Terrorist and militant attacks on electric power infrastructure outside the United States in 2021 and 2022 occurred at more than three times the average annual number of attacks from 2015 through 2020, according to an NCTC database. The peak of 101 attacks in 2021 at least partly reflected incidents attributed to ISIS’s “economic war” campaign, judging from press reporting and terrorist social media. We expect the high rate of attacks to continue for the remainder of 2023 because of the accessibility and ongoing vulnerability of electricity infrastructure and the number of well-publicized attacks in 2021-22.
A study of individuals who disengaged from violent movements concludes that tailored approaches to countering violent extremism (CVE) at key turning points in the disengagement process can help facilitate disengagement. CVE efforts will be most effective after an individual experiences initial doubts about involvement in violent extremist activities. From that point in the process, an effective disengagement strategy needs to consider the individual’s role within the group, vulnerabilities in that role, his or her support system, and level of commitment to violent extremism.
The Department of Homeland Security (DHS), Federal Bureau of Investigation (FBI), and National Counterterrorism Center (NCTC) assess that domestic violent extremists (DVEs)a fueled by various evolving ideological and sociopolitical grievances pose a sustained threat of violence to the American public, democratic institutions, and government and law enforcement officials. Flashpoint events in the coming months may exacerbate these perceived grievances, further increasing the potential for DVE violence. DVEs adhering to different violent extremist ideologies have coalesced around anger at issues including perceived election fraud, as well as immigration and government responses to the COVID-19 pandemic, drawing on their varied perceptions of those issues. These factors, along with fluid conspiracy theories, have amplified longstanding DVE grievances, including perceptions of government and law enforcement overreach or oppression and shifts in US demographics and cultural values.
Russia almost certainly is subjecting Ukrainian civilians in occupied areas to so-called filtration operations. Individuals face one of three fates after undergoing filtration, which include being issued documentation and remaining in Russian-occupied Ukraine, forcefully deported to Russia, or detained in prisons in eastern Ukraine or Russia.
(U//FOUO) DHS-FBI-NCTC Bulletin: Dissemination of Tactics, Techniques, and Procedures Used by Buffalo Attacker Likely To Enhance Capabilities of Future Lone Offenders
This Joint Intelligence Bulletin (JIB) provides an overview of significant tactics, techniques, and procedures (TTPs) discussed or used by the alleged perpetrator of the 14 May 2022 mass casualty shooting in Buffalo, New York and details how related documents spread after the attack may contribute to the current threat landscape. The alleged attacker drew inspiration from previous foreign and domestic racially or ethnically motivated violent extremists (RMVEs) and their online materials, underscoring the transnational nature of this threat. DHS, FBI, and NCTC advise federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners to remain vigilant of this enduring threat.
This resource is provided to inform law enforcement, terrorism prevention practitioners, other first responders, community leaders, as well as the general public about both threats of violence and contextual behaviors that suggest an individual is mobilizing to violence. While some violent extremists may make direct, indirect, or vague threats of violence, others may plot violent action while avoiding such overt threats to maintain operational security—underscoring the need to consider both threats of violence and contextual behaviors.
(U//FOUO) DHS-FBI-NCTC Bulletin: First Responder Awareness of Privately Made Firearms May Prevent Illicit Activities
Criminals and violent extremists continue to seek ways to acquire firearms through the production of privately made firearms (PMFs). PMFs can be easily made using readily available instructions and commonly available tools, require no background check or firearms registration (serial number) under federal law, and their parts have become more accessible and affordable. This, combined with the increase in law enforcement recoveries of nonserialized and counterfeit firearms in criminal investigations, will most likely create increasing challenges in law enforcement investigations, including weapon accountability access and tracking. PMF awareness and identification can aid PMF recovery, prevention of illicit activities including terrorism, and overall first responder and public safety.
(U//FOUO) Domestic Violent Extremists Emboldened in Aftermath of Capitol Breach, Domestic Terrorism Threat Likely Amid Political Transitions
This Joint Intelligence Bulletin (JIB) is intended to highlight the threat of violence from domestic violent extremists (DVEs) in the wake of the 6 January violent breach by some DVEs of the US Capitol Building in Washington, DC, following lawful protest activity related to the results of the General Election. Anti-government or anti-authority violent extremists (AGAAVE), specifically militia violent extremists (MVEs); racially or ethnically motivated violent extremists (RMVEs); and DVEs citing partisan political grievances will very likely pose the greatest domestic terrorism threats in 2021.
(U//FOUO) DHS-FBI-NCTC Bulletin: Escalating Tensions Between the United States and Iran Pose Potential Threats to the Homeland
This Joint Intelligence Bulletin (JIB) is intended to assist federal, state, local, tribal, and territorial counterterrorism, cyber, and law enforcement officials, and private sector partners, to effectively deter, prevent, preempt, or respond to incidents, lethal operations, or terrorist attacks in the United States that could be conducted by or on behalf of the Government of Iran (GOI) if the GOI were to perceive actions of the United States Government (USG) as acts of war or existential threats to the Iranian regime.
(U//FOUO) DHS-FBI-NCTC Bulletin: ISIS Leader Abu Bakr al-Baghdadi Appears in Video for the First Time in Nearly Five Years
This Joint Intelligence Bulletin (JIB) is intended to provide information on the recent video appearance by the Islamic State of Iraq and ash-Sham (ISIS) leader Abu Bakr al-Baghdadi. The video addresses the group’s territorial defeat in Syria, discusses the acceptance of pledges of allegiance from ISIS supporters, and praises recent attacks in Sri Lanka and Saudi Arabia. This JIB is provided by the FBI, DHS, and NCTC to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks against the United States. All video details described in this JIB are taken from the translated transcript of Baghdadi’s speech.
(U//FOUO) National Counterterrorism Center Report: Envisioning the Emergence of Shia Homegrown Violent Extremist Plotters in the US
We assess that a Shia homegrown violent extremist (HVE) attack in the US is highly unlikely absent a catalyzing event that could galvanize some US-based Shia to engage independently in violence. Given sustained bilateral US-Iran tensions, the occurrence of such a catalyst could prompt Shia HVE activity relatively quickly, underscoring the benefits of early engagement with Shia communities about indicators of HVE radicalization. Potential triggering events for such Shia HVE violence include US military action against Iran and Lebanese Hizballah, Shia leadership or senior clerics sanctioning violence in the US, prominent Sunni government attacks on Shia, or high-profile anti-Shia activity in the US, judging from the results of a structured NCTC brainstorming exercise.
(U//FOUO) National Counterterrorism Center Guide: Sunni Extremist Attacks and Plots in the US Before 9/11
NCTC assesses that the Sunni extremist threat to the US before 9/11 was characterized by diverse extremist organizations and lone actors motivated by multiple ideological narratives and other factors, including Salafi jihadism, Palestinian nationalism, theological disputes within Islam, anti-Semitism, and anti-Hindu sentiments. We have identified a dozen successful attacks, four disrupted plots, and one attempt to set up an extremist training camp in the US between 1973 and 2001, underscoring the persistent threat from al-Qa‘ida–associated extremists, Palestinian terrorist groups, and Sunni extremist lone actors in the decades leading up to 9/11. These extremists chose a wide array of targets, with the majority of their attacks before 1993 focused on Hindu, Jewish, or Muslim individuals or institutions. Most attacks after that date were against civilian or US Government targets, because of al-Qa‘ida–associated extremists’ focus on indiscriminate mass casualty attacks. In some cases, we lack clear insight into the attackers’ motivations because of information gaps, and FBI disagrees about the motivations underlying two of these attacks.
(U//FOUO) DHS-FBI-NCTC Bulletin: Attacks on Mosques in Christchurch, New Zealand May Inspire Supporters of Violent Ideologies
This Joint Intelligence Bulletin (JIB) is intended to provide information on Australian national and violent extremist Brenton Tarrant’s 15 March 2019 attacks on two mosques in Christchurch, New Zealand. These attacks underscore the enduring nature of violent threats posed to faith-based communities. FBI, DHS, and NCTC advise federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners responsible for securing faith-based communities in the Homeland to remain vigilant in light of the enduring threat to faith-based communities posed by domestic extremists (DEs), as well as by homegrown violent extremists (HVEs) who may seek retaliation.
Counterterrorism Weekly is an UNCLASSIFIED//FOR OFFICIAL USE ONLY compilation of open source publicly available press and relevant commentary on issues related to terrorism and counterterrorism over the past seven days. It is produced every Wednesday, excluding holidays. Counterterrorism Weekly is produced by the National Counterterrorism Center and contains situational awareness items detailing ongoing terrorism-related developments which may be of interest to Federal, State, Local and Tribal Law Enforcement, security, military personnel, and first responders. Information contained in the Counterterrorism Weekly is subject to change as a situation further develops.
This reference aid draws on CTIIC’s experience promoting interagency situational awareness and information sharing during previous significant cyber events—including cyber threats to elections. It provides a guide to cyber threat terms and related terminology issues likely to arise when describing cyber activity. The document includes a range of cyber-specific terms that may be required to accurately convey intelligence on a cyber threat event and terms that have been established by relevant authorities regarding technical infrastructure for conducting elections.
In the 2011 report to Congress on Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, the Office of the National Counterintelligence Executive provided a baseline assessment of the many dangers facing the U.S. research, development, and manufacturing sectors when operating in cyberspace, the pervasive threats posed by foreign intelligence services and other threat actors, and the industries and technologies most likely at risk of espionage. The 2018 report provides additional insight into the most pervasive nation-state threats, and it includes a detailed breakout of the industrial sectors and technologies judged to be of highest interest to threat actors. It also discusses several potentially disruptive threat trends that warrant close attention.
(U//FOUO) DHS-FBI-NCTC Bulletin: Online Information May Provide Potential Roadmap for Crude Chemical-Biological Attacks
The late 2016 arrest of two California teenagers for allegedly planning a “mass casualty event” by carrying out a chemical attack at a local high school pep rally highlights how individuals can use online resources to plan crude chemical or biological attacks. Violent extremists continue to circulate often ineffective or misleading how-to instructions for producing and disseminating poisons, crude biological toxins, and toxic industrial chemicals that in many cases are commercially available and easy to obtain. While we have no indication the suspects in this case subscribed to or consumed material related to violent extremist ideologies, their activity highlights one path to conducting a potential chemical or biological attack.
There is continued terrorist interest in attacking the rail system either as the primary target or as an attack mechanism. The US railroad system includes 800 railroads, 144,000 miles of track, and 212,000 railroad crossings. First responders should work closely with railroad police departments and other security partners to better protect rail assets—including freight rail (railcars loaded with commodities or hazardous materials), passenger rail (Amtrak, regional, or commuter rail), heavy rail (metro, and subway), and light rail (street cars, tramways, or trolleys)—from terrorist attacks and criminal activities. This product was developed to provide general rail safety tips and resources to help increase first responder awareness of the rail environment.
Food and agriculture infrastructure is a $1 trillion industry, almost entirely under private ownership and comprises an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing, and storage facilities. Intentional contamination of the food supply could have significant public health and economic consequences depending on the commodity, the agent used, and where in the supply chain the contaminant was added. This product provides first responders and private-sector stakeholders an awareness of the complex operating environment that may result from intentional contamination of the food supply and identifies key collaborative partners and indicators to minimize the risk of an intentional attack on the food supply.
(U//FOUO) National Counterterrorism Center Guide: Sunni Violent Extremist Attacks in the US Since 9/11
NCTC assesses that the Sunni violent extremist threat in the US has evolved from one defined by complex, large-scale attacks directed by a foreign terrorist organization (FTO) to mostly self-initiated attacks by homegrown violent extremists using relatively simple methods. Of the 28 Sunni violent extremist attacks in the US since 9/11 only three were directed by an FTO. Most attacks were perpetrated by individuals enabled—through encouragement or operational support—or inspired by ISIS, al-Qa‘ida, and al-Qa‘ida affiliates.
The number of criminal and gang-related assaults involving acid or other corrosive substances has risen sharply in some Western countries. As of July 2017, police statistics in England indicate assaults and threats involving corrosives have risen from 183 in 2012 to more than 500 this year, according to open source reporting. Although there has been minimal specific interest by terrorists in acid attacks to date, we judge the increase in criminal incidents coupled with recent English-language terrorist messaging encouraging attacks using acid may spur opportunistic terrorist use of the tactic, underscoring the potential threat and importance of an immediate on-scene emergency response.
In August, ISIS released a seven-minute, English-language video encouraging would-be fighters to travel to the Philippines instead of Syria and Iraq. The video was the latest sign the group has shifted its recruiting tactics as it loses ground to Coalition Forces in the Middle East. Asia has become a new focus for ISIS, according to private sector analysts, such as Flashpoint Intelligence.
This case study is an examination of behaviors that resulted in a disrupted terrorist attack, revealing a cycle of planning and preparation that could provide indicators for preventing similar attempts. The terrorist attack planning cycle is not a static, linear process but rather could begin in any of the several stages with variances in details, sequence, and timing. An individual’s mobilization to violence often provides observable behavioral indicators such as, pre-attack surveillance, training, and rehearsal. The indicators potentially allow third-party observers and law enforcement to identify individuals moving to violence, circumstances that may allow for disruption of planned attacks. This product is intended to cultivate an awareness of the planning cycle among stakeholders for identification, mitigation, and disruption of attack planning.