Office of the Director of National Intelligence

National Counterintelligence Executive

National Counterintelligence Executive Unauthorized Disclosures of Classified Information Training Course

This course identifies and discusses employees’ responsibilities for safeguarding classified information against unauthorized disclosures. This course also outlines the criminal and administrative sanctions which can be imposed for an unauthorized disclosure. While there are multiple categories of unauthorized disclosures, this course will focus on unauthorized disclosures to the media due to the significance of the damage these leaks have caused to both the Intelligence Community (IC) and national security.

Read more →

Department of Homeland Security, Federal Bureau of Investigation, National Counterterrorism Center

(U//FOUO) DHS-FBI-NCTC Bulletin: Malicious Cyber Actors Use Advanced Search Techniques

Malicious cyber actors are using advanced search techniques, referred to as “Google dorking,” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks. “Google dorking” has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities. By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.

Read more →

Department of Homeland Security, Federal Bureau of Investigation, National Counterterrorism Center

(U//FOUO) DHS-FBI-NCTC Bulletin: Medical Treatment Presents Opportunity for Discovery of Violent Extremist Activities

Efforts to gain expertise with explosive, incendiary, and chemical/biological devices may lead to injuries and emergency treatment, which may provide potential indicators of violent extremist activities to responding emergency medical service (EMS) personnel. Scene size-up and patient assessment provide first responders the opportunity to view both the scene and any patient injuries. EMS personnel and other first responders should consider the totality of information gleaned through direct observation and the statements of patients, witnesses, and bystanders to evaluate whether an injury is a genuine accident or related to violent extremist activity.

Read more →

National Counterterrorism Center

National Counterterrorism Center Flyer: College Drone Programs Can Be Targeted by Violent Extremists

College programs in unmanned aircraft systems (UAS) are susceptible to potential penetration or attack plotting by violent extremists. Enhanced information and operational security practices can reduce the likelihood of a violent extremist infiltrating UAS programs or planning an attack against students and faculty. There are potential indicators that a student or faculty member may possess ulterior motives for their interest in unmanned aircraft.

Read more →

Department of Homeland Security, Federal Bureau of Investigation, National Counterterrorism Center

(U//FOUO) DHS-FBI-NCTC Bulletin: Terrorists Continued Interest in Targeting Mass Transit

Terrorists in late December 2013 conducted three attacks targeting people using public transportation systems in Russia, emphasizing terrorists’ persistent interest in attacking locations where large congregations of people are confined to small, often enclosed spaces. Russian officials claim North Caucasus-based violent extremists associated with the Imirat Kavkaz (IK) probably conducted these attacks to embarrass the Russian government in the build-up to the 2014 Olympic Games in Sochi. The IK, a violent extremist group based in Russia, has no known capability in the Homeland and is unlikely to directly target Western interests overseas.

Read more →

National Counterterrorism Center

National Counterterrorism Center Enhanced Safeguards Decision Matrix

The DNI, D/NCTC and the Attorney General approved revised Attorney General Guidelines for NCTC’s handling of US Person (USP) information in March 2012. These revised NCTC Attorney General Guidelines (“NCTC’s AGGs”) govern NCTC’s access, retention, use, and dissemination of datasets identified as including non-terrorism information and information pertaining exclusively to domestic terrorism, and provide NCTC with the authority to retain USP information for up to five years (unless a shorter period is required by law, executive order, regulation, international agreement, etc.). During this temporary retention and assessment period, additional safeguards and protections are applied to this data, to include baseline (and potentially enhanced) safeguards, as well as additional compliance, auditing, reporting and oversight mechanisms.

Read more →

Office of the Director of National Intelligence

Intelligence Community Inspector General Report on Boston Marathon Bombings

On April 15, 2013, two pressure cooker bombs placed near the finish line of the Boston Marathon detonated within seconds of each other, killing three and injuring more than two hundred people. Law enforcement officials identified brothers Tamerlan and Dzhokhar Tsarnaev as primary suspects in the bombings. After an extensive search for the then-unidentified suspects, law enforcement officials encountered Tamerlan and Dzhokhar Tsarnaev in Watertown, Massachusetts. Tamerlan Tsarnaev was shot during the encounter and was pronounced dead shortly thereafter. Dzhokhar Tsarnaev, who fled the scene, was apprehended the following day and remains in federal custody.

Read more →

Department of Homeland Security, Federal Bureau of Investigation, National Counterterrorism Center

(U//FOUO) DHS-FBI-NCTC Bulletin: Fake Help Desk Scams an Ongoing Problem

Law enforcement continues to see reporting of malicious cyber actors using fake help desk scams, also known as technical support scams. These scams, if successful, seek to compromise and take control of computer systems. Malicious cyber actors send users an e-mail or they make cold calls, purportedly representing a help desk from a legitimate software or hardware vendor. The malicious cyber actors try to trick users into believing that their computer is malfunctioning—often by having them look at a system log that typically shows scores of harmless or low-level errors—then convincing them to download software or let the “technician” remotely access the personal computer to “repair” it.

Read more →

Department of Homeland Security, Federal Bureau of Investigation, National Counterterrorism Center

(U//FOUO) DHS-FBI-NCTC Bulletin: Building Security Measures May Hinder Emergency Response Efforts

Facility security measures, such as interior control points or exterior barriers, may require first responders to adjust normal protocols and procedures to operate rapidly during emergencies. The timeline below is an overview of attacks and plots against US-based facilities with varying levels of security. The diversity of tactics and targets used underscores the need for interagency exercises and training that incorporates multiple scenarios to account for building security measures likely to be encountered.

Read more →

Department of Homeland Security, Federal Bureau of Investigation, National Counterterrorism Center

(U//FOUO) DHS-FBI-NCTC Bulletin: Extortion Schemes Use Telephony-Based Denial-of-Service Attacks

Since at least January 2012, criminals are using telephony-based denial-of-service (TDoS) combined with extortion scams to phone an employee’s office and demand the employee repay an alleged loan. If the victim does not comply, the criminals initiate TDoS attacks against the employer’s phone numbers. TDoS uses automated calling programs—similar to those used by telemarketers—to prevent victims from making or receiving calls.

Read more →

Afghanistan, Open Source Center

(U//FOUO) Open Source Center Master Narratives Country Report: Afghanistan

Understanding master narratives can be the difference between analytic anticipation and unwanted surprise, as well as the difference between communications successes and messaging gaffes. Master narratives are the historically grounded stories that reflect a community’s identity and experiences, or explain its hopes, aspirations, and concerns. These narratives help groups understand who they are and where they come from, and how to make sense of unfolding developments around them. As they do in all countries, effective communicators in Afghanistan invoke master narratives in order to move audiences in a preferred direction. Afghan influencers rely on their native familiarity with these master narratives to use them effectively. This task is considerably more challenging for US communicators and analysts because they must place themselves in the mindset of foreign audiences who believe stories that — from an American vantage point — may appear surprising, conspiratorial, or even outlandish.

Read more →

National Counterterrorism Center

(U//FOUO) National Counterterrorism Center Report: Common Misconceptions About Homeland Plotting

A facilitated brainstorming session was convened to identify and examine the most common misconceptions about conventional Homeland plotting. These misconceptions stemmed from inquiries received from Federal, state, local, tribal, and private-sector consumers and from articles published by outside experts and in the media. Analysts identified the following six misconceptions as the most common and compared them with current analytic lines.

Read more →

National Counterterrorism Center

(U//FOUO) National Counterterrorism Center: Urban Exploration Offers Insight on Infrastructure Vulnerabilities

Urban Explorers (UE)—hobbyists who seek illicit access to transportation and industrial facilities in urban areas—frequently post photographs, video footage, and diagrams on line that could be used by terrorists to remotely identify and surveil potential targets. Advanced navigation and mapping technologies, including three dimensional modeling and geo-tagging, could aid terrorists in pinpointing locations in dense urban environments. Any suspicious UE activity should be reported to the nearest State and Major Area Fusion Center and to the local FBI Joint Terrorism Task Force.

Read more →

National Counterintelligence Executive

National Counterintelligence Executive Specifications for Constructing Sensitive Compartmented Information Facilities

This Intelligence Community (IC) Technical Specification sets forth the physical and technical security specifications and best practices for meeting standards of Intelligence Community Standard (ICS) 705-1 (Physical and Technical Standards for Sensitive Compartmented Information Facilities). When the technical specifications herein are applied to new construction and renovations of Sensitive Compartmented Information Facilities (SCIFs), they shall satisfy the standards outlined in ICS 705-1 to enable uniform and reciprocal use across all IC elements and to assure information sharing to the greatest extent possible. This document is the implementing specification for Intelligence Community Directive (ICD) 705, Physical and Technical Security Standards for Sensitive Compartmented Information Facilities (ICS-705-1) and Standards for Accreditation and Reciprocal Use of Sensitive Compartmented Information Facilities (ICS-705-2) and supersedes Director of Central Intelligence Directive (DCID) 6/9.

Read more →

Department of Homeland Security, National Counterterrorism Center, U.S. Navy

(U//FOUO) National Counterterrorism Center Special Report: IED Targeting of First Response Personnel

Although most terrorist IED attacks outside war zones target civilians or symbols of authority and usually involve a single device, some are designed specifically to target emergency response personnel. The most common tactics involve using secondary or tertiary devices in tiered or sequential attacks intended to kill or maim response personnel after they arrive on the scene of an initial IED incident.

Read more →

Office of the Director of National Intelligence

National Intelligence Council Global Trends 2030: Alternative Worlds

This report is intended to stimulate thinking about the rapid and vast geopolitical changes characterizing the world today and possible global trajectories during the next 15-20 years. As with the NIC’s previous Global Trends reports, we do not seek to predict the future—which would be an impossible feat—but instead provide a framework for thinking about possible futures and their implications.

Read more →

National Counterterrorism Center

(U//FOUO) National Counterterrorism Center Advisory: Homegrown Violent Extremists Targeting Law-Enforcement Officers

Some homegrown violent extremists (HVE) have targeted US law-enforcement entities and have used publicly available information to counter these entities’ CT tactics and security practices. Law-enforcement entities are being identified by these extremists as both strategic targets and targets of opportunity, mainly because a core element of HVE subculture perceives that persecution by US law enforcement reflects the West’s inherent aggression toward Islam, which reinforces the violent opposition by HVEs to law enforcement.

Read more →

Open Source Center, Syria

(U//FOUO) Open Source Center Master Narratives Country Report: Syria

Understanding master narratives can be the difference between analytic anticipation and unwanted surprise, as well as the difference between communications successes and messaging gaffes. Master narratives are the historically grounded stories that reflect a community’s identity and experiences, or explain its hopes, aspirations, and concerns. These narratives help groups understand who they are and where they come from, and how to make sense of unfolding developments around them. As they do in all countries, effective communicators in Syria invoke master narratives in order to move audiences in a preferred direction. Syrian influencers rely on their native familiarity with these master narratives to use them effectively. This task is considerably more challenging for US communicators and analysts because they must place themselves in the mindset of foreign audiences who believe stories that — from an American vantage point — may appear surprising, conspiratorial, or even outlandish.

Read more →

Open Source Center

(U//FOUO) Open Source Center Al-Qaeda Master Narratives Report

This report is focused on helping US communicators and analysts better identify opportunities to undermine AQ messaging. With this in mind, the report analyzes how AQ portrays itself and its objectives to the public through statements and multimedia releases – the messaging used to attract recruits, build public sympathy, and undermine adversaries such as the United States. Research for this analysis included AQ messaging dating back to 2000, with particular attention paid to recent messaging from 2009-2011. In addition to primary sources and open source research, interviews with 25 SMEs were used to surface master narratives, test hypotheses, and validate assertions. These SMEs were asked a combination of expansive, open-ended questions designed to surface new hypotheses as well as targeted questions designed to verify assertions. Combining these interviews with open source research, this report highlights how each master narrative reflects perceived history, themes, and objectives that are central to AQ’s public identity. Each of these master narratives appear with varied frequency across AQ messaging and propaganda, and collectively they represent a unified narrative system used by AQ and affiliate communicators.

Read more →

France, Open Source Center

(U//FOUO) Open Source Center Master Narratives Report: Muslim Communities of France

This report serves as a resource for addressing this challenge in two ways. First, it surfaces a set of nine master narratives carefully selected based on their potency in the context of France’s Muslim communities, and their relevance to US strategic interests. Second, this report follows a consistent structure for articulating these narratives and explicitly identifies initial implications for US communicators and analysts. The set outlined here is not exhaustive: these nine master narratives represent a first step that communicators and analysts can efficiently apply to the specific messaging need or analytic question at hand. For seasoned experts on French Muslim communities, these narratives will already be familiar — the content contained in this report can be used to help check assumptions, surface tacit knowledge, and aid customer communications. For newcomers to European Islam accounts, these narratives offer deep insights into the stories and perceptions that shape French Muslim identity and worldviews that may otherwise take years to accumulate.

Read more →