Author Archive for Public Intelligence

Archistrategos.

U.S. Army

U.S. Army Special Forces Unconventional Warfare Training Manual November 2010

The intent of U.S. UW efforts is to exploit a hostile power’s political, military, economic, and psychological vulnerabilities by developing and sustaining resistance forces to accomplish U.S. strategic objectives. Historically, the military concept for the employment of UW was primarily in support of resistance movements during general-war scenarios. While this concept remains valid, the operational environment since the end of World War II has increasingly required U.S. forces to conduct UW in scenarios short of general war (limited war). Enabling a resistance movement or insurgency entails the development of an underground and guerrilla forces, as well as supporting auxiliaries for each of these elements. Resistance movements or insurgencies always have an underground element. The armed component of these groups is the guerrilla force and is only present if the resistance transitions to conflict. The combined effects of two interrelated lines of effort largely generate the end result of a UW campaign. The efforts are armed conflict and subversion. Forces conduct armed conflict, normally in the form of guerrilla warfare, against the security apparatus of the host nation (HN) or occupying military. Conflict also includes operations that attack and degrade enemy morale, organizational cohesion, and operational effectiveness and separate the enemy from the population. Over time, these attacks degrade the ability of the HN or occupying military to project military power and exert control over the population. Subversion undermines the power of the government or occupying element by portraying it as incapable of effective governance to the population.

Read more →

U.S. Navy

(U//FOUO) U.S. Navy WikiLeaks Safeguarding Classified National Security Information Recommendations

PROTECTING INFORMATION CRITICAL TO OUR NATION’S SECURITY IS THE RESPONSIBILITY OF EVERYONE. THAT RESPONSIBILITY BECOMES MORE COMPLEX IN AN ELECTRONIC ENVIRONMENT. IT IS INCUMBENT UPON US ALL TO PROMOTE GOOD SECURITY PRACTICES ON THE NETWORK, MAINTAINING AN INFORMATION ADVANTAGE WHILE BALANCING INFORMATION SECURITY. WE OWE IT TO OURSELVES AND OUR FELLOW SAILORS AND MARINES TO PROTECT VITAL INFORMATION NECESSARY TO FIGHT AND WIN. REFS A THROUGH E ARE INTENDED TO IMPROVE THE BASIC PRINCIPLES AND PRACTICES OF INFORMATION SECURITY. THESE PRINCIPALS AND PRACTICES NEED TO BECOME OUR STANDARD AND NOT THE EXCEPTION.

Read more →

Corporate

Internal BP Azerbaijan Subsea Drilling Safety, Security, Environmental Procedure Manuals

A .zip file containing more than one-hundred internal BP documents relating to Health, Safety, Security and Environment (HSSE) procedures for the company’s operations in Azerbaijan (Azerbaijan Business Unit/AzSPU). The titles of all the documents contained in the file are listed below. Most of the documents are classified internally within BP at the Document Control Tier 2 level. Many of the documents appear to reflect procedural revisions made following the 2010 oil spill in the Gulf of Mexico.

Read more →

Congressional Research Service

Libya: Background and U.S. Relations

Major anti-government protests broke out in Libya on February 15 and have since intensified, eliciting violent government responses. The demonstrations are in opposition to the 42-year regime of Libya’s leader, Muammar al Qadhafi. As of February 18, some sources have reported that opposition forces have taken over areas of Benghazi, Libya’s second-largest city, and its surroundings in Libya’s northeastern Mediterranean region of Cyrenaica.

Read more →

Congressional Research Service

Bahrain: Reform, Security, and U.S. Policy

After experiencing serious unrest during the late 1990s, Bahrain undertook several steps to enhance the inclusion of the Shiite majority in governance. However, protests erupting following the uprising that overthrew Egyptian President Hosni Mubarak on February 11, 2011, demonstrate that Shiite grievances over the distribution of power and economic opportunities remain unsatisfied. The new unrest comes four months after smaller protests against the efforts by the Sunni-led government’s efforts to maintain its tight grip on power in the October 23, 2010, parliamentary election. That election, no matter the outcome, would not have unseated the ruling Al Khalifa family from power, but the Shiite population was hoping that winning a majority in the elected lower house could give it greater authority with which to challenge the ruling family. In advance of the elections, the government launched a wave of arrests intended to try to discredit
some of the hard-line Shiite leadership as tools of Iran.

Read more →

New York

New York Enhanced Security Guard Training Program Instruction Plan

Eighty-five percent of the critical infrastructure in the United States belongs to private enterprise and corporations. Thus, security guards are literally one of the nation’s first groups of defenders and play an integral role in prevention and deterrence efforts. Success in prevention and deterrence of both general crime, and terrorist acts as well, begins with the establishment of a baseline and maintenance of a robust all-hazards and all-crimes management infrastructure. The professional security guard industry in New York State with an excess of 140,000 certified security guards inhabit that baseline. This program will provide security guards with the basic awareness of terrorism issues that can potentially affect responsibilities within the purview of their employment. It will improve observation, detection and reporting capabilities while enhancing coordination capability with other emergency response professionals. Additionally, this program will elaborate on previously provided instruction, thereby elevating participants’ familiarity with access control issues and security technology.

Read more →

Corporate

HBGary Qosmos Deep Packet Inspection White Paper

Given the massive volumes of data that the U.S. and other governments must manage and the volume of traffic across IT networks, government-wide security solutions pose significant technical challenges. According to Phil Bond, president of TechAmerica, “Now more than ever, a partnership between the public and private sectors in leveraging IT to achieve a more transparent government is essential to securing the public’s safety.”

Read more →

Arizona, Intelligence Fusion Centers

(U//LES) Arizona Fusion Center Warning: Police Officers Targeted on Facebook

On October 28, 2010 a DUI traffic stop by MCSO uncovered a CD containing multiple photographs and names of over 30 Phoenix PD officers and civilian employees. All of the names and photographs found on the CD were obtained from Facebook and reveal the identity of several patrol and undercover officers. All officers who were identified on the CD have been notified. It is unknown how many more CDs (if any) may be circulating. This information is provided for Officer Safety and Situational Awareness purposes.

Read more →

Department of State

U.S. State Department OSAC: Is China Next for Social Unrest?

The recent social unrest and subsequent government overthrows in Egypt and Tunisia have had deep reverberations not only around the Middle East, but throughout the world. While speculation proliferates about which country will be the next to experience such tumult, a critical analysis of important variables present in both countries should be applied to any other country when making this assessment. In this report, those variables will be analyzed with respect to the People’s Republic of China, and the probability it will be the next country to experience social unrest.

Read more →

Corporate

HBGary Windows Rootkit Analysis Report

This report focuses on Windows Rootkits and their affects on computer systems. We also suggest that combining deployment of a rootkit with a BOT makes for a very stealth piece of malicious software. We have used various monitoring tools on each of the rootkits and have included most but not all of the monitor logs due to space constraints. However, if a log is needed for perusal it is available. Some of the rootkits we investigated contained readme files which were, for the most part, quite informative and actually substantiated some of our monitoring log findings. For the rootkits that contained readme files we have either included them within the document or have included a link for them. At the beginning of this report we have included clean monitoring logs from two different tools that we employed on the rootkits. We have other clean logs but did not include them for the sake of space. Once more, as the logs for the rootkits will be available if needed so will these clean logs.

Read more →

Transportation Security Administration

(U//FOUO) TSA Pipeline Security Smart Practices Report

U.S. hazardous liquids and natural gas pipelines are critical to the nation’s commerce and economy and, as a consequence, they can be attractive targets for terrorists. Before September 11, 2001, safety concerns took precedence over physical and operational security concerns for a majority of pipeline operators. Security matters were mainly limited to prevention of minor theft and vandalism. The terrorist attacks of 9/11 forced a thorough reconsideration of security, especially with respect to critical infrastructure and key resources. Pipeline operators have responded by seeking effective ways to incorporate security practices and programs into overall business operations.

Read more →

Intelligence Fusion Centers, Louisiana

(U//LES) LA-SAFE Geomagnetic Storm Warning

A series of coronal mass ejections (CMEs) are en route to Earth from a sunspot which will buffet the Earth’s magnetic field during the next 12 to 60 hours. These CMEs are a result of the strongest solar flare in more than four years, which peaked on February 15th and registered as an X-flare. X-flares are the strongest type of solar flare. NOAA forecasters estimate a 45% chance of geomagnetic activity on February 17, 2011. Geomagnetic storms usually last 24 to 48 hours, but some may last for many days. They also have the capability of disrupting communication systems, navigation systems and electric grids.

Read more →

Corporate

HBGary General Dynamics Malware Development: Task Z

General Dynamics has selected HBGary Inc to provide this proposal for development of a software tool, which provides the user a command line interface, that will enable single file, or full directory exfiltration over TCP/IP. General Dynamics has requested multiple protocols to be scoped as viable options, and this quote contains options for VoIP (Skype) protocol, BitTorrent protocol, video over HTTP (port 80), and HTTPS (port 443). HBGary will research and analyze the best solution given the client’s choice of protocol(s). As outlined in the Bill of Materials on page 4 of this document, cost per protocol is provided separately, and one or more of the options can be chosen by General Dynamics. HBGary will develop this user mode application with listen capabilities, trace cleanup, and ensure network sniffer testing doesn’t trigger any alerts. The application will be provided for user testing, and validation at the close of the development cycle which will be scheduled jointly between HBGary, and General Dynamics.

Read more →

Corporate

HBGary General Dynamics Malware Development: Project C

General Dynamics has selected HBGary Inc to provide this proposal for development of a software application targeting the Windows XP Operating System that, when executed, loads and enables a covert kernel-mode implant that will exfiltrate a file from disk (or other remotely called commands) over a connected serial port to a remote device. The enabling kernel mode implant will cater to a command and control element via the serial port. The demonstration will utilize an exploit in Outlook as the delivery mechanism for said software application. The subsequently loaded implant will be stable and will not crash the demonstration system. A usermode component will be included as part of the exploitation package that exercises the kernel mode implant for demonstration purposes. The loaded implant will use the connected serial port to remotely enable functions which can be visible on the collection computer connected on the other end of the serial line. The purpose of the demonstration setup is to verify the functionality for the customer and validate that all work has been completed.

Read more →

Corporate

HBGary Team Themis Corporate Information Reconnaissance Cell Documents

Internet based communications, most predominately the growing spectrum of social media platforms, allow people to coordinate and communicate in a highly efficient and collaborative manner, even when vastly geographically distributed. These same services and technologies can also make it difficult to attribute information to specific entities. Anonymizing and misattribution technologies used to mask location and identity have become commonplace. In many cases, people and/or organizations use the inherent insecurity in Internet communications to conduct criminal or unethical activities. This represents a paradigm shift in the capability of individuals and small groups to conduct effective planning and execution of asymmetric operations and campaigns that can have major impacts on large organizations or corporations. Despite the increased capability and anonymity that these new communications technologies provide, it is still possible to counter individuals and groups who are leveraging networks, platforms, and/or applications to conduct criminal and/or unethical activities. In such cases, it is necessary to develop a more forward leaning investigative capability to collect, analyze, and identify people or organizations conducting such activities. In order to effectively track and understand the complex, interconnected networks involved in these actions, it becomes critical to utilize proven, cutting-edge tools and analytical processes; applying them in a deliberate, iterative manner against those involved in illicit activities. The most effective way to limit the capability of individuals and/or groups is to develop a comprehensive picture of the entities involved through focused collection, conduct rapid analysis to identify key nodes within the network, and determine the most effective method for influencing/limiting these entities.

Read more →

Headline

Tahrir Square Photos February 2011

See also: Egyptian Revolution Photos February 2011 Egyptian Revolution Photos January 2011 M Soli – http://www.flickr.com/photos/24610655@N08/ Kodak Afgha – http://www.flickr.com/photos/96884693@N00/ Maggie Osama – http://www.flickr.com/photos/maggieosama/ Mahmoud Saber – http://www.flickr.com/photos/mahmoudsaber/ Omar Robert Hamilton – http://www.flickr.com/photos/56458828@N02/

Read more →

Department of Homeland Security

DHS Secretary Napolitano Testimony on “Homeland Threat Landscape”

As the President said in his State of the Union address, in the face of violent extremism, “we are responding with the strength of our communities.” A vast majority of people in every American community resoundingly reject violence, and this certainly includes the violent, al-Qaeda-style ideology that claims to launch attacks in the name of their widely rejected version of Islam. We must use these facts as a tool against the threat of homegrown violent extremism. In conjunction with these communities and with the Department of Justice and the Program Manager for the Information Sharing Environment, we have published guidance on best practices for community partnerships, which has been distributed to local law enforcement across the country. DHS also holds regular regional meetings – which include state and local law enforcement, state and local governments, and community organizations – in Chicago, Detroit, Los Angeles, and Minneapolis. These regional meetings have enabled participants to provide and receive feedback on successful community-oriented policing and other programs aimed at preventing violence.

Read more →

Intelligence Fusion Centers, Massachusetts

Boston Regional Intelligence Center Counterfeit Money Advisory

There have been several reports of counterfeit money being passed around the City of Boston since the beginning of December 2008. In the majority of incidents, counterfeit $20 dollar bills were used, but $10, $50 and $100 dollar bills have been used on occasion. The most frequent recipient of these counterfeit bills have been Taxi/ Livery drivers, restaurants and bars in the Dorchester (C11), South Boston (C6), Roxbury (B2) and Jamaica Plain (E13) areas. Boston Police, in conjunction with the United States Secret Service made an arrest on 2/3/09 of an individual that may be responsible for some of the counterfeit currency being passed around (CC# 090061459). Below please find a list of serial numbers that have been used in more than one incident, as well as a list of serial numbers used since 12/12/08.

Read more →

Federal Bureau of Investigation, Kansas, Missouri, Texas

(U//LES) FBI Texas, Missouri and Kansas Senior Citizen Scam Report

Warrants in Jasper County, Missouri, Cass County, Missouri, Clay County, Missouri and Grand Saline, Texas have been issued for Donald Anthony Moses, aka Tony Moses, for financial exploitation of the elderly and felony theft targeting senior citizens by committing home-repair schemes. The most recent confirmed date that Moses committed a home-repair scheme was on 18 January 2011 in Manhattan, Kansas.

Read more →