This document contains detailed recommendations on how to implement the best practices identified in the Clean IT project. It will be developed further in the months ahead. After the end of the Clean IT project it will only be shared with organizations that have committed to implementing the best practices. It will be developed further with these organizations participating in the Clean IT permanent public-private dialogue platform.
DHS National Operations Center Operations Counterterrorism Desk (NCOD) Database Privacy Impact Assessment
The National Operations Center (NOC), within the Office of Operations Coordination and Planning (OPS), operates the NOC Counterterrorism Operations Desk (NCOD) and serves as the primary DHS point of contact to streamline counterterrorism Requests for Information (RFIs). The NCOD Database is a tracking tool used by NCOD Officers to track all counterterrorism related incoming and outgoing inquiries. OPS has conducted this Privacy Impact Assessment (PIA) because the NCOD Database contains personally identifiable information (PII).
The objective of this project is to create and manage a comprehensive dataset of groups and movements that have used terrorist tactics within the United States – at some point between 1970 and 2007 – to achieve political, religious, social or economic goals. These data will be integrated into the Terrorist and Extremist Violence in the United States (TEVUS) database in the near future as part of the larger Integrating U.S. Security Databases (IUSSD) project.
Past statements from al‐Qa’ida Central, as well as their franchise groups, highlight the importance of targeting the U.S. economy as part of their strategy of confronting the West. Most recently, militant propagandists, such as Adam Gadahn, American mouthpiece for Al‐Qa’ida in Pakistan, have made statements advising Muslims in the West to “…undermine the West’s already struggling economies with…targeted attacks on symbols of capitalism which will shake consumer confidence and stifle spending”. Additionally, in November 2010, al‐Qa’ida in the Arabian Peninsula introduced the “strategy of a thousand cuts”, where they encouraged their mujahideen brothers to “attack the enemy with smaller, but more frequent operations…the aim is to bleed the enemy to death”.
The Department of Homeland Security and Federal Bureau of Investigation are warning business owners and emergency personnel around the country to be on the look out for terrorists and criminals asking too many questions. In a bulletin from earlier this year, DHS and FBI warned that terrorists and criminals often exhibit the highly suspicious behavior of asking “pertinent, intrusive or probing questions” about security and operations at sensitive facilities. According to the document, terrorists or criminals “may attempt to identify critical infrastructure vulnerabilities by eliciting information pertaining to operational and security procedures from security personnel, facility employees or their associates” and that this type of questioning by individuals “with no apparent need for the information” can provide an “early warning of a potential attack.”
(U//FOUO) New York Fusion Center Bulletin: Use of Cloned Vehicles in Terrorist or Criminal Operations
Criminals and terrorists have long used official vehicles, “cloned” vehicles (those painted/decorated to appear official), or seemingly legitimate vehicles (e.g. livery, maintenance or delivery) to circumvent security measures at targets of interest. There have been numerous terrorist attacks overseas wherein operatives used police vehicles or ambulances (or vehicles painted to resemble same) to conceal improvised explosive devices. Within the US Homeland, the most common use of cloned official vehicles by criminals is for drug smuggling; however, at least one terrorist targeting New York envisioned misusing vehicles that would appear to be legitimate, in order to conduct an attack. Dhiren Barot, an al Qaeda operative involved in the 2004 Financial Centers Plot, allegedly plotted to detonate three limousines packed with explosives and gas cylinders in underground parking lots in Manhattan. While the limousines would not have masqueraded as “official vehicles” per se they would have appeared to be legitimately entering those parking structures.
The Federal Bureau of Investigation, Department of Homeland Security and fusion centers around the country are warning that terrorists are interested in using fire as a weapon, particularly in the form of large-scale wildfires near densely populated areas. A newly released DHS report states that for more than a decade “international terrorist groups and associated individuals have expressed interest in using fire as a tactic against the Homeland to cause economic loss, fear, resource depletion, and humanitarian hardship.” The report notes that the tactical use of fire as a weapon is “inexpensive and requires limited technical expertise” and “materials needed to use fire as a weapon are common and easily obtainable, making preoperational activities difficult to detect and plot disruption and apprehension challenging for law enforcement.”
California, Colorado, Department of Homeland Security, Intelligence Fusion Centers, Nevada, New York
International terrorist groups and violent extremists have long shown interest in using fire as a weapon due to the low cost and limited technical expertise required, the potential for causing large-scale damage, and the low risk of apprehension. Recent encouragement of use of this tactic by terrorist groups and violent extremists in propaganda materials and extremist Web forums is directed at Western audiences and supports Homeland attacks.
Though the United States has been engaged in a Global War on Terror for more than a decade, the U.S. Government surprisingly does not have a standardized definition of terrorism that is agreed upon by all agencies. The State Department, Federal Bureau of Investigation and a number of other government agencies all utilize differing definitions of what constitutes an act of terrorism. This lack of agreement has allowed individual agencies to present vastly different and, in some cases, far more inclusive definitions of terrorist acts enabling the use of expanded law enforcement and investigative procedures that might not be applicable in other agencies. In fact, some agencies have presented a definition of terrorism so expansive as to include a number of activities that are not traditionally associated with terrorism or terrorist organizations.
Group logos, flags, and other extremist imagery are prevalent throughout most terrorist and extremist groups. Imagery provides a means of evoking existing emotional and historical memories in addition to communicating ideas to potential recruits. Logos and symbols are often used as visual representation of groups and/or their ideology. Print, internet propaganda, tattoos, clothing and accessories, stickers, and other graphic media are the most common representations of extremist imagery. First responders need to be aware of common extremist imagery as it may indicate involvement or support for a particular domestic extremist organization or international terrorist group.
The New Jersey Office of Homeland Security and Preparedness is pleased to present this opportunity for you to learn more about terrorism awareness and prevention. This program is designed to raise the awareness of New Jersey citizens and workers so they can assist in combating terrorism by enhancing powers of observation and encouraging mutual assistance and concern. It involves the joint efforts of the federal, state and local agencies along with the residents of New Jersey. While our country tells us to be more aware no one is telling is how and for what. This leaves the possibility for misunderstanding, abuses, and prejudices to surface. This program will inform citizens of what to look for and that their observations should rely on the unusual or suspicious activities and behaviors. Citizens should never use race or religion as factors for reporting suspicious activity. You, the residents and workers of New Jersey, are our partners.
The DHS Homeland Infrastructure Threat and Risk Analysis Center produced this threat assessment to support implementation of 6 Code of Federal Regulations Part 27, “Chemical Facility Anti-Terrorism Standards (CFATS).” This assessment describes the potential terrorist threat to the chemical and petroleum facilities regulated under CFATS and determined to be high risk by the Secretary of Homeland Security. It does not address facilities that may hold threshold quantities of the chemicals listed in CFATS that fall outside its scope, such as public water facilities or facilities regulated under the Maritime Transportation Security Act of 2002. Nor does it address the transportation of chemicals, which is regulated under other authorities. Potential terrorist tactics against such facilities—based on DHS’ knowledge of terrorist intentions and capabilities—are included to aid industry security personnel in implementing security measures at their facilities.
Director of National Intelligence 2012 Report on Reengagement of Detainees Formerly Held at Guantanamo Bay
Based on trends identified during the past 9 years, we assess that if additional detainees are transferred without conditions from GTMO, some will reengage in terrorist or insurgent activities. Posing a particular problem are transfers to countries with ongoing conflicts and internal instability as well as active recruitment by insurgent and terrorist organizations.
The release of a toxic industrial chemical (TIC) by a terrorist group or lone actor represents a significant threat. TICs are readily available in large quantities, routinely shipped by commercial carriers, and often stored in bulk containers. Most TICs are generally less toxic than chemical warfare (CW) agents, but a large volume of TICs can be equally dangerous. The release of a TIC in a populated area is capable of generating numerous casualties and deaths; the toxic effects would be more dangerous if release occurred in an enclosed space.
The Office of Infrastructure Protection (IP) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produces Infrastructure Protection Notes to address issues impacting the infrastructure protection community’s risk environment from terrorist threats and attacks, natural hazards, and other events. Based on the analysis within the DHS Office of Intelligence and Analysis product Evolution of the Terrorist Threat to the United States this IP Note outlines the evolution of terrorist threats and impacts to the Nation’s critical infrastructure.
Criminal complaint against Amine El Khalifi, a Moroccan man accused of attempting to bomb the U.S. Capitol building. The complaint was filed February 17, 2012.
(U//FOUO) DHS Mass Transit and Passenger Railroad Systems Terrorist Attack Preparedness Info Regarding a Realistic Threat
Terrorist attack tactics used against mass transit and passenger railroad systems abroad provide insights that can assist law enforcement officers in securing these critical infrastructure assets. The chart below highlights common tactics noted in attempted or successful use of explosive or incendiary devices against mass transit or passenger railroad systems in attacks conducted between March 2004 and November 2009. The information about these attacks provides insights into device type, selection, and construction and can help law enforcement identify patterns and develop protective measures. Analysis shows terrorists have timed attacks during periods of peak ridership; used multiple, coordinated, drop-and-leave devices in identical or similar baggage; and placed devices inside rail cars to cause casualties among passengers.
The purpose of this assessment is to alert law enforcement and homeland security officials about recent suspicious activity involving school buses and the licenses to drive them.
DHS-University of Maryland Study: Hot Spots of Terrorism and Other Crimes in the United States 1970 to 2008
While efforts are increasingly aimed at understanding and identifying “hot spots” of ordinary crime, little is known about the geographic concentration of terrorist attacks. What areas are most prone to terrorism? Does the geographic concentration of attacks change over time? Do specific ideologies motivate and concentrate terrorist attacks? Moreover, what factors increase the risk that an attack will occur in a particular area? Using recently released data from the Global Terrorism Database, we address these gaps in our knowledge by examining county-level trends in terrorist attacks in the United States from 1970 through 2008.
Internet service providers should clamp down on websites used by violent extremists, both Islamists and increasingly the far right, British lawmakers said in a report Monday. The Internet is a more significant vehicle for promoting radicalism than prisons, universities or places of worship, and is involved in almost all cases of extremism, parliament’s home affairs committee said. Law enforcement agencies can already order illegal material to be removed from the Internet, but “service providers themselves should be more active in monitoring the material they host,” the report said. The MPs recommended that the government work with Internet service providers (ISPs) to develop a code of practice on removing extremist material, but acknowledged international co-operation would also be needed.
A flyer designed by the FBI and the Department of Justice to promote suspicious activity reporting in internet cafes lists basic tools used for online privacy as potential signs of terrorist activity. The document, part of a program called “Communities Against Terrorism”, lists the use of “anonymizers, portals, or other means to shield IP address” as a sign that a person could be engaged in or supporting terrorist activity. The use of encryption is also listed as a suspicious activity along with steganography, the practice of using “software to hide encrypted data in digital photos” or other media. In fact, the flyer recommends that anyone “overly concerned about privacy” or attempting to “shield the screen from view of others” should be considered suspicious and potentially engaged in terrorist activities.
A collection of 25 flyers produced by the FBI and the Department of Justice are distributed to local businesses in a variety of industries to promote suspicious activity reporting. The fliers are not released publicly, though several have been published in the past by news media and various law enforcement agencies around the country. We have compiled this collection from a number of online sources.
TSA’s Office of Intelligence (TSA-OI) assesses that although counterterrorism pressure has weakened al-Qa’ida (AQ) and al Qa’ida in the Arabian Peninsula (AQAP), both organizations represent an enduring and evolving threat and remain committed to attacking the Homeland, including the transportation sector. Both organizations have targeted commercial aviation and AQ has repeatedly plotted to attack mass transit. We also remain concerned about the threat posed by homegrown violent extremists (HVE) or lone offenders inspired by AQ’s violent extremist ideology to launch attacks against less secure targets, such as mass transit and passenger bus systems.
Leaders of a congressional subcommittee are urging the Department of Homeland Security to extensively monitor social media sites like Twitter and Facebook to detect “current or emerging threats.” The top Republican and Democrat on a House counter-terrorism subcommittee last month sent a letter to Homeland Security’s intelligence chief encouraging department analysts to pore over huge streams of social media traffic. Representatives Patrick Meehan and Jackie Speier said in the letter to Caryn Wagner, undersecretary of homeland security for intelligence and analysis, that they “believe it would be advantageous for DHS and the broader Intelligence Community to carefully parse the massive streams of data from various social media outlets to identify current or emerging threats to our homeland security.”
This Joint Intelligence Bulletin provides law enforcement, public, and private sector safety officials with an evaluation of potential terrorist threats during the 2011 US holiday season, extending from Thanksgiving through New Year’s Day. This information is provided to support the activities of DHS and FBI and to assist federal, state, local, tribal and territorial government counterterrorism and first responder officials in deterring, preventing, preempting, or responding to terrorist attacks within the United States.