United States

Department of Justice Report on the Investigation into Russian Interference in the 2016 Presidential Election

The Internet Research Agency (IRA) carried out the earliest Russian interference operations identified by the investigation-a social media campaign designed to provoke and amplify political and social discord in the United States. The IRA was based in St. Petersburg, Russia, and received funding from Russian oligarch Yevgeniy Prigozhin and companies he controlled. The IRA later used social media accounts and interest groups to sow discord in the U.S. political system through what it termed “information warfare.” The campaign evolved from a generalized program designed in 2014 and 2015 to undermine the U.S. electoral system, to a targeted operation that by early 2016 favored candidate Trump and disparaged candidate Clinton. The IRA’s operation also included the purchase of political advertisements on social media in the names of U.S. persons and entities, as well as the staging of political rallies inside the United States. To organize those rallies, IRA employees posed as U.S. grassroots entities and persons and made contact with Trump supporters and Trump Campaign officials in the United States. The investigation did not identify evidence that any U.S. persons conspired or coordinated with the IRA. Section II of this report details the Office’s investigation of the Russian social media campaign.

(U//FOUO) National Counterterrorism Center Report: Envisioning the Emergence of Shia Homegrown Violent Extremist Plotters in the US

We assess that a Shia homegrown violent extremist (HVE) attack in the US is highly unlikely absent a catalyzing event that could galvanize some US-based Shia to engage independently in violence. Given sustained bilateral US-Iran tensions, the occurrence of such a catalyst could prompt Shia HVE activity relatively quickly, underscoring the benefits of early engagement with Shia communities about indicators of HVE radicalization. Potential triggering events for such Shia HVE violence include US military action against Iran and Lebanese Hizballah, Shia leadership or senior clerics sanctioning violence in the US, prominent Sunni government attacks on Shia, or high-profile anti-Shia activity in the US, judging from the results of a structured NCTC brainstorming exercise.

(U//FOUO) National Counterterrorism Center Guide: Sunni Extremist Attacks and Plots in the US Before 9/11

NCTC assesses that the Sunni extremist threat to the US before 9/11 was characterized by diverse extremist organizations and lone actors motivated by multiple ideological narratives and other factors, including Salafi jihadism, Palestinian nationalism, theological disputes within Islam, anti-Semitism, and anti-Hindu sentiments. We have identified a dozen successful attacks, four disrupted plots, and one attempt to set up an extremist training camp in the US between 1973 and 2001, underscoring the persistent threat from al-Qa‘ida–associated extremists, Palestinian terrorist groups, and Sunni extremist lone actors in the decades leading up to 9/11. These extremists chose a wide array of targets, with the majority of their attacks before 1993 focused on Hindu, Jewish, or Muslim individuals or institutions. Most attacks after that date were against civilian or US Government targets, because of al-Qa‘ida–associated extremists’ focus on indiscriminate mass casualty attacks. In some cases, we lack clear insight into the attackers’ motivations because of information gaps, and FBI disagrees about the motivations underlying two of these attacks.

National Institute of Justice Study: How Radicalization to Terrorism Occurs in the United States

Since its founding in 2012, the National Institute of Justice’s Domestic Radicalization to Terrorism program has sponsored research on how radicalization to terrorism occurs in the United States in order to support prevention and intervention efforts. These projects have taken a variety of approaches to examining the process of radicalization to terrorism, but in spite of this there is substantial overlap in their findings, which collectively provide evidence of the importance of several facilitators of radicalization and the need to take into account how this process unfolds within individuals over time.

(U//FOUO) DHS-FBI-NCTC Bulletin: Attacks on Mosques in Christchurch, New Zealand May Inspire Supporters of Violent Ideologies

This Joint Intelligence Bulletin (JIB) is intended to provide information on Australian national and violent extremist Brenton Tarrant’s 15 March 2019 attacks on two mosques in Christchurch, New Zealand. These attacks underscore the enduring nature of violent threats posed to faith-based communities. FBI, DHS, and NCTC advise federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners responsible for securing faith-based communities in the Homeland to remain vigilant in light of the enduring threat to faith-based communities posed by domestic extremists (DEs), as well as by homegrown violent extremists (HVEs) who may seek retaliation.

FBI Cyber Bulletin: Spearphishing Campaigns Against Students at Multiple Universities

The FBI has identified successful spearphishing campaigns directed at college and university students, especially during periods when financial aid funds are disbursed in large volumes. In general, the spearphishing emails request students’ login credentials for the University’s internal intranet. The cyber criminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the threat actor’s control.

U.S. Army Future Warfare Division White Paper: Operationalizing Robotic and Autonomous Systems in Support of Multi-Domain Operations

Robotic and Autonomous Systems (RAS) and artificial intelligence (AI) are fundamental to the future Joint Force realizing the full potential of Multi-Domain Operations (MDO 1.5). These systems, in particular AI, offer the ability to outmaneuver adversaries across domains, the electromagnetic (EM) spectrum, and the information environment. The employment of these systems during competition allows the Joint Force to understand the operational environment (OE) in real time, and thus better employ both manned and unmanned capabilities to defeat threat operations meant to destabilize a region, deter escalation of violence, and turn denied spaces into contested spaces. In the transition from competition to armed conflict, RAS and AI maneuver, fires, and intelligence, surveillance, and reconnaissance (ISR) capabilities provide the Joint Force with the ability to deny the enemy’s efforts to seize positions of advantage.

(U//FOUO) FBI Active Shooter Incidents and Mass Killings In Schools 2000-2017

The number of active shooter incidents in schools (ASIS) has remained steady over the past 18 years, with an average of 2.8 shootings per year. ASIS are most likely to happen at the high school level or higher (37 out of 52). The average deaths from ASIS was 7.4; however, this includes the 2007 Virginia Tech shooting and the 2012 Sandy Hook Elementary School shooting, where 32 and 26 people died, respectively. Most of the deaths from ASIS resulted during incidents that met the threshold for a mass killing (81 percent).

FBI Behavioral Analysis Unit’s Key Findings in October 2017 Las Vegas Mass Shooting

On October 1, 2017, over 22,000 people gathered for a music festival at a 15-acre, open-air concert venue in Las Vegas, Nevada. On the final night of the festival, Stephen Craig Paddock opened fire into the crowd from the 32nd floor of the Mandalay Bay Resort and Casino. The gunfire started around 10:05 p.m. and continued for approximately eleven minutes, with Paddock firing over 1,000 rounds. Fifty-eight persons were killed and several hundred more were injured. As responding law enforcement officers assembled in the hallway outside of his hotel room, Paddock committed suicide.

(U//FOUO) DHS Guide: Cross-Border Gangs and their Mexican Drug Cartel Affiliations

Cross-border gangs play a unique role in the illicit transfer of people and goods across the southwest border. According to law enforcement reporting. Mexican cartels utilize US gangs to smuggle drugs and illegal aliens northbound. and smuggle cash. stolen automobiles. and weapons southbound. US gangs often freelance their work and seek profit-making opportunities with multiple cartels.

The U.S. Army in Multi-Domain Operations 2028

From Multi-Domain Battle to Multi-Domain Operations. TRADOC Pamphlet 525-3-1, The U.S. Army in Multi-Domain Operations 2028 expands upon the ideas previously explained in Multi-Domain Battle: Evolution of Combined Arms for the 21st Century. It describes how the Army contributes to the Joint Force’s principal task as defined in the unclassified Summary of the National Defense Strategy: deter and defeat Chinese and Russian aggression in both competition and conflict. The U.S. Army in Multi-Domain Operations concept proposes detailed solutions to the specific problems posed by the militaries of post-industrial, information-based states like China and Russia. Although this concept focuses on China and Russia, the ideas also apply to other threats.

(U//FOUO) NCTC Counterterrorism Weekly Open Source Digest December 2018

Counterterrorism Weekly is an UNCLASSIFIED//FOR OFFICIAL USE ONLY compilation of open source publicly available press and relevant commentary on issues related to terrorism and counterterrorism over the past seven days. It is produced every Wednesday, excluding holidays. Counterterrorism Weekly is produced by the National Counterterrorism Center and contains situational awareness items detailing ongoing terrorism-related developments which may be of interest to Federal, State, Local and Tribal Law Enforcement, security, military personnel, and first responders. Information contained in the Counterterrorism Weekly is subject to change as a situation further develops.

Marjory Stoneman Douglas High School Shooting Public Safety Commission Draft Report

On February 14, 2018, fourteen students and three staff members at the Marjory Stoneman Douglas High School in Parkland Florida were fatally shot and seventeen others were wounded, in one of the deadliest school massacres in United States’ history. The gunman Nikolas Cruz, age 19 at the time of the incident, was a former student of Marjory Stoneman Douglas High School. Cruz was a troubled child and young adult who displayed aggressive and violent tendencies as early as 3-years-old. Cruz struggled in academics and attended several schools. There are reports of behavioral issues at all of the schools he attended. He was under the care of mental health professionals from age 11 until he turned age 18 and refused further services. At 2:19 p.m. on February 14, 2018, Cruz exited an Uber ride sharing service at Marjory Stoneman Douglas High School armed with a rifle and several hundred rounds of ammunition concealed in a rifle bag. He entered the school through an unstaffed gate that had been opened for school dismissal and made his way towards building 12 on the North side of campus. He entered the east side of building 12 through an unlocked and unstaffed door. He made his way through all three floors firing into classrooms and hallways and killing or wounding 34 individuals. He exited building 12 and ran across campus, blending in with students evacuating. Cruz was apprehended approximately 1 hour and 16 minutes after the first shots and charged with 17 counts of premeditated murder and 17 counts of attempted murder.

(U//LES) DEA Bulletin: Fake Xanax Tablets Containing Cyclopropylfentanyl, Methamphetamine, and FUB-AKB48

The increasing demand for opioids in the United States coupled with the availability of fentanyl presents a significant public health risk and negatively impacts officer safety. In 2018, the Arizona High Intensity Drug Trafficking Area (HIDTA) Counter Narcotics Alliance (CNA) task force seized tablets that appeared to be Xanax but actually contained a combination of cyclopropylfentanyl, methamphetamine, and a synthetic cannabinoid chemical.

Domestic Operational Law Handbook for Judge Advocates 2018

The Domestic Operational Law (DOPLAW) Handbook for judge advocates is a product of the Center for Law and Military Operations (CLAMO). The content is derived from statutes, Executive Orders and Directives, national policy, DoD Directives and Instructions, joint publications, service regulations, field manuals, as well as lessons learned by judge advocates and other practitioners throughout Federal and State government. This edition includes substantial revisions.

Director of National Intelligence Cyber Threats to Elections Lexicon

This reference aid draws on CTIIC’s experience promoting interagency situational awareness and information sharing during previous significant cyber events—including cyber threats to elections. It provides a guide to cyber threat terms and related terminology issues likely to arise when describing cyber activity. The document includes a range of cyber-specific terms that may be required to accurately convey intelligence on a cyber threat event and terms that have been established by relevant authorities regarding technical infrastructure for conducting elections.

FBI Study: Pre-Attack Behaviors of Active Shooters in the U.S. 2000-2013

In 2017 there were 30 separate active shootings in the United States, the largest number ever recorded by the FBI during a one-year period.1 With so many attacks occurring, it can become easy to believe that nothing can stop an active shooter determined to commit violence. “The offender just snapped” and “There’s no way that anyone could have seen this coming” are common reactions that can fuel a collective sense of a “new normal,” one punctuated by a sense of hopelessness and helplessness. Faced with so many tragedies, society routinely wrestles with a fundamental question: can anything be done to prevent attacks on our loved ones, our children, our schools, our churches, concerts, and communities?

Restricted U.S. Army Space Operations Manual

FM 3-14, Army Space Operations, provides an overview of space operations in the Army and is consistent and compatible with joint doctrine. FM 3-14 links Army space operations doctrine to joint space operations doctrine as expressed in JP 3-14, Space Operations and other joint doctrinal publications. This FM establishes guidance for employing space and space-based systems and capabilities to support United States (U.S.) Army land warfighting dominance. It provides a general overview of overhead support to Army operations, reviews national guidance and direction, and outlines selected unique space-related Army capabilities. The doctrine in this manual documents Army thought for the best use of space capabilities. This manual also contains tactics and procedures outlining how to plan, integrate, and execute Army space operations.

National Counterintelligence and Security Center Report: Foreign Economic Espionage in Cyberspace

In the 2011 report to Congress on Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, the Office of the National Counterintelligence Executive provided a baseline assessment of the many dangers facing the U.S. research, development, and manufacturing sectors when operating in cyberspace, the pervasive threats posed by foreign intelligence services and other threat actors, and the industries and technologies most likely at risk of espionage. The 2018 report provides additional insight into the most pervasive nation-state threats, and it includes a detailed breakout of the industrial sectors and technologies judged to be of highest interest to threat actors. It also discusses several potentially disruptive threat trends that warrant close attention.

FBI Cyber Bulletin: Identified Qakbot Malware Variant Found on Thumb Drive Manufactured in China

In March 2018, an identified financial services corporation received a thumb drive infected with the bank credential-stealing Qakbot malware variant, targeting information from networked computers and financial institution web sites. The financial services corporation purchased bulk thumb drives from a US online retailer of computer hardware. The thumb drives were originally manufactured in China. According to FBI forensic analysis, the Qakbot malware was on the infected thumb drive before the drive arrived in the United States. Qakbot is extremely persistent and requires removal of all malware from every device. Failure to remove even one node of malware may result in re-infecting previously sanitized systems possibly costing the victim hundreds of thousands of dollars in malware removal and system downtime.

Las Vegas Metropolitan Police Department October 2017 Mass Shooting Final Report

As Engineer Schuck walked up the hallway of the 100 Wing, he observed Security Officer Campos poke his head out of an alcove. Engineer Schuck then heard rapid gunfire coming from the end of the 100 Wing hallway that lasted approximately 10 seconds. When the gunfire stopped, he heard Security Officer Campos tell him to take cover. Engineer Schuck stepped into an alcove and gunfire again erupted down the hallway coming from Room 32-135. The gunfire lasted a few seconds then stopped. The gunfire started again after a brief pause, but Engineer Schuck believed it was directed outside and not down the hallway. Meanwhile, inside the Las Vegas Village over 50 Las Vegas Metropolitan Police Department (LVMPD) personnel were on overtime assignments for the Route 91 Harvest music festival being held at the Las Vegas Village venue. The initial gunshots were heard on an officer’s body worn camera (BWC). As the suspect (Stephen Paddock) targeted the concertgoers with gunfire, officers quickly determined they were dealing with an active shooter and broadcast the information over the radio.