Department of Homeland Security

(U//LES) San Diego Fusion Center Tijuana Drug Cartel Ambush Analysis and Gang Collaboration

The intent of this bulletin is to provide Law Enforcement Officers (LEOs) with a general knowledge of ambush tactics used by the Tijuana Cartel against Mexican LEOs in Tijuana, Mexico. The San Diego Police Department (SDPD) Officer Safety Bulletin dated October 3, 2010, outlining Mexican Drug Trafficking Organizations’ (DTOs) and San Diego street gangs’ use of Tijuana Cartel tactics in San Diego County, identified a need for a more comprehensive review of cartel tactics used south of the U.S. border.

DHS Cybersecurity Bulletin: Physical Events Provide Phishing/Social Engineering Opportunities

Malicious users seeking to exploit interest related to physical events such as earthquakes and hurricanes will likely use subject lines and attachment titles related to the incidents in phishing e-mails. Network administrators and general users should be aware of these attempts and avoid opening messages with attachments and/or subject lines related to physical events.

(U//FOUO/LES) Baltimore Police 2nd Amendment Support Decal Warning

The company “Legally Concealed” has created and is marketing decals and apparel to the public “specifically to show support and solidarity for the 2nd Amendment”. According to their website, http://www.legallyconcealed.org/ the special symbol, of the (2) silver lines and number “2” on the black background was “designed in the same spirit of the law enforcement “thin blue line””.

(U//FOUO) Maryland Fusion Center Trash Bag Balloon Bombs Warning

According to recent open source reporting, law enforcement officers (LEO’s) have been encountering bombs made of innocuous trash bags that have caused injuries to responding officers or significant damage to property. LEO’s are encouraged not to touch the light (airy), low-flying, closed trash bags; consider evacuating the immediate area; and, to call the appropriate response personnel.

(U//FOUO) DHS-FBI Ten-Year Anniversary of 9/11 Attacks Warning

This Joint Intelligence Bulletin (JIB) highlights potential terrorist threats related to the 10-year anniversary of the 11 September 2001 (9/11) attacks. This JIB provides perspective on the threat to the Homeland and US interests overseas from al-Qa‘ida, al-Qa‘ida affiliates and allies, and al-Qa‘ida-inspired homegrown violent extremists (HVEs). FBI and DHS are providing this information to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials, as well as first responders and private sector security officials, in effectively deterring, preventing, or disrupting terrorist attacks against the United States. Unless otherwise noted, this JIB uses the FBI’s definitions of terms, which may differ from the definitions used by DHS.

(U//FOUO) DHS-FBI Updated Small Arms and Lone Shooters Warning August 2011

This Joint Intelligence Bulletin (JIB) updates a DHS-FBI joint analytic product of the same title dated 3 September 2010 and is intended to provide warning and perspective regarding the scope of the potential terrorist threats to the United States, specifically towards US persons. This product is provided to support the activities of DHS and FBI and to help federal, state, and local government counterterrorism and law enforcement officials deter, prevent, preempt, or respond to terrorist attacks directed against the United States.

(U//FOUO) DHS/FBI “Body Packing” Criminal Tactic with Possible Terrorist Applications

“Body packing” is a well-documented concealment method criminals have used to smuggle drugs or other contraband. Body packing in humans and animals may involve several forms of concealment — including insertion into body orifices, ingestion, or possibly surgical implantation—of illicit items or material inside or hidden on the body to escape detection by security systems and personnel. Terrorists often assign high priority to concealment in planning attacks, and such methods—to include surgical implantation—offer potential means for suicide operatives to deliver improvised explosive devices to targets.

(U//FOUO) DHS Rising Copper Thefts Disrupting Homeland Infrastructure

Reported copper thefts from critical infrastructure and key resource (CIKR) sectors in the United States rose at least 50 percent in 2010 compared to the previous year, largely driven by record-high prices for copper. Individuals and criminal organizations have engaged in copper thefts primarily for financial gain. We have seen no indication that terrorists are using copper thefts in the homeland as a tactic to damage or destroy CIKR facilities or to fund terrorist activity.

ICE Facilities Standard CCTV Camera Information and Locations

The SM-CCTV System is a computer network consisting of closed-circuit video cameras, digital video recorders (DVRs), and monitoring capabilities that capture video-only feeds in and around ICE facilities. The purpose of the SM-CCTV System is to help ICE secure and regulate physical access to ICE facilities. The system also serves to enhance officer safety, prevent crimes, and assist in the investigation of criminal acts committed inside and on the perimeter of protected ICE facilities. Video surveillance also supports terrorism prevention and facility protection with its visible presence, and detects and deters unauthorized intrusion at ICE facilities. The SM-CCTV System is planned to be deployed in numerous ICE facilities nationwide.

DHS Terrorist Watchlist Service Privacy Impact Assessment

The Department of Homeland Security (DHS) currently uses the Terrorist Screening Database (TSDB), a consolidated database maintained by the Department of Justice Federal Bureau of Investigation Terrorist Screening Center (TSC) of identifying information about those known or reasonably suspected of being involved in terrorist activity in order to facilitate DHS mission-related functions, such counterterrorism, law enforcement, border security, and inspection activities. DHS and TSC are improving the current method of transmitting TSDB data from TSC to DHS. Through a new service called the “DHS Watchlist Service” (WLS), TSC and DHS will automate and simplify the current manual process. TSC remains the authoritative source of watchlist data and will provide DHS with near real-time synchronization of the TSDB. DHS will ensure that each DHS component system receives only those TSDB records which they are authorized to use under the WLS Memorandum of Understanding and authorized under existing regulations and privacy compliance documentation between TSC and DHS (WLS MOU) and any amendments or modifications thereto. DHS conducted this privacy impact assessment (PIA) because the WLS will maintain a synchronized copy of the TSDB, which contains personally identifiable information (PII), and disseminate it to authorized DHS components.

(U//FOUO) LA-JRIC 82% of Cocaine in U.S. Contaminated by Veterinary De-worming Drug

In April 2011, the US Drug Enforcement Administration (DEA) reported up to 82 percent of all cocaine seized in the United States contained levamisole, a veterinary drug used to de-worm livestock. Law enforcement and public health officials in the United States are warning of serious public health consequences for drug users related to contaminated cocaine use.

DHS Bulletin: Anonymous/LulzSec Has Continued Success Using Rudimentary Hacking Methods

This Bulletin is being provided for your Executive Leadership, Operational Management, and Security Administrators situational awareness. The actors who make up the hacker group “Anonymous” and several likely related offshoots like “LulzSec”, continue to harass public and private sector entities with rudimentary exploits and tactics, techniques, and procedures (TTPs) commonly associated with less skilled hackers referred to as “Script Kiddies”. Members of Anonymous routinely claim to have an overt political agenda and have justified at least a portion of their exploits as retaliation for perceived ‘social injustices’ and ‘freedom of speech’ issues. Attacks by associated groups such as LulzSec have essentially been executed entirely for their and their associates’ personal amusement, or in their own hacker jargon “for the lulz”.

(U//FOUO) DHS Red Cell Report: How Terrorists Might Infect U.S. Poultry With Bird Flu

This report explores how terrorists or other non-state adversaries could potentially facilitate an avian influenza outbreak within the United States. The report was primarily intended to assist the Secretary of Homeland Security, Chief Intelligence Officer, Deputy Assistant Secretary, and Chief Medical Officer as they consider the implications of avian influenza to the Homeland. The scenarios explored in this paper are speculative and meant only to broaden the scope of thinking. They are not based on specific evidence or intelligence about terrorists’ plans and capabilities, but are considered scientifically feasible, according to experts that were interviewed.

(U//FOUO) DHS Utility-Sector Employee Insider Threats Warning

Insiders often possess detailed operational and system-security knowledge, as well as authorized physical and systems access to utilities. Insiders can be employees, contractors, service providers, or anyone with legitimate access to utility systems. They often are self-motivated, know system security measures, and raise no alarms due to their authorized systems access. With knowledge of and access to a utility’s network, malicious actors could seize control of utility systems or corrupt information sent to plant operators, causing damage to plant systems and equipment. Systems and networks used by utilities are potential targets for a variety of malicious cyber actors. Threat actors who target these systems may be intent on damaging equipment and facilities, disrupting services, stealing proprietary information, or other malicious activities. The greater the individual’s knowledge and authorized systems access, the greater risk the individual poses. Furthermore, any individual with access to a plant’s systems could unwittingly or inadvertently introduce malware into a system through portable media or by falling victim to socially engineered e-mails.

(U//FOUO) DHS U.S. Lodging Industry Protective Measures Guide

Preventing terrorism, enhancing security, and ensuring resilience to disasters are core missions of the U.S. Department of Homeland Security (DHS). Accomplishing these missions necessitates building and fostering a collaborative environment in which the private sector and Federal, State, local, tribal, and territorial governments can better protect critical infrastructure and key resources (CIKR). The U.S. Lodging Industry is designated as CIKR because it is essential to the Nation’s economic vitality and way of life. It is critical to the Department’s vision of ensuring a homeland that is safe, secure, and resilient against terrorism and other hazards. As such, DHS developed the Protective Measures Guide for the U.S. Lodging Industry in collaboration with the American Hotel & Lodging Association to provide options for hotels to consider when implementing protective measures. The guide provides an overview of threat, vulnerability, and protective measures designed to assist hotel owners and operators in planning and managing security at their facilities. It provides suggestions for successful planning, organizing, coordinating, communicating, operating, and training activities that contribute to a safe environment for guests and employees. In addition, when contemplating appropriate protective measures to implement, owners and operators should consider their own knowledge of the property‘s operations and vulnerabilities, as well as the general surroundings and its place within the community. When implementing appropriate protective measures, owners and operators should make use of additional resources, from local law enforcement and emergency management agencies to the security resources listed in the appendices of this guide.

(U//FOUO) Massachusetts Commonwealth Fusion Center Hotels/Lodging Industry Warning

As Al-Qa‘ida and other terrorist groups continue to seek innovative ways to conduct attacks and circumvent security procedures, there is concern that the holiday season provides attractive opportunities for terrorists to target the Homeland. This bulletin focuses on lodging facilities that serve large numbers of business and leisure travelers and provide venues for a variety of holiday events.

(U//FOUO) San Diego Fusion Center: Hotels are Potential Bomb Labs

Hotels, motels, and other lodging facilities have been used by extremist individuals and groups as locations to manufacture improvised explosive devices (IEDs) in close proximity to their intended targets. Hotels, specifically rooms with kitchens or kitchenettes, allow these groups or individuals to greatly reduce the potential for a premature detonation. Given the short distance to the intended target the risk of premature detonation during transportation is minimized.

(U//FOUO) CBP Killing or Capturing Cartel Leaders Has No Effect on Drug Trafficking

CBP BorderStat drug seizure information was used to evaluate seizure statistics in relation to the arrest or death of key DTO personnel. The drug seizure data was collected from January 2009 through January 2010. This data was analyzed to determine if the arrest or death of key personnel had a direct impact on the flow of U.S.-bound drugs. This research indicates that there is no perceptible pattern that correlates either a decrease or increase in drug seizures due to the removal of key DTO personnel.

(SSI) TSA Passenger Aircraft Cargo Screening and Security Measures Emergency Amendment

In October 2010, terrorists concealed explosives in cargo bound for the United States. Terrorists continue to pursue such tactics to attack the United States and U.S. interests overseas involving commercial aircraft. The measures described in this Emergency Amendment (EA) are required to detect and deter unauthorized explosives in cargo. When implemented, this EA cancels and supersedes EA 1546-10-07 series. The measures contained in this EA are in addition to the requirements of the foreign air carrier’s TSA-accepted security program and all other EAs currently in effect for its operations.

(U//FOUO) DHS LulzSec Bulletin: Hacktivist Groups Target U.S. and Foreign Networks

The National Cybersecurity and Communications Integration Center (NCCIC), through coordination with its partners and monitoring of multiple sources, is tracking reports that members of the hacktivist collectives ‘LulzSec’ and ‘Anonymous’ have combined their efforts and continue to perpetrate cyber attacks targeting U.S. and foreign networks. LulzSec Members have posted statements on the internet claiming the attacks, referred to as ‘Operation AntiSecurity’ (AntiSec), are ‘designed to demonstrate the weakness of general internet security’ and have allowed them to collect massive amounts of data. LulzSec is purported to be a group of former Anonymous members who typically use widely available and crude tools to hijack or deface web pages as a political statement. They also routinely post information regarding planned and ongoing activities on publicly available Internet Relay Chat (IRC) sessions and social networking sites like Twitter. Recent attacks by LulzSec and Anonymous have proven simple Tactics, Techniques and Procedures (TTPs) are often successful, even against entities who have invested a significant amount of time and capital into designing and securing their information networks.

ICE List of Specially Designated Countries (SDCs) that Promote or Protect Terrorism

The Department of Homeland Security Office of Inspector General issued a report in May 2011 titled “Supervision of Aliens Commensurate with Risk” that details Immigration and Customs Enforcement’s (ICE) detention and supervision of aliens. The report includes a list of Specially Designated Countries (SDCs) that are said to “promote, produce, or protect terrorist organizations or their members”. The report states that ICE uses a Third Agency Check (TAC) to screen aliens from specially designated countries (SDCs) that have shown a tendency to promote, produce, or protect terrorist organizations or their members and that the purpose of the additional screening is to determine whether other agencies have an interest in the alien. ICE’s policy requires officers to conduct TAC screenings only for aliens from SDCs if the aliens are in ICE custody.

(U//FOUO) DHS Interagency Security Committee Threats to Federal Facilities Assessment

The DBT Report is a stand-alone threat analysis to be used with the Physical Security Criteria for Federal Facilities: An ISC Standard. The document establishes a profile of the type, composition, and capabilities of adversaries, and it is also designed to correlate with the countermeasures in the compendium of standards and to be easily updated as needed. The DBT is an estimate of the threats that face Federal facilities across a range of undesirable events and based on the best intelligence information, Intelligence Community (IC) reports and assessments, and crime statistics available to the working group at the time of publication. Users of the DBT must consider that undiscovered plots may exist, adversaries are always searching for new methods and tactics to overcome security measures, and the lone-wolf adversary remains largely unpredictable.

(U//LES) LulzSec Release: Arizona Fusion Center Marijuana-Mushroom Grow Officer Safety

Historically, indoor Marijuana-Mushroom grows have been “no big deal” to law enforcement as a HazMat or public health concern. However, due to recent Arizona events the Department of Public Safety would like to bring situational awareness to law enforcement (LE) and first responders regarding the hazards associated with responding to indoor marijuana grow locations. This information is provided for officer safety purposes.

ICE Pattern Analysis and Information Collection (ICEPIC) System

The ICE Pattern Analysis and Information Collection (ICEPIC) system was established in 2008 to enable ICE law enforcement agents and analysts to look for non-obvious relationship patterns among individuals and organizations that are indicative of violations of the customs and immigration laws that are enforced by DHS agencies, as well as possible terrorist threats and plots. From these relationships, ICE agents develop specific leads and intelligence for active and new investigations. Identified relationships are also recorded for reuse in subsequent investigative analyses. The information processed by ICEPIC comes from existing ICE investigative and apprehension records systems, as well as immigration and alien admission records systems. ICEPIC includes capabilities that assist investigators in recording results of analyses performed in support of investigations and in capturing additional relevant information obtained from outside sources. The information collected by, on behalf of, in support of, or in cooperation with DHS and its components may contain personally identifiable information collected by other Federal, State, local, tribal, foreign government agencies, or international organizations.