Intelligence Fusion Centers

(U//FOUO) Northern California Fusion Center: Violent Tactics Showcased at Berkeley Riots Likely to be Used at Future Demonstrations

Tactics used by violent Anti-fascists at events in Berkeley on 1 February, 4 March, and 15 April 2017 highlight their ability to exploit peaceful protests with coordinated violent demonstrations, attack law enforcement personnel, destroy property, and conduct information campaigns to advance their socio-political goals. This Advisory Bulletin is intended to inform law enforcement involved in operational planning and event safety at gatherings that violent anti-fascist elements may target.

(U//FOUO) Delaware Fusion Center: Officer Safety Smart Watches

The Delaware State Police (DSP) Intelligence Unit is providing the following information for officer safety and situational awareness. Officers should be mindful, when placing prisoners in custody, of smart watches and similar devices that can connect via Bluetooth to a cellular device. Smart watches have the capability to both make and receive phone calls and text messages, as well as erasing same. This could cause an issue if a cellular device and it’s contents are being used as evidence. Through experimentation at Troop 7, it was determined that if a prisoner is in the detention area and the phone is seized, the watch could still be operational.

(U//LES) EPIC Bulletin: Transnational Criminal Organizations (TCOs) Continue to Profit from Marijuana Sales in Legalized Markets

In January 2016, EPIC published Intelligence Note 02303-16a, this product provided analysis of data provided by the Drug Enforcement Administration (DEA) and open source reporting that indicated Transnational Criminal Organizations (TCOs) continued to operate and profit from marijuana sales in legalized U.S. marijuana markets. EPIC research further showed that legalization of marijuana in some U.S. markets had not adversely impacted TCO profitability in marijuana markets, and that the effort of legalization had conversely brought new opportunities for illicit profits from marijuana sales. As of January 2017, EPIC research indicates that TCOs continue to exploit legalized marijuana markets in the United States.

(U//FOUO) Los Angeles Joint Regional Intelligence Center: Vehicle Ramming Attacks Increasing

Use of vehicles by violent extremists for ramming attacks has increased steadily, while use of vehicle-borne improvised explosive devices (VBIEDs) remains rare outside the Middle East. Given the ease with which ramming attacks can be accomplished, it is likely use of this tactic will continue to rise. Unlike VBIEDs, ramming attacks require little specialized training or skill, present minimal risk of detection when acquiring the weapon, and offer flexibility with regard to preparation, timing, and target. Foreign terrorist organizations (FTOs) have pointedly encouraged use of vehicle ramming attacks, offering explicit tactical advice on vehicle selection, driving tips to maximize fatalities, and targeting suggestions that include parades, festivals, street fairs, outdoor markets or conventions, political rallies, and other crowded targets of opportunity.

(U//FOUO) DHS-FBI-USSS Joint Threat Assessment 2017 Presidential Address to a Joint Session of Congress

This Joint Threat Assessment (JTA) addresses threats to the 2017 Presidential Address to a Joint Session of Congress (the Presidential Address) at the US Capitol Building in Washington, DC, on 28 February 2017. This assessment does not consider nonviolent civil disobedience tactics (for example, protests without a permit) that are outside the scope of federal law enforcement jurisdiction; however, civil disobedience tactics designed to cause a hazard to public safety and/or law enforcement fall within the scope of this assessment.

(U//FOUO) DHS, Fusion Centers Reference Aid: Malicious Terrorism Hoaxes Likely to Endure, Strain State and Local First Responder Resources

This Reference Aid is intended to provide information on malicious terrorism hoaxes that will continue to challenge first responder resources throughout the Homeland and territories. This Reference Aid is provided by I&A, DIAC, NCRIC, NVRIC, and NJ-ROIC to support their respective activities, to provide situational awareness, and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and first responders with recognizing the indicators and implications of malicious terrorism hoaxes. The use of hoax calls may also be used as a technique to lure authorities to a particular location for the purpose of conducting a potential attack, but is not discussed in this article, as luring is viewed as its own distinct tactic.

(U//FOUO) DHS Field Analysis Report: Growing Trend of Ransomware Attacks Targeting Hospitals

The healthcare sector has been a desirable target for hackers due to the sensitive nature of patient information contained in their systems. The stakes are very high in the healthcare industry because any disruption in operations and care can have significant repercussions for patients. As such, this industry offers an ideal victim for ransomware, and these attacks are likely to continue—disrupting employee access to important documents and patient data and hampering the ability to provide critical services—creating a public safety concern.

(U//FOUO) New Jersey Fusion Center: Potential Concerns for Transportation Security

The NJ ROIC currently has no specific indication of any credible specific threats to transportation facilities. However, with the rise in “self-radicalized” actor(s), and homegrown violent extremists (HVEs) influenced by ISIL and other terror groups, targeted violent attacks to any of these sectors could occur with little or no notice by an individual(s) who has not yet garnered law enforcement attention. This advisory highlights recent transportation concerns in the wake of the recent attacks in Belgium.

Boston Fusion Center Bulletin: Terror Attacks on Entertainment Venues

Several recent incidents underline the possibility that soft targets, including entertainment venues such as bars and restaurants, are increasingly chosen over hard targets that may hold more significance to the victims and the attacking person or group. Using analysis of recent events and data from the START Global Terrorism Database, the BRIC completed the following study to raise awareness regarding the targeting of entertainment venues by violent extremist groups.

(U//FOUO) California Fusion Center: Drone Threats to Public Safety Personnel, Assets and Response

Encounters in 2015 of unauthorized unmanned aircraft systems (UAS), also known as drones, with public safety aircraft during emergency events underscore the potential threats UAS pose to response efforts—notably search-and-rescue, firefighting and police air assets—as well as the lives, property and natural resources already at risk.

(U//FOUO) Boston Regional Intelligence Center Suspicious Activity Behavior & Indicators For Public Sector Partners

This document is intended to highlight several suspicious activity behaviors and indicators that may be indicative of preoperational terrorist activity for business owners and private sector security personnel. This product focuses on behaviors and indicators that would be of interest prior to any major event. This proactive public safety strategy is an ongoing attempt to provide our private sector partners with some information on suspicious activity.

(U//FOUO) Utah Fusion Center Bulletin on Oregon Wildlife Refuge Occupier LaVoy Finicum’s Funeral

Recent events surrounding the occupation of the Malheur Wildlife Refuge in Harney County Oregon, have culminated in the fatal confrontation of Northern Arizona rancher, LaVoy Finicum. His funeral services will be held on 05 FEB 2016, in Kanab, UT. Finicum will be buried on 06 FEB 2016, close to his Arizona ranch in Cane Beds, AZ. While no credible threats to law enforcement are present at this time, armed extremists are expected to travel through UT; some of which may see this event as a tipping point, and potentially shift toward more violent action. A number of individuals, several of whom were present at the Burns, OR occupation, are planning caravans from UT and NV to travel to the funeral in show of support.

(U//FOUO) Pennsylvania Fusion Center Alert: Terrorists Impersonating First Responders

In September 2014, The Islamic State of Iraq and Syria (ISIS) released a propaganda video encouraging its followers to murder “intelligence officers, police officers, soldiers and civilians.” The video was re-released in January 2015 and specifically named the United States, France, Australia and Canada as targets. Now, first responders have an additional threat: Impersonation and misrepresentation by terrorists as first responders. The impersonators main goals are to further their attack plan and do harm to unsuspecting citizens as well as members of the emergency services community.

(U//FOUO) New Jersey Fusion Center Special Events List November 2015

The New Jersey Office of Homeland Security and Preparedness (OHSP) compiles a statewide list of special events that provides situational awareness to law enforcement, as well as to assist in local planning requirements. Special events include any events that attracts large numbers of participants. Examples include concerts, marathons, parades, sporting events, holiday gatherings, etc.

(U//FOUO) Ohio Fusion Center Network: Swatting Incidents at Schools

SWATTING is the act of sending a SWAT team or some type of law enforcement response to a location by convincing law enforcement that an incident has occurred or is about to occur that requires immediate law enforcement response. Characteristics of swatting include, but are not limited to: Callers using internet-based phones such as Skype USBUS and Magic Jack USBUS, or callers using a legal Caller Identification (ID) masking service. Caller ID spoofing/masking services permit cell phones and landline phones to spoof the call’s origins through a service fee based software. Reports of bomb-threats and SWATTING incidents are coming from area elementary, middle, and high schools, along with universities as well. Federal, state, and local partners are working to identify where the calls are originating from.

National Strategy for the National Network of Fusion Centers 2014-2017

The vision of the 2014–2017 National Strategy is to connect the geographic and public safety diversity of over 38,000 states, counties, cities, and towns together in a way that creates a national information sharing asset that is coordinated with and contributes to federal information sharing efforts. Federal efforts to connect the knowledge and capabilities of the Intelligence Community (IC) often involve state and local law enforcement joining federal efforts. The NNFC is the reversal and broadening of this framework, inviting federal partners to join state and local public safety information sharing efforts. In carrying out this strategy, IC professionals have an opportunity and avenue to bring their knowledge and capabilities to state and major urban area fusion centers, designated by governors and staffed by state and local professionals. As a unique national asset, this state and local network must work seamlessly with field-based intelligence and information sharing entities, providing geographic and interdisciplinary knowledge and perspective without interrupting or replicating federal efforts. The 2014–2017 National Strategy integrates with other criminal intelligence sharing efforts supported by the Criminal Intelligence Coordinating Council.

(U//FOUO) Virginia Fusion Center Bulletin: Malicious Activists May Promote Harm to Emergency Vehicles

The Virginia Fusion Center (VFC) has observed via open sources that actors affiliated with the Anonymous hacktivist movement released a video which purportedly identifies a Chicago Office of Emergency Management and Communications (OEMC) vehicle as a tool for law enforcement wiretapping efforts by police and fusion center personnel in Chicago, Illinois. The VFC is sharing this information for situational awareness, as emergency management vehicles operating near protest areas may be targeted by precipitating violent or malicious activity.

(U//FOUO) Colorado Fusion Center Bulletin: Law Enforcement Officers Should Minimize or Eliminate Social Media Footprint

The Colorado Information Analysis Center (CIAC) is disseminating this awareness bulletin to help law enforcement officers and military personnel to minimize their social media footprint and protect their identity and family. Recent calls for attacks against law enforcement officers by foreign terrorist organizations and recent reports released by the U.S. Senate Select Intelligence Committee’s report on the CIA’s Detention Interrogation Program may exacerbate tensions or even spark violence against officers, intelligence personnel, government officials, and their families. This awareness bulletin seeks to make general recommendations to limit an individual’s digital footprint and diminish a violent actor’s targeting capability.

(U//FOUO) CFIX Bulletin: Jihadist Propaganda Provides Guidance for Attacks on Law Enforcement

Propaganda providing guidance and/or encouraging “individual jihad” or small cell operations against the West continues to be a prevalent theme in jihadist messaging. This bulletin was created by the CFIX in order to address recent propaganda from the Islamic State and its supporters which provides guidance on targeting law enforcement officers. The CFIX bases its analysis in this bulletin from open source reporting and internet postings with varying degrees of reliability, especially in regards to the true intention and capabilities of terrorist organizations and their supporters. This information is intended to support local, state and federal government agencies along with other entities in developing / prioritizing protective and support measures relating to an existing or emerging threat to homeland security.