An unidentified cyber actor in mid-March 2018 used GrandCrab Version 2 ransomware to attack a State of Connecticut municipality network and a state judicial branch network, according to DHS reporting derived from a state law enforcement official with direct and indirect access. The municipality did not pay the ransom, resulting in the encryption of multiple servers that affected some data backups and the loss of tax payment information and assessor data. The attack against the state judicial branch resulted in the infection of numerous computers, but minimal content encryption, according to the same DHS report.
Cyberspace operations (CO) is the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace. This publication focuses on military operations in and through cyberspace; explains the relationships and responsibilities of the Joint Staff (JS), combatant commands (CCMDs), United States Cyber Command (USCYBERCOM), the Service cyberspace component (SCC) commands, and combat support agencies; and establishes a framework for the employment of cyberspace forces and capabilities.
This Drug Enforcement Administration (DEA) Intelligence Report contains new and updated information on slang terms and code words from a variety of law enforcement and open sources, and serves as an updated version to the product entitled “Drug Slang Code Words” published by the DEA in May 2017. It is designed as a ready reference for law enforcement personnel who are confronted with hundreds of slang terms and code words used to identify a wide variety of controlled substances, designer drugs, synthetic compounds, measurements, locations, weapons, and other miscellaneous terms relevant to the drug trade. Although every effort was made to ensure the accuracy and completeness of the information presented, due to the dynamics of the ever-changing drug scene, subsequent additions, deletions, and corrections are inevitable. Future addendums and updates to this report will attempt to capture changed terminology to the furthest extent possible.
FBI Report: E-mail Account Compromise Techniques Used to Steal Millions in Real Estate Settlement Funds
The Office of Private Sector, in coordination with the Criminal Investigative Division, is providing this LIR to inform private sector partners about the increasing use of e-mail account compromise (EAC) techniques in the US real estate settlement industry. Consumer borrowers, settlement/title companies, real estate agents, real estate attorneys, builders, and others are being targeted by criminal actors netting millions in illicit proceeds. These proceeds are often directed initially to US banks then re-directed via money service businesses and international accounts to Mexico, Nigeria, South Africa, China, Ghana, Turkey, and India. The increased use of EAC techniques, as well as, the evolving expansion into previously unidentified countries indicates this fraud scheme is not slowing and puts additional strain on industry participants to be vigilant with their e-mail communications and identity verification processes.
APT actors in the near future likely intend to target US Cleared Defense Contractors (CDC) via spear phishing campaigns or network infrastructure compromises, according to recent intelligence. Common spear phish targets may include individuals featured on internet-facing CDC Web sites and high-ranking CDC executives.
The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Malicious actors could use this increased proximity to exploit unsecured wireless systems and exfiltrate information. Malicious actors could also exploit vulnerabilities within UASs and UAS supply chains to compromise UASs belonging to critical infrastructure operators and disrupt or interfere with legitimate UAS operations.
The Department of Defense (DoD) performs forensic science in a collaborative environment which necessitates the clear communication of all activities and their results. A critical enabler of communication is the use of a clear, internally consistent vocabulary. The goal of the Department of Defense Forensics Lexicon is to provide an operational vocabulary to address Forensics. A shared vocabulary enables a common understanding of Forensics, enhances the fidelity and the utility of operational reporting, facilitates structured data sharing, and strengthens the decision making processes across the DoD.
The American people are increasingly dependent upon the Internet for daily conveniences, critical services, and economic prosperity. Substantial growth in Internet access and networked devices has facilitated widespread opportunities and innovation. This extraordinary level of connectivity, however, has also introduced progressively greater cyber risks for the United States. Long-standing threats are evolving as nation-states, terrorists, individual criminals, transnational criminal organizations, and other malicious actors move their activities into the digital world. Enabling the delivery of essential services—such as electricity, finance, transportation, water, and health care—through cyberspace also introduces new vulnerabilities and opens the door to potentially catastrophic consequences from cyber incidents. The growing number of Internet-connected devices and reliance on global supply chains further complicates the national and international risk picture.
If one is to realistically entertain the notion of interstellar exploration in timeframes of а human lifespan, а dramatic shift in the traditional approach to spacecraft propulsion is necessary. It has been known and well tested since the time of Einstein that all matter is restricted to motion at sublight velocities ( << З х 10⁸ m/s, the speed of light, or с), and that as matter approaches, the speed of light, its mass asymptotically approaches infinity. This mass increase ensures that an infinite amount of energy would Ье necessary to travel at the speed of light, and, thus, this speed is impossible to reach and represent an absolute speed limit to all matter traveling through spacetime.
А theme that has come to the fore in advanced рlаnniпg for long-range space exploration in the future is the соnсерt that empty space itself (the quantum vacuum, or spacetime metric) might bе engineered to provide energy/thrust for future space vehicles. Although far reaching, such а proposal is solidly grounded iп modern physical theory, аnd therefore the possibility that matter/vacuum iпteractions might bе engineered for spaceflight applications is nоt а priori ruled out.
BOD 17-01 requires all federal executive branch departments and agencies to (1) identify the use or presence of “Kaspersky-branded products” on all federal information systems within 30 days of BOD issuance (i.e., by October 13); (2) develop and provide to DHS a detailed plan of action to remove and discontinue present and future use of all Kaspersky-branded products within 60 days of BOD issuance (i.e., by November 12); and (3) begin to implement the plan of action at 90 days after BOD issuance (i.e., December 12), unless directed otherwise by DHS in light of new information obtained by DHS, including but not limited to new information submitted by Kaspersky.
The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) reviewed the Independent Assessment, titled Information Security Risks of Anti-Virus Software (hereafter “BRG Assessment”), prepared by Berkeley Research Group, LLC (BRG), and dated November 10, 2017. Kaspersky Lab (hereafter “Kaspersky”) submitted the BRG Assessment to DHS as an exhibit to Kaspersky’s request for DHS to initiate a review of Binding Operational Directive (BOD) 17-01. The BRG Assessment, in part, responds to the NCCIC Information Security Risk Assessment (hereafter “NCCIC Assessment”) on commercial off-the-shelf (COTS) anti-virus software and Kaspersky-branded products, dated August 29, 2017. The NCCIC Assessment was attached as Exhibit 1 to an Information Memorandum from the Assistant Secreta1Y for DHS Cybersecurity and Communications (CS&C) to the Acting Secretary of DHS, dated September 1, 2017 (hereafter “Information Memorandum”). This document is a Supplemental Information Security Risk Assessment and will similarly be attached to an Information Memorandum from the Assistant Secretary for CS&C to the Acting Secretary of DHS.
This assessment presents the inherent information security concerns and security ramifications associated with the use of any commercial-off-the-shelf (COTS) antivirus solution in devices with access to a federal network. It also addresses specific risks presented by Kaspersky-branded products, solutions, and services (collectively, “Kaspersky-branded products”).
(U//FOUO) San Diego Fusion Center Bulletin: Ambulance Used to Conceal Improvised Explosive Device in Afghanistan
On January 27, 2018 at approximately 12:15pm local time, a vehicle resembling an ambulance and laden with explosives detonated after it passed through a police checkpoint in Kabul, Afghanistan. The explosion killed more than 100 people and wounded approximately 235 others. According to the deputy spokesperson for the Afghanistan Interior Ministry, the vehicle was painted to resemble an ambulance and had successfully passed through a checkpoint after the attacker allegedly told police he was transporting a patient to a nearby hospital. While stopped at a second checkpoint farther inside the city limits, the attacker detonated the explosives concealed in the vehicle.
The Special Testing and Research Laboratory’s Emerging Trends Program compiled the data for this report through a query of archived seizure and analysis information from drug evidence analyzed by the Drug Enforcement Administration’s laboratory system. This data is representative of drug evidence seized and analyzed in the date ranges annotated. This is not a comprehensive list of all new psychoactive substances and is not representative of all evidence analyzed by DEA. This data is a quarterly snapshot of the new psychoactive substance market in the United States.
The Threat Tactics Report: North Korea versus the United States (US) and the other similar products serve to describe the foreign nation’s most common combat division with an order of battle, its offensive and defensive doctrine as articulated in its manuals or recent military actions, and an analysis of how this actor would fight if facing the US in the future.
In the last seven years, Russia has reasserted itself as a military force in Eastern Europe and the Caucasus. With the 2008 military incursion into Georgia and the 2014 seizure of Crimea and support for pro-Russian separatists in Ukraine, Russia has assumed a more aggressive, interventionist stance in Europe. In the effort to influence events in Ukraine, the Russians have used what the US Army defines as “Hybrid Warfare” to infiltrate, isolate, and dominate eastern Ukraine and Crimea. This is all a part of the strategy of what can be called “Indirect Action”—the belief by the Russians that they reserve the right to protect ethnic Russians and interests in their former states from domination by Western powers and NATO.
(U//FOUO) DHS-FBI-NCTC Bulletin: Online Information May Provide Potential Roadmap for Crude Chemical-Biological Attacks
The late 2016 arrest of two California teenagers for allegedly planning a “mass casualty event” by carrying out a chemical attack at a local high school pep rally highlights how individuals can use online resources to plan crude chemical or biological attacks. Violent extremists continue to circulate often ineffective or misleading how-to instructions for producing and disseminating poisons, crude biological toxins, and toxic industrial chemicals that in many cases are commercially available and easy to obtain. While we have no indication the suspects in this case subscribed to or consumed material related to violent extremist ideologies, their activity highlights one path to conducting a potential chemical or biological attack.
Fentanyl is a Schedule II synthetic opioid originally developed to serve as both an analgesic (painkiller) and an anesthetic; however, its strong opioid properties have made it an attractive drug of abuse in the United States. Fentanyl, in its licit form, is diverted from the market on a small scale for personal use or sale. Illicitly manufactured and trafficked fentanyl is responsible for the current domestic crisis. Fentanyl, fentanyl-related compounds, and the precursor chemicals needed to produce these substances originate in China and transit Mexico or Canada enroute to U.S. markets. It is believed that illicit fentanyl manufacturing is occurring in Mexico. Moreover, small-scale production facilities have been discovered in the United States and Canada.
This report examines the substantial economic costs that malicious cyber activity imposes on the U.S. economy. Cyber threats are ever-evolving and may come from sophisticated adversaries. Due to common vulnerabilities, instances of security breaches occur across firms and in patterns that are difficult to anticipate. Importantly, cyberattacks and cyber theft impose externalities that may lead to rational underinvestment in cybersecurity by the private sector relative to the socially optimal level of investment. Firms in critical infrastructure sectors may generate especially large negative spillover effects to the wider economy. Insufficient data may impair cybersecurity efforts. Successful protection against cyber threats requires cooperation across firms and between private and public sectors.
The report describes characteristics of 209 Americans who committed espionage-related offenses against the U.S. since 1947. Three cohorts are compared based on when the individual began espionage: 1947-1979, 1980-1989, and 1990-2015. Using data coded from open published sources, analyses are reported on personal attributes of persons across the three cohorts, the employment and levels of clearance, how they committed espionage, the consequences they suffered, and their motivations. The second part of the report explores each of the five types of espionage committed by the 209 persons under study. These include: classic espionage, leaks, acting as an agent of a foreign government, violations of export control laws, and economic espionage. The statutes governing each type are discussed and compared. Classification of national security information is discussed as one element in espionage. In Part 3, revisions to the espionage statutes are recommended in light of findings presented in the report.
Over the past few years, there has been a definitive rise in school shooting incidents – specifically ‘Active Shooter’ or ‘Rampage Shooting’ events – but while the motives may have evolved, school violence is anything but new. With captive targets, a predictable attack environment, and little to no security hurdles, schools have long been a lucrative environment for violence. Recently though, the violent trend seems to be more popular amongst those with erroneous notions of vengeance, mental instability, and those seeking copycat infamy more than the staunch ideologist typically seen in other types of violent extremism. With that in mind, this joint Washington State Fusion Center (WSFC) and Oregon TITAN Fusion Center (TITAN) assessment intends to aid law enforcement and private and public sector security in understanding the various intricacies of the new-aged active or rampage shooter, how to recognize the signs, and what current measures are being taken to help mitigate the threat.
Section 241 of the Countering America’ s Adversaries Through Sanctions Act of 2017 (СААTSA) requires the Secretary of the Treasury, in consultation with the Director of National Intelligence and the Secretary of State, to submit to the appropriate congressional committees 180 days after enactment а detailed report оп senior political figures and oligarchs in the Russian Federation (Section 241 (a)(l)) and on Russian parastatal entities (Section 241 (а)(2)). Pursuant to Section 241(Ь), the report shall Ье submitted in an unclassified form but may have а classified annex. This is the unclassified portion of the report.
In accordance with Section 242 of PuЬlic Law 115-44 (P.L. 115-44) (“Countering America’s Adversaries Through Sanctions Act” (CAATSA)), the U.S. Department of the Treasury, in consultation with the Department of State and the Director of National Intelligence, was tasked with preparing а report addressing the potential effects of expanding sanctions under Directive 1 issued under Executive Order (Е.О.) 13662 to include sovereign debt and the full range of derivative products.
(U//FOUO) CBP Draft Report: Demographic Profile of Terrorists Post-9/11 Reveals Screening Implications
This assessment covers the demographic profile of the perpetrators, consisting of age, citizenship, gender, immigration status, national origin, international travel and religious background. This assessment is intended to inform United States foreign visitor screening, immigrant vetting and on-going evaluations of United States-based individuals who might have a higher risk of becoming radicalized and conducting a violent attack. This information is cut-off as of 22 January 2018.