Department of Homeland Security

(U//FOUO/LES) LulzSec Release: DHS Mexico Sonora-Based Threats to U.S. Border Security

This Homeland Security Assessment examines threats to U.S. border security emanating from the Mexican state of Sonora, which borders Arizona and a small section of New Mexico. It discusses drug and alien smuggling, border violence, and Mexican federal, state, and local government capabilities to confront organized crime. This is the fifth of six planned assessments on current threats to homeland security arising in Mexican states along the U.S. border. It is intended primarily for working-level analysts and operators engaging in homeland security-related activities and concerned with pertinent developments in Sonora and nearby U.S. territory.

(U//FOUO/LES) LulzSec Release: Arizona Fusion Center Sovereign Citizens and Militia Information

The Sovereign Citizens and Militia Movements have been in existence for a number of years and remain active throughout the US today. The Sovereign Citizen Movement began in the 1970’s when groups/individuals adopted right-wing anarchist ideologies originating from the theories of the group called the Posse Comitatus. The Militia Movement began to form not long after the 1993 Waco, Texas incident.

(U//FOUO) Michigan Fusion Center Restaurant Inspection Scam Warning

Restaurants in multiple states, including Michigan, are reporting phone calls from individuals claiming to be from the Health Department. Throughout Michigan, the scammers are requesting to schedule an inspection at the food establishment, as well as sensitive information about the business. According to the Better Business Bureau, this was a widespread occurrence in Minnesota and North Dakota in 2010.

(U//FOUO) US-CERT Advisory Increased Threats to Authentication Services

Authentication establishes the trusted relationship between the user and a system or service and validates their identities to each other. Organizations rely on authentication services to protect important data by limiting access to trusted users. Malicious actors are increasingly interested in exploiting authentication services because organizations rely on them to ensure system integrity and limit access to sensitive data by trusted users. US-CERT is providing this advisory to warn organizations about increased threats and interest in authentication services and provide recommended best practices to strengthen system integrity.

(U//FOUO) Colorado Information Analysis Center Chemical Sector Threat Report

The Colorado Information Analysis Center (CIAC) has no current information indicating an imminent threat to Colorado chemical sector critical infrastructure. However, both within the United States and abroad, recent attempts to perpetrate attacks utilizing the Postal and Shipping and Transportation Sectors has created a need for heightened awareness. The CIAC has produced this assessment to provide situational awareness on the current critical infrastructure threat environment, sector incidents and trends, as well as pertinent updates. Information contained in this report originates from CIAC cases, unclassified local, state, and federal databases, and open source reporting.

(U//FOUO) DHS-FBI Unsubstantiated “Electronic Jihad” Warning November 2007

According to Debkafile, an Israeli electronic news website, a group claiming to be al-Qa‘ida has declared 11 November 2007 as the first day of a campaign of “electronic jihad” on the Internet. According to Debkafile, unspecified “al-Qa‘ida electronic experts” allegedly would begin attacking “Western, Jewish, Israeli, Muslim apostate and Shiite Web sites on that date with many more jihadist hackers joining in the attacks later [sic].” DHS and the FBI have no specific or credible information corroborating these cyber attack claims, or intelligence indicating this group is tied to al-Qa‘ida.

(U//FOUO) Maryland Fusion Center Implications of Death of Osama bin Laden

The Intelligence Community (IC) assesses the death of al-Qa’ida (AQ) leader Usama Bin Laden could result in retaliatory attacks in the Homeland and against U.S. and Western interests overseas. Attacks might originate with AQ Core elements in the Tribal Areas of Pakistan, with one of their affiliates overseas, and/or with individuals in the Homeland sympathetic to the cause but lacking a formal group association. We have no indications of advanced AQ Core plotting efforts in the Homeland, but the case of now-detained AQ operative Najibullah Zazi—who, along with two associates, planned to attack New York City subway in 2009 using homemade explosives— demonstrates that unidentified operatives could advance plotting in the Homeland.

(U//FOUO) DHS Hotels Threat Assessment

This assessment is intended to support the activities of DHS and to assist federal, state, and local government counterterrorism and law enforcement officials, and the private sector in deterring, preventing, preempting, or responding to terrorist attacks against soft targets such as hotels in the United States. It is intended to support the national “See Something, Say Something” campaign.

(U//FOUO) DHS Identifying Clandestine Biological, Chemical, Explosives, and Methamphetamine Laboratories

The purpose of this assessment is to assist members of the law enforcement and public safety communities in differentiating among four types of clandestine laboratories: biological, chemical, explosives, and methamphetamine. It provides descriptions, distinguishing features, and hazards of each type of laboratory and includes four reference guides for distribution to public safety personnel. This assessment expands on a related product—Distinguishing a Biological Agent Production Laboratory from a Methamphetamine Laboratory, Lawrence Livermore National Laboratory, 22 January 2008—by including indicators and warning signs associated with clandestine chemical and explosives laboratories.

(U//LES) DHS Chemical Storage Facility Terrorist Indicators Report

To consider terrorist threat indicators in relationship to chemical storage facilities, it is useful to understand the basic structure of the industry and what general types of facilities might be attractive targets for terrorist attack. Chemical storage facilities are attractive terrorist targets because they can contain toxic and hazardous materials, can create extensive casualties and property damage, and can be a source of materials for use in other attacks. Figure 1 shows some of the potential terrorist targeting objectives.

(U//LES) DHS Petroleum Pipeline Vulnerabilities and Terrorist Indicators Reports

The United States (U.S.) has two types of pipelines that transport petroleum: those that carry crude oil and those that carry refined petroleum products, such as gasoline, diesel fuel, jet fuel, and home heating oil. Pipelines transport more than two-thirds of all crude oil and refined products in the U.S. Other transportation modes are water, which includes ocean tankers and barges and accounts for 28% of petroleum transportation; tanker trucks, which account for 3% of petroleum transportation; and railroads, which account for 2% of petroleum transportation. The U.S. has more than 200,000 miles of petroleum pipelines.

(U//LES) DHS Highway Tunnel Terrorist Indicators Report

Highway tunnels are enclosed passageways for road vehicles to travel through or under an obstruction, such as a city, mountain, river, or harbor. Tunnels may have one or more “tubes,” and some are also equipped with rail lines for trains. Highway tunnels are generally classified with regard to their method of construction: bored, cut and cover, or submerged. Tunnels through hard rock formations are usually bored (i.e., drilled) and finished to facilitate vehicular traffic. Very large boring machines are often used to cut the tunnel tubes through the hard rock formation.

(U//LES) DHS Petroleum Refinery Characteristics and Common Vulnerabilities Report

A refinery comprises upstream components, process units, downstream components, and product storage. There are four basic processes used in refineries to produce products. Distillation is used to separate hydrocarbons of similar boiling range into intermediate and final products. Chemical processes are used to change the structure of the hydrocarbons to give them different properties breaking them into smaller pieces or combining them into larger ones. Treating processes are used to remove impurities such as sulfur, and blending systems are used to combine intermediate products and additives into final products for sale.

(U//FOUO) DHS-FBI Potential for Retaliatory Attacks Following the Death of Osama bin Laden

This Joint Intelligence Bulletin provides law enforcement and public and private sector officials with information for consideration in the wake of the death of Usama bin Ladin. This information is provided to support the activities of DHS and FBI and to help federal, state, and local government counterterrorism and law enforcement officials deter, prevent, preempt, or respond to terrorist attacks directed against the United States.

(U//LES) DHS Chemical Facility Vulnerabilities and Terrorist Indicators Reports

While hazardous and nonhazardous chemicals are stored and used in many industries, the focus of this report is specific to facilities that manufacture chemicals. A chemical manufacturing facility comprises upstream components, process units, downstream components, and product storage. The chemical manufacturing process can be further divided into the following five stages, each of which may contain one or more processing activities: (1) receipt of chemical ingredients, (2) temporarily staging or storing chemical ingredients awaiting use in production, (3) processing chemical ingredients into product, (4) temporarily staging or storing chemical products awaiting shipment, and (5) shipping chemical products.

(U//LES) DHS Fossil-Fuel Power Station Terrorist Indicators Report

Steam power plants burn fossil fuel in the furnace of a steam boiler. Steam from the boiler expands through a steam turbine, which is connected to a drive shaft of an electric generator. The exhaust vapor expelled from the turbine condenses, and the liquid is pumped back to the boiler to repeat the cycle. Steam power plants are designed to use coal, natural gas, or oil. Before combustion gases can be exhausted to the atmosphere, they typically must be cleaned to reduce particulates, NOx, and SO2 to levels required by federal and state regulations.

(U//LES) DHS Subway Vulnerabilities and Terrorist Indicators Reports

A subway system, as defined here, includes not only the portion of a rail rapid transit system that is underground, but also the other portions of the rail rapid transit system, even if they are not beneath the ground surface. Data for U.S. subways are typically collected under the heading of “heavy rail,” which is an electric railway with the capacity to transport a heavy volume of passenger traffic and characterized by exclusive rights-of-way, multi-car trains, high speed, rapid acceleration, sophisticated signaling, and high-platform loading. Heavy rail is also known as “subway,” “elevated (railway),” or “metropolitan railway (metro).” Subway systems are typically only one division of a transit agency. Bus, light rail, and commuter rail often operate as feeders to subway stations.

(U//LES) DHS Shopping Mall Characteristics and Common Vulnerabilities Report

Shopping malls are potential targets for terrorist attacks because of the ability to inflict casualties, cause economic damage, and instill fear. Furthermore, they are “soft targets” in that they are serve the general public, and the presence of a significant number of American citizens is assured at certain times of the day. Due to the nature of their functions, these facilities usually lack perimeter or access controls. Due to their accessibility, soft targets are more vulnerable, and virtually impossible to defend against terrorist attacks. Damage or destruction of a large mall could inflict mass casualties, primarily on site; shut down or degrade its operation, thus having a significant impact on the economic well-being of a large area; have widespread psychological impact; and cause the release of hazardous materials.

(U//LES) DHS Hotel Vulnerabilities and Terrorist Indicators Reports

Terrorists are most likely to choose vehicle bombs if their goal is to cause maximum casualties. This method has been used to attack hotels in the United States (U.S.) and around the world. Hotels that are likely to be most vulnerable are those located in downtown areas of large cities, those hosting a controversial group or special event, those where U.S. or foreign dignitaries are guests, and those with a worldwide reputation and connections to a culture that is seen by some groups as corrupt (e.g., casino hotels).

(U//FOUO) Washington D.C. Fusion Center White Powder Letters Warning

A series of “white powder letters” have been received this afternoon at several District of Columbia schools. First responders are responding to the locations and taking appropriate action. Three of the locations have already been cleared. The letters are identical to white powder letters received by District schools in October 2010 and are believed to contain a harmless white power.

(U//LES) New Mexico Investigative Support Center Dual SIM Cell Phone Warning

A recent narcotics investigation led to the arrest of two subjects after they were found to be in possession of sixty (60) pounds of marijuana. During the investigation Agents observed the male subject repeatedly holding a wristwatch to his ear and later found the item to be a cellular phone. A Cellebrite extraction was conducted on this phone which was found to have two SIM cards. Dual SIM cards enable the user to combine different numbers, plans or network carriers. This particular cell phone had one SIM card from A T & T, and the other one from Telcel, New Mexico’s largest mobile phone carrier. An internet search revealed you can purchase these wristwatch cell phones starting at $50.00. There were no markings to identify the brand or carrier of this phone. Law Enforcement is advised to be on the look out for these communication devices when you are in contact with subjects of criminal investigations.

(U//LES) DHS Hydroelectric Dam Vulnerabilities and Terrorist Indicators Reports

Hydropower, including pumped storage, constitutes about 14% of the electrical generating capacity of the United States (U.S.). Hydropower is the primary source of renewable energy in the U.S. Total U.S. hydroelectric capacity is 103.8 gigawatts (GW), including pumped storage projects. The federal government owns 38.2 GW at 165 sites (excluding pumped storage). Another 40 GW of non-federal, licensed conventional hydroelectric capacity (excluding pumped storage) exists at 2,162 sites in the U.S. (National Hydropower Association). The distribution of hydropower generating capacity by ownership is illustrated in Figure 1. The 10 largest hydroelectric facilities in the country are listed in Table 1 (U.S. Society on Dams).

(U//LES) DHS Underwater Cable Landing Station Vulnerabilities and Terrorist Indicators Reports

Underwater cables carry telecommunications traffic (voice and data) under bodies of water (e.g., lakes and seas). These cables carry about 95% of all intercontinental telecommunications traffic. International banking and finance transactions are highly dependent on underwater (also known as submarine) communications cables. Some military communications traffic is carried via underwater cables. Most underwater communications cables in service are fiber-optic cables. New systems are almost always equipped with fiber-optic cables (rather than older technology coaxial cables). Underwater cable systems have expanded in recent years due to increased demand, changes in technology, and reduction in costs. This paper focuses on the gateway point to underwater cable systems, the cable landing station, including the fiber run from the station to shore where the fiber enters the water. Additional detail on the underwater portion of fiber cabling can be found in Characteristics and Common Vulnerabilities, Infrastructure Category: Underwater Cables (Draft, December 15, 2003).