The result of this assessment indicates that the current high price of opium did not produce an increase in opium cultivation in the highest cultivating provinces of Hilmand and Kandahar. In these two provinces the cultivation is expected to decrease in 2011. The reasons for this development were multiple and differed from area to area. In parts of Hilmand and Kandahar, farmers reported the persistence of cold and dry climate conditions which led to crop failure as the poppy would not germinate. There also been a changing political environment in Hilmand with the Governor taking initiatives to convince elders and farmers to reduce the amount of poppy planted. This was not systematically captured by the survey, but it may have played a role as well. In both provinces, military operations were conducted by Afghan and international forces around the time of poppy planting in main poppy cultivating areas. Although these operations were not directed against poppy farmers, the coincidence of troupes being present at planting time may also have discouraged farmers from planting poppy.
Author Archive for Public Intelligence
Threats and Takedown Notices
Netherlands National Police Agency (KLPD) Inspire Magazine Takedown Notice
Takedown notice from the Netherlands National Police Agency (KLPD) demanding the removal of issues of Inspire Magazine from this site, February 25, 2011.
Corporate
HBGary SRA International “Memory Grabber” Forensics Tool White Paper
The purpose of this paper is to describe the SRA Memory Grabber system, which provides memory access to a running and password protected laptop through the use of a small PC Card inserted into the PCMCIA slot of the laptop. The Memory Grabber device shown in the figure below is operating system agnostic; working on Microsoft Windows, Linux, and MacOS and is available today as a production unit for use with Express Card and Card Bus laptop systems.
Corporate, Defense Advanced Research Projects Agency
HBGary DARPA Cyber Insider Threat (CINDER) Proposal
Like a lie detector detects physical changes in the body based on sensitivities to specific questions, we believe there are physical changes in the body that are represented in observable behavioral changes when committing actions someone knows is wrong. Our solution is to develop a paranoia-meter to measure these observables. Using shoplifing as an example, there are peaks and valleys of adrenaline during the entire theft process. There is the moment the thief puts an item in their pocket (high), then as they walk around the store the adrenaline begins to valley a bit, then they attempt to walk out of the store (very high). It is at these points that we want to be able to take as many behavioral measurements as possible because it is at these points the insiders activity will be as far from normal behavior. In this hypothesis we will have a rootkit on the host that monitors keystrokes, mouse movements, and visual cues through the system camera.
Federal Reserve
Federal Reserve Financial Crisis Discount Window Loan Data
A zip file made available by Bloomberg contains the complete contents of their recently granted FOIA request for Federal Reserve Discount Window data on loans made, often to foreign banks, during the height of the financial crisis in 2008.
Department of Homeland Security
(U//FOUO) Federal Protective Service Active Shooter Training Brief
Federal Protective Service Active Shooter Awareness Training For Tenant Agencies Briefing from March 23, 2011.
Headline
London Anti-Austerity Protest Photos March 2011
Vasco Alves – http://www.flickr.com/photos/vascoalvo/ Garry Knight – http://www.flickr.com/photos/garryknight/ .alter – http://www.flickr.com/photos/pietrogarrone/ churchofpunk – http://www.flickr.com/photos/17251154@N00/ MadAdminSkillz – http://www.flickr.com/photos/silince/ ang-st – http://www.flickr.com/photos/andyangst/ E. Mellino – http://www.flickr.com/photos/37051152@N03/
Corporate
AT&T Mobility Cellular Subpoena Compliance Contact Information 2011
As part of the One AT&T corporate initiative, the AT&T Mobility subpoena function has been in a state of transition from North Palm Beach, FL to Dallas, TX for the past year. Effective March 1, 2011, the final phase of this process will be implemented.
Department of Homeland Security
(U//FOUO) DHS Dams Sector Security Awareness Handbook
The Nation has more than 100,000 dams. Of this number, approximately 82,000 are listed in the National Inventory of Dams (NID), which generally includes dams greater than 25 feet in height or reservoirs having more than 50 acre-feet in storage capacity. In the NID, the downstream hazard potential (e.g., the amount of risk or damage a dam can pose because of failure or negligent operation) is classified as high, significant, or low. In the current NID database, approximately 12,000 dams are classified as high hazard potential from a dam safety perspective. However, only a very small percentage of high-hazard dams represent a potential for causing mass casualties.
United Nations
UN Satellite Conflict Analysis: Zawiyah, Libya
A review of the city of Zawiyah was conducted using a satellite image acquired 8 March 2011 to document impacts of fighting between Libyan Government and armed opposition forces. This fighting took place between 24 February and 10 March, when Libyan Government forces declared control of the city. Satellite imagery analysis sought to identify evidence of fighting and damage in the area. Armoured vehicles, road blocks consisting of sand and other materials, excavated areas, and possible scorch marks are visible in the satellite image. In addition, significant numbers of light trucks are apparent in groups and convoys throughout much of the city.
Nuclear Regulatory Commission
U.S. Nuclear Regulatory Commission BWR Reactor Shutdown and Spent Fuel Storage Safety Report
An evaluation of the nuclear power plant regulatory basis is performed, as it pertains to those plants that are permanently shutdown (PSD) and waiting or undergoing decommissioning. Four spent fuel storage configurations are examined. Recommendations are provided for those operationally based regulations that could be partially or totally removed for PSD plants without impacting public health and safety.
Corporate
GE Hitachi BWR Reactor Fuel and ABWR Experience Presentation
GE Hitachi BWR Reactor Fuel and ABWR Experience Presentation from September 2008.
Corporate
GE Hitachi “Overcoming Barriers” to Nuclear Energy Presentation
A presentation given a little over a week before the 2011 Japanese Earthquake promoting nuclear power plant construction by GE Hitachi Nuclear Energy. GE and Hitachi both manufactured reactors which are now currently involved in the ongoing nuclear crisis at the Fukushima Daiichi Nuclear Power Plant. In 2007, the companies’ nuclear divisions merged to form GE Hitachi Nuclear Energy.
Intelligence Fusion Centers
(U//LES) El Paso Intelligence Center Bath Salts Synthetic Stimulant Bulletin
Across the United States, synthetic stimulants that are sold as “bath salts” have become a serious drug abuse threat. These products are produced under a variety of faux brand names, and they are indirectly marketed as legal alternatives to cocaine, amphetamine, and Ecstasy (MDMA or 3,4-Methylenedioxymethamphetamine). Poison control centers nationwide have received hundreds of calls related to the side-effects of, and overdoses
from, the use of these potent and unpredictable products. Numerous media reports have cited bath salt stimulant overdose incidents that have resulted in emergency room visits, hospitalizations, and severe psychotic episodes, some of which, have led to violent outbursts, self-inflicted wounds, and even suicides. A number of states have imposed emergency measures to ban bath salt stimulant products (or the chemicals in them) including Florida, Louisiana, North Dakota, and West Virginia; and similar measures are pending in Hawaii, Kentucky, Michigan, and Mississippi. A prominent U.S. Senator has also recently proposed legislation that would ban the synthetic stimulant chemicals found in bath salt products at the federal level.
Corporate
Bank of America Anonymous Email Leak
Emails released by a member of Anonymous relating to the supposed concealment of mortgage fraud by Bank of America. Due to extreme interest, the main site distributing the documents (bankofamericasuck.com) has been intermittently inaccessible. Also, a somewhat confusing presentation makes the actual emails themselves difficult for some people to interpret. Text renditions of the emails contained in the leak are presented.
Afghanistan, U.S. Army
(U//FOUO) U.S. Army Human Terrain Team Commander’s Guide
Human terrain teams (HTTs) consist of five to nine personnel deployed by the HTS to support field commanders. HTTs fill the socio-cultural knowledge gap in the commander’s operational environment and interpret events in his AO. The team, individuals with social science and operational backgrounds, deploys with military units to bring knowledge about the local population into a coherent analytic framework. The teams also assist in building relationships with the local community in order to provide advice and opportunities to commanders and staffs in the field.
U.S. Army
U.S. Army Human Terrain System Afghanistan Pashtun Tribal Analysis
This report consists of two main parts: the first part is an overview of the existing historical and anthropological research on Pashtun “tribes” in Afghanistan, and the second part examines how “tribes” behave in Afghanistan. It is based mostly on academic sources, but it also includes unclassified government information and research performed by HTS Human Terrain Teams, which have been attached to U.S. Army brigades since 2007.
Department of Homeland Security, Federal Bureau of Investigation
(U//LES) DHS-FBI Spokane White Supremacist MLK Parade IED Bulletin
Kevin William Harpham was arrested in Colville, Washington by federal law enforcement on 9 March 2011 in connection with the improvised explosive device (IED) found along the route of a Martin Luther King, Jr. Day “MLK Unity March” in Spokane, Washington on 17 January 2011. On 17 January 2011, three sanitation workers in Spokane, Washington discovered a Swiss Army backpack containing an RCIED immediately prior to the Martin Luther King, Jr. Day “MLK Unity March.” The device was placed along the parade route. Based on preliminary forensic examinations, we assess with medium confidenceii that the IED was designed to fire directional fragmentation similar to a single shot shotgun with buckshot or cannon with a grapeshot round. We likewise assess that the device was viable and could have caused personal injury or death.
Department of Defense
Bradley Manning’s Description of Abusive Treatment at Quantico
Under my current restrictions, in addition to being stripped at night, I am essentially held in solitary confinement. For 23 hours per day, I sit alone in my cell. The guards checked on me every five minutes during the day by asking me if I am okay. I am required to respond in some affirmative manner. At night, if the guards can not see me clearly, because I have a blanket over my head or I am curled up towards the wall, they will wake me in order to ensure that I am okay. I receive each of my meals in my cell. I am not allowed to have a pillow or sheets. I am not allowed to have any personal items in my cell. I am only allowed to have one book or one magazine at any given time to read. The book or magazine is taken away from me at the end of the day before I go to sleep. I am prevented from exercising in my cell. If I attempt to do push-ups, sit-ups, or any other form of exercise I am forced to stop by the guards. Finally, I receive only one hour of exercise outside of my cell daily. My exercise is usually limited to me walking figure eights in an empty room.
Threats and Takedown Notices
Morgan Stanley Demands Removal of HBGary AnonLeaks Document
A representative of Morgan Stanley has demanded the removal of a document originally released by the online hacktivist group Anonymous. Morgan Stanley’s Computer Emergency Response Team (CERT) Physical Memory Standard Operating Procedures is a 23-page document that details procedures written by HBGary employee Phil Wallisch for Morgan Stanley’s CERT. The original source of the document is an email from Phil Wallisch to the Morgan Stanley CERT in June 2010. The document is available in other formats from a variety of sites hosting the AnonLeaks HBGary files.
Libya, United Nations
UN Libya Ra’s Ajdir Border Crossing Security Checkpoints Analysis
There are two functional security checkpoints along the main road between the Tunisian-Libyan border crossing at Ra’s Ajdir and the town of Abu Kammash 19km to the east, as based on an analysis or satellite imagery acquired on 3 and 5 March 201 1 Both are likely permanent locations established before the present crisis. Although there are clear indications that these checkpoints are actively controlling road traffic, there are however no associated large concentrations of either people or vehicle traffic leading to the checkpoints, strongly suggesting that these sites are NOT responsible for the drop in the number of people reaching the border at Ra ‘s Ajdir, as observed on 3 and 4 March 2011. It is possible that there are additional security checkpoints or temporary roadblocks located east of Abu Kammash which could be responsible for the reduction in traffic. UNITARJUNOSAT will continue to task and analyze additional satellite imagery along this transport corridor leading to the Tunisian border.
Department of Homeland Security
(U//FOUO) DHS Strategy for Improving Improvised Nuclear Device Attack Response
The mission of the Department of Homeland Security (DHS) includes acting as a focal point regarding natural and manmade crises and emergency planning. In support of the Department’s mission, the primary mission of the Federal Emergency Management Agency (FEMA) is to reduce the loss of life and property and protect the Nation from all hazards, including natural disasters, acts of terrorism, and other man-made disasters, by leading and supporting the Nation in a risk-based, comprehensive emergency management system of preparedness, protection, response, recovery, and mitigation. Consistent with these missions, the Nuclear/Radiological Incident Annex to the National Response Framework (June 2008) sets forth DHS as the coordinating agency for all deliberate attacks involving nuclear/radiological materials, including radiological dispersal devices (RDDs) and improvised nuclear devices (INDs).
Texas
(U//FOUO/LES) Arlington Police Department Khalid Ali‐M Aldawsari Saudi IED Plot Advisory
On 02/23/2011 Khalid Ali‐M Aldawsari (pictured left), a Saudi national currently attending college at South Plains College, near Lubbock, Texas, was arrested on federal terrorism charges. Aldawsari was charged with attempted use of a weapon of mass destruction (WMD), in connection with the alleged purchase of chemicals and equipment necessary to make an improvised explosive device (IED), in addition to research into possible U.S. based targets. Court documents advise that Aldawsari had performed internet research on how to construct an IED, using chemical components. It has also been alleged he had acquired/taken major steps in acquiring the necessary components and equipment needed to build such a device. According to court documents, on 02/01/2011 a chemical supplier reported to the FBI a suspicious purchase of concentrated phenol, by a man named Khalid Aldawsari. Although the toxic chemical phenol can have legitimate uses; it can also be used to make explosives. Concentrated sulfuric and nitric acids, beakers, flasks, clocks, wiring, and a Hazmat suit were found during 2 FBI searches of Aldawsari’s apartment.
Corporate
HBGary Morgan Stanley CERT Physical Memory Standard Operating Procedures
Memory forensics allows MSCERT to become more effective and agile regarding the acquisition of actionable intelligence. Traditional disk forensic approaches to investigations are slow and non-scalable. Large amounts of data must be acquired, transferred, and then analyzed. Memory forensics reveal what the true running state of a target system is at the time of acquisition. Hidden processes and other system activities are made available to an analyst by analyzing a smaller set of data than disk forensics. This document details Morgan Stanley’s (MS) Standard Operating Procedures (SOPs) for acquiring and analyzing physical memory using the HBGary forensic toolset. Fastdump Professional and Responder Professional usage are detailed through a case study methodology.
Corporate, Department of Defense
HBGary DoD Cyber Warfare Support Work Statement
Cyber Warfare is warfare in the Cyberspace domain, which is defined by the SECDEF as “a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the internet, telecommunications networks, computer systems and embedded processors and controllers.” Cyber Warfare encompasses Computer Network Operations (e.g. Attack, Defend and Exploit,) Information Assurance, and the network operations that encompass Command, Control, Communications, Intelligence, Surveillance and Reconnaissance (C4ISR) and Information Operations (IO) functions that occur within the Cyberspace domain. This includes Computer Network Operations (CNO) against automated systems (e.g. C4ISR), and the interaction between the physical, social and biological networks that define human-machine interaction.