Since the May 2010 publication of the Roll Call Release “Terrorist Use of Propane Cylinders,” terrorists have continued to advocate the use of propane cylinders in building improvised explosive devices (IEDs). Throughout 2014, al-Qa‘ida-inspired violent extremists posted on the Internet English-language instructions for building and using propane IEDs and encouraged attacks in the United States. The posts recommended military, commercial, and financial sector targets, major metropolitan areas, and mass gatherings.
National Counterintelligence Executive Unauthorized Disclosures of Classified Information Training Course
This course identifies and discusses employees’ responsibilities for safeguarding classified information against unauthorized disclosures. This course also outlines the criminal and administrative sanctions which can be imposed for an unauthorized disclosure. While there are multiple categories of unauthorized disclosures, this course will focus on unauthorized disclosures to the media due to the significance of the damage these leaks have caused to both the Intelligence Community (IC) and national security.
Malicious cyber actors are using advanced search techniques, referred to as “Google dorking,” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks. “Google dorking” has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities. By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.
(U//FOUO) DHS-FBI-NCTC Bulletin: Medical Treatment Presents Opportunity for Discovery of Violent Extremist Activities
Efforts to gain expertise with explosive, incendiary, and chemical/biological devices may lead to injuries and emergency treatment, which may provide potential indicators of violent extremist activities to responding emergency medical service (EMS) personnel. Scene size-up and patient assessment provide first responders the opportunity to view both the scene and any patient injuries. EMS personnel and other first responders should consider the totality of information gleaned through direct observation and the statements of patients, witnesses, and bystanders to evaluate whether an injury is a genuine accident or related to violent extremist activity.
National Counterterrorism Center Flyer: College Drone Programs Can Be Targeted by Violent Extremists
College programs in unmanned aircraft systems (UAS) are susceptible to potential penetration or attack plotting by violent extremists. Enhanced information and operational security practices can reduce the likelihood of a violent extremist infiltrating UAS programs or planning an attack against students and faculty. There are potential indicators that a student or faculty member may possess ulterior motives for their interest in unmanned aircraft.
Terrorists in late December 2013 conducted three attacks targeting people using public transportation systems in Russia, emphasizing terrorists’ persistent interest in attacking locations where large congregations of people are confined to small, often enclosed spaces. Russian officials claim North Caucasus-based violent extremists associated with the Imirat Kavkaz (IK) probably conducted these attacks to embarrass the Russian government in the build-up to the 2014 Olympic Games in Sochi. The IK, a violent extremist group based in Russia, has no known capability in the Homeland and is unlikely to directly target Western interests overseas.
The DNI, D/NCTC and the Attorney General approved revised Attorney General Guidelines for NCTC’s handling of US Person (USP) information in March 2012. These revised NCTC Attorney General Guidelines (“NCTC’s AGGs”) govern NCTC’s access, retention, use, and dissemination of datasets identified as including non-terrorism information and information pertaining exclusively to domestic terrorism, and provide NCTC with the authority to retain USP information for up to five years (unless a shorter period is required by law, executive order, regulation, international agreement, etc.). During this temporary retention and assessment period, additional safeguards and protections are applied to this data, to include baseline (and potentially enhanced) safeguards, as well as additional compliance, auditing, reporting and oversight mechanisms.
On April 15, 2013, two pressure cooker bombs placed near the finish line of the Boston Marathon detonated within seconds of each other, killing three and injuring more than two hundred people. Law enforcement officials identified brothers Tamerlan and Dzhokhar Tsarnaev as primary suspects in the bombings. After an extensive search for the then-unidentified suspects, law enforcement officials encountered Tamerlan and Dzhokhar Tsarnaev in Watertown, Massachusetts. Tamerlan Tsarnaev was shot during the encounter and was pronounced dead shortly thereafter. Dzhokhar Tsarnaev, who fled the scene, was apprehended the following day and remains in federal custody.
Law enforcement continues to see reporting of malicious cyber actors using fake help desk scams, also known as technical support scams. These scams, if successful, seek to compromise and take control of computer systems. Malicious cyber actors send users an e-mail or they make cold calls, purportedly representing a help desk from a legitimate software or hardware vendor. The malicious cyber actors try to trick users into believing that their computer is malfunctioning—often by having them look at a system log that typically shows scores of harmless or low-level errors—then convincing them to download software or let the “technician” remotely access the personal computer to “repair” it.
Facility security measures, such as interior control points or exterior barriers, may require first responders to adjust normal protocols and procedures to operate rapidly during emergencies. The timeline below is an overview of attacks and plots against US-based facilities with varying levels of security. The diversity of tactics and targets used underscores the need for interagency exercises and training that incorporates multiple scenarios to account for building security measures likely to be encountered.
Since at least January 2012, criminals are using telephony-based denial-of-service (TDoS) combined with extortion scams to phone an employee’s office and demand the employee repay an alleged loan. If the victim does not comply, the criminals initiate TDoS attacks against the employer’s phone numbers. TDoS uses automated calling programs—similar to those used by telemarketers—to prevent victims from making or receiving calls.
Understanding master narratives can be the difference between analytic anticipation and unwanted surprise, as well as the difference between communications successes and messaging gaffes. Master narratives are the historically grounded stories that reflect a community’s identity and experiences, or explain its hopes, aspirations, and concerns. These narratives help groups understand who they are and where they come from, and how to make sense of unfolding developments around them. As they do in all countries, effective communicators in Afghanistan invoke master narratives in order to move audiences in a preferred direction. Afghan influencers rely on their native familiarity with these master narratives to use them effectively. This task is considerably more challenging for US communicators and analysts because they must place themselves in the mindset of foreign audiences who believe stories that — from an American vantage point — may appear surprising, conspiratorial, or even outlandish.
A facilitated brainstorming session was convened to identify and examine the most common misconceptions about conventional Homeland plotting. These misconceptions stemmed from inquiries received from Federal, state, local, tribal, and private-sector consumers and from articles published by outside experts and in the media. Analysts identified the following six misconceptions as the most common and compared them with current analytic lines.
A 2009 document from the Office of the Director of National Intelligence and the Department of Defense creating performance standards for “successful” and “outstanding” employee performance within the U.S. intelligence community.
(U//FOUO) National Counterterrorism Center: Urban Exploration Offers Insight on Infrastructure Vulnerabilities
Urban Explorers (UE)—hobbyists who seek illicit access to transportation and industrial facilities in urban areas—frequently post photographs, video footage, and diagrams on line that could be used by terrorists to remotely identify and surveil potential targets. Advanced navigation and mapping technologies, including three dimensional modeling and geo-tagging, could aid terrorists in pinpointing locations in dense urban environments. Any suspicious UE activity should be reported to the nearest State and Major Area Fusion Center and to the local FBI Joint Terrorism Task Force.
IARPA invests in high-risk, high-payoff research that has the potential to provide our nation with an overwhelming intelligence advantage over future adversaries. This research is parsed among three Offices: Smart Collection, Incisive Analysis, and Safe & Secure Operations. This BAA solicits abstracts/proposals for the Office of Incisive Analysis (IA).
National Counterintelligence Executive Specifications for Constructing Sensitive Compartmented Information Facilities
This Intelligence Community (IC) Technical Specification sets forth the physical and technical security specifications and best practices for meeting standards of Intelligence Community Standard (ICS) 705-1 (Physical and Technical Standards for Sensitive Compartmented Information Facilities). When the technical specifications herein are applied to new construction and renovations of Sensitive Compartmented Information Facilities (SCIFs), they shall satisfy the standards outlined in ICS 705-1 to enable uniform and reciprocal use across all IC elements and to assure information sharing to the greatest extent possible. This document is the implementing specification for Intelligence Community Directive (ICD) 705, Physical and Technical Security Standards for Sensitive Compartmented Information Facilities (ICS-705-1) and Standards for Accreditation and Reciprocal Use of Sensitive Compartmented Information Facilities (ICS-705-2) and supersedes Director of Central Intelligence Directive (DCID) 6/9.
(U//FOUO) National Counterterrorism Center Special Report: IED Targeting of First Response Personnel
Although most terrorist IED attacks outside war zones target civilians or symbols of authority and usually involve a single device, some are designed specifically to target emergency response personnel. The most common tactics involve using secondary or tertiary devices in tiered or sequential attacks intended to kill or maim response personnel after they arrive on the scene of an initial IED incident.
This report is intended to stimulate thinking about the rapid and vast geopolitical changes characterizing the world today and possible global trajectories during the next 15-20 years. As with the NIC’s previous Global Trends reports, we do not seek to predict the future—which would be an impossible feat—but instead provide a framework for thinking about possible futures and their implications.
An Open Source Center translation of a decree issued by Hamid Karzai in July 2012 on fighting corruption in Afghanistan.
(U//FOUO) National Counterterrorism Center Advisory: Homegrown Violent Extremists Targeting Law-Enforcement Officers
Some homegrown violent extremists (HVE) have targeted US law-enforcement entities and have used publicly available information to counter these entities’ CT tactics and security practices. Law-enforcement entities are being identified by these extremists as both strategic targets and targets of opportunity, mainly because a core element of HVE subculture perceives that persecution by US law enforcement reflects the West’s inherent aggression toward Islam, which reinforces the violent opposition by HVEs to law enforcement.
An autonomous or federal Kurdistan within Syria — similar to that which exists in Iraq — is unlikely because of intra-Kurdish conflict and the opposition of Turkey and the Syrian National Council (SNC) — the main external Syrian opposition group.
Understanding master narratives can be the difference between analytic anticipation and unwanted surprise, as well as the difference between communications successes and messaging gaffes. Master narratives are the historically grounded stories that reflect a community’s identity and experiences, or explain its hopes, aspirations, and concerns. These narratives help groups understand who they are and where they come from, and how to make sense of unfolding developments around them. As they do in all countries, effective communicators in Syria invoke master narratives in order to move audiences in a preferred direction. Syrian influencers rely on their native familiarity with these master narratives to use them effectively. This task is considerably more challenging for US communicators and analysts because they must place themselves in the mindset of foreign audiences who believe stories that — from an American vantage point — may appear surprising, conspiratorial, or even outlandish.
This report is focused on helping US communicators and analysts better identify opportunities to undermine AQ messaging. With this in mind, the report analyzes how AQ portrays itself and its objectives to the public through statements and multimedia releases – the messaging used to attract recruits, build public sympathy, and undermine adversaries such as the United States. Research for this analysis included AQ messaging dating back to 2000, with particular attention paid to recent messaging from 2009-2011. In addition to primary sources and open source research, interviews with 25 SMEs were used to surface master narratives, test hypotheses, and validate assertions. These SMEs were asked a combination of expansive, open-ended questions designed to surface new hypotheses as well as targeted questions designed to verify assertions. Combining these interviews with open source research, this report highlights how each master narrative reflects perceived history, themes, and objectives that are central to AQ’s public identity. Each of these master narratives appear with varied frequency across AQ messaging and propaganda, and collectively they represent a unified narrative system used by AQ and affiliate communicators.