Documents

FBI Private Sector Report: Indicators of Fraudulent 3M Personal Protective Equipment

The FBI’s Minneapolis Division, in coordination with the Office of Private Sector (OPS), Criminal Investigative Division (CID), and 3M, prepared this LIR to make the Healthcare and Public Health Sectors aware of indicators related to fraudulent sales solicitation of 3M Personal Protective Equipment (PPE), or indicators of counterfeit 3M PPE, including N95 respirators.

(U//FOUO) DHS Bulletin: APT Actors Likely View Zoom Vulnerabilities as Opportunity to Threaten Public and Private Sector Entities

APT actors likely will identify new or use existing vulnerabilities in Zoom to compromise user devices and accounts for further exploitation of corporate networks. This judgment includes critical infrastructure entities using Zoom. We base this judgment on recent public exposure of Zoom’s numerous vulnerabilities. While vendors regularly publish patches for vulnerabilities, reports indicate there are instances in which users and organizations delay updates. The patching process is undermined by APT actors who often capitalize on delays and develop exploits based on the vulnerability and available patches.

World Health Organization-China Joint Mission on Coronavirus Disease 2019 (COVID-19) Report

The COVID-19 virus is a new pathogen that is highly contagious, can spread quickly, and must be considered capable of causing enormous health, economic and societal impacts in any setting. It is not SARS and it is not influenza. Building scenarios and strategies only on the basis of well-known pathogens risks failing to exploit all possible measures to slow transmission of the COVID-19 virus, reduce disease and save lives.

(U//FOUO) California State Warning Center Situation Cell Incident Report 2020 novel Coronavirus (2019-nCoV) February 9, 2020

Outbreaks of novel virus infections among people are always of public health concern. The risk from these outbreaks depends on characteristics of the virus, including whether and how well it spreads between people, the severity of resulting illness, and the medical or other measures available to control the impact of the virus. Investigations are ongoing to learn more, but some degree of person-to-person spread of 2019-nCoV is occurring. It is not clear yet how easily 2019-nCoV spreads from person-to-person. While CDC considers this as a serious public health concern, based on current information, the immediate health risk from 2019-nCoV to the general American public is considered low at this time.

FBI Cyber Bulletin: Website Defacement Activity Indicators of Compromise and Techniques Used to Disseminate Pro-Iranian Messages

Following last week’s US airstrikes against Iranian military leadership, the FBI observed increased reporting of website defacement activity disseminating Pro-Iranian messages. The FBI believes several of the website defacements were the result of cyber actors exploiting known vulnerabilities in content management systems (CMSs) to upload defacement files.

(U//FOUO) DHS-FBI-NCTC Bulletin: Escalating Tensions Between the United States and Iran Pose Potential Threats to the Homeland

This Joint Intelligence Bulletin (JIB) is intended to assist federal, state, local, tribal, and territorial counterterrorism, cyber, and law enforcement officials, and private sector partners, to effectively deter, prevent, preempt, or respond to incidents, lethal operations, or terrorist attacks in the United States that could be conducted by or on behalf of the Government of Iran (GOI) if the GOI were to perceive actions of the United States Government (USG) as acts of war or existential threats to the Iranian regime.

(U//FOUO) TSA Vehicle Ramming Attacks Report April 2019

Based on our analysis of terrorist publications such as Rumiyah and observations of terrorism-inspired events worldwide, we believe terrorist organizations overseas have advocated conducting vehicle ramming attacks against crowds, buildings, and other vehicles, using modified or unmodified large-capacity vehicles. Such attacks could target locations where large numbers of people congregate, including sporting events, entertainment venues, shopping centers, or celebratory gatherings such as parades.

U.S. Army Doctrine Publication: Defense Support of Civil Authorities July 2019

ADP 3-28 clarifies similarities and differences between defense support of civil authorities (DSCA) and other elements of decisive action. DSCA and stability operations are similar in many ways. Both revolve around helping partners on the ground within areas of operations. Both require Army forces to provide essential services and work together with civil authorities. However, homeland operational environments differ from those overseas in terms of law, military chain of command, use of force, and inter-organizational coordination among unified action partners. This ADP helps Army leaders understand how operations in the homeland differ from operations by forces deployed forward in other theaters. It illustrates how domestic operational areas are theaters of operations with special requirements. Moreover, this ADP recognizes that DSCA is a joint mission that supports the national homeland security enterprise. The Department of Defense conducts DSCA under civilian control, based on U.S. law and national policy, and in cooperation with numerous civilian partners. National policy, in this context, often uses the word joint to include all cooperating partners, as in a joint field office led by civil authorities.

(U//FOUO) National Reconnaissance Office Acquisition Manual Change Prohibiting Procurement from Huawei, ZTE, and Other Chinese Companies

The National Reconnaissance Office (NRO) Acquisition Manual is hereby amended by adding new sub-part N4.21, Prohibition on Contracting for Certain Telecommunications and Video Surveillance Services or Equipment, to implement a provision of the 2019 National Defense Authorization Act prohibiting the procurement and use of covered equipment and services produced or provided by Huawei Technologies Company, ZTE Corporation, Hytera Communications Corporation, Hangzhou Hikvision Digital Technology Company, and Dahua Technology Company.

FBI Cyber Bulletin: Cyber Criminals Use Social Engineering and Technical Attacks to Circumvent Multi-Factor Authentication

The FBI has observed cyber actors circumventing multi-factor authentication through common social engineering and technical attacks. This PIN explains these methods and offers mitigation strategies for organizations and entities using multi-factor authentication in their security efforts. Multi-factor authentication continues to be a strong and effective security measure to protect online accounts, as long as users take precautions to ensure they do not fall victim to these attacks.

U.K. Operation Yellowhammer No-Deal Brexit Worst Case Planning Assumptions Document

When the UK ceases to be a member of the EU in October 2019 all rights and reciprocal arrangements with the EU end. The UK reverts fully to ‘third country’ status. The relationship between the UK and the EU as a whole is unsympathetic, with many MS (under pressure from the Commission) unwilling to engage bilaterally and implementing protections unilaterally, though some MS may be more understanding. No bilateral deals have been concluded with individual member states with the exception of the reciprocal agreement on social security coordination with Ireland. EU Citizens living in the UK can retain broadly all rights and status that they were entitled to prior to exit from the EU, at the point of exit.

(U//FOUO) DHS Intelligence Bulletin: Worldwide Terrorist Operations Linked to Lebanese Hizballah or Iran

This Reference Aid examines tactics and targets garnered from a review of attacks or disrupted terrorist operations from 2012-2018 linked to either Lebanese Hizballah (LH) or Iran. It identifies behaviors and indicators that may rise to the level for suspicious activity reporting in areas such as recruitment, acquisition of expertise, materiel and weapons storage, target type, and operational security measures, which could assist federal, state, local, tribal, and territorial government counterterrorism agencies, law enforcement officials, and private sector partners in detecting, preventing, preempting, and disrupting potential terrorist activity in the Homeland. This Reference Aid does not imply these indicators would necessarily be observed or detected in every situation or that LH and Iran necessarily use the same tactics or demonstrate the same indicators. Some of these detection opportunities may come during the course of normal investigations into illegal activities in the United States such as illicit travel or smuggling of drugs, weapons, or cash, and lead to the discovery of pre-operational activity.

FBI Report: Ambushes and Unprovoked Attacks on Law Enforcement Officers

Over a number of years, data collected by the FBI’s Law Enforcement Officers Killed and Assaulted {LEOKA} Program began to demonstrate an alarming trend in the number of officers who were killed in ambushes and unprovoked attacks. While the overall number of officers who were feloniously killed was declining, the percentage of officers feloniously killed during surprise attacks was increasing. The LEOKA Program launched a thorough examination of ambushes and unprovoked attacks in an effort to gain insight into the phenomenon and to provide information to enhance training programs for law enforcement officers. The research focused on the mindset and perceptions of officers involved and offenders who carried out those acts. In particular, why the incidents may have occurred and how those involved reacted to the situation.

FBI Cyber Bulletin: Targeting of Audio and Visual Communication Devices on Business Networks to Identify Vulnerabilities for Exploitation

The FBI identified incidents over the past few months in which cyber actors scanned for and sought to exploit audio and visual communication devices on networks to identify vulnerabilities which could later be used to gain access and unlawfully acquire information about the organization. In addition to targeting corporate information, vulnerable devices may be targeted for compromise for use in botnets or other criminal activities. The types of devices targeted include: Voice over Internet Protocol (VoIP) phones, video conferencing equipment, conference phones, VoIP routers, and cloud-based communication systems. While cyber actors have targeted VoIP and other communication devices in the past, the FBI continues to see these devices scanned by cyber actors for vulnerabilities.

(U//LES) FBI Bulletin: Anti-Government, Fringe Political Conspiracy Theories Likely Motivate Domestic Extremists to Commit Criminal, Violent Activity

The FBI assesses anti-government, identity based, and fringe political conspiracy theories very likely motivate some domestic extremists, wholly or in part, to commit criminal and sometimes violent activity. The FBI further assesses in some cases these conspiracy theories very likely encourage the targeting of specific people, places, and organizations, thereby increasing the likelihood of violence against these targets. These assessments are made with high confidence, based on information from other law enforcement agencies, open source information, court documents, human sources with varying degrees of access and corroboration, and FBI investigations.

Senate Intelligence Committee Report on Russian Efforts Against Election Infrastructure in the 2016 Election

From 2017 to 2019, the Committee held hearings, conducted interviews, and reviewed intelligence related to Russian attempts in 2016 to access election infrastructure. The Committee sought to determine the extent of Russian activities, identify the response of the U.S. Government at the state, local, and federal level to the threat, and make recommendations on how to better prepare for such threats in the future. The Committee received testimony from state election officials, Obama administration officials, and those in the Intelligence Community and elsewhere in the U.S. Government responsible for evaluating threats to elections.

(U//FOUO) Joint Staff Briefing Paper on China’s “System Attack” Concept of Warfare

China plans to defeat powerful adversaries by systematically targeting the linkages and nodes that hold an advanced network-centric force together as a cohesive whole. The PLA calls this theory of victory “systems attack and destruction warfare,” hereafter, “system attack. Authoritative PLA doctrine emphasizes importance of system attack as China’s “basic operational method” of warfare. System attack is perhaps best remembered as “the American way of war with Chinese characteristics,” since the PLA developed the concept based on observing U.S. military victories In the 1990s. Some of the PLA’s writings on systems attack are clearly aspirational, but this does not preclude the effectiveness of the approach, and the doctrine shows that the Pl.A is thinking seriously and realistically about how to defeat.an advanced adversary. The requirements of system attack are actively driving PLA reform, acquisitions, operations and training, and the doctrine telegraphs how Chine intends to fight.

U.S. Secret Service National Threat Assessment Center Report: Mass Attacks in Public Spaces 2018

This report is NTAC’s second analysis of mass attacks that were carried out in public spaces, and it builds upon Mass Attacks in Public Spaces – 2017 (MAPS-2017). In MAPS-2017, NTAC found that attackers from that year were most frequently motivated by grievances related to their workplace or a domestic issue.  All of the attackers had recently experienced at least one significant stressor, and most had experienced financial instability. Over three-quarters of the attackers had made threatening or concerning communications, and a similar number had elicited concern from others. Further, most had histories of criminal charges, mental health symptoms, and/or illicit substance use or abuse.

Joint Publication 3-13.1 Electronic Warfare

All modern forces depend on the electromagnetic spectrum (EMS). The military requirement for unimpeded access to, and use of, the EMS is the key focus for joint electromagnetic spectrum operations (JEMSO), both in support of military operations and as the focus of operations themselves. Electronic warfare (EW) is essential for protecting friendly operations and denying adversary operations within the EMS throughout the operational environment.

Joint Staff Strategic Multilayer Assessment: Russian Strategic Intentions

This white paper was prepared as part of the Strategic Multilayer Asssessment, entitled The Future of Global Competition and Conflict. Twenty-three expert contributors contributed to this white paper and provided wide-ranging assessments of Russia’s global interests and objectives, as well as the activities—gray or otherwise—that it conducts to achieve them. This white paper is divided into five sections and twenty-five chapters, as described below. This summary reports some of the white paper’s high-level findings, but it is no substitute for a careful read of the individual contributions.

Joint Publication 3-13.3 Operations Security

Commanders ensure operational security (OPSEC) is practiced during all phases of operations. OPSEC is a capability that identifies and controls critical information, indicators of friendly force actions attendant to military operations, and incorporates countermeasures to reduce the risk of an adversary exploiting vulnerabilities. As adversary analysts apply more information to an analytical model, the likelihood increases that the analytical model will replicate the observed force. Thus, current and future capabilities and courses of action can be revealed and compromised.