief that the “CIA arranged for 9/11 to legitimize the invasion of foreign lands.”