FBI Cyber Division Bulletin: Hacking Team Exploit Used in Spearphishing Campaign Targeting U.S. Government

FBI-GovernmentSpearphishing

A bulletin issued by the FBI Cyber Division discusses a spearphishing campaign targeting U.S. government agencies in June and July of 2015. The campaign utilized a Adobe Flash exploit CVE-2015-5119 that was discovered in the 400GB data archive from hacked Italian surveillance technology company Hacking Team that was released publicly earlier this month. The exploit was being sold as a product of Hacking Team and was listed in their product knowledge base. The bulletin notes that the Flash exploit was being used in phishing emails in June 2015 despite the fact that the Hacking Team data was only made public on July 5, 2015.

FBI Cyber Division Bulletin: Distributed Denial of Service Attack Bitcoin Extortion Campaigns Expanding

FBI-BitcoinExtortionCampaigns

Recent FBI investigations and open source reporting reveal that extortion campaigns conducted via e-mails threatening Distributed Denial of Service (DDoS) attacks continue to expand targets from unregulated activities, such as illegal gaming activity, to now include legitimate business operations. The increase in scope has resulted in additional attacks with Bitcoin ransom amounts trending upwards as well.

National Governors Association Brief: Enhancing Role of Fusion Centers in Cybersecurity

NGA-FusionCentersCyber

In recent years, the growing number and sophistication of threats to the nation’s cyber infrastructure have motivated governors to consider adding or expanding cybersecurity capabilities within state fusion centers. Through fusion centers, states receive classified and unclassified information and intelligence from multiple sources across the nation and combine or “fuse” that information into “products” (for example, law enforcement notices and warnings) that help improve state and national readiness to respond to an attack or threat. Since their inception, fusion centers have become more sophisticated, uniform, and nationally networked. As they have matured and evolved, so have their missions. Originally designed to focus on terrorism, they now address a wider array of threats and hazards, including “accidents; technological events; natural disasters; warfare; and chemical, biological (including pandemic influenza), radiological, nuclear, or explosive events.”

(U//FOUO) DHS-FBI-NCTC Bulletin: ISIL Supporters Targeting Uniformed Personnel for Weapons and Equipment

DHS-FBI-NCTC-UniformsEquipmentISIL

In the first half of 2015 there were at least two instances of Islamic State of Iraq and the Levant (ISIL) inspired individuals in the West expressing interest in targeting law enforcement (LE) to obtain weapons and other specialized gear through theft. As ISIL continues to exhort its individuals in the West to carry out attacks, the potential exists that some terrorists may use this tactic and attempt to steal weapons or issued items, such as credentials, badges, uniforms, radios, ballistic vests, vehicles, and other equipment, which could be used in furtherance of an attack. We note that laws governing the purchase of firearms differ widely among Western nations making this tactic more likely to occur in countries where laws are most restrictive and firearms are harder to obtain through legitimate means.

American Psychological Association Review of Ethical Guidelines, Interrogations and Torture

APA-TortureReport

In November 2014, the Board of Directors of the American Psychological Association engaged our Firm to conduct an independent review of allegations that had been made regarding APA’s issuance of ethical guidelines in 2002 and 2005, and related actions. These ethical guidelines determined whether and under what circumstances psychologists who were APA members could ethically participate in national security interrogations. The gist of the allegations was that APA made these ethics policy decisions as a substantial result of influence from and close relationships with the U.S. Department of Defense (DoD), the Central Intelligence Agency (CIA), and other government entities, which purportedly wanted permissive ethical guidelines so that their psychologists could continue to participate in harsh and abusive interrogation techniques being used by these agencies after the September 11 attacks on the United States. Critics pointed to alleged procedural irregularities and suspicious outcomes regarding APA’s ethics policy decisions and said they resulted from this improper coordination, collaboration, or collusion. Some said APA’s decisions were intentionally made to assist the government in engaging in these “enhanced interrogation techniques.” Some said they were intentionally made to help the government commit torture.

DoJ Community Oriented Policing Services Facebook, Twitter, YouTube Violent Extremism Awareness Briefs

twitter-awarenessbrief

Online radicalization to violence is the process by which an individual is introduced to an ideological message and belief system that encourages movement from mainstream beliefs toward extreme views, primarily through the use of online media, including social networks such as Facebook, Twitter, and YouTube. A result of radical interpretations of mainstream religious or political doctrines, these extreme views tend to justify, promote, incite, or support violence to achieve any number of social, religious, or political changes.

UN Report of the Independent Commission of Inquiry on the 2014 Gaza Conflict

UN-GazaReport

On 23 July 2014, the Human Rights Council, by resolution S-21/1, decided to urgently dispatch an independent, international commission of inquiry to investigate all violations of international humanitarian law and international human rights law in the Occupied Palestinian Territory, including East Jerusalem, particularly in the occupied Gaza Strip, in the context of the military operations conducted since 13 June 2014, whether before, during or after. Pursuant to resolution S-21/1, the President of the Council appointed three experts to the commission: William Schabas (Chair), Mary McGowan Davis and Doudou Diène.

FBI Cyber Division Bulletin on Tools Reportedly Used by OPM Hackers

FBI-HackToolsOPM

The FBI has obtained information regarding cyber actors who have compromised and stolen sensitive business information and Personally Identifiable Information (PII). Information obtained from victims indicates that PII was a priority target. The FBI notes that stolen PII has been used in other instances to target or otherwise facilitate various malicious activities such as financial fraud though the FBI is not aware of such activity by these groups. Any activity related to these groups detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement.

DHS Guide: Improving Survivability in Improvised Explosive Device and Active Shooter Incidents

DHS-SurvivingActiveShooterIEDs

Recent improvised explosive device (IED) and active shooter incidents reveal that some traditional practices of first responders need to be realigned and enhanced to improve survivability of victims and the safety of first responders caring for them. This Federal, multi-disciplinary first responder guidance translates evidence-based response strategies from the U.S. military’s vast experience in responding to and managing casualties from IED and/or active shooter incidents and from its significant investment in combat casualty care research into the civilian first responder environment. Additionally, civilian best practices and lessons learned from similar incidents, both in the United States and abroad, are incorporated into this guidance. Recommendations developed in this paper fall into three general categories: hemorrhage control, protective equipment (which includes, but is not limited to, ballistic vests, helmets, and eyewear), and response and incident management.

Department of Defense Law of War Manual June 2015

DoD-Law-of-War

The law of war is part of who we are. George Washington, as Commander in Chief of the Continental Army, agreed with his British adversary that the Revolutionary War would be “carried on agreeable to the rules which humanity formed” and “to prevent or punish every breach of the rules of war within the sphere of our respective commands.” During the Civil War, President Lincoln approved a set of “Instructions for the Government of the Armies of the United States in the Field,” which inspired other countries to adopt similar codes for their armed forces, and which served as a template for international codifications of the law of war.

The Increasing Sophistication and Legitimacy of the Islamic State

isis-belgium-header

The Islamic State of Iraq and the Levant (ISIL) has become the preeminent terror group among U.S.-based extremists according to an assessment authored by the Department of Homeland Security and more than a dozen state and local fusion centers. Individuals determined to fight “overseas in a Muslim-majority country” or conduct attacks domestically will be “more likely to derive inspiration from ISIL than [al-Qaeda] or any of its affiliates” as long as ISIL can maintain its “current level of perceived legitimacy and relevancy.” This assessment of ISIL’s increasing popularity among domestic extremists is the focus of a ten page Field Analysis Report obtained by Public Intelligence titled Assessing ISIL’s Influence and Perceived Legitimacy in the Homeland: A State and Local Perspective. Drawing on suspicious activity reports from around the country as well as intelligence reporting from DHS and the Bureau of Prisons, the report finds that ISIL’s military successes in Iraq and Syria along with the group’s self-proclaimed re-establishment of the caliphate have captured the attention of violent extremists likely to buy in to its “violent extremist counterculture.”

(U//FOUO) DHS Assessment: Future ISIL Operations in the West Could Resemble Disrupted Belgian Plot

DHS-FutureOperationsISIL

I&A assesses that the plot disrupted by Belgian authorities in January 2015 is the first instance in which a large group of terrorists possibly operating under ISIL direction has been discovered and may indicate the group has developed the capability to launch more complex operations in the West. We differentiate the complex, centrally planned plotting in Belgium from other, more-simplistic attacks by ISIL-inspired or directed individuals, which could occur with littleto no warning.

(U//FOUO/LES) DHS Report: Assessing ISIL’s lnfluence and Perceived Legitimacy in the Homeland

DHS-AssessingLegitimacyISIL

This Field Analysis Report (FAR) is designed to support awareness and inform enforcement and collection operations of federal, state, and local partners involved in homeland security and counterterrorism efforts. Some of the activities described in the FAR may be constitutionally protected activities and should be supported by additional facts to justify increased suspicion. The totality of relevant circumstances should be evaluated when considering any law enforcement response or action. Our assessment of the level of the Islamic State of Iraq and the Levant’s (ISIL) name recognition since its declaration of a caliphate in June 2014 is based on a review of suspicious activity reporting (SAR) across the United States between 1 January and 30 December 2014, criminal complaints of US persons charged with supporting or seeking to support ISIL, Bureau of Prisons (BOP) intelligence reporting, and DHS I&A open source reporting to assess the influence of ISIL’s messaging campaign within the United States and ISIL’s perceived legitimacy among homegrown violent extremists (HVEs).

DoD-DoJ-CIA-NSA-ODNI Inspectors General Report on the President’s Surveillance Program

DoJ-PresidentsSurveillanceProgram_Page_001

A declassified report from 2009 compiled by the offices of the Inspectors General of the Department of Defense, Department of Justice, Central Intelligence Agency, National Security Agency and Office of the Director National Intelligence on the President’s Surveillance Program.

DHS Privacy and Civil Liberties Assessment Report on Executive Order 13636

DHS-ExecutiveOrder13636

Section 5 of Executive Order 13636 (Executive Order) requires the DHS Chief Privacy Officer and Officer for Civil Rights and Civil Liberties to assess the privacy and civil liberties impacts of the activities the Department of Homeland Security (DHS, or Department) undertakes pursuant to the Executive Order and to provide those assessments, together with recommendations for mitigating identified privacy risks, in an annual public report. In addition, the DHS Privacy Office and the Office for Civil Rights and Civil Liberties (CRCL) are charged with coordinating and compiling the Privacy and Civil Liberties assessments conducted by Privacy and Civil Liberties officials from other Executive Branch departments and agencies with reporting responsibilities under the Executive Order.

GAO Report: DOD Needs to Enhance Oversight of Military Whistleblower Reprisal Investigations

GAO-MilitaryWhistleblowerReprisals

The Department of Defense (DOD) did not meet statutory military whistleblower reprisal 180-day notification requirements in about half of reprisal investigations closed in fiscal year 2013, and DOD’s average investigation time for closed cases in fiscal years 2013 and 2014 was 526 days, almost three times DOD’s internal 180-day requirement. In 2012, GAO made recommendations to improve investigation timeliness, and DOD has taken some actions to address those recommendations. However, based on a random sample of 124 cases, GAO estimated that there was no evidence that DOD sent the required notification letters in about 47 percent of the cases that DOD took longer than 180 days to close in fiscal year 2013. For cases in which DOD sent the required letter, GAO estimated that the median notification time was about 353 days after the servicemember filed the complaint, and on average the letters significantly underestimated the expected investigation completion date. DOD does not have a tool, such as an automated alert, to help ensure compliance with the statutory notification requirement to provide letters by 180 days informing servicemembers about delays in investigations. Without a tool for DOD to ensure that servicemembers receive reliable, accurate, and timely information about their investigations, servicemembers may be discouraged from reporting wrongdoing.

(U//FOUO) DHS Infrastructure Protection Note: Most Significant Tactics Against the Electricity Subsector

DHS-ElectricGridAttacks

This IP Note is a joint publication of OCIA and the DHS Office of Intelligence and Analysis (I&A) Homeland Counterterrorism Division. It is intended to identify high- consequence tactics, techniques, and procedures (TTPs) used during attacks and incidents that occurred at electrical substations, facilities, and associated electrical infrastructure from 2002 to 2013. The incidents identified in this report have no known nexus to terrorism.