United States

The Expanding Spectrum of Espionage by Americans, 1947–2015

The report describes characteristics of 209 Americans who committed espionage-related offenses against the U.S. since 1947. Three cohorts are compared based on when the individual began espionage: 1947-1979, 1980-1989, and 1990-2015. Using data coded from open published sources, analyses are reported on personal attributes of persons across the three cohorts, the employment and levels of clearance, how they committed espionage, the consequences they suffered, and their motivations. The second part of the report explores each of the five types of espionage committed by the 209 persons under study. These include: classic espionage, leaks, acting as an agent of a foreign government, violations of export control laws, and economic espionage. The statutes governing each type are discussed and compared. Classification of national security information is discussed as one element in espionage. In Part 3, revisions to the espionage statutes are recommended in light of findings presented in the report.

(U//FOUO) Washington and Oregon Fusion Centers Rampage School Shootings Report July 2014

Over the past few years, there has been a definitive rise in school shooting incidents – specifically ‘Active Shooter’ or ‘Rampage Shooting’ events – but while the motives may have evolved, school violence is anything but new. With captive targets, a predictable attack environment, and little to no security hurdles, schools have long been a lucrative environment for violence. Recently though, the violent trend seems to be more popular amongst those with erroneous notions of vengeance, mental instability, and those seeking copycat infamy more than the staunch ideologist typically seen in other types of violent extremism. With that in mind, this joint Washington State Fusion Center (WSFC) and Oregon TITAN Fusion Center (TITAN) assessment intends to aid law enforcement and private and public sector security in understanding the various intricacies of the new-aged active or rampage shooter, how to recognize the signs, and what current measures are being taken to help mitigate the threat.

U.S. Treasury Report Identifying Russian Senior Foreign Political Figures and Oligarchs

Section 241 of the Countering America’ s Adversaries Through Sanctions Act of 2017 (СААTSA) requires the Secretary of the Treasury, in consultation with the Director of National Intelligence and the Secretary of State, to submit to the appropriate congressional committees 180 days after enactment а detailed report оп senior political figures and oligarchs in the Russian Federation (Section 241 (a)(l)) and on Russian parastatal entities (Section 241 (а)(2)). Pursuant to Section 241(Ь), the report shall Ье submitted in an unclassified form but may have а classified annex. This is the unclassified portion of the report.

(U//FOUO) U.S. Treasury Report on Economic Impact of Russian Sanctions

In accordance with Section 242 of PuЬlic Law 115-44 (P.L. 115-44) (“Countering America’s Adversaries Through Sanctions Act” (CAATSA)), the U.S. Department of the Treasury, in consultation with the Department of State and the Director of National Intelligence, was tasked with preparing а report addressing the potential effects of expanding sanctions under Directive 1 issued under Executive Order (Е.О.) 13662 to include sovereign debt and the full range of derivative products.

(U//FOUO) CBP Draft Report: Demographic Profile of Terrorists Post-9/11 Reveals Screening Implications

This assessment covers the demographic profile of the perpetrators, consisting of age, citizenship, gender, immigration status, national origin, international travel and religious background. This assessment is intended to inform United States foreign visitor screening, immigrant vetting and on-going evaluations of United States-based individuals who might have a higher risk of becoming radicalized and conducting a violent attack. This information is cut-off as of 22 January 2018.

(U//FOUO) DEA Emerging Threats Reports 2016

The Special Testing and Research Laboratory’s Emerging Trends Program compiled the data for this report through a query of archived seizure and analysis information from drug evidence analyzed by the Drug Enforcement Administration’s laboratory system. This data is representative of drug evidence seized and analyzed in the date ranges annotated. This is not a comprehensive list of all new psychoactive substances and is not representative of all evidence analyzed by DEA. This data is a quarterly snapshot of the new psychoactive substance market in the United States.

FBI Cyber Division Bulletin: Cyber Criminal Group Threatens Schools and Students

Since April 2016, a loosely affiliated group of highly trained hackers calling themselves TheDarkOverlord (TDO) have conducted various extortion schemes with a recent focus on the public school system. TDO used remote access tools to breach school district networks and then proceeded to steal sensitive data. To extort money from its victims, including students, TDO threatened violence or the release of stolen sensitive data.

(U//FOUO) Mississippi Fusion Center State Gang Threat Assessment 2017

Intelligence in this assessment is based on data from 125 local, state, tribal, and federal law enforcement agencies through statewide intelligence meetings, adjudicated cases, and open source information. Specific gang data was collected from 71 law enforcement agencies through questionnaires disseminated at the statewide intelligence meetings and the 2017 Mississippi Association of Gang Investigators (MAGI) Conference. The intelligence meetings, sponsored by the MSAIC, occurred in the nine Mississippi Highway Patrol (MHP) districts.

Applied Physics Laboratory Paper: The Need for Intelligence Community Sponsored Influence Research

Military Information Support Operations (MISO) is a critical capability in contemporary conflict. Its success depends upon the application of social and behavioral science to analyze target audiences, craft messages, and measure the outcome of their dissemination (Spitaletta, 2013). Recent operational experience has exposed weaknesses in US capability that require redoubled effort to conduct research on the mechanisms and methods of influence and their effective application. In particular, the US needs to better understand the doctrines of adversaries and to develop countermeasures against them. The modern Russian manifestation of information confrontation, often attributed to Chief of the General Staff of the Armed Forces Valery Gerasimov, adapts historical Russian and Soviet tactics of maskirovka (surprise, camouflage, concealment, mimicry, disinformation, and deceptive maneuver) in the contemporary information environment (Thornton, 2015). These approaches are a combination of not only overt military but also covert intelligence tactics that, when executed by disciplined professionals, can achieve a variety of economic and geopolitical effects (Pacepa & Rynchlak, 2013).

Las Vegas Metropolitan Police Department October 2017 Mass Shooting Preliminary Report

On October 1, 2017, over 22,000 people came together to enjoy a country music festival in Las Vegas, Nevada. On the third and final night of the festival, a lone gunman opened fire into the crowd from the 32nd floor of the Mandalay Bay Resort and Casino. The gunfire continued for over ten minutes, resulting in the deaths of 58 innocent concert goers and injuring more than 700. With law enforcement closing in, the suspect took his own life.

(U//FOUO) DoD Nuclear Posture Review Draft January 2018

On January 27th, the President directed the Department of Defense to conduct a new Nuclear Posture Review (NPR) to ensure a safe, secure, and effective nuclear deterrent that safeguards the homeland, assures allies, and deters adversaries. This review comes at a critical moment in our nation’s history, for America confronts an international security situation that is more Complex and demanding than any since the end of the Cold War. In this environment, it is not possible to delay modernization of our nuclear forces and remain faithful sentinels Of our nation’ s security and freedom for the next generation as well as our own.

U.S. Army Study: Envisioning the Deep Future of Small Arms 2022-2042

In the summer of 2012, HQDA G3 provided a presentation to the Chief of Staff of the Army (CSA) focused on small arms overmatch at the squad level. This presentation resulted in questions raised by the CSA regarding the nature of the Army’s holistic strategy for small arms dominance into the future. HQDA G3 received the task to follow up on these questions and present back to the CSA a comprehensive small arms strategy. In support of the HQDA G3 mission, ASA(ALT) SAAL-ZT as the responsible agent for the Army’s science and technology investments, agreed to identify and prioritize future concepts with potential to enable long-term small arms overmatch for US military forces from the period 2020-2040+.

U.S. Army Threat Tactics Report: North Korea

The Korean peninsula is a location of strategic interest for the US in the Pacific Command (PACOM), and many observers note that North Korea is an unpredictable and potentially volatile actor. According to the Department of Defense in its report to Congress and the intelligence community, the DPRK “remains one of the United States’ most critical security challenges for many reasons. These include North Korea’s willingness to undertake provocative and destabilizing behavior, including attacks on the Republic of Korea (ROK), its pursuit of nuclear weapons and long-range ballistic missiles, and its willingness to proliferate weapons in contravention of United Nations Security Council Resolutions.”

(U//FOUO) DHS Bulletin: Chemical Splash and Spray Attacks Potential Tactic for Violent Extremists in Homeland

We assess that terrorists likely view tactics involving throwing or spraying acids and a variety of chemical liquids, hereafter referred to as a chemical spray and splash attack (CSSA), as a viable tactic to cause injury and disrupt critical infrastructure, judging from open source reporting describing terrorist social media posts and terrorist and violent extremist use of this tactic overseas. An analysis of a small number of incidents described in media reporting revealed that CSSAs are commonly used by criminal actors to further criminal activities and by violent extremist groups overseas to create fear, intimidate, punish, and disfigure individuals and groups that resist their control or ideology in their area of operations; the tactic, however, has rarely been operationalized by actors in the Homeland. We note, however, that homegrown violent extremists (HVEs) and lone offenders likely would find this tactic appealing and could easily adapt it to the Homeland, as it requires no specific technical expertise and the materials most often associated with criminal attack are usually unregulated and widely available.

Vulnerabilities Equities Policy and Process for the United States Government

This document describes the Vulnerabilities Equities Policy and Process for departments and agencies of the United States Government (USG) to balance equities and make determinations regarding disclosure or restriction when the USG obtains knowledge of newly discovered and not publicly known vulnerabilities in information systems and technologies. The primary focus of this policy is to prioritize the public’s interest in cybersecurity and to protect core Internet infrastructure, information systems, critical infrastructure systems, and the U.S. economy through the disclosure of vulnerabilities discovered by the USG, absent a demonstrable, overriding interest in the use of the vulnerability for lawful intelligence, law enforcement, or national security purposes.

(U//FOUO) DHS-FBI-NCTC Bulletin: Rail-Safety for First Responders

There is continued terrorist interest in attacking the rail system either as the primary target or as an attack mechanism. The US railroad system includes 800 railroads, 144,000 miles of track, and 212,000 railroad crossings. First responders should work closely with railroad police departments and other security partners to better protect rail assets—including freight rail (railcars loaded with commodities or hazardous materials), passenger rail (Amtrak, regional, or commuter rail), heavy rail (metro, and subway), and light rail (street cars, tramways, or trolleys)—from terrorist attacks and criminal activities. This product was developed to provide general rail safety tips and resources to help increase first responder awareness of the rail environment.

Joint Staff Strategic Multilayer Assessment: Influence in an Age of Rising Connectedness

In the pluralized, multipolar world, in which military and economic sources of power are widely distributed and technologies are making nation states increasingly more porous, the US and its partners face significant challenges on how best to adapt and thrive in a period of revolutionary changes. These factors may change the way US analysts, planners, and operators evaluate approaches in order to affect and direct the outcomes of military operations. To date, such courses of actions to a large extend have focused on compelling adversaries through the threat or application of force to achieve victory (i.e., “control”). In this changing geopolitical/technical landscape, it is increasingly clear that the DOD needs complement “control” with an explicit focus upon “influence” factors and forces that produce desired behavioral outcomes across complex and intermeshed human and technical systems.

(U//LES) ICE Bulletin: Da Jiang Innovations (DJI) Likely Providing U.S. Critical Infrastructure and Law Enforcement Data to Chinese Government

SIP Los Angeles assesses with moderate confidence that Chinese-based company DJI Science and Technology is providing U.S. critical infrastructure and law enforcement data to the Chinese government. SIP Los Angeles further assesses with high confidence the company is selectively targeting government and privately owned entities within these sectors to expand its ability to collect and exploit sensitive U.S. data.

(U//FOUO) California Cybersecurity Integration Center Advisory: Security Concerns with Kaspersky Labs Products

On 11 July, the United States Government removed Moscow-based Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment, amid concerns the cyber security firm’s products could be used by the Kremlin to gain entry into U.S. networks. Last month the Senate Armed Services Committee passed a defense spending policy bill that would ban Kaspersky products from use in the military. The move came a day after the FBI interviewed several of the company’s U.S. employees at their private homes as part of a counterintelligence investigation into its operations.

DHS-FBI-NCTC Bulletin: Complex Operating Environment Food and Agriculture

Food and agriculture infrastructure is a $1 trillion industry, almost entirely under private ownership and comprises an estimated 2.1 million farms, 935,000 restaurants, and more than 200,000 registered food manufacturing, processing, and storage facilities. Intentional contamination of the food supply could have significant public health and economic consequences depending on the commodity, the agent used, and where in the supply chain the contaminant was added. This product provides first responders and private-sector stakeholders an awareness of the complex operating environment that may result from intentional contamination of the food supply and identifies key collaborative partners and indicators to minimize the risk of an intentional attack on the food supply.

Bureau of Justice Assistance Real-Time and Open Source Analysis Resource Guide

Open source platforms can be used by criminals to instigate or conduct illegal activity and by terrorists to recruit and encourage new members, disseminate violent extremist messaging through video or documents, coordinate activities, and claim responsibility for attacks around the world. As such, law enforcement and analytic personnel should understand the uses of social media and be aware of social media tools that can be used to document criminal and terrorist activity. A wide variety of open source analysis tools—both no-cost and paid—is available to public and private sector organizations, including law enforcement and analytic personnel, and the technology continues to evolve. ROSA tools that access only publicly available information and are capable of searching multiple platforms simultaneously are assets for maximizing efficiency during authorized uses by law enforcement and analytic personnel.

(U//FOUO) DHS Assessment: Foreign Terrorist Organization-Inspired Vehicle-Ramming Attacks

assesses the increase in the number of vehicle-ramming attacks since January 2016 indicates Foreign Terrorist Organization (FTO) messaging efforts are probably resonating with violent extremists and will most likely continue in the near term. FTO-inspired violent extremists will probably continue to plan and engage in vehicle-ramming attacks against Western-based mass gathering and public venues since this tactic often requires minimal training, expertise, and preoperational planning. Since January 2016, eight FTO-inspired vehicle-ramming attacks have occurred in Western countries. OCIA identified three common characteristics among these attacks: targeting of public venues or mass gatherings; use of secondary weapons; and lack of observable indicators immediately before the attack.