Author Archive for Public Intelligence

Archistrategos.

(U//FOUO) DHS Final Decision on Removal of Kaspersky-Branded Products

BOD 17-01 requires all federal executive branch departments and agencies to (1) identify the use or presence of “Kaspersky-branded products” on all federal information systems within 30 days of BOD issuance (i.e., by October 13); (2) develop and provide to DHS a detailed plan of action to remove and discontinue present and future use of all Kaspersky-branded products within 60 days of BOD issuance (i.e., by November 12); and (3) begin to implement the plan of action at 90 days after BOD issuance (i.e., December 12), unless directed otherwise by DHS in light of new information obtained by DHS, including but not limited to new information submitted by Kaspersky.

(U//FOUO) DHS NCCIC Independent Assessment of Kaspersky-Branded Products

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) reviewed the Independent Assessment, titled Information Security Risks of Anti-Virus Software (hereafter “BRG Assessment”), prepared by Berkeley Research Group, LLC (BRG), and dated November 10, 2017. Kaspersky Lab (hereafter “Kaspersky”) submitted the BRG Assessment to DHS as an exhibit to Kaspersky’s request for DHS to initiate a review of Binding Operational Directive (BOD) 17-01. The BRG Assessment, in part, responds to the NCCIC Information Security Risk Assessment (hereafter “NCCIC Assessment”) on commercial off-the-shelf (COTS) anti-virus software and Kaspersky-branded products, dated August 29, 2017. The NCCIC Assessment was attached as Exhibit 1 to an Information Memorandum from the Assistant Secreta1Y for DHS Cybersecurity and Communications (CS&C) to the Acting Secretary of DHS, dated September 1, 2017 (hereafter “Information Memorandum”). This document is a Supplemental Information Security Risk Assessment and will similarly be attached to an Information Memorandum from the Assistant Secretary for CS&C to the Acting Secretary of DHS.

(U//FOUO) DHS NCCIC Information Security Risk Assessment of Kaspersky-Branded Products

This assessment presents the inherent information security concerns and security ramifications associated with the use of any commercial-off-the-shelf (COTS) antivirus solution in devices with access to a federal network. It also addresses specific risks presented by Kaspersky-branded products, solutions, and services (collectively, “Kaspersky-branded products”).

French Republic Assessment of Chemical Attack in Douma, Syria April 2018

The French services analysed the testimonies, photos and videos that spontaneously appeared on specialized websites, in the press and on social media in the hours and days following the attack. Testimonies obtained by the French services were also analysed. After examining the videos and images of victims published online, they were able to conclude with a high degree of confidence that the vast majority are recent and not fabricated. The spontaneous circulation of these images across all social networks confirms that they were not video montages or recycled images. Lastly, some of the entities that published this information are generally considered reliable.

(U//FOUO) San Diego Fusion Center Bulletin: Ambulance Used to Conceal Improvised Explosive Device in Afghanistan

On January 27, 2018 at approximately 12:15pm local time, a vehicle resembling an ambulance and laden with explosives detonated after it passed through a police checkpoint in Kabul, Afghanistan. The explosion killed more than 100 people and wounded approximately 235 others. According to the deputy spokesperson for the Afghanistan Interior Ministry, the vehicle was painted to resemble an ambulance and had successfully passed through a checkpoint after the attacker allegedly told police he was transporting a patient to a nearby hospital. While stopped at a second checkpoint farther inside the city limits, the attacker detonated the explosives concealed in the vehicle.

United Nations Office for the Coordination of Humanitarian Affairs West Bank Access Restrictions January 2017

A complex series of concrete walls, electronic fences, and other obstacles to control Palestinian pedestrian and vehicular movement. Palestinian access to land and communities located behind the Barrier is subject to a permit or prior coordination regime. In its 2004 Advisory Opinion, the International Court of Justice (ICJ) established that the sections of the Barrier which run inside the West Bank, including East Jerusalem, together with the associated gate and permit regime, violate Israel’s obligations under international law.

(U//FOUO) DEA Emerging Threats Reports 2017

The Special Testing and Research Laboratory’s Emerging Trends Program compiled the data for this report through a query of archived seizure and analysis information from drug evidence analyzed by the Drug Enforcement Administration’s laboratory system. This data is representative of drug evidence seized and analyzed in the date ranges annotated. This is not a comprehensive list of all new psychoactive substances and is not representative of all evidence analyzed by DEA. This data is a quarterly snapshot of the new psychoactive substance market in the United States.

U.S. Army Threat Tactics Report: Russia

In the last seven years, Russia has reasserted itself as a military force in Eastern Europe and the Caucasus. With the 2008 military incursion into Georgia and the 2014 seizure of Crimea and support for pro-Russian separatists in Ukraine, Russia has assumed a more aggressive, interventionist stance in Europe. In the effort to influence events in Ukraine, the Russians have used what the US Army defines as “Hybrid Warfare” to infiltrate, isolate, and dominate eastern Ukraine and Crimea. This is all a part of the strategy of what can be called “Indirect Action”—the belief by the Russians that they reserve the right to protect ethnic Russians and interests in their former states from domination by Western powers and NATO.

(U//FOUO) DHS-FBI-NCTC Bulletin: Online Information May Provide Potential Roadmap for Crude Chemical-Biological Attacks

The late 2016 arrest of two California teenagers for allegedly planning a “mass casualty event” by carrying out a chemical attack at a local high school pep rally highlights how individuals can use online resources to plan crude chemical or biological attacks. Violent extremists continue to circulate often ineffective or misleading how-to instructions for producing and disseminating poisons, crude biological toxins, and toxic industrial chemicals that in many cases are commercially available and easy to obtain. While we have no indication the suspects in this case subscribed to or consumed material related to violent extremist ideologies, their activity highlights one path to conducting a potential chemical or biological attack.

(U//LES) DEA Bulletin: Expanding Fentanyl Threat in the United States

Fentanyl is a Schedule II synthetic opioid originally developed to serve as both an analgesic (painkiller) and an anesthetic; however, its strong opioid properties have made it an attractive drug of abuse in the United States. Fentanyl, in its licit form, is diverted from the market on a small scale for personal use or sale. Illicitly manufactured and trafficked fentanyl is responsible for the current domestic crisis. Fentanyl, fentanyl-related compounds, and the precursor chemicals needed to produce these substances originate in China and transit Mexico or Canada enroute to U.S. markets. It is believed that illicit fentanyl manufacturing is occurring in Mexico. Moreover, small-scale production facilities have been discovered in the United States and Canada.

Council of Economic Advisers Report: The Cost of Malicious Cyber Activity to the U.S. Economy

This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate. Importantly, cyberattacks and cyber theft impose externalities that may lead to rational underinvestment in cybersecurity by the private sector relative to the socially optimal level of investment. Firms in critical infrastructure sectors may generate especially large negative spillover effects to the wider economy. Insufficient data may impair cybersecurity efforts. Successful protection against cyber threats requires cooperation across firms and between private and public sectors.

The Expanding Spectrum of Espionage by Americans, 1947–2015

The report describes characteristics of 209 Americans who committed espionage-related offenses against the U.S. since 1947. Three cohorts are compared based on when the individual began espionage: 1947-1979, 1980-1989, and 1990-2015. Using data coded from open published sources, analyses are reported on personal attributes of persons across the three cohorts, the employment and levels of clearance, how they committed espionage, the consequences they suffered, and their motivations. The second part of the report explores each of the five types of espionage committed by the 209 persons under study. These include: classic espionage, leaks, acting as an agent of a foreign government, violations of export control laws, and economic espionage. The statutes governing each type are discussed and compared. Classification of national security information is discussed as one element in espionage. In Part 3, revisions to the espionage statutes are recommended in light of findings presented in the report.

(U//FOUO) Washington and Oregon Fusion Centers Rampage School Shootings Report July 2014

Over the past few years, there has been a definitive rise in school shooting incidents – specifically ‘Active Shooter’ or ‘Rampage Shooting’ events – but while the motives may have evolved, school violence is anything but new. With captive targets, a predictable attack environment, and little to no security hurdles, schools have long been a lucrative environment for violence. Recently though, the violent trend seems to be more popular amongst those with erroneous notions of vengeance, mental instability, and those seeking copycat infamy more than the staunch ideologist typically seen in other types of violent extremism. With that in mind, this joint Washington State Fusion Center (WSFC) and Oregon TITAN Fusion Center (TITAN) assessment intends to aid law enforcement and private and public sector security in understanding the various intricacies of the new-aged active or rampage shooter, how to recognize the signs, and what current measures are being taken to help mitigate the threat.

U.S. Treasury Report Identifying Russian Senior Foreign Political Figures and Oligarchs

Section 241 of the Countering America’ s Adversaries Through Sanctions Act of 2017 (СААTSA) requires the Secretary of the Treasury, in consultation with the Director of National Intelligence and the Secretary of State, to submit to the appropriate congressional committees 180 days after enactment а detailed report оп senior political figures and oligarchs in the Russian Federation (Section 241 (a)(l)) and on Russian parastatal entities (Section 241 (а)(2)). Pursuant to Section 241(Ь), the report shall Ье submitted in an unclassified form but may have а classified annex. This is the unclassified portion of the report.

(U//FOUO) U.S. Treasury Report on Economic Impact of Russian Sanctions

In accordance with Section 242 of PuЬlic Law 115-44 (P.L. 115-44) (“Countering America’s Adversaries Through Sanctions Act” (CAATSA)), the U.S. Department of the Treasury, in consultation with the Department of State and the Director of National Intelligence, was tasked with preparing а report addressing the potential effects of expanding sanctions under Directive 1 issued under Executive Order (Е.О.) 13662 to include sovereign debt and the full range of derivative products.

(U//FOUO) CBP Draft Report: Demographic Profile of Terrorists Post-9/11 Reveals Screening Implications

This assessment covers the demographic profile of the perpetrators, consisting of age, citizenship, gender, immigration status, national origin, international travel and religious background. This assessment is intended to inform United States foreign visitor screening, immigrant vetting and on-going evaluations of United States-based individuals who might have a higher risk of becoming radicalized and conducting a violent attack. This information is cut-off as of 22 January 2018.

(U//FOUO) DEA Emerging Threats Reports 2016

The Special Testing and Research Laboratory’s Emerging Trends Program compiled the data for this report through a query of archived seizure and analysis information from drug evidence analyzed by the Drug Enforcement Administration’s laboratory system. This data is representative of drug evidence seized and analyzed in the date ranges annotated. This is not a comprehensive list of all new psychoactive substances and is not representative of all evidence analyzed by DEA. This data is a quarterly snapshot of the new psychoactive substance market in the United States.

FBI Cyber Division Bulletin: Cyber Criminal Group Threatens Schools and Students

Since April 2016, a loosely affiliated group of highly trained hackers calling themselves TheDarkOverlord (TDO) have conducted various extortion schemes with a recent focus on the public school system. TDO used remote access tools to breach school district networks and then proceeded to steal sensitive data. To extort money from its victims, including students, TDO threatened violence or the release of stolen sensitive data.

(U//FOUO) Mississippi Fusion Center State Gang Threat Assessment 2017

Intelligence in this assessment is based on data from 125 local, state, tribal, and federal law enforcement agencies through statewide intelligence meetings, adjudicated cases, and open source information. Specific gang data was collected from 71 law enforcement agencies through questionnaires disseminated at the statewide intelligence meetings and the 2017 Mississippi Association of Gang Investigators (MAGI) Conference. The intelligence meetings, sponsored by the MSAIC, occurred in the nine Mississippi Highway Patrol (MHP) districts.

Applied Physics Laboratory Paper: The Need for Intelligence Community Sponsored Influence Research

Military Information Support Operations (MISO) is a critical capability in contemporary conflict. Its success depends upon the application of social and behavioral science to analyze target audiences, craft messages, and measure the outcome of their dissemination (Spitaletta, 2013). Recent operational experience has exposed weaknesses in US capability that require redoubled effort to conduct research on the mechanisms and methods of influence and their effective application. In particular, the US needs to better understand the doctrines of adversaries and to develop countermeasures against them. The modern Russian manifestation of information confrontation, often attributed to Chief of the General Staff of the Armed Forces Valery Gerasimov, adapts historical Russian and Soviet tactics of maskirovka (surprise, camouflage, concealment, mimicry, disinformation, and deceptive maneuver) in the contemporary information environment (Thornton, 2015). These approaches are a combination of not only overt military but also covert intelligence tactics that, when executed by disciplined professionals, can achieve a variety of economic and geopolitical effects (Pacepa & Rynchlak, 2013).

Las Vegas Metropolitan Police Department October 2017 Mass Shooting Preliminary Report

On October 1, 2017, over 22,000 people came together to enjoy a country music festival in Las Vegas, Nevada. On the third and final night of the festival, a lone gunman opened fire into the crowd from the 32nd floor of the Mandalay Bay Resort and Casino. The gunfire continued for over ten minutes, resulting in the deaths of 58 innocent concert goers and injuring more than 700. With law enforcement closing in, the suspect took his own life.

(U//FOUO) DoD Nuclear Posture Review Draft January 2018

On January 27th, the President directed the Department of Defense to conduct a new Nuclear Posture Review (NPR) to ensure a safe, secure, and effective nuclear deterrent that safeguards the homeland, assures allies, and deters adversaries. This review comes at a critical moment in our nation’s history, for America confronts an international security situation that is more Complex and demanding than any since the end of the Cold War. In this environment, it is not possible to delay modernization of our nuclear forces and remain faithful sentinels Of our nation’ s security and freedom for the next generation as well as our own.

U.S. Army Study: Envisioning the Deep Future of Small Arms 2022-2042

In the summer of 2012, HQDA G3 provided a presentation to the Chief of Staff of the Army (CSA) focused on small arms overmatch at the squad level. This presentation resulted in questions raised by the CSA regarding the nature of the Army’s holistic strategy for small arms dominance into the future. HQDA G3 received the task to follow up on these questions and present back to the CSA a comprehensive small arms strategy. In support of the HQDA G3 mission, ASA(ALT) SAAL-ZT as the responsible agent for the Army’s science and technology investments, agreed to identify and prioritize future concepts with potential to enable long-term small arms overmatch for US military forces from the period 2020-2040+.

U.S. Army Threat Tactics Report: North Korea

The Korean peninsula is a location of strategic interest for the US in the Pacific Command (PACOM), and many observers note that North Korea is an unpredictable and potentially volatile actor. According to the Department of Defense in its report to Congress and the intelligence community, the DPRK “remains one of the United States’ most critical security challenges for many reasons. These include North Korea’s willingness to undertake provocative and destabilizing behavior, including attacks on the Republic of Korea (ROK), its pursuit of nuclear weapons and long-range ballistic missiles, and its willingness to proliferate weapons in contravention of United Nations Security Council Resolutions.”