Documents

(U//FOUO) DHS Bulletin: Ongoing Violence, Information Narratives Nationwide Poses Continued Threat to Law Enforcement

In the last 24 hours the types of people or groups seeking to carry out violence in response to the death of George Floyd in Minneapolis has shifted in many cities. The initial violent looters and protestors were believed to be organic members of the local communities. However, domestic violent extremists are attempting to structure the protests to target specific symbols of state, local, and federal authority. We anticipate armed individuals will continue to infiltrate the protest movement. We assess with high confidence during the period of darkness from 30 to 31 May the violent protest movements will grow and DVEs and others will seek to take over government facilities and attack law enforcement.

DoD Memo: Actions to Improve Defense Support in Complex Catastrophes

In a domestic complex catastrophe, with effects that would qualitatively and quantitatively exceed those experienced to date, the demand for Defense support of civil authorities would be unprecedented. Meeting this demand would be especially challenging if a cyber attack or other disruption of the electrical power grid creates cascading failures of critical infrastructure, threatening lives and greatly complicating DoD response operations.

(U//FOUO) New Jersey Fusion Center Report: Returning to Work After COVID-19

The New Jersey Regional Operations & Intelligence Center (ROIC) conducted research regarding the process necessary for successful recovery from COVID-19. This research and subsequent analysis focused on proper return-to-work procedures for first responders, while ensuring the safety of all. Although limited data is available specifically referencing first responders, numerous international scientific studies provide best practices for determining an individual’s ability to safely resume their duties. Links for more information are provided throughout this report.

(U//FOUO) DHS Bulletin: Cybercriminals See Opportunity to Exploit Online Distance Learning Platforms and Users

Most US school districts as of 23 March 2020 are and will remain closed until the end of the academic school year or “until further notice” because of COVID-19, according to data provided by a Maryland-based online publication that provides scholastic news and analysis. This Article assumes that while pre-kindergarten through 12th grade schools, institutions of higher education, and business and trade schools are closed, many are relying on internet-enabled distance learning (eLearning) alternatives in place of traditional classroom instruction.

FBI Private Sector Report: Indicators of Fraudulent 3M Personal Protective Equipment

The FBI’s Minneapolis Division, in coordination with the Office of Private Sector (OPS), Criminal Investigative Division (CID), and 3M, prepared this LIR to make the Healthcare and Public Health Sectors aware of indicators related to fraudulent sales solicitation of 3M Personal Protective Equipment (PPE), or indicators of counterfeit 3M PPE, including N95 respirators.

(U//FOUO) DHS Bulletin: APT Actors Likely View Zoom Vulnerabilities as Opportunity to Threaten Public and Private Sector Entities

APT actors likely will identify new or use existing vulnerabilities in Zoom to compromise user devices and accounts for further exploitation of corporate networks. This judgment includes critical infrastructure entities using Zoom. We base this judgment on recent public exposure of Zoom’s numerous vulnerabilities. While vendors regularly publish patches for vulnerabilities, reports indicate there are instances in which users and organizations delay updates. The patching process is undermined by APT actors who often capitalize on delays and develop exploits based on the vulnerability and available patches.

World Health Organization-China Joint Mission on Coronavirus Disease 2019 (COVID-19) Report

The COVID-19 virus is a new pathogen that is highly contagious, can spread quickly, and must be considered capable of causing enormous health, economic and societal impacts in any setting. It is not SARS and it is not influenza. Building scenarios and strategies only on the basis of well-known pathogens risks failing to exploit all possible measures to slow transmission of the COVID-19 virus, reduce disease and save lives.

(U//FOUO) California State Warning Center Situation Cell Incident Report 2020 novel Coronavirus (2019-nCoV) February 9, 2020

Outbreaks of novel virus infections among people are always of public health concern. The risk from these outbreaks depends on characteristics of the virus, including whether and how well it spreads between people, the severity of resulting illness, and the medical or other measures available to control the impact of the virus. Investigations are ongoing to learn more, but some degree of person-to-person spread of 2019-nCoV is occurring. It is not clear yet how easily 2019-nCoV spreads from person-to-person. While CDC considers this as a serious public health concern, based on current information, the immediate health risk from 2019-nCoV to the general American public is considered low at this time.

FBI Cyber Bulletin: Website Defacement Activity Indicators of Compromise and Techniques Used to Disseminate Pro-Iranian Messages

Following last week’s US airstrikes against Iranian military leadership, the FBI observed increased reporting of website defacement activity disseminating Pro-Iranian messages. The FBI believes several of the website defacements were the result of cyber actors exploiting known vulnerabilities in content management systems (CMSs) to upload defacement files.

(U//FOUO) DHS-FBI-NCTC Bulletin: Escalating Tensions Between the United States and Iran Pose Potential Threats to the Homeland

This Joint Intelligence Bulletin (JIB) is intended to assist federal, state, local, tribal, and territorial counterterrorism, cyber, and law enforcement officials, and private sector partners, to effectively deter, prevent, preempt, or respond to incidents, lethal operations, or terrorist attacks in the United States that could be conducted by or on behalf of the Government of Iran (GOI) if the GOI were to perceive actions of the United States Government (USG) as acts of war or existential threats to the Iranian regime.

(U//FOUO) TSA Vehicle Ramming Attacks Report April 2019

Based on our analysis of terrorist publications such as Rumiyah and observations of terrorism-inspired events worldwide, we believe terrorist organizations overseas have advocated conducting vehicle ramming attacks against crowds, buildings, and other vehicles, using modified or unmodified large-capacity vehicles. Such attacks could target locations where large numbers of people congregate, including sporting events, entertainment venues, shopping centers, or celebratory gatherings such as parades.

U.S. Army Doctrine Publication: Defense Support of Civil Authorities July 2019

ADP 3-28 clarifies similarities and differences between defense support of civil authorities (DSCA) and other elements of decisive action. DSCA and stability operations are similar in many ways. Both revolve around helping partners on the ground within areas of operations. Both require Army forces to provide essential services and work together with civil authorities. However, homeland operational environments differ from those overseas in terms of law, military chain of command, use of force, and inter-organizational coordination among unified action partners. This ADP helps Army leaders understand how operations in the homeland differ from operations by forces deployed forward in other theaters. It illustrates how domestic operational areas are theaters of operations with special requirements. Moreover, this ADP recognizes that DSCA is a joint mission that supports the national homeland security enterprise. The Department of Defense conducts DSCA under civilian control, based on U.S. law and national policy, and in cooperation with numerous civilian partners. National policy, in this context, often uses the word joint to include all cooperating partners, as in a joint field office led by civil authorities.

(U//FOUO) National Reconnaissance Office Acquisition Manual Change Prohibiting Procurement from Huawei, ZTE, and Other Chinese Companies

The National Reconnaissance Office (NRO) Acquisition Manual is hereby amended by adding new sub-part N4.21, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment, to implement a provision of the 2019 National Defense Authorization Act prohibiting the procurement and use of covered equipment and services produced or provided by Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company.

FBI Cyber Bulletin: Cyber Criminals Use Social Engineering and Technical Attacks to Circumvent Multi-Factor Authentication

The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks. This PIN explains these methods and offers mitigation strategies for organizations and entities using multi-factor authentication in their security efforts. Multi-factor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks.

U.K. Operation Yellowhammer No-Deal Brexit Worst Case Planning Assumptions Document

When the UK ceases to be a member of the EU in October 2019 all rights and reciprocal arrangements with the EU end. The UK reverts fully to ‘third country’ status. The relationship between the UK and the EU as a whole is unsympathetic, with many MS (under pressure from the Commission) unwilling to engage bilaterally and implementing protections unilaterally, though some MS may be more understanding. No bilateral deals have been concluded with individual member states with the exception of the reciprocal agreement on social security coordination with Ireland. EU Citizens living in the UK can retain broadly all rights and status that they were entitled to prior to exit from the EU, at the point of exit.

(U//FOUO) DHS Intelligence Bulletin: Worldwide Terrorist Operations Linked to Lebanese Hizballah or Iran

This Reference Aid examines tactics and targets garnered from a review of attacks or disrupted terrorist operations from 2012-2018 linked to either Lebanese Hizballah (LH) or Iran. It identifies behaviors and indicators that may rise to the level for suspicious activity reporting in areas such as recruitment, acquisition of expertise, materiel and weapons storage, target type, and operational security measures, which could assist federal, state, local, tribal, and territorial government counterterrorism agencies, law enforcement officials, and private sector partners in detecting, preventing, preempting, and disrupting potential terrorist activity in the Homeland. This Reference Aid does not imply these indicators would necessarily be observed or detected in every situation or that LH and Iran necessarily use the same tactics or demonstrate the same indicators. Some of these detection opportunities may come during the course of normal investigations into illegal activities in the United States such as illicit travel or smuggling of drugs, weapons, or cash, and lead to the discovery of pre-operational activity.

FBI Report: Ambushes and Unprovoked Attacks on Law Enforcement Officers

Over a number of years, data collected by the FBI’s Law Enforcement Officers Killed and Assaulted {LEOKA} Program began to demonstrate an alarming trend in the number of officers who were killed in ambushes and unprovoked attacks. While the overall number of officers who were feloniously killed was declining, the percentage of officers feloniously killed during surprise attacks was increasing. The LEOKA Program launched a thorough examination of ambushes and unprovoked attacks in an effort to gain insight into the phenomenon and to provide information to enhance training programs for law enforcement officers. The research focused on the mindset and perceptions of officers involved and offenders who carried out those acts. In particular, why the incidents may have occurred and how those involved reacted to the situation.

FBI Cyber Bulletin: Targeting of Audio and Visual Communication Devices on Business Networks to Identify Vulnerabilities for Exploitation

The FBI identified incidents over the past few months in which cyber actors scanned for and sought to exploit audio and visual communication devices on networks to identify vulnerabilities which could later be used to gain access and unlawfully acquire information about the organization. In addition to targeting corporate information, vulnerable devices may be targeted for compromise for use in botnets or other criminal activities. The types of devices targeted include: Voice over Internet Protocol (VoIP) phones, video conferencing equipment, conference phones, VoIP routers, and cloud-based communication systems. While cyber actors have targeted VoIP and other communication devices in the past, the FBI continues to see these devices scanned by cyber actors for vulnerabilities.