The Colorado Information Analysis Center (CIAC) is disseminating this awareness bulletin to help law enforcement officers and military personnel to minimize their social media footprint and protect their identity and family. Recent calls for attacks against law enforcement officers by foreign terrorist organizations and recent reports released by the U.S. Senate Select Intelligence Committee’s report on the CIA’s Detention Interrogation Program may exacerbate tensions or even spark violence against officers, intelligence personnel, government officials, and their families. This awareness bulletin seeks to make general recommendations to limit an individual’s digital footprint and diminish a violent actor’s targeting capability.
Documents
U.S. Southern Command
U.S. Southern Command Human Rights Awareness Education for General Officers
A central goal of U.S. foreign policy is promotion of respect for human rights, as embodied in the Universal Declaration of Human Rights. Human rights are freedoms, immunities, and benefits that are deemed universal, inherent, and inalienable possessions of all humankind. This means that human rights are not a concession granted by society or any particular government. Human Rights Law requires a nation to guarantee the fundamental human rights of its citizens throughout the peace-war-peace spectrum. The Law of War* is that part of international law that regulates the conduct of armed hostilities.
Federal Bureau of Investigation
FBI Alert: Iranian Cyber Actors Targeting Defense Contractors, Schools and Energy Sector
A group of cyber actors utilizing infrastructure located in Iran have been conducting computer network exploitation activity against public and private U.S. organizations, including Cleared Defense Contractors (CDCs), academic institutions, and energy sector companies. The actors typically utilize common computer intrusion techniques such as the use of TOR, open source reconnaissance, exploitation via SQL injection and web shells, and open source tools for further network penetration and persistence. Internet-facing infrastructures, such as web servers, are typical targets for this group. Once the actors penetrate a victim network, the actors exfiltrate network design information and legitimate user credentials for the victim network. Often times, the actors are able to harvest administrative user credentials and use the credentials to move laterally through a network.
Federal Bureau of Investigation
(U//FOUO) FBI Report: Threats to Law Enforcement Following Murders of Two NYPD Officers
Russia
Military Doctrine of the Russian Federation December 2014
An updated version of the Military Doctrine of the Russian Federation released by the Kremlin on December 26, 2014. The update has received significant media coverage for reportedly naming the North Atlantic Treaty Organization as one of its primary threats, despite the fact that the previous version of the doctrine signed in 2010 contained similar statements.
National Security Agency
(U//FOUO) NSA/CSS Policy Manual 9-12: Storage Device Sanitization
This manual provides guidance for sanitization of Information Systems (IS) storage devices for disposal or recycling in accordance with NSA/CSS Policy Statement 9-12, “NSA/CSS Storage Device Sanitization.” Information stored on these devices may range from UNCLASSIFIED to TOP SECRET and may include compartmented, sensitive, or limiteddistribution material. Furthermore, this manual provides information on how to obtain current listings of evaluated sanitization equipment that meets NSA/CSS specifications.
Federal Bureau of Investigation
FBI Cyber Division Bulletin: Cargo Thieves use GPS Jammers to Mask GPS Trackers
This Private Industry Notification (PIN) highlights the use of Global Positioning Systems (GPS) jammers by criminals to thwart law enforcement response and investigation into cargo thefts in the United States. Since at least February 2012, various law enforcement and private sector partners have reported that GPS tracking devices have been jammed by criminals engaged in nefarious activity including cargo theft and illicit shipping of goods. Although banned by federal law, the jammers are readily available over the Internet and easy to employ.
Department of Homeland Security
DHS National Cybersecurity and Communications Integration Center: Suspicious “Invoic” Email Sent to Government Personnel
On 15 October 2014, a phishing email was dispersed to a wide variety of government employees. NCCIC has also received a number of reports indicating that members within the Education Sector and Financial Sector; International, State, Local, and Tribal organizations have also received similar email messages. The email suggested that the recipient had an unpaid debt and the attachment was an invoice showing the debt information. The subject line reads “UNPAID INVOIC” and the content simply instructs recipients to open the attachment which is a PDF file that is believed to be malicious. Rather than installing malware files from the PDF file itself, it appears to use embedded JavaScript within the file to redirect victims to a malicious website where additional malware can be installed.
Central Intelligence Agency
CIA Historical Study: Power Moves Involved in the Overthrow of an Unfriendly Government
California
Modesto Police Department Correspondence with Predictive Policing Company PredPol, Inc.
A collection of correspondence and contract information between the Modesto Police Department and PredPol, Inc., a company that sells software used for so-called predictive policing. The material was obtained by journalist Darwin BondGraham via the California Public Records Act. BondGraham’s Twitter account was suspended following a complaint issued by PredPol, Inc. after he posted images of a few pages from the documents. It is unclear what specific content was the reason for the complaint.
U.S. Army
(U//FOUO) U.S. Army Military Intelligence Battalion Interrogation Manual
TC 2-22.304 provides doctrinal guidance concerning the military intelligence (MI) battalion (interrogation). The TC complements existing doctrine, in particular FM 2-22.3, and incorporates lessons learned from recent operations. The MI battalion (interrogation) is specifically designed to operate within a joint interrogation and debriefing center (JIDC). The battalion command, staff, personnel, and equipment form the nucleus of the JIDC. The battalion is task-organized and augmented with additional personnel from other Services, Government civilians, and civilian contractors to form a JIDC.
Central Intelligence Agency
Senate Select Committee on Intelligence Study of the CIA Detention and Interrogation Program
On April 3, 2014, the Senate Select Committee on Intelligence voted to send the Findings and Conclusions and the Executive Summary of its final Study on the CIA’s Detention and Interrogation Program to the President for declassification and subsequent public release. This action marked the culmination of a monumental effort that officially began with the Committee’s decision to initiate the Study in March 2009, but which had its roots in an investigation into the CIA’s destruction of videotapes of CIA detainee interrogations that began in December 2007. The full Committee Study, which totals more than 6,700 pages, remains classified but is now an official Senate report. The full report has been provided to the White House, the CIA, the Department of Justice, the Department of Defense, the Department of State, and the Office of the Director of National Intelligence in the hopes that it will prevent future coercive interrogation practices and inform the management of other covert action programs.
U.S. Army
Restricted U.S. Army Nonlethal Weapons Training Manual
TC 3-19.5 provides guidance on specific NLW training with emphasis on User Training, Train-the-Trainer Training, and Unit Training. It is designed to be used with FM 3-22.40, Multi-Service TTP for the Tactical Employment of Nonlethal Weapons, and the Multi-Media Training Support Package (MMTSP). The MMTSP is a Warrior TSP designed to train individual tasks.
Federal Bureau of Investigation
FBI Cyber Bulletin: Korean Malware Potentially Used in Sony Pictures Attack
Destructive malware used by unknown computer network exploitation (CNE) operators has been identified. This malware has the capability to overwrite a victim host’s master boot record (MBR) and all data files. The overwriting of the data files will make it extremely difficult and costly, if not impossible, to recover the data using standard forensic methods. Analysis of this malware is presented to provide the computer network defense (CND) community with indicators of this malware.
Department of Homeland Security
(U//FOUO) DHS Intelligence Assessment: Potential Tactics and Targets in ISIL-Linked Western Attacks
This Assessment highlights the tactics, targets, and tradecraft that potentially could be used in the Homeland by individuals associated with or inspired by the Islamic State of Iraq and the Levant (ISIL); we do not address the likelihood of an attack against the United States by the group. This Assessment is intended to support the activities of DHS to assist federal, state, and local government counterterrorism and law enforcement officials, first responders, and private sector security partners in effectively deterring, preventing, preempting, or responding to terrorist attacks against the United States.
White House
White House Review of Federal Support for Local Law Enforcement Equipment Acquisition
For decades, the federal government has provided billions of dollars in equipment to state and local law enforcement agencies (LEAs) through excess equipment transfers, asset forfeiture programs and federal grants. Particularly in the years since September 11, 2001, Congress and the Executive Branch have steadily increased spending and support for these programs, in light of legitimate concerns about the growing threat of terrorism, shrinking local budgets, and the relative ease with which some criminals are able to obtain high-powered weapons. These programs have significantly expanded over decades across multiple federal agencies without, at times, a commensurate growth in the infrastructure required to standardize procedures governing the flow of equipment from the federal government to LEAs. At the same time, training has not been institutionalized, specifically with respect to civil rights and civil liberties protections, or the safe use of equipment received through the federal government. Concerns over the lack of consistent protections have received renewed focus and attention in light of the recent unrest in Ferguson, Missouri.
Department of Justice
Implementing a Body-Worn Camera Program: Recommendations and Lessons Learned
Police leaders who have deployed body-worn cameras say there are many benefits associated with the devices. They note that body-worn cameras are useful for documenting evidence; officer training; preventing and resolving complaints brought by members of the public; and strengthening police transparency, performance, and accountability. In addition, given that police now operate in a world in which anyone with a cell phone camera can record video footage of a police encounter, body-worn cameras help police departments ensure events are also captured from an officer’s perspective.
Drug Enforcement Administration
DEA National Drug Threat Assessment Summary 2014
The 2014 NDTA Summary uses information provided by 1,226 state and local law enforcement agencies through the 2014 National Drug Threat Survey (NDTS). At a 95 percent confidence level, the 2014 NDTS results are within 2.59 percentage points of the estimates reported. NDTS data used in this report do not imply that there is only one drug threat per state or region or that only one drug is available per state or region. A percentage given for a state or region represents the proportion of state and local law enforcement agencies in that state or region that identified a particular drug as their greatest threat or as available at low, moderate, or high levels.
U.S. Air Force
U.S. Air Force Cyber Warfare Operations Education and Training Plan
Training guide released in November 2014 for airmen who perform “duties to develop, sustain, and enhance cyberspace capabilities to defend national interests from attack and to create effects in cyberspace to achieve national objectives. Conduct Offensive Cyberspace Operations (OCO) and Defensive Cyberspace Operations (DCO) using established tactics, techniques and procedures (TTPs) to achieve COCOM and national objectives. Executes command and control (C2) of assigned cyberspace forces and de-conflict cyberspace operations across the kinetic and non-kinetic spectrum. Supports cyberspace capability development, testing and implementation. Partners with DoD, interagency and Coalition Forces to detect, deny, disrupt, deceive, and mitigate adversarial access to sovereign national cyberspace systems.”
Department of Justice
Bureau of Justice Assistance Managing Large-Scale Security Events Planning Guide
Large-scale events provide local governments with a number of valuable opportunities, including increasing revenue, revitalizing a city, and providing an increased sense of community. With these benefits comes greater responsibility for local law enforcement to ensure the public’s safety. When law enforcement executives are tasked with managing a large event, they can maximize their efforts by learning from other agencies and adopting proven practices. Too often, however, past lessons learned are not documented in a clear and concise manner. To address this information gap, the U.S. Department of Justice’s Bureau of Justice Assistance worked in partnership with CNA to develop this Planning Primer.
Department of Homeland Security Testimony, Department of Justice
DoJ-DHS Pamphlet: The Role of State and Local Law Enforcement at First Amendment Events
Department of Homeland Security
(U//FOUO) DHS Sensitive Compartmented Information Facility (SCIF) Construction Standards
This handbook contains standard security designs and procedures common to Sensitive Compartmented Facilities (SCIF) and physical security construction standard and established by the Director National Intelligence (DNI) for protection of classified intelligence information. Users should refer to Director of Central Intelligence Directives (DCIDS) and other documents cited under Authorities for guidance on specific security functions.
Afghanistan, United Nations
UNODC Afghanistan Opium Survey 2014
The Afghanistan Opium Survey is implemented annually by the Ministry of Counter Narcotics (MCN) of Afghanistan in collaboration with the United Nations Office on Drugs and Crime (UNODC). The survey team collects and analyses information on the location and extent of opium cultivation, potential opium production and the socio-economic situation in rural areas. Since 2005, MCN and UNODC have also been involved in the verification of opium eradication conducted by provincial governors and poppy-eradication forces. The results provide a detailed picture of the outcome of the current year’s opium season and, together with data from previous years, enable the identification of medium- and long-term trends in the evolution of the illicit drug problem. This information is essential for planning, implementing and monitoring the impact of measures required for tackling a problem that has serious implications for Afghanistan and the international community.
National Institute of Standards and Technology
NIST Special Publication 800-150: Guide to Cyber Threat Information Sharing Draft
As the magnitude and complexity of cyberspace increases, so too does the threat1 landscape. Cyber attacks have increased in both frequency and sophistication resulting in significant challenges to organizations that must defend their infrastructure from attacks by capable adversaries. These adversaries range from individual attackers to well-resourced groups operating as part of a criminal enterprise or on behalf of a nation-state. These adversaries are persistent, motivated, and agile; and employ a variety of tactics, techniques, and procedures (TTPs) to compromise systems, disrupt services, commit financial fraud, expose sensitive information, and steal intellectual property. To enhance incident response actions and bolster cyber defenses, organizations must harness the collective wisdom of peer organizations through information sharing and coordinated incident response. This publication expands upon the guidance introduced in Section 4, Coordination and Information Sharing of NIST Special Publication (SP) 800-61, Computer Security Incident Handling Guide and explores information sharing, coordination, and collaboration as part of the incident response life cycle.
Florida, Intelligence Fusion Centers
(U//FOUO) CFIX Bulletin: Jihadist Propaganda Provides Guidance for Attacks on Law Enforcement
Propaganda providing guidance and/or encouraging “individual jihad” or small cell operations against the West continues to be a prevalent theme in jihadist messaging. This bulletin was created by the CFIX in order to address recent propaganda from the Islamic State and its supporters which provides guidance on targeting law enforcement officers. The CFIX bases its analysis in this bulletin from open source reporting and internet postings with varying degrees of reliability, especially in regards to the true intention and capabilities of terrorist organizations and their supporters. This information is intended to support local, state and federal government agencies along with other entities in developing / prioritizing protective and support measures relating to an existing or emerging threat to homeland security.