This Joint Intelligence Bulletin (JIB) is intended to provide information on a continuing trend of Western youth being inspired by Islamic State of Iraq and the Levant (ISIL) messaging via social media to travel to Syria to participate in the conflict. This JIB is provided to support the activities of FBI and DHS to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks in the United States.
(U//FOUO) Virginia Fusion Center Bulletin: Malicious Activists May Promote Harm to Emergency Vehicles
The Virginia Fusion Center (VFC) has observed via open sources that actors affiliated with the Anonymous hacktivist movement released a video which purportedly identifies a Chicago Office of Emergency Management and Communications (OEMC) vehicle as a tool for law enforcement wiretapping efforts by police and fusion center personnel in Chicago, Illinois. The VFC is sharing this information for situational awareness, as emergency management vehicles operating near protest areas may be targeted by precipitating violent or malicious activity.
Since the May 2010 publication of the Roll Call Release “Terrorist Use of Propane Cylinders,” terrorists have continued to advocate the use of propane cylinders in building improvised explosive devices (IEDs). Throughout 2014, al-Qa‘ida-inspired violent extremists posted on the Internet English-language instructions for building and using propane IEDs and encouraged attacks in the United States. The posts recommended military, commercial, and financial sector targets, major metropolitan areas, and mass gatherings.
This Assessment is based on an I&A review of 24 law enforcement investigations into acts and threats of sovereign citizen extremist (SCE) violence since 2010, detailing locations, targets of violence, and their statements about the violence, when available. It is intended to inform law enforcement at the federal, state, and local levels about the nature and circumstances of SCE violence to help officers prepare for, anticipate, and ultimately avoid violent incidents. Most sovereign citizens are non-violent, and this assessment applies only to those that use violence to advance their goals.
Malicious cyber actors have targeted US universities and colleges with typical cybercrime activities, such as spear phishing students and faculty with university-themed messages, creating fake university websites, and infecting computers with malicious software, likely in an attempt to gain access to student and faculty e-mail and bank accounts. We have no indication that cybercriminals target university systems and users more than any other cybercrime victims.
To facilitate efficiency and effectiveness on a global scale, massive amounts of data are stored and processed in systems comprised of hardware and software. Each digital transaction or interaction we make creates a digital footprint of our lives. Too often, we don’t take the time to assess not only the size of our digital footprint, but what risks are involved in some of the choices we make. Our data lives in our social media profiles, mobile devices, payment accounts, health records, and employer databases among other places. The loss or compromise of that data can result in an array of impacts from identity theft to financial penalties, fines, and even consumer loyalty and confidence. This results in both a shared risk and therefore shared responsibility for individuals, businesses, organizations and governments. The following product is intended to facilitate awareness of one’s digital footprint as well as offer suggestions for a unified approach to securing that data. This is not an all-encompassing product, but rather offers discussion points for all that hold a stake in the security of our data.
This Homeland Security (HLS) Geospatial Concept of Operations (GeoCONOPS) has been developed as a strategic starting point for understanding how the coordination of Homeland Security and Homeland Defense (HD) geospatial activities can be improved at the federal level. The intended audience for this document is the full geospatial community supporting the missions of the federal government under the National Response Framework (NRF) and Presidential Policy Directive 8 (PPD-8). This includes the stakeholders and actors representing the Emergency Support Functions (ESFs), the Joint Field Offices (JFO), Federal Operations Centers, the disaster preparedness exercise and evaluation community, and those involved in other NRF missions. Individuals representing these groups and activities have been extensively engaged in providing input for this document.
(U//FOUO) Colorado Fusion Center Bulletin: Law Enforcement Officers Should Minimize or Eliminate Social Media Footprint
The Colorado Information Analysis Center (CIAC) is disseminating this awareness bulletin to help law enforcement officers and military personnel to minimize their social media footprint and protect their identity and family. Recent calls for attacks against law enforcement officers by foreign terrorist organizations and recent reports released by the U.S. Senate Select Intelligence Committee’s report on the CIA’s Detention Interrogation Program may exacerbate tensions or even spark violence against officers, intelligence personnel, government officials, and their families. This awareness bulletin seeks to make general recommendations to limit an individual’s digital footprint and diminish a violent actor’s targeting capability.
DHS National Cybersecurity and Communications Integration Center: Suspicious “Invoic” Email Sent to Government Personnel
This Assessment highlights the tactics, targets, and tradecraft that potentially could be used in the Homeland by individuals associated with or inspired by the Islamic State of Iraq and the Levant (ISIL); we do not address the likelihood of an attack against the United States by the group. This Assessment is intended to support the activities of DHS to assist federal, state, and local government counterterrorism and law enforcement officials, first responders, and private sector security partners in effectively deterring, preventing, preempting, or responding to terrorist attacks against the United States.
This handbook contains standard security designs and procedures common to Sensitive Compartmented Facilities (SCIF) and physical security construction standard and established by the Director National Intelligence (DNI) for protection of classified intelligence information. Users should refer to Director of Central Intelligence Directives (DCIDS) and other documents cited under Authorities for guidance on specific security functions.
Propaganda providing guidance and/or encouraging “individual jihad” or small cell operations against the West continues to be a prevalent theme in jihadist messaging. This bulletin was created by the CFIX in order to address recent propaganda from the Islamic State and its supporters which provides guidance on targeting law enforcement officers. The CFIX bases its analysis in this bulletin from open source reporting and internet postings with varying degrees of reliability, especially in regards to the true intention and capabilities of terrorist organizations and their supporters. This information is intended to support local, state and federal government agencies along with other entities in developing / prioritizing protective and support measures relating to an existing or emerging threat to homeland security.
The purpose of this brief is to provide law enforcement, first responders, corrections officers, and other personnel who interact with the general public, with guidance and protective measures when coming in contact with individuals demonstrating symptoms of the Ebola Virus Disease (EVD). Personnel who become familiar with the identification of possible exposure, proper response protocols and protective measures will be better prepared to respond, secure, transport and decontaminate to prevent further spread of this deadly disease.
The Transportation Security Administration’s Office of Intelligence (TSA-OI) unclassified annual Freight Rail Threat Assessment addresses the overall threat to the U.S. freight rail industry and presents conclusions regarding likely targets and actors based upon a review of successful attacks against rail systems overseas.
The most recent U.S. case, announced on 12 October 2014 is the first reported domestic transmission in the U.S. Three of the American EVD patients recovered and were discharged from the hospital, while three remain hospitalized. One American died while receiving treatment in Nigeria. The Liberian EVD patient was not symptomatic upon arrival and determined not to be infectious during travel. The Liberian patient died while in isolation on 8 October 2014. On 11 October 2014, the CDC and the Department of Homeland Security’s Customs & Border Protection (CBP) began enhanced entry screening of passengers with recent travel to West Africa at New York’s JFK International Airport. Enhanced entry screening is scheduled to begin on 16 October 2014 at Washington-Dulles, Newark, Chicago-O’Hare, and Atlanta international airports. Based on the recent domestic transmission, state and federal officials are re- examining whether equipment and procedures were properly followed, and whether additional protective steps and guidance are needed. The CDC believes the U.S. medical, public health infrastructure/responses are sufficient to prevent the spread of the Ebola virus in the U.S.
As of 3 October 2014, 43 states and the District of Columbia have reported 538 cases (+325 since 23 September 2014) of Enterovirus D68 (EV-D68) to the U.S. Centers for Disease Control and Prevention (CDC). Most of the cases have been identified among children; however, one case was identified in an adult. This outbreak was first announced in a media conference held on 8 September 2014. In this announcement, the CDC stated that EV-D68 was detected in clusters of individuals with respiratory illness in Kansas City, Missouri and Chicago, Illinois. Many of the initial identified cases had a history of asthma or wheezing. Recent increases in cases can be attributed to awareness of this issue among health officials and the amount of time necessary for disease investigation and confirmation. Current surveillance tools for influenza-like illness may not be appropriate for the detection of EV-D68 because many of the identified cases failed to develop fever. The CDC is involved in the ongoing investigation of a possible link between EV-D68 and acute paralysis. Furthermore, the CDC has identified EV-D68 in specimens from patients who have died, but the role of EV-D68 in these deaths remains unclear. EV-D68 has rarely been reported in the U.S. since first recognized in California in 1962. Enterovirus infections are not reportable in the U.S., so the illness is likely underreported because most enterovirus infections are self-limiting and do not require medical attention. The CDC estimates that non-polio enteroviruses are very common and are responsible for 10 to 15 million U.S. infections each year.
The Department of Homeland Security’s (DHS) Homeland Infrastructure Threat and Risk Analysis Center (HITRAC) produced this National Risk Estimate (NRE) to provide an authoritative, coordinated, risk-informed assessment of the key security issues faced by the Nation’s infrastructure protection community from malicious insiders. DHS used subject matter expert elicitations and tabletop exercises to project the effect of historic trends on risks over the next 3 to 5 years. In addition, DHS used alternative futures analysis to examine possible futures involving insider threats to critical infrastructure over the next 20 years. The results are intended to provide owners and operators a better understanding of the scope of the threat and can inform mitigation plans, policies, and programs, particularly those focused on high-impact attacks.
On 8 August, the International Health Regulations Emergency Committee of the World Health Organization (WHO) declared the ongoing epidemic of Ebola virus to be a Public Health Emergency of International Concern (PHEIC). According to the WHO, regional health authorities in western Africa have reported 7,178 cases of Ebola virus disease with 3,338 deaths to the WHO since the outbreak was first recognized in March 2014. On 30 September 2014, The U.S. Centers for Disease Prevention and Control (CDC) announced that an unidentified man, who is receiving treatment at Texas Health Presbyterian Hospital in Dallas, Texas, has been diagnosed with Ebola virus. All previous cases associated with the U.S. were diagnosed in West Africa. One patient died while in Nigeria, and four were diagnosed in West Africa before traveling to the U.S. for treatment.
The NJ Office of Homeland Security and Preparedness (OHSP) compiles a statewide list of special events that provides situational awareness to law enforcement, as well as to assist in local planning requirements. Special events include any event that attracts large numbers of participants and spectators in both a public or private venue. Examples include concerts, marathons, firework displays, community celebrations, visits by VIPs, sporting events, holiday gatherings, etc.
(U//LES) Northern California Fusion Center Bulletin: Recreational Drones Create Problems for Law Enforcement
The expansion of Unmanned Aerial Vehicle (UAV) operations for military purposes in the last decade has driven growth in the commercial UAV industry where. the casual enthusiast can now purchase a ready-to-fly system for less than $300. These UAVs can be accessorized for varied purposes such as cinematography, agricultural monitoring, wildlife tracking, site surveillance, and potentially even for kinetic attacks with a firearm or improvised explosive. This Advisory Bulletin addresses an observed increase in UAV use by ordinary citizens, outlining capabilities and implications for the law enforcement community. The NCRIC has not received any specific or credible UAV threats in our 15-county AOR and presents the following information for situational awareness purposes.
Malicious cyber actors are using advanced search techniques, referred to as “Google dorking,” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks. “Google dorking” has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities. By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.
DHS National Cybersecurity and Communications Integration Center Bulletin: Hotel Business Centers Keyloggers
The following is an advisory for owners, managers and stakeholders in the hospitality industry, which highlights recent data breaches uncovered by the United States Secret Service (USSS). The attacks were not sophisticated, requiring little technical skill, and did not involve the exploit of vulnerabilities in browsers, operating systems or other software. The malicious actors were able to utilize a low-cost, high impact strategy to access a physical system, stealing sensitive data from hotels and subsequently their guest’s information. The NCCIC and the USSS have provided some recommendations at the end of this document that may help prevent similar attacks on publicly available computers.