United States

The FBI has obtained information regarding a malicious cyber group that has compromised the networks of foreign banks. The actors have exploited vulnerabilities in the internal environments of the banks and initiated unauthorized monetary transfers over an international payment messaging system. In some instances, the actors have been present on victim networks for a significant period of time. Contact law enforcement immediately regarding any activity related to the indicators of compromise (IOCs) in the attached appendix that are associated with this group.

Department of Justice Procedures for Direct Actions Against Terrorists Outside U.S. and Areas of Active Hostilities

August 7, 2016

This Presidential Policy Guidance (PPG) establishes the standard operating procedures for when the United States takes direct action, which refers to lethal and non-lethal uses of force, including capture operations, against terrorist targets outside the United States and areas of active hostilities.

U.S. Army Special Operations Command Primer on Russian Unconventional Warfare in Ukraine 2013-2014

July 31, 2016

This document is intended as a primer—a brief, informative treatment—concerning the ongoing conflict in Ukraine. It is an unclassified expansion of an earlier classified version that drew from numerous classified and unclassified sources, including key US Department of State diplomatic cables. For this version, the authors drew from open source articles, journals, and books. Because the primer examines a very recent conflict, it does not reflect a comprehensive historiography, nor does it achieve in-depth analysis. Instead, it is intended to acquaint the reader with the essential background to and course of the Russian intervention in Ukraine from the onset of the crisis in late 2013 through the end of 2014.

(U//FOUO) DHS-FBI Bulletin: Law Enforcement Vigilance and Caution Urged at Public and Political Events

July 30, 2016

This Joint Intelligence Bulletin (JIB) is intended to provide situational awareness concerning the domestic extremist threat to national public and political events. This JIB is provided by the FBI and DHS to support law enforcement in their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks against the United States.

FBI Cyber Bulletin: Identification of Locky Ransomware

July 26, 2016

The ‘Locky’ malware is a ransomware variant, which has extensively utilized spam campaigns to distribute malicious files that download and execute code capable of encrypting numerous critical file types on both local and networked file stores. Encrypted files are renamed with a unique hexadecimal filename and receive the “.locky” extension. Each directory containing encrypted files contains instructions on how to utilize Bitcoin in order to pay a ransom for file recovery, and the system’s computer background is also changed to contain payment instructions. Recovery of encrypted files is impossible without data backup or acquisition of the private key due to the well-implemented, strong encryption. Historically, while payment of the ransom may result in receipt of the valid private key, enabling decryption of the targeted files, the FBI does not recommended the victim pay the ransom.

Joint Improvised-Threat Defeat Agency Global IED Reports June 2016

July 25, 2016

A collection of all Combat Integration Support Team (CIST) Global IED Reports for the month of June 2016. The reports are produced by the Joint Improvised-Threat Defeat Agency, formerly the Joint Improvised Explosive Device Defeat Organization (JIEDDO).

FDNY Presentation on Orlando Terror Attack

July 17, 2016

A presentation from the FDNY analyzing the June 12, 2016 terror attack on a nightclub in Orlando, Florida.

United States Army Special Operations Command Unconventional Warfare Pocket Guide

July 17, 2016

This guide is a quick reference of Unconventional Warfare (UW) theory, principles, and tactics, techniques and procedures. It is not a complete treatment of the subject. To guide further study, it includes (in annotated form) as many references as possible starting with established law, policy and doctrine, includes scientific studies, and finishes with recommended reading on the subject.

Declassified 28 Pages From Congressional 9/11 Investigation

July 15, 2016

While in the United States, some of the September 11 hijackers were in contact with, and received support or assistance from, individuals who may be connected to the Saudi Government. There is information, primarily from FBI sources, that at least two of those individuals were alleged by some to be Saudi intelligence officers. The Joint Inquiry’s review confirmed that the Intelligence Community also has information, much of which has yet to be independently verified, indicating that individuals associated with Saudi Government in the United States may have other ties to al-Qa’ida and other terrorist groups. The FBI and CIA have informed the Joint Inquiry that, since the September 11 attacks, they are treating the Saudi issue seriously, but both still have only a limited understanding of the Saudi Government’s ties to terrorist elements. In their testimony, neither CIA nor FBI witnesses were able to identify definitively the extent of Saudi support for terrorist activity globally or within the United States and the extent to which such support, if it exists, is knowing or inadvertent in nature.

FBI Cyber Bulletin: United Cyber Caliphate Releases PII of U.S. Business Personnel Directory

July 11, 2016

As of 5 May 2016, the Islamic State of Iraq and the Levant (ISIL) Sympathizer hacking group United Cyber Caliphate (UCC) defaced a Nigerian-hosted Web site, posting an html file containing the heading “USA Online Company Data Dumped by United Cyber Caliphate,” there was no other message or threat associated with the file. The file contained approximately 1,137 entries, many of which appeared to be US-based individuals with corresponding personally identifiable information (PII) fields such as name, company, e-mail, phone, city, state, and zip code. The PII was doxed from the personnel directory of a US business, according to FBI and open source reporting.

Records Related to Former NSA Director Keith Alexander’s Attendance of Bilderberg Meetings in 2008, 2009, 2011

July 11, 2016

A collection or records released via a Freedom of Information Act request for all records “relating to NSA Director Gen. Keith B. Alexander’s attendance of the Bilderberg Meetings held in 2008 in Chantilly Virginia; in 2009 in Vouliagmeni, Greece; and in 2011 in St. Moritz, Switzerland.”

(U//FOUO) FBI New Orleans Alert: Violence Against Law Enforcement and Riots Planned for July 8-10 2016

July 9, 2016

The purpose of this Situational Information Report (SIR) is to alert first responders of threats to law enforcement and potential threats to the safety of the general public. The threats stem from an officer involved shooting in Baton Rouge, Louisiana on 5 July 2016.

DHS Critical Infrastructure 2025 Strategic Risk Assessment

July 6, 2016

This strategic risk assessment provides an overview of six distinguishable trends emerging in U.S. critical infrastructure. These trends, when combined or examined singularly, are likely to significantly influence critical infrastructure and its resiliency during the next 10 years.

Office of the Director of National Intelligence Summary of U.S. Counterterrorism Strikes Outside Areas of Active Hostilities

July 1, 2016

In accordance with the President’s direction and consistent with the President’s commitment to providing as much information as possible to the American people about U.S. counterterrorism activities, the Director of National Intelligence (DNI) is releasing today a summary of information provided to the DNI about both the number of strikes taken by the U.S. Government against terrorist targets outside areas of active hostilities and the assessed number of combatant and non-combatant deaths resulting from those strikes. “Areas of active hostilities” currently include Afghanistan, Iraq, and Syria.

Orange County Sheriff Office Orlando Nightclub Shooting Incident Reports

June 26, 2016

Incident reports from deputies with the Orange County Sheriff’s Office responding to the mass shooting at Orlando’s Pulse nightclub on June 12, 2016.

FBI Cyber Bulletin: Android Malware Phishing for Financial Institution Customer Credentials

June 26, 2016

The FBI has identified two Android malware families, SlemBunk and Marcher, actively phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface. The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. According to cyber threat industry reports, both malware families have targeted foreign financial institutions since 2014, gradually broadening the list to include Western banks, and offered the malware for lease or purchase, respectively, in underground forums. At least as of December 2015, the malware expanded its configuration to include the Android package names of US financial institutions.

U.S. Army War College Paper: Preparation for Megacity Operations

June 20, 2016

The United States US Army Chief of Staff Studies Group has identified the megacity as a future challenge to the security environment. Due to their complexity, megacities present a vulnerable and challenging future operational environment. Currently, however, the US Army is incapable of operating within the megacity. The US Army must think and learn through leveraging partnerships, which enhance institutional understanding. Historical experiences and lessons learned should assist in refining concepts and capabilities needed for the megacity.

DHS Healthcare Bulletin on Ransomware Attacks Against Hospitals

June 7, 2016

The Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC) has notified the Department of Health and Human Services (HHS) of an increase in ransomware incidents at some healthcare organizations in the U.S. This Bulletin provides Healthcare and Public Health (HPH) Partners with information regarding ransomware, mitigation strategies, as well as additional materials to reference located within the HSIN HPH Cyber Threat Library.

FBI Bulletin: Criminals Hacking Law Firms to Steal Information for Insider Trading

June 2, 2016

A financially motivated cyber crime insider trading scheme targets international law firm information used to facilitate business ventures. The scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information (MNPI). This information, gained prior to a public announcement, is then used by a criminal with international stock market expertise to strategically place bids and generate a monetary profit.

(U//LES) Financial Crimes Enforcement Network: Financing of ISIL Foreign Terrorist Fighters

May 29, 2016

The Financial Crimes Enforcement Network (FinCEN) is issuing this advisory to provide financial institutions with information on identifying and reporting transactions possibly associated with Foreign Terrorist Fighters (FTFs) who support the Islamic State of Iraq and the Levant (ISIL), al-Qa’ida, and their affiliates in Iraq and the Lev ant region. Financial institutions may use this information to enhance their Anti-Money Laundering (AML) risk-based strategies and monitoring systems. This advisory is not intended to call into question financial institutions’ maintenance of normal relationships with other financial institutions, or to be used as basis for engaging in wholesale or indiscriminate de-risking practices.

FBI Cyber Division Bulletin: KeySweeper Wireless Keystroke Logger Disguised as USB Device Charger

May 22, 2016

KeySweeper is a covert device that resembles a functional Universal Serial Bus (USB) enabled device charger which conceals hardware capable of harvesting keystrokes from certain wireless keyboards. If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information. Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen.
Technical Details

DoD-NORTHCOM Defense Support of Civil Authorities Republican National Convention 2016 Presentation

May 21, 2016

On order and in response to natural/manmade incidents, the Defense Coordinating Officer / Defense Coordinating Element (DCO/DCE) anticipates and conducts Defense Support of Civil Authorities (DSCA) operations coordinating Title 10 forces and resources in support of the Federal Primary Agency (PA) in order to minimize impacts to the American people, infrastructure and environment.

U.S. Special Operations Command White Paper: The Gray Zone

May 15, 2016

Gray zone security challenges, existing short of a formal state of war, present novel complications for U.S. policy and interests in the 21st century. We have well-developed vocabularies, doctrines and mental models to describe war and peace, but the numerous gray zone challenges in between defy easy categorization. For purposes of this paper, gray zone challenges are defined as competitive interactions among and within state and non-state actors that fall between the traditional war and peace duality. They are characterized by ambiguity about the nature of the conflict, opacity of the parties involved, or uncertainty about the relevant policy and legal frameworks.

Joint Staff Strategic Assessment: Maneuver and Engagement in the Narrative Space

May 15, 2016

This paper was produced in support of the Strategic Multi-layer Assessment (SMA) of the Islamic State of Iraq and the Levant (ISIL) led by Joint Staff J39 in support of the Special Operations Command Central (SOCCENT). The paper leverages and melds the latest thinking of academic and operational subject matter experts in fields of organizational and social dynamics, network analysis, psychology, information operations and narrative development, social media analysis, and doctrine development related to aspects of maneuver and engagement in the narrative space.

DHS Infrastructure Report: Nuclear Reactors, Materials, and Waste Sector Cyberdependencies

May 9, 2016

The Department of Homeland Security Office of Cyber and Infrastructure Analysis (DHS OCIA) produces cyberdependency papers to address emerging risks to critical infrastructure and provide increased awareness of the threats, vulnerabilities, and consequences of those risks to the Homeland. This note informs infrastructure and cybersecurity analysts about the potential consequences of cyber-related incidents in the Nuclear Reactors, Materials, and Waste Sector and its resilience to such incidents. This note also clarifies how computer systems support infrastructure operations, how cybersecurity incidents compromise these operations, and the likely functional outcome of a compromise.

Page 13 of 103

« 1 … 11 12 13 14 15 … 103 »

Russia, U.S. Special Operations Command, Ukraine

Department of Homeland Security, Federal Bureau of Investigation

Florida, New York

Saudi Arabia, United States

Bilderberg, National Security Agency

Federal Bureau of Investigation, Louisiana

Department of Defense, U.S. Northern Command

Department of Defense, Joint Chiefs of Staff, U.S. Army