Public Intelligence

Criminal complaint against Amine El Khalifi, a Moroccan man accused of attempting to bomb the U.S. Capitol building. The complaint was filed February 17, 2012.

Terrorist attack tactics used against mass transit and passenger railroad systems abroad provide insights that can assist law enforcement officers in securing these critical infrastructure assets. The chart below highlights common tactics noted in attempted or successful use of explosive or incendiary devices against mass transit or passenger railroad systems in attacks conducted between March 2004 and November 2009. The information about these attacks provides insights into device type, selection, and construction and can help law enforcement identify patterns and develop protective measures. Analysis shows terrorists have timed attacks during periods of peak ridership; used multiple, coordinated, drop-and-leave devices in identical or similar baggage; and placed devices inside rail cars to cause casualties among passengers.

The purpose of this assessment is to alert law enforcement and homeland security officials about recent suspicious activity involving school buses and the licenses to drive them.

While efforts are increasingly aimed at understanding and identifying “hot spots” of ordinary crime, little is known about the geographic concentration of terrorist attacks. What areas are most prone to terrorism? Does the geographic concentration of attacks change over time? Do specific ideologies motivate and concentrate terrorist attacks? Moreover, what factors increase the risk that an attack will occur in a particular area? Using recently released data from the Global Terrorism Database, we address these gaps in our knowledge by examining county-level trends in terrorist attacks in the United States from 1970 through 2008.

Internet service providers should clamp down on websites used by violent extremists, both Islamists and increasingly the far right, British lawmakers said in a report Monday. The Internet is a more significant vehicle for promoting radicalism than prisons, universities or places of worship, and is involved in almost all cases of extremism, parliament’s home affairs committee said. Law enforcement agencies can already order illegal material to be removed from the Internet, but “service providers themselves should be more active in monitoring the material they host,” the report said. The MPs recommended that the government work with Internet service providers (ISPs) to develop a code of practice on removing extremist material, but acknowledged international co-operation would also be needed.

A flyer designed by the FBI and the Department of Justice to promote suspicious activity reporting in internet cafes lists basic tools used for online privacy as potential signs of terrorist activity. The document, part of a program called “Communities Against Terrorism”, lists the use of “anonymizers, portals, or other means to shield IP address” as a sign that a person could be engaged in or supporting terrorist activity. The use of encryption is also listed as a suspicious activity along with steganography, the practice of using “software to hide encrypted data in digital photos” or other media. In fact, the flyer recommends that anyone “overly concerned about privacy” or attempting to “shield the screen from view of others” should be considered suspicious and potentially engaged in terrorist activities.

A collection of 25 flyers produced by the FBI and the Department of Justice are distributed to local businesses in a variety of industries to promote suspicious activity reporting. The fliers are not released publicly, though several have been published in the past by news media and various law enforcement agencies around the country. We have compiled this collection from a number of online sources.

TSA’s Office of Intelligence (TSA-OI) assesses that although counterterrorism pressure has weakened al-Qa’ida (AQ) and al Qa’ida in the Arabian Peninsula (AQAP), both organizations represent an enduring and evolving threat and remain committed to attacking the Homeland, including the transportation sector. Both organizations have targeted commercial aviation and AQ has repeatedly plotted to attack mass transit. We also remain concerned about the threat posed by homegrown violent extremists (HVE) or lone offenders inspired by AQ’s violent extremist ideology to launch attacks against less secure targets, such as mass transit and passenger bus systems.

Leaders of a congressional subcommittee are urging the Department of Homeland Security to extensively monitor social media sites like Twitter and Facebook to detect “current or emerging threats.” The top Republican and Democrat on a House counter-terrorism subcommittee last month sent a letter to Homeland Security’s intelligence chief encouraging department analysts to pore over huge streams of social media traffic. Representatives Patrick Meehan and Jackie Speier said in the letter to Caryn Wagner, undersecretary of homeland security for intelligence and analysis, that they “believe it would be advantageous for DHS and the broader Intelligence Community to carefully parse the massive streams of data from various social media outlets to identify current or emerging threats to our homeland security.”

This Joint Intelligence Bulletin provides law enforcement, public, and private sector safety officials with an evaluation of potential terrorist threats during the 2011 US holiday season, extending from Thanksgiving through New Year’s Day. This information is provided to support the activities of DHS and FBI and to assist federal, state, local, tribal and territorial government counterterrorism and first responder officials in deterring, preventing, preempting, or responding to terrorist attacks within the United States.

A bulletin to local businesses from the City of London Police warning of possible extremist/terrorist threats arising from the Occupy London protests.

This handbook provides an understanding of the processes and procedures being employed by joint force commanders (JFCs) and their staffs to plan, execute, and assess counter threat finance (CTF) activities and integrate them into their joint operation/campaign plans. It provides fundamental principles, techniques, and considerations related to CTF that are being employed in the field and are evolving toward incorporation in joint doctrine.

This report is part of a series created by the Department of Homeland Security’s Protective Security Division concerning common vulnerabilities and the detection of terrorist activity at critical infrastructure locations.

Backpressure, the reverse flow of contaminated water into a potable water distribution system, has the potential to affect the public health of a community by using residential, commercial, or industrial connections in water distribution systems as a pathway for contamination. A water contamination incident using an effective contaminant and delivery method would cause immediate public health effects, require costly cleanup, and cause lasting economic and psychological impact. The amount of toxicity depends on many factors, including the type of contaminant, dilution and solubility of the contaminant, and the proximity of the consumer to the point of entry.

A U.S. military training program designed to enhance soldiers’ abilities to operate in irregular conflicts includes exercises which encourage soldiers to think like terrorists in order to examine opposing ideologies. The exercises are part of a course designed to help trainees with practical decision-making skills in “irregular conflicts” and counterinsurgency called Combat Observation and Decision-making in Irregular and Ambiguous Conflicts (CODIAC). The course was initially created in 2010 as a way of enhancing the “ability of individuals and small teams to address irregular challenges by training enhanced observation, battlefield sensemaking, human terrain pattern recognition, and environmental analysis (including knowledge of combat tracking).” The CODIAC course incorporates curriculum from a number of other military programs, including the U.S. Marine Corps’ Combat Hunter program, and it is designed to primarily for military personnel as well as “interagency paramilitary personnel, such as Border Patrol or Police Officers, as well as multinational allies.” The course focuses on a number of core subject areas related to decision making, intelligence and observation, physical tracking and “human terrain” analysis.

This curriculum was directly inspired by the US Marine Corps’ Combat Hunter program. Created in 2007, in response to a dramatic increase in precision fire causalities in Baghdad, Combat Hunter is systematic training designed to improve cognitive skills, showing personnel how to read the human terrain, establish a baseline, detect an anomaly, and make decisions “left of bang.” In other words, Combat Hunter was designed to train personnel to anticipate danger and meet it proactively. In an irregular conflict, this enables personnel to be the “hunters”—not the “hunted.” CODIAC integrates the USMC Combat Hunter principles, along with proven battlefield decision-making and irregular warfare instruction from across the Joint services. The goal of CODIAC is to enhance the ability of individuals and small teams to address irregular challenges by training enhanced observation, battlefield sensemaking, human terrain pattern recognition, and environmental analysis (including knowledge of combat tracking).

Criminal complaint issued in the Iran-linked plot to assassinate the Saudi Arabian ambassador to the United States, USA vs. MANSSOR ARBABSIAR a/k/a “Mansour Arbabsiar” and GHOLAM SHAKURI a/k/a “Ali Gholam Shakuri”.

According to multiple media reports, on 7 September an explosion occurred inside the reception area of the Delhi High Court in New Delhi, India at approximately 10:00am local time. The blast killed at least 11 people and injured some 76 others. Indian authorities reported to the press that the explosives were inside a briefcase left in a reception area in between the security gates of the High Court. India’s National Security Guard Director indicated that the device contained ammonium nitrate, which was also used in the most recent bomb against the court complex on 25 May. Harakat-ul-Jihad al-Islami (HUJI) claimed responsibility for the blast in an e-mail message and demanded that India repeal the death sentence of Afzal Guru, who was convicted of attacking the Indian Parliament building in 2001 and is awaiting execution.

FBI affidavit for Rezwan Ferdaus accused of planning to use remote controlled airplanes to attack the Pentagon and the U.S. Capitol.

We assess that al-Qa‘ida has likely maintained an interest since at least February 2010 in conducting large attacks in the Homeland timed to coincide with symbolic dates, to include the 10-year anniversary of the 9/11 terrorist attacks. We also remain concerned that the May 2011 death of Usama bin Ladin (UBL), coupled with the subsequent removal of several key al-Qa’ida figures, could further contribute to al-Qa’ida’s desire to stage an attack on a symbolic date—such as the 10-year anniversary of 9/11—as a way to avenge UBL’s death and reassert the group’s relevance, although operational readiness likely remains the primary driving factor behind the timing of al-Qa’ida attacks.

A new online reporting tool will allow people to submit reports of suspicious activity around the District and photos or videos of the activities directly to the Metropolitan Police Department, officials announced Wednesday. The iWatch DC program provides another way for police to gather tips about suspicious activities in the area and analyze the reports for potential trends or suspected terrorist activity, MPD Chief Cathy L. Lanier said. “It’s appropriate for us to launch it this week because of 9/11,” Chief Lanier said. “We just want to raise people’s awareness that you can report suspicious activity to us.”

As of February 2010, al-Qa‘ida was allegedly contemplating conducting an operation against trains at an unspecified location in the United States on the tenth anniversary of 11 September 2001. As one option, al-Qa‘ida was looking at the possibility of tipping a train by tampering with the rails so that the train would fall off the track at either a valley or a bridge. Al-Qa‘ida noted that an attack from tilting the train would only succeed one time because the tilting would be spotted. Al-Qa‘ida also noted that newer train cars each have their own braking system, and that movement in a specific direction would derail it, but would not cause it to fall off the track.

This Joint Intelligence Bulletin (JIB) updates a DHS-FBI joint analytic product of the same title dated 3 September 2010 and is intended to provide warning and perspective regarding the scope of the potential terrorist threats to the United States, specifically towards US persons. This product is provided to support the activities of DHS and FBI and to help federal, state, and local government counterterrorism and law enforcement officials deter, prevent, preempt, or respond to terrorist attacks directed against the United States.

The Department of Homeland Security (DHS) currently uses the Terrorist Screening Database (TSDB), a consolidated database maintained by the Department of Justice Federal Bureau of Investigation Terrorist Screening Center (TSC) of identifying information about those known or reasonably suspected of being involved in terrorist activity in order to facilitate DHS mission-related functions, such counterterrorism, law enforcement, border security, and inspection activities. DHS and TSC are improving the current method of transmitting TSDB data from TSC to DHS. Through a new service called the “DHS Watchlist Service” (WLS), TSC and DHS will automate and simplify the current manual process. TSC remains the authoritative source of watchlist data and will provide DHS with near real-time synchronization of the TSDB. DHS will ensure that each DHS component system receives only those TSDB records which they are authorized to use under the WLS Memorandum of Understanding and authorized under existing regulations and privacy compliance documentation between TSC and DHS (WLS MOU) and any amendments or modifications thereto. DHS conducted this privacy impact assessment (PIA) because the WLS will maintain a synchronized copy of the TSDB, which contains personally identifiable information (PII), and disseminate it to authorized DHS components.

The Homeland Security Department’s plan to centralize and expand in-house access to the FBI’s database of suspected terrorists has prompted a letter of protest from a coalition of Washington privacy organizations. In public comments submitted Aug. 5, a coalition led by the Electronic Privacy Information Center challenged a proposed rule under which Homeland Security would duplicate an existing system of records to create the DHS Watchlist Service. It will contain individuals’ names, dates and places of birth, biometric and photographic data, passport information, driver’s license information and “other available identifying particulars.” Homeland Security during the past year has been reviewing the eight-year-old terrorist screening database used at airports and is preparing, as set out in the July 6 proposal, to widen employee access to a mirror copy of the records created by the FBI and Justice Department “in order to automate and simplify the current method for transmitting” the data to DHS component agencies including the Transportation Security Administration. TSA uses the terrorist watch list for the Secure Flight program, which allows it to instantly check passenger names that airlines were given by ticket purchasers against a consistent national watch list of suspected terrorists.