We judge that narratives driven by Chinese, Iranian, and Russian state media, and proxy websites linked to these governments, often involve fact-based articles as well as editorials; these publications may include misinformation, disinformation, or factual but misrepresented information. This monthly “Snapshot” compiles English-language narratives, which we assess are intended for US and Western audiences, and highlights both consistent trends and emergent messaging, which we assess to reveal foreign actors’ changing influence priorities. We judge that, typically, China uses state and proxy media—including US-based outlets—to try to shape diaspora conduct and US public and leadership views; Iran state media manipulates emerging stories and emphasizes Tehran’s strength while denigrating US society and policy; and Russia uses both state and proxy media to amplify narratives seeking to weaken Washington’s global position relative to Moscow’s.
Russia almost certainly is subjecting Ukrainian civilians in occupied areas to so-called filtration operations. Individuals face one of three fates after undergoing filtration, which include being issued documentation and remaining in Russian-occupied Ukraine, forcefully deported to Russia, or detained in prisons in eastern Ukraine or Russia.
This Intelligence In View provides federal, state, local, and private sector stakeholders an overview of Russian Government-affiliated cyber activity targeting the United States and Russian regional adversaries, including disruptive or destructive cyber activity, cyber espionage in support of intelligence collection, and malign foreign influence in service of Russian political agendas. This In View also provides examples of malware and tools used by Russian Government-affiliated cyber actors.
(U//FOUO) DHS-FBI-NCTC Bulletin: Dissemination of Tactics, Techniques, and Procedures Used by Buffalo Attacker Likely To Enhance Capabilities of Future Lone Offenders
This Joint Intelligence Bulletin (JIB) provides an overview of significant tactics, techniques, and procedures (TTPs) discussed or used by the alleged perpetrator of the 14 May 2022 mass casualty shooting in Buffalo, New York and details how related documents spread after the attack may contribute to the current threat landscape. The alleged attacker drew inspiration from previous foreign and domestic racially or ethnically motivated violent extremists (RMVEs) and their online materials, underscoring the transnational nature of this threat. DHS, FBI, and NCTC advise federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners to remain vigilant of this enduring threat.
This resource is provided to inform law enforcement, terrorism prevention practitioners, other first responders, community leaders, as well as the general public about both threats of violence and contextual behaviors that suggest an individual is mobilizing to violence. While some violent extremists may make direct, indirect, or vague threats of violence, others may plot violent action while avoiding such overt threats to maintain operational security—underscoring the need to consider both threats of violence and contextual behaviors.
During the six-month period from April 2022 to September 2022, we project that US Customs and Border Protection (CBP) will record between 1 and 2.1 million encounters at the US Southwest Border. We have low confidence in these projections because migration is a complex and fluid issue, making predictive analysis difficult. Additionally, the percentage of selected Latin American and Caribbean nationals encountered at the US Southwest Border has increased from 11 percent in the first six months of FY 2021 to 31 percent in the first six months of FY 2022. This increasing diversification of migrant nationalities encountered at the US Southwest Border—on top of other capacity challenges—will further complicate US capacity to manage the expected flow, as it requires engagement with other migrant-source countries besides Mexico and Northern Triangle countries. Specifically, encounters of Cuban, Nicaraguan, and Venezuelan nationals pose unique challenges because of our limited relationships with these host countries.
(U//FOUO) DHS Bulletin: Domestic Violent Extremist Activity Likely in Response to US Supreme Court Decision on Abortion
Some domestic violent extremists (DVEs) will likely exploit the recent US Supreme Court decision to overturn Roe V. Wade to intensify violence against a wide range of targets. We expect violence could occur for weeks following the release, particularly as DVEs may be mobilized to respond to changes in state laws and ballot measures on abortion stemming from the decision. We base this assessment on an observed increase in violent incidents across the United States following the unauthorized disclosure in May of a draft majority opinion on the case.
The 68th Bilderberg Meeting will take place from 2 – 5 June 2022 in Washington, D.C., USA. About 120 participants from 21 countries have confirmed their attendance. As ever, a diverse group of political leaders and experts from industry, finance, academia, labour and the media has been invited.
Domestic violent extremists (DVEs) continue to exploit 3-D printing to produce weapons and firearm accessories that are unregulated and easy to acquire, according to recent federal and local arrests. This jointly authored Reference Aid is intended to highlight recent incidents of DVE misuse of 3-D printing and demonstrative examples of how the tactic could be exploited by DVEs in the United States.
(U//FOUO) Central Florida Intelligence Exchange Bulletin: Literary Propaganda Used To Drive Violent Extremist Narratives Towards the U.S. Government and Law Enforcement
This bulletin was created by the Central Florida Intelligence Exchange (CFIX) to provide situational awareness regarding the use of literary propaganda used to drive black racially and ethnically motivated extremist (BRMVE) narratives in present-day America. This information is intended to support local, state and federal government agencies along with the private sector in developing/ prioritizing protective and support measures relating to existing or emerging threats to homeland security.
(U//FOUO) DHS Bulletin: Moscow’s Invasion of Ukraine Impeding Reach of Russian State Media in the West
Russia’s invasion of Ukraine has spurred Western governments, social media companies, and individuals to limit or disengage from Russian state media outlets, likely degrading many outlets’ ability to directly message to Western audiences through 2022. This Western response impedes the ability of critical elements of Russia’s influence ecosystem to recruit and retain culturally adept media talent, shape in-country reporting, maintain a perception of media independence, and generate revenue. These setbacks affect multiple facets of RT’s and Sputnik’s operations, hampering the prospects for a speedy reconstitution of their Western-facing efforts. These actions, and others being considered by Western countries, go well beyond previous efforts to counter Moscow’s use of its state media outlets to spread mis-, dis-, and malinformation (MDM), such as deplatforming, foreign agent registration, and social media labeling of content.
DHS Public-Private Analytic Exchange Program Report: Combatting Targeted Disinformation Campaigns A Whole-of-Society Issue Part Two August 2021
Recent events have demonstrated that targeted disinformation campaigns can have consequences that impact the lives and safety of information consumers. On social media platforms and in messaging apps, disinformation spread like a virus, infecting information consumers with contempt for democratic norms and intolerance of the views and actions of others. These events have highlighted the deep political and social divisions within the United States. Disinformation helped to ignite long-simmering anger, frustration, and resentment, resulting, at times, in acts of violence and other unlawful behavior.
DHS Public-Private Analytic Exchange Program Report: Combatting Targeted Disinformation Campaigns A Whole-of-Society Issue October 2019
In today’s information environment, the way consumers view facts, define truth, and categorize various types of information does not adhere to traditional rules. The shift from print sources of information to online sources and the rise of social media have had a profound impact on how consumers access, process, and share information. These changes have made it easier for threat actors to spread disinformation and exploit the modern information environment, posing a significant threat to democratic societies. Accordingly, disinformation campaigns should be viewed as a whole-of-society problem requiring action by government stakeholders, commercial entities, media organizations, and other segments of civil society.
On February 24, 2021, President Biden issued Executive Order 14017 on America’s Supply Chains directing the Secretary of Energy to submit a supply chain strategy overview report for the energy sector industrial base (as determined by the Secretary of Energy). The U.S. Department of Energy (DOE) defines the Energy Sector Industrial Base (ESIB) as the energy sector and associated supply chains that include all industries/companies and stakeholders directly and indirectly involved in the energy sector. The energy sector industrial base involves a complex network of industries and stakeholders that spans from extractive industries, manufacturing industries, energy conversion and delivery industries, end of life and waste management industries, and service industries to include providers of digital goods and services.
(U//FOUO) DHS Bulletin: Warning of Potential for Cyber Attacks Targeting the United States in the Event of a Russian Invasion of Ukraine
We assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security. Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure. However, we assess that Russia’s threshold for conducting disruptive or destructive cyber attacks in the Homeland probably remains very high and we have not observed Moscow directly employ these types of cyber attacks against US critical infrastructure—notwithstanding cyber espionage and potential prepositioning operations in the past.
(U//LES) Nevada High Intensity Drug Trafficking Area Bulletin: Dark Web and Cryptocurrency What to Look for During a Search Warrant
In June of 2021, the Nevada High Intensity Drug Trafficking Area (HIDTA) Drug Enforcement Agency (DEA) Enforcement Group 3 arrested four members of a Drug Trafficking Money Laundering Organization (DTMLO) responsible for selling millions of dollars’ worth of cocaine on the dark web and transporting it through the United States Postal Services (USPS).
This report outlines ongoing work by the Department of Defense to address the threat posed by prohibited extremist activities. The Department of Defense has long prohibited Service members from actively engaging in extremist activities. Since 1969, the Department of Defense has provided policy guidance that enumerates the prohibition of specific activities, and has routinely updated its guidance to clarify prohibited activities, clarify the investigative authorities that commanders have at their disposal, and ensure that all military departments implement training on these policies.
ATP 7-100.3 describes Chinese tactics for use in Army training, professional education, and leader development. This document is part of the ATP 7-100 series that addresses a nation-state’s military doctrine with a focus on army ground forces and tactical operations in offense, defense, and related mission sets. Other foundational topics include task organization, capabilities, and limitations related to military mission and support functions. ATP 7-100.3 serves as a foundation for understanding how Chinese ground forces think and act in tactical operations.
(U//FOUO) DHS Bulletin: Iranian Influence Efforts Primarily Use Online Tools to Target US Audiences, Remain Easily Detectable for Now
We assess that Iran likely will continue to rely primarily on proxy news websites and affiliated social media accounts to attempt sustained influence against US audiences, while we expect intermittent, issue-specific influence attempts via other means (e.g., e-mails). We base this assessment on Iran’s actions since at least 2008 to build and maintain vast malign influence networks anchored by proxy websites, as well as Iran’s attempts to find new avenues to re-launch established malign influence networks after suspension. Tehran employs a network of proxy social media accounts and news websites that typically launder Iranian state media stories (stripped of attribution), plagiarize articles from Western wire services, and occasionally pay US persons to write articles to appear more legitimate to US audiences.
This Handbook focuses on the legal matters pertaining to providing assistance to domestic civil authorities, also known as DSCA. Circumstances involving the exercise of homeland defense authority and capabilities, i.e. “countering air and maritime attacks and preventing terrorist attacks on the homeland,” are beyond the scope of this handbook. Nonetheless, it should be kept in mind that actions taken within the homeland defense function may directly impact the DoD’s DSCA mission once an event has occurred. Likewise, for ongoing events or continuing attacks, DSCA actions may affect homeland defense capabilities.
ATP 3-39.10 provides guidance for commanders and staffs on police operations and is aligned with FM 3-39, the keystone military police field manual. This manual addresses police operations across the range of military operations. Police operations support decisive action tasks (offensive, defensive, and stability or defense support of civil authorities [DSCA]). This manual emphasizes policing capabilities necessary to establish order and subsequent law enforcement activities that enable successful establishment, maintenance, or restoration of the rule of law. While this manual focuses on the police operations discipline and its associated tasks and principles, it also emphasizes the foundational role that police operations, in general, play in the military police approach to missions and support to commanders.
(U//FOUO) DHS-FBI-NCTC Bulletin: First Responder Awareness of Privately Made Firearms May Prevent Illicit Activities
Criminals and violent extremists continue to seek ways to acquire firearms through the production of privately made firearms (PMFs). PMFs can be easily made using readily available instructions and commonly available tools, require no background check or firearms registration (serial number) under federal law, and their parts have become more accessible and affordable. This, combined with the increase in law enforcement recoveries of nonserialized and counterfeit firearms in criminal investigations, will most likely create increasing challenges in law enforcement investigations, including weapon accountability access and tracking. PMF awareness and identification can aid PMF recovery, prevention of illicit activities including terrorism, and overall first responder and public safety.