On 26 July 2020, al-Hayat Media Center, a news outlet of the Islamic State of Iraq and ash-Sham (ISIS), released an English-language propaganda video entitled “Incite the Believers,” which encourages ISIS supporters to conduct incendiary attacks in the United States. The narrator acknowledges that ISIS supporters may have difficulty traveling to ISIS-controlled territory overseas and instead encourages them to conduct attacks where they live. The video also encourages ISIS supporters who are unable to obtain firearms or explosives to consider using incendiary attacks as an alternative.
Department of Homeland Security, Federal Bureau of Investigation, Intelligence Fusion Centers, U.S. Secret Service
This Joint Threat Assessment (JTA) addresses threats to the 59th Presidential Inauguration taking place in Washington, DC, on 20 January 2021. This JTA is co-authored by the Federal Bureau of Investigation (FBI) and Department of Homeland Security (DHS)/US Secret Service (USSS), with input from multiple US Intelligence Community and law enforcement partners. It does not include acts of non – violent civil disobedience (i.e., protests without a permit), which are outside the scope of federal law enforcement jurisdiction.
The New Jersey Regional Operations & Intelligence Center (ROIC) conducted research regarding the process necessary for successful recovery from COVID-19. This research and subsequent analysis focused on proper return-to-work procedures for first responders, while ensuring the safety of all. Although limited data is available specifically referencing first responders, numerous international scientific studies provide best practices for determining an individual’s ability to safely resume their duties. Links for more information are provided throughout this report.
(U//FOUO) San Diego Fusion Center Bulletin: Ambulance Used to Conceal Improvised Explosive Device in Afghanistan
On January 27, 2018 at approximately 12:15pm local time, a vehicle resembling an ambulance and laden with explosives detonated after it passed through a police checkpoint in Kabul, Afghanistan. The explosion killed more than 100 people and wounded approximately 235 others. According to the deputy spokesperson for the Afghanistan Interior Ministry, the vehicle was painted to resemble an ambulance and had successfully passed through a checkpoint after the attacker allegedly told police he was transporting a patient to a nearby hospital. While stopped at a second checkpoint farther inside the city limits, the attacker detonated the explosives concealed in the vehicle.
Intelligence in this assessment is based on data from 125 local, state, tribal, and federal law enforcement agencies through statewide intelligence meetings, adjudicated cases, and open source information. Specific gang data was collected from 71 law enforcement agencies through questionnaires disseminated at the statewide intelligence meetings and the 2017 Mississippi Association of Gang Investigators (MAGI) Conference. The intelligence meetings, sponsored by the MSAIC, occurred in the nine Mississippi Highway Patrol (MHP) districts.
(U//FOUO) DHS Bulletin: Chemical Splash and Spray Attacks Potential Tactic for Violent Extremists in Homeland
We assess that terrorists likely view tactics involving throwing or spraying acids and a variety of chemical liquids, hereafter referred to as a chemical spray and splash attack (CSSA), as a viable tactic to cause injury and disrupt critical infrastructure, judging from open source reporting describing terrorist social media posts and terrorist and violent extremist use of this tactic overseas. An analysis of a small number of incidents described in media reporting revealed that CSSAs are commonly used by criminal actors to further criminal activities and by violent extremist groups overseas to create fear, intimidate, punish, and disfigure individuals and groups that resist their control or ideology in their area of operations; the tactic, however, has rarely been operationalized by actors in the Homeland. We note, however, that homegrown violent extremists (HVEs) and lone offenders likely would find this tactic appealing and could easily adapt it to the Homeland, as it requires no specific technical expertise and the materials most often associated with criminal attack are usually unregulated and widely available.
(U//FOUO) California Cybersecurity Integration Center Advisory: Security Concerns with Kaspersky Labs Products
On 11 July, the United States Government removed Moscow-based Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment, amid concerns the cyber security firm’s products could be used by the Kremlin to gain entry into U.S. networks. Last month the Senate Armed Services Committee passed a defense spending policy bill that would ban Kaspersky products from use in the military. The move came a day after the FBI interviewed several of the company’s U.S. employees at their private homes as part of a counterintelligence investigation into its operations.
DHS-FBI Guide: Handling Threats to Private Citizens and Locations Named Online by Violent Extremists
The fusion center has no information to indicate specific or credible threats to people whose names have been published online by violent extremists. You are being provided this advisory to assist your agency in responding to queries from members of the public or other concerned parties. This information, which often includes personally identifiable information (PII) obtained maliciously via the Internet, most likely represents aspirational threats. Its primary purpose is likely to heighten anxiety and a sense of vulnerability. It is unlikely that violent extremist-inspired individuals in the United States will target people identified online, but this cannot be ruled out entirely.
(U//FOUO) Northern California Fusion Center: Violent Tactics Showcased at Berkeley Riots Likely to be Used at Future Demonstrations
Tactics used by violent Anti-fascists at events in Berkeley on 1 February, 4 March, and 15 April 2017 highlight their ability to exploit peaceful protests with coordinated violent demonstrations, attack law enforcement personnel, destroy property, and conduct information campaigns to advance their socio-political goals. This Advisory Bulletin is intended to inform law enforcement involved in operational planning and event safety at gatherings that violent anti-fascist elements may target.
The Delaware State Police (DSP) Intelligence Unit is providing the following information for officer safety and situational awareness. Officers should be mindful, when placing prisoners in custody, of smart watches and similar devices that can connect via Bluetooth to a cellular device. Smart watches have the capability to both make and receive phone calls and text messages, as well as erasing same. This could cause an issue if a cellular device and it’s contents are being used as evidence. Through experimentation at Troop 7, it was determined that if a prisoner is in the detention area and the phone is seized, the watch could still be operational.
(U//LES) EPIC Bulletin: Transnational Criminal Organizations (TCOs) Continue to Profit from Marijuana Sales in Legalized Markets
In January 2016, EPIC published Intelligence Note 02303-16a, this product provided analysis of data provided by the Drug Enforcement Administration (DEA) and open source reporting that indicated Transnational Criminal Organizations (TCOs) continued to operate and profit from marijuana sales in legalized U.S. marijuana markets. EPIC research further showed that legalization of marijuana in some U.S. markets had not adversely impacted TCO profitability in marijuana markets, and that the effort of legalization had conversely brought new opportunities for illicit profits from marijuana sales. As of January 2017, EPIC research indicates that TCOs continue to exploit legalized marijuana markets in the United States.
(U//FOUO) Orange County Fusion Center Bulletin: Criminal Use of E-mail Filters to Monitor and Divert Communications
Use of vehicles by violent extremists for ramming attacks has increased steadily, while use of vehicle-borne improvised explosive devices (VBIEDs) remains rare outside the Middle East. Given the ease with which ramming attacks can be accomplished, it is likely use of this tactic will continue to rise. Unlike VBIEDs, ramming attacks require little specialized training or skill, present minimal risk of detection when acquiring the weapon, and offer flexibility with regard to preparation, timing, and target. Foreign terrorist organizations (FTOs) have pointedly encouraged use of vehicle ramming attacks, offering explicit tactical advice on vehicle selection, driving tips to maximize fatalities, and targeting suggestions that include parades, festivals, street fairs, outdoor markets or conventions, political rallies, and other crowded targets of opportunity.
Department of Homeland Security, Federal Bureau of Investigation, Intelligence Fusion Centers, U.S. Secret Service
(U//FOUO) DHS-FBI-USSS Joint Threat Assessment 2017 Presidential Address to a Joint Session of Congress
This Joint Threat Assessment (JTA) addresses threats to the 2017 Presidential Address to a Joint Session of Congress (the Presidential Address) at the US Capitol Building in Washington, DC, on 28 February 2017. This assessment does not consider nonviolent civil disobedience tactics (for example, protests without a permit) that are outside the scope of federal law enforcement jurisdiction; however, civil disobedience tactics designed to cause a hazard to public safety and/or law enforcement fall within the scope of this assessment.
(U//FOUO) DHS, Fusion Centers Reference Aid: Malicious Terrorism Hoaxes Likely to Endure, Strain State and Local First Responder Resources
This Reference Aid is intended to provide information on malicious terrorism hoaxes that will continue to challenge first responder resources throughout the Homeland and territories. This Reference Aid is provided by I&A, DIAC, NCRIC, NVRIC, and NJ-ROIC to support their respective activities, to provide situational awareness, and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and first responders with recognizing the indicators and implications of malicious terrorism hoaxes. The use of hoax calls may also be used as a technique to lure authorities to a particular location for the purpose of conducting a potential attack, but is not discussed in this article, as luring is viewed as its own distinct tactic.
The healthcare sector has been a desirable target for hackers due to the sensitive nature of patient information contained in their systems. The stakes are very high in the healthcare industry because any disruption in operations and care can have significant repercussions for patients. As such, this industry offers an ideal victim for ransomware, and these attacks are likely to continue—disrupting employee access to important documents and patient data and hampering the ability to provide critical services—creating a public safety concern.
(U//FOUO) Wisconsin Fusion Centers Bulletin: Threats Against Law Enforcement and Public Sector Personnel
The NJ ROIC currently has no specific indication of any credible specific threats to transportation facilities. However, with the rise in “self-radicalized” actor(s), and homegrown violent extremists (HVEs) influenced by ISIL and other terror groups, targeted violent attacks to any of these sectors could occur with little or no notice by an individual(s) who has not yet garnered law enforcement attention. This advisory highlights recent transportation concerns in the wake of the recent attacks in Belgium.
Several recent incidents underline the possibility that soft targets, including entertainment venues such as bars and restaurants, are increasingly chosen over hard targets that may hold more significance to the victims and the attacking person or group. Using analysis of recent events and data from the START Global Terrorism Database, the BRIC completed the following study to raise awareness regarding the targeting of entertainment venues by violent extremist groups.
Encounters in 2015 of unauthorized unmanned aircraft systems (UAS), also known as drones, with public safety aircraft during emergency events underscore the potential threats UAS pose to response efforts—notably search-and-rescue, firefighting and police air assets—as well as the lives, property and natural resources already at risk.
(U//FOUO) Boston Regional Intelligence Center Suspicious Activity Behavior & Indicators For Public Sector Partners
This document is intended to highlight several suspicious activity behaviors and indicators that may be indicative of preoperational terrorist activity for business owners and private sector security personnel. This product focuses on behaviors and indicators that would be of interest prior to any major event. This proactive public safety strategy is an ongoing attempt to provide our private sector partners with some information on suspicious activity.
Recent events surrounding the occupation of the Malheur Wildlife Refuge in Harney County Oregon, have culminated in the fatal confrontation of Northern Arizona rancher, LaVoy Finicum. His funeral services will be held on 05 FEB 2016, in Kanab, UT. Finicum will be buried on 06 FEB 2016, close to his Arizona ranch in Cane Beds, AZ. While no credible threats to law enforcement are present at this time, armed extremists are expected to travel through UT; some of which may see this event as a tipping point, and potentially shift toward more violent action. A number of individuals, several of whom were present at the Burns, OR occupation, are planning caravans from UT and NV to travel to the funeral in show of support.
In September 2014, The Islamic State of Iraq and Syria (ISIS) released a propaganda video encouraging its followers to murder “intelligence officers, police officers, soldiers and civilians.” The video was re-released in January 2015 and specifically named the United States, France, Australia and Canada as targets. Now, first responders have an additional threat: Impersonation and misrepresentation by terrorists as first responders. The impersonators main goals are to further their attack plan and do harm to unsuspecting citizens as well as members of the emergency services community.