Counterterrorism Weekly is an UNCLASSIFIED//FOR OFFICIAL USE ONLY compilation of open source publicly available press and relevant commentary on issues related to terrorism and counterterrorism over the past seven days. It is produced every Wednesday, excluding holidays. Counterterrorism Weekly is produced by the National Counterterrorism Center and contains situational awareness items detailing ongoing terrorism-related developments which may be of interest to Federal, State, Local and Tribal Law Enforcement, security, military personnel, and first responders. Information contained in the Counterterrorism Weekly is subject to change as a situation further develops.
On February 14, 2018, fourteen students and three staff members at the Marjory Stoneman Douglas High School in Parkland Florida were fatally shot and seventeen others were wounded, in one of the deadliest school massacres in United States’ history. The gunman Nikolas Cruz, age 19 at the time of the incident, was a former student of Marjory Stoneman Douglas High School. Cruz was a troubled child and young adult who displayed aggressive and violent tendencies as early as 3-years-old. Cruz struggled in academics and attended several schools. There are reports of behavioral issues at all of the schools he attended. He was under the care of mental health professionals from age 11 until he turned age 18 and refused further services. At 2:19 p.m. on February 14, 2018, Cruz exited an Uber ride sharing service at Marjory Stoneman Douglas High School armed with a rifle and several hundred rounds of ammunition concealed in a rifle bag. He entered the school through an unstaffed gate that had been opened for school dismissal and made his way towards building 12 on the North side of campus. He entered the east side of building 12 through an unlocked and unstaffed door. He made his way through all three floors firing into classrooms and hallways and killing or wounding 34 individuals. He exited building 12 and ran across campus, blending in with students evacuating. Cruz was apprehended approximately 1 hour and 16 minutes after the first shots and charged with 17 counts of premeditated murder and 17 counts of attempted murder.
(U//LES) DEA Bulletin: Fake Xanax Tablets Containing Cyclopropylfentanyl, Methamphetamine, and FUB-AKB48
The increasing demand for opioids in the United States coupled with the availability of fentanyl presents a significant public health risk and negatively impacts officer safety. In 2018, the Arizona High Intensity Drug Trafficking Area (HIDTA) Counter Narcotics Alliance (CNA) task force seized tablets that appeared to be Xanax but actually contained a combination of cyclopropylfentanyl, methamphetamine, and a synthetic cannabinoid chemical.
The Domestic Operational Law (DOPLAW) Handbook for judge advocates is a product of the Center for Law and Military Operations (CLAMO). The content is derived from statutes, Executive Orders and Directives, national policy, DoD Directives and Instructions, joint publications, service regulations, field manuals, as well as lessons learned by judge advocates and other practitioners throughout Federal and State government. This edition includes substantial revisions.
This reference aid draws on CTIIC’s experience promoting interagency situational awareness and information sharing during previous significant cyber events—including cyber threats to elections. It provides a guide to cyber threat terms and related terminology issues likely to arise when describing cyber activity. The document includes a range of cyber-specific terms that may be required to accurately convey intelligence on a cyber threat event and terms that have been established by relevant authorities regarding technical infrastructure for conducting elections.
In 2017 there were 30 separate active shootings in the United States, the largest number ever recorded by the FBI during a one-year period.1 With so many attacks occurring, it can become easy to believe that nothing can stop an active shooter determined to commit violence. “The offender just snapped” and “There’s no way that anyone could have seen this coming” are common reactions that can fuel a collective sense of a “new normal,” one punctuated by a sense of hopelessness and helplessness. Faced with so many tragedies, society routinely wrestles with a fundamental question: can anything be done to prevent attacks on our loved ones, our children, our schools, our churches, concerts, and communities?
FM 3-14, Army Space Operations, provides an overview of space operations in the Army and is consistent and compatible with joint doctrine. FM 3-14 links Army space operations doctrine to joint space operations doctrine as expressed in JP 3-14, Space Operations and other joint doctrinal publications. This FM establishes guidance for employing space and space-based systems and capabilities to support United States (U.S.) Army land warfighting dominance. It provides a general overview of overhead support to Army operations, reviews national guidance and direction, and outlines selected unique space-related Army capabilities. The doctrine in this manual documents Army thought for the best use of space capabilities. This manual also contains tactics and procedures outlining how to plan, integrate, and execute Army space operations.
Defence Research and Development Canada Report: Potential Applications of Blockchain Technology in Tactical Networks
Awareness of blockchain has soared in recent years with the emergence of cryptocurrencies, but the technology has existed for much longer. The linking of blocks, containing cryptographic functions of transactions and data, means that tampering with their contents becomes increasingly difficult as the chain grows – this concept was exploited for document timestamping applications more than a decade before cryptocurrencies became reality. In many implementations, blocks are confirmed by, and stored at, many nodes in different locations, providing a high degree of data integrity. There are, however, many challenges for applying blockchain technologies in tactical networks, particularly due to the constraints of the platforms, the limited bandwidth available among them, and the impact of network partitioning. In this report, the development and principles of blockchains are presented, along with an overview of their weaknesses and vulnerabilities.
In the 2011 report to Congress on Foreign Spies Stealing U.S. Economic Secrets in Cyberspace, the Office of the National Counterintelligence Executive provided a baseline assessment of the many dangers facing the U.S. research, development, and manufacturing sectors when operating in cyberspace, the pervasive threats posed by foreign intelligence services and other threat actors, and the industries and technologies most likely at risk of espionage. The 2018 report provides additional insight into the most pervasive nation-state threats, and it includes a detailed breakout of the industrial sectors and technologies judged to be of highest interest to threat actors. It also discusses several potentially disruptive threat trends that warrant close attention.
In March 2018, an identified financial services corporation received a thumb drive infected with the bank credential-stealing Qakbot malware variant, targeting information from networked computers and financial institution web sites. The financial services corporation purchased bulk thumb drives from a US online retailer of computer hardware. The thumb drives were originally manufactured in China. According to FBI forensic analysis, the Qakbot malware was on the infected thumb drive before the drive arrived in the United States. Qakbot is extremely persistent and requires removal of all malware from every device. Failure to remove even one node of malware may result in re-infecting previously sanitized systems possibly costing the victim hundreds of thousands of dollars in malware removal and system downtime.
As Engineer Schuck walked up the hallway of the 100 Wing, he observed Security Officer Campos poke his head out of an alcove. Engineer Schuck then heard rapid gunfire coming from the end of the 100 Wing hallway that lasted approximately 10 seconds. When the gunfire stopped, he heard Security Officer Campos tell him to take cover. Engineer Schuck stepped into an alcove and gunfire again erupted down the hallway coming from Room 32-135. The gunfire lasted a few seconds then stopped. The gunfire started again after a brief pause, but Engineer Schuck believed it was directed outside and not down the hallway. Meanwhile, inside the Las Vegas Village over 50 Las Vegas Metropolitan Police Department (LVMPD) personnel were on overtime assignments for the Route 91 Harvest music festival being held at the Las Vegas Village venue. The initial gunshots were heard on an officer’s body worn camera (BWC). As the suspect (Stephen Paddock) targeted the concertgoers with gunfire, officers quickly determined they were dealing with an active shooter and broadcast the information over the radio.
Electricity is critical to every aspect of modern life. The United States’ national security, economy, and public health and safety rely on the North American electric grid every second of the day. These, and many other functions powered by the grid have likely experienced local outages caused by weather, accidents, or sometimes from tree branches falling on power lines. Larger power outages, however, are infrequent occurrences, due in part to an array of organizations that work tirelessly to ensure the grid remains reliable, resilient, and secure. Nonetheless, it is neither practical nor possible to prevent all disruptive events. Grid owners and operators balance risk, investment, and cost to customers when making investments in their systems.
As with past FBI active shooter-related publications, this report does not encompass all gun-related situations. Rather, it focuses on a specific type of shooting situation. The FBI defines an active shooter as one or more individuals actively engaged in killing or attempting to kill people in a populated area. Implicit in this definition is the shooter’s use of one or more firearms. The active aspect of the definition inherently implies that both law enforcement personnel and citizens have the potential to affect the outcome of the event based upon their responses to the situation.
(U//FOUO) DHS Intelligence Note: Unidentified Cyber Actor Attacks State and Local Government Networks with GrandCrab Ransomware
An unidentified cyber actor in mid-March 2018 used GrandCrab Version 2 ransomware to attack a State of Connecticut municipality network and a state judicial branch network, according to DHS reporting derived from a state law enforcement official with direct and indirect access. The municipality did not pay the ransom, resulting in the encryption of multiple servers that affected some data backups and the loss of tax payment information and assessor data. The attack against the state judicial branch resulted in the infection of numerous computers, but minimal content encryption, according to the same DHS report.
Cyberspace operations (CO) is the employment of cyberspace capabilities where the primary purpose is to achieve objectives in or through cyberspace. This publication focuses on military operations in and through cyberspace; explains the relationships and responsibilities of the Joint Staff (JS), combatant commands (CCMDs), United States Cyber Command (USCYBERCOM), the Service cyberspace component (SCC) commands, and combat support agencies; and establishes a framework for the employment of cyberspace forces and capabilities.
This Drug Enforcement Administration (DEA) Intelligence Report contains new and updated information on slang terms and code words from a variety of law enforcement and open sources, and serves as an updated version to the product entitled “Drug Slang Code Words” published by the DEA in May 2017. It is designed as a ready reference for law enforcement personnel who are confronted with hundreds of slang terms and code words used to identify a wide variety of controlled substances, designer drugs, synthetic compounds, measurements, locations, weapons, and other miscellaneous terms relevant to the drug trade. Although every effort was made to ensure the accuracy and completeness of the information presented, due to the dynamics of the ever-changing drug scene, subsequent additions, deletions, and corrections are inevitable. Future addendums and updates to this report will attempt to capture changed terminology to the furthest extent possible.
FBI Report: E-mail Account Compromise Techniques Used to Steal Millions in Real Estate Settlement Funds
The Office of Private Sector, in coordination with the Criminal Investigative Division, is providing this LIR to inform private sector partners about the increasing use of e-mail account compromise (EAC) techniques in the US real estate settlement industry. Consumer borrowers, settlement/title companies, real estate agents, real estate attorneys, builders, and others are being targeted by criminal actors netting millions in illicit proceeds. These proceeds are often directed initially to US banks then re-directed via money service businesses and international accounts to Mexico, Nigeria, South Africa, China, Ghana, Turkey, and India. The increased use of EAC techniques, as well as, the evolving expansion into previously unidentified countries indicates this fraud scheme is not slowing and puts additional strain on industry participants to be vigilant with their e-mail communications and identity verification processes.
APT actors in the near future likely intend to target US Cleared Defense Contractors (CDC) via spear phishing campaigns or network infrastructure compromises, according to recent intelligence. Common spear phish targets may include individuals featured on internet-facing CDC Web sites and high-ranking CDC executives.
The Department of Homeland Security (DHS)/National Protection and Programs Directorate (NPPD)/Office of Cyber and Infrastructure Analysis (OCIA) assesses that unmanned aircraft systems (UASs) provide malicious actors an additional method of gaining undetected proximity to networks and equipment within critical infrastructure sectors. Malicious actors could use this increased proximity to exploit unsecured wireless systems and exfiltrate information. Malicious actors could also exploit vulnerabilities within UASs and UAS supply chains to compromise UASs belonging to critical infrastructure operators and disrupt or interfere with legitimate UAS operations.
The 66th Bilderberg Meeting is set to take place from 7-10 June 2018 in Turin, Italy. As of today, 131 participants from 23 countries have confirmed their attendance. As ever, a diverse group of political leaders and experts from industry, finance, academia and the media has been invited.
The Department of Defense (DoD) performs forensic science in a collaborative environment which necessitates the clear communication of all activities and their results. A critical enabler of communication is the use of a clear, internally consistent vocabulary. The goal of the Department of Defense Forensics Lexicon is to provide an operational vocabulary to address Forensics. A shared vocabulary enables a common understanding of Forensics, enhances the fidelity and the utility of operational reporting, facilitates structured data sharing, and strengthens the decision making processes across the DoD.
The American people are increasingly dependent upon the Internet for daily conveniences, critical services, and economic prosperity. Substantial growth in Internet access and networked devices has facilitated widespread opportunities and innovation. This extraordinary level of connectivity, however, has also introduced progressively greater cyber risks for the United States. Long-standing threats are evolving as nation-states, terrorists, individual criminals, transnational criminal organizations, and other malicious actors move their activities into the digital world. Enabling the delivery of essential services—such as electricity, finance, transportation, water, and health care—through cyberspace also introduces new vulnerabilities and opens the door to potentially catastrophic consequences from cyber incidents. The growing number of Internet-connected devices and reliance on global supply chains further complicates the national and international risk picture.