Department of Homeland Security

(U//FOUO) New Jersey Fusion Center Special Events List November 2015


The New Jersey Office of Homeland Security and Preparedness (OHSP) compiles a statewide list of special events that provides situational awareness to law enforcement, as well as to assist in local planning requirements. Special events include any events that attracts large numbers of participants. Examples include concerts, marathons, parades, sporting events, holiday gatherings, etc.

(U//FOUO) DHS-FBI-NCTC Bulletin: Terrorist Impersonation of First Responders Overseas


(U//FOUO) Two disrupted plots in Europe earlier this year highlight terrorists possible interest in impersonating first responders through the acquisition of authentic or fraudulent uniforms, equipment, vehicles, and other items which may be associated with government, military, law enforcement, fire,…

(U//FOUO) DHS-FBI-NCTC Bulletin: Risks for U.S. Persons Traveling to Fight ISIS


This Joint Intelligence Bulletin highlights the potential risks for US persons traveling to Syria or Iraq to combat the Islamic State of Iraq and the Levant (ISIL) or expressing online a desire to do so. The FBI, DHS, and NCTC remain concerned that US persons traveling to combat ISIL are at risk of being killed, wounded, or captured. Further, ISIL members or supporters could attempt disingenuously to identify and target US persons so as to harm them before or upon their arrival in Syria or Iraq. The State Department has issued travel warnings for both Iraq and Syria and the US Government does not support US persons traveling overseas to combat ISIL.

(U//FOUO) Ohio Fusion Center Network: Swatting Incidents at Schools


SWATTING is the act of sending a SWAT team or some type of law enforcement response to a location by convincing law enforcement that an incident has occurred or is about to occur that requires immediate law enforcement response. Characteristics of swatting include, but are not limited to: Callers using internet-based phones such as Skype USBUS and Magic Jack USBUS, or callers using a legal Caller Identification (ID) masking service. Caller ID spoofing/masking services permit cell phones and landline phones to spoof the call’s origins through a service fee based software. Reports of bomb-threats and SWATTING incidents are coming from area elementary, middle, and high schools, along with universities as well. Federal, state, and local partners are working to identify where the calls are originating from.

(U//FOUO) DHS-FBI-NCTC Bulletin: ISIL Supporters Targeting Uniformed Personnel for Weapons and Equipment


In the first half of 2015 there were at least two instances of Islamic State of Iraq and the Levant (ISIL) inspired individuals in the West expressing interest in targeting law enforcement (LE) to obtain weapons and other specialized gear through theft. As ISIL continues to exhort its individuals in the West to carry out attacks, the potential exists that some terrorists may use this tactic and attempt to steal weapons or issued items, such as credentials, badges, uniforms, radios, ballistic vests, vehicles, and other equipment, which could be used in furtherance of an attack. We note that laws governing the purchase of firearms differ widely among Western nations making this tactic more likely to occur in countries where laws are most restrictive and firearms are harder to obtain through legitimate means.

DHS Guide: Improving Survivability in Improvised Explosive Device and Active Shooter Incidents


Recent improvised explosive device (IED) and active shooter incidents reveal that some traditional practices of first responders need to be realigned and enhanced to improve survivability of victims and the safety of first responders caring for them. This Federal, multi-disciplinary first responder guidance translates evidence-based response strategies from the U.S. military’s vast experience in responding to and managing casualties from IED and/or active shooter incidents and from its significant investment in combat casualty care research into the civilian first responder environment. Additionally, civilian best practices and lessons learned from similar incidents, both in the United States and abroad, are incorporated into this guidance. Recommendations developed in this paper fall into three general categories: hemorrhage control, protective equipment (which includes, but is not limited to, ballistic vests, helmets, and eyewear), and response and incident management.

(U//FOUO) DHS Assessment: Future ISIL Operations in the West Could Resemble Disrupted Belgian Plot


I&A assesses that the plot disrupted by Belgian authorities in January 2015 is the first instance in which a large group of terrorists possibly operating under ISIL direction has been discovered and may indicate the group has developed the capability to launch more complex operations in the West. We differentiate the complex, centrally planned plotting in Belgium from other, more-simplistic attacks by ISIL-inspired or directed individuals, which could occur with littleto no warning.

(U//FOUO/LES) DHS Report: Assessing ISIL’s lnfluence and Perceived Legitimacy in the Homeland


This Field Analysis Report (FAR) is designed to support awareness and inform enforcement and collection operations of federal, state, and local partners involved in homeland security and counterterrorism efforts. Some of the activities described in the FAR may be constitutionally protected activities and should be supported by additional facts to justify increased suspicion. The totality of relevant circumstances should be evaluated when considering any law enforcement response or action. Our assessment of the level of the Islamic State of Iraq and the Levant’s (ISIL) name recognition since its declaration of a caliphate in June 2014 is based on a review of suspicious activity reporting (SAR) across the United States between 1 January and 30 December 2014, criminal complaints of US persons charged with supporting or seeking to support ISIL, Bureau of Prisons (BOP) intelligence reporting, and DHS I&A open source reporting to assess the influence of ISIL’s messaging campaign within the United States and ISIL’s perceived legitimacy among homegrown violent extremists (HVEs).

DHS Privacy and Civil Liberties Assessment Report on Executive Order 13636


Section 5 of Executive Order 13636 (Executive Order) requires the DHS Chief Privacy Officer and Officer for Civil Rights and Civil Liberties to assess the privacy and civil liberties impacts of the activities the Department of Homeland Security (DHS, or Department) undertakes pursuant to the Executive Order and to provide those assessments, together with recommendations for mitigating identified privacy risks, in an annual public report. In addition, the DHS Privacy Office and the Office for Civil Rights and Civil Liberties (CRCL) are charged with coordinating and compiling the Privacy and Civil Liberties assessments conducted by Privacy and Civil Liberties officials from other Executive Branch departments and agencies with reporting responsibilities under the Executive Order.

(U//FOUO) DHS Infrastructure Protection Note: Most Significant Tactics Against the Electricity Subsector


This IP Note is a joint publication of OCIA and the DHS Office of Intelligence and Analysis (I&A) Homeland Counterterrorism Division. It is intended to identify high- consequence tactics, techniques, and procedures (TTPs) used during attacks and incidents that occurred at electrical substations, facilities, and associated electrical infrastructure from 2002 to 2013. The incidents identified in this report have no known nexus to terrorism.

(U//FOUO) DHS-DOT-EPA Crude Oil Transport by Rail Preparedness Initiatives Guide


Domestic rail shipments of crude oil grew from 9,500 train car loads in 2008 to 435,560 loads in 2013—an increase of nearly 4,500 percent. The growth in shipment volume has increased the threat of spills, explosions, and other effects associated with a train derailment or crash. Recent incidents in Lac Mégantic, Quebec, Lynchburg, Virginia, Mount Carbon, West Virginia, and Galena, Illinois demonstrate the consequences of crude by rail incidents on surrounding communities and natural environments.

(U//FOUO) DHS-FBI Bulletin: Twenty Years After Oklahoma City Bombing, Domestic Extremism Remains a Persistent Threat


This Joint Intelligence Bulletin (JIB) prepared by the FBI and DHS is intended to provide law enforcement with a summary of significant domestic extremist incidents occurring during the previous 15 months. This product highlights the breadth and frequency of current domestic extremist threats against Homeland targets, and places them in the context of the 20th anniversary of the1995 bombing of the Alfred P. Murrah Federal Building in Oklahoma City, Oklahoma. This information is provided to support the activities of the FBI and DHS and to assist other federal, state, local, tribal, and territorial counterterrorism and law enforcement officials and private sector security officials in identifying existing or emerging threats to homeland security.

DHS Acquisition of License Plate Reader Data from a Commercial Service Privacy Impact Assessment


U.S. Immigration and Customs Enforcement (ICE) uses information obtained from license plate readers (LPR) as one investigatory tool in support of its criminal investigations and civil immigration enforcement actions. Because LPR information can be combined with other data to identify individuals and therefore meets the definition of personally identifiable information (PII), ICE is conducting this Privacy Impact Assessment (PIA) to describe how it intends to procure the services of a commercial vendor of LPR information in order to expand the availability of this information to its law enforcement personnel. ICE is neither seeking to build nor contribute to a national public or private LPR database.

National Strategy for the National Network of Fusion Centers 2014-2017


The vision of the 2014–2017 National Strategy is to connect the geographic and public safety diversity of over 38,000 states, counties, cities, and towns together in a way that creates a national information sharing asset that is coordinated with and contributes to federal information sharing efforts. Federal efforts to connect the knowledge and capabilities of the Intelligence Community (IC) often involve state and local law enforcement joining federal efforts. The NNFC is the reversal and broadening of this framework, inviting federal partners to join state and local public safety information sharing efforts. In carrying out this strategy, IC professionals have an opportunity and avenue to bring their knowledge and capabilities to state and major urban area fusion centers, designated by governors and staffed by state and local professionals. As a unique national asset, this state and local network must work seamlessly with field-based intelligence and information sharing entities, providing geographic and interdisciplinary knowledge and perspective without interrupting or replicating federal efforts. The 2014–2017 National Strategy integrates with other criminal intelligence sharing efforts supported by the Criminal Intelligence Coordinating Council.

(U//FOUO) DHS-FBI Bulletin: ISIL Social Media Messaging Resonating with Western Youth


This Joint Intelligence Bulletin (JIB) is intended to provide information on a continuing trend of Western youth being inspired by Islamic State of Iraq and the Levant (ISIL) messaging via social media to travel to Syria to participate in the conflict. This JIB is provided to support the activities of FBI and DHS to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks in the United States.

(U//FOUO) Virginia Fusion Center Bulletin: Malicious Activists May Promote Harm to Emergency Vehicles


The Virginia Fusion Center (VFC) has observed via open sources that actors affiliated with the Anonymous hacktivist movement released a video which purportedly identifies a Chicago Office of Emergency Management and Communications (OEMC) vehicle as a tool for law enforcement wiretapping efforts by police and fusion center personnel in Chicago, Illinois. The VFC is sharing this information for situational awareness, as emergency management vehicles operating near protest areas may be targeted by precipitating violent or malicious activity.

(U//FOUO) DHS-FBI-NCTC Bulletin: Terrorists Encouraging Use of Propane Cylinders as IEDs


Since the May 2010 publication of the Roll Call Release “Terrorist Use of Propane Cylinders,” terrorists have continued to advocate the use of propane cylinders in building improvised explosive devices (IEDs). Throughout 2014, al-Qa‘ida-inspired violent extremists posted on the Internet English-language instructions for building and using propane IEDs and encouraged attacks in the United States. The posts recommended military, commercial, and financial sector targets, major metropolitan areas, and mass gatherings.

(U//FOUO) DHS Intelligence Assessment: Sovereign Citizen Extremist Ideology Driving Violence


This Assessment is based on an I&A review of 24 law enforcement investigations into acts and threats of sovereign citizen extremist (SCE) violence since 2010, detailing locations, targets of violence, and their statements about the violence, when available. It is intended to inform law enforcement at the federal, state, and local levels about the nature and circumstances of SCE violence to help officers prepare for, anticipate, and ultimately avoid violent incidents. Most sovereign citizens are non-violent, and this assessment applies only to those that use violence to advance their goals.

(U//FOUO) DHS Intelligence Assessment: Malicious Cyber Actors Target US Universities and Colleges


Malicious cyber actors have targeted US universities and colleges with typical cybercrime activities, such as spear phishing students and faculty with university-themed messages, creating fake university websites, and infecting computers with malicious software, likely in an attempt to gain access to student and faculty e-mail and bank accounts. We have no indication that cybercriminals target university systems and users more than any other cybercrime victims.

DHS NCCIC Report on Assessing Risks of Your Digital Footprint


To facilitate efficiency and effectiveness on a global scale, massive amounts of data are stored and processed in systems comprised of hardware and software. Each digital transaction or interaction we make creates a digital footprint of our lives. Too often, we don’t take the time to assess not only the size of our digital footprint, but what risks are involved in some of the choices we make. Our data lives in our social media profiles, mobile devices, payment accounts, health records, and employer databases among other places. The loss or compromise of that data can result in an array of impacts from identity theft to financial penalties, fines, and even consumer loyalty and confidence. This results in both a shared risk and therefore shared responsibility for individuals, businesses, organizations and governments. The following product is intended to facilitate awareness of one’s digital footprint as well as offer suggestions for a unified approach to securing that data. This is not an all-encompassing product, but rather offers discussion points for all that hold a stake in the security of our data.

DHS Geospatial Concept of Operations (GeoCONOPS) Version 6


This Homeland Security (HLS) Geospatial Concept of Operations (GeoCONOPS) has been developed as a strategic starting point for understanding how the coordination of Homeland Security and Homeland Defense (HD) geospatial activities can be improved at the federal level. The intended audience for this document is the full geospatial community supporting the missions of the federal government under the National Response Framework (NRF) and Presidential Policy Directive 8 (PPD-8). This includes the stakeholders and actors representing the Emergency Support Functions (ESFs), the Joint Field Offices (JFO), Federal Operations Centers, the disaster preparedness exercise and evaluation community, and those involved in other NRF missions. Individuals representing these groups and activities have been extensively engaged in providing input for this document.

(U//FOUO) Colorado Fusion Center Bulletin: Law Enforcement Officers Should Minimize or Eliminate Social Media Footprint


The Colorado Information Analysis Center (CIAC) is disseminating this awareness bulletin to help law enforcement officers and military personnel to minimize their social media footprint and protect their identity and family. Recent calls for attacks against law enforcement officers by foreign terrorist organizations and recent reports released by the U.S. Senate Select Intelligence Committee’s report on the CIA’s Detention Interrogation Program may exacerbate tensions or even spark violence against officers, intelligence personnel, government officials, and their families. This awareness bulletin seeks to make general recommendations to limit an individual’s digital footprint and diminish a violent actor’s targeting capability.

DHS National Cybersecurity and Communications Integration Center: Suspicious “Invoic” Email Sent to Government Personnel


On 15 October 2014, a phishing email was dispersed to a wide variety of government employees. NCCIC has also received a number of reports indicating that members within the Education Sector and Financial Sector; International, State, Local, and Tribal organizations have also received similar email messages. The email suggested that the recipient had an unpaid debt and the attachment was an invoice showing the debt information. The subject line reads “UNPAID INVOIC” and the content simply instructs recipients to open the attachment which is a PDF file that is believed to be malicious. Rather than installing malware files from the PDF file itself, it appears to use embedded JavaScript within the file to redirect victims to a malicious website where additional malware can be installed.