United States

(U//FOUO) U.S. Army Commander’s Guide to Biometrics in Afghanistan

Biometrics capabilities on the tactical battlefield enable a wide variety of defensive and offensive operations. Biometrics help ensure enemy personnel, criminals, and other undesirable elements are not allowed access to our facilities, hired to provide services, or awarded contracts. Biometrics is used to vet members of the Afghan government and military with whom our forces interact. Unfortunately, biometrics capabilities we put in the hands of Soldiers, Marines, Sailors, and Airmen — and that we ask unit commanders to employ — are relatively recent additions to the list of capabilities our military employs on the battlefield today.

Intelligence Community Inspector General Report on Boston Marathon Bombings

On April 15, 2013, two pressure cooker bombs placed near the finish line of the Boston Marathon detonated within seconds of each other, killing three and injuring more than two hundred people. Law enforcement officials identified brothers Tamerlan and Dzhokhar Tsarnaev as primary suspects in the bombings. After an extensive search for the then-unidentified suspects, law enforcement officials encountered Tamerlan and Dzhokhar Tsarnaev in Watertown, Massachusetts. Tamerlan Tsarnaev was shot during the encounter and was pronounced dead shortly thereafter. Dzhokhar Tsarnaev, who fled the scene, was apprehended the following day and remains in federal custody.

DHS National Cybersecurity and Communications Integration Center Heartbleed Advisories

Security researchers from Google Security recently discovered a vulnerability with the Heartbeat extension (RFC6520) to OpenSSL’s Transport Layer Security (TLS) and the Datagram Transport Layer Security (DTLS) protocols. According to open source reports, the vulnerability has existed within certain OpenSSL frameworks since at least 2012. The Heartbeat extension is functionally a “keep-alive” between end-users and the secure server. It works by sending periodic “data pulses” of 64KB in size to the secure server and once the server receives that data; it reciprocates by re-sending the same data at the same size. The out-of-bounds “read” vulnerability exists because the Heartbeat extension in OpenSSL versions 1.0.1 through and 1.0.2-beta (including 1.0.1f and 1.0.2-beta1) do not properly validate the data being sent from the end-user. As a result, a malicious actor could send a specially-crafted heartbeat request to the vulnerable server and obtain sensitive information stored in memory on the server. Furthermore, even though each heartbeat only allows requests to have a data size limited to 64KB segments, it is possible to send repeated requests to retrieve more 64KB segments, which could include encryption keys used for certificates, passwords, usernames, and even sensitive content that were stored at the time. An attacker could harvest enough data from the 64KB segments to piece together larger groupings of information which could help an attacker develop a broader understanding of the information being acquired.

National Institute of Justice Through-the-Wall Sensors Best Practices for Law Enforcement

The National Institute of Justice (NIJ) Sensor, Surveillance, and Biometric Technologies (SSBT) Center of Excellence (CoE) has undertaken a best practices report of through-the-wall sensor (TTWS) devices for operation by law enforcement and first responder agencies in the United States. These devices use a form of radar to detect movement behind barriers. The ability to sense the presence of individuals through common building materials can be useful during rescue operations, law enforcement operations and other tactical scenarios. This report provides advice, tactics and information related to the use of TTWS in operational settings. The information provides law enforcement individuals and organizations with a better understanding of the capabilities and limitations of available TTWS equipment. When put into practice, an agency can make the most of the technology and improve the outcome and safety of operational scenarios in which it is deployed. The best practices report focuses on the use of commercially available TTWS devices suitable for law enforcement or emergency response applications.

(U//FOUO) DHS-FBI-NCTC Bulletin: Fake Help Desk Scams an Ongoing Problem

Law enforcement continues to see reporting of malicious cyber actors using fake help desk scams, also known as technical support scams. These scams, if successful, seek to compromise and take control of computer systems. Malicious cyber actors send users an e-mail or they make cold calls, purportedly representing a help desk from a legitimate software or hardware vendor. The malicious cyber actors try to trick users into believing that their computer is malfunctioning—often by having them look at a system log that typically shows scores of harmless or low-level errors—then convincing them to download software or let the “technician” remotely access the personal computer to “repair” it.

DoD Open Business Model for Unmanned Aircraft Systems Ground Control Stations

Over the past twenty years, the Department of Defense (DoD) has acquired a diverse portfolio of Unmanned Aircraft Systems (UAS) across the Military Services to meet its national security needs. Newly emergent threats and evolving national security requirements are prompting the DoD to re-evaluate its entire portfolio of systems, while at the same time, seeking to reduce the total ownership costs including lifecycle sustainment costs of these systems. The anticipated reduction in defense spending in concert with advances in information technology provides ample opportunity for DoD to rethink how it acquires, designs, and builds its systems. As a result, DoD is adopting and exploiting open system design principles and architectures to increase competition, foster reuse across systems, and increase interoperability. This new acquisition model requires access to multi-vendor solutions to enable rapid insertion of new technologies to counter emerging threats, avoid technology obsolescence, and decrease time to field new capabilities. DoD is adopting an Open Business Model (OBM) to support the implementation of an Open Architecture (OA) for UAS Ground Control Stations (GCS) in order to drive greater acquisition efficiencies and reduce the total ownership costs. This new model is built upon several lessons learned from the Navy’s own open architecture efforts in the submarine community when it radically changed its approach to building weapon systems due to an emerging threat from an adversary in conjunction with declining budget.

(U//FOUO) Marine Corps Intelligence Activity Chinese Military Culture Field Guide

China’s Military Culture Field Guide is designed to provide deploying military personnel an overview of China’s military cultural terrain. In this field guide, China’s military cultural history has been synopsized to capture the more significant aspects of China’s military cultural environment, with emphasis on factors having the greatest potential to impact operations. The field guide presents background information to show China’s military mind-set through its history, values, and internal dynamics. It also contains practical sections on lifestyle, customs, and habits. For those seeking more extensive information, MCIA produces a series of cultural intelligence studies on China’s military that explores the dynamics of China’s military culture at a deeper level.