(U//FOUO) DHS Intelligence Assessment: Damaging Cyber Attacks Possible but Not Likely Against the US Energy Sector

DHS-CyberAttacksEnergySector

This Assessment establishes a baseline analysis of cyber threats to the US energy sector based on comprehensive FY 2014 incident reporting data compiled by ICS-CERT, as well as reporting by the Intelligence Community (IC), private sector cybersecurity industry, and open source media between early 2011 and January 2016. This Assessment is designed to help close gaps between the private sector’s and the IC’s understanding of current cyber threats facing the US energy sector. Critical infrastructure owners and operators can use this analysis to better understand cyber threats facing the US energy sector and help focus defensive strategies and operations to mitigate these threats. The Assessment does not include an in-depth analysis of foreign cyber doctrines or nation-state red lines for conducting cyber attacks against the United States. The information cutoff date for this Assessment is January 2016.

Boston Fusion Center Bulletin: Terror Attacks on Entertainment Venues

BRIC-EntertainmentVenueAttacks

Several recent incidents underline the possibility that soft targets, including entertainment venues such as bars and restaurants, are increasingly chosen over hard targets that may hold more significance to the victims and the attacking person or group. Using analysis of recent events and data from the START Global Terrorism Database, the BRIC completed the following study to raise awareness regarding the targeting of entertainment venues by violent extremist groups.

FBI Cyber Bulletin: Global Extremists Conducting Cyber Activity in Support of ISIL

FBI-CyberAttackISIL

Over the past 18-24 months, an unknown number of online extremists have conducted “hacktivist” cyber operations – primarily Web site defacements, denial-of-service attacks, and release of personally identifiable information (PII) in an effort to spread pro-Islamic State of Iraq and the Levant (ISIL) propaganda and to incite violence against the United States and the West. Recent open source reporting from the Daily Mail India, indicates ISIL is recruiting Indian hackers and offering upwards of $10,000 USD per job to hack government Web sites, steal data, and to build social media databases for recruiting purposes. Indian officials believe as many as 30,000 hackers in India may have been contacted. The FBI cannot confirm the validity of the media reports, and beyond this single article on Indian hackers and ISIL, does not have information indicating any such relationship exists to date. The FBI assesses this activity is most likely independent of ISIL’s leaders located in Syria and Iraq.

Europol Cooperation with Non-Law Enforcement Partners in Combating Cybercrime

EUROPOL-CybercrimeCooperation

The prevention, investigation and prosecution of cybercrime calls for a close cooperation between partners from various sectors. The European Cybercrime Centre (EC3) at Europol has gained practical experience in such forms of multi-disciplinary cooperation and aims to share some of this experience through this note as input for discussions at the Conference on Jurisdictions in Cyberspace on 7-8 March 2016, organised by the Dutch Presidency of the Council of European Union.

DHS Infrastructure Report: Consequences of Malicious Cyber Activity Against Seaports

DHS-SeaportCyberAttacks

Unless cyber vulnerabilities are addressed, they will pose a significant risk to port facilities and aboard vessels within the Maritime Subsector. These potential vulnerabilities include limited cybersecurity training and preparedness, errors in software, inadequately protected commercial off-the-shelf technologies and legacy systems, network connectivity and interdependencies, software similarities, foreign dependencies, global positioning system jamming-spoofing, and insider threats.

House Homeland Security Committee Report: Combating Terrorist and Foreign Fighter Travel

US-ForeignFighters

Today we are witnessing the largest global convergence of jihadists in history, as individuals from more than 100 countries have migrated to the conflict zone in Syria and Iraq since 2011. Some initially flew to the region to join opposition groups seeking to oust Syrian dictator Bashar al-Assad, but most are now joining the Islamic State of Iraq and Syria (ISIS), inspired to become a part of the group’s “caliphate” and to expand its repressive society. Over 25,000 foreign fighters have traveled to the battlefield to enlist with Islamist terrorist groups, including at least 4,500 Westerners. More than 250 individuals from the United States have also joined or attempted to fight with extremists in the conflict zone.

(U//FOUO) California Fusion Center: Drone Threats to Public Safety Personnel, Assets and Response

CA-DronesPublicSafety

Encounters in 2015 of unauthorized unmanned aircraft systems (UAS), also known as drones, with public safety aircraft during emergency events underscore the potential threats UAS pose to response efforts—notably search-and-rescue, firefighting and police air assets—as well as the lives, property and natural resources already at risk.

(U//FOUO) Boston Regional Intelligence Center Suspicious Activity Behavior & Indicators For Public Sector Partners

BRIC-SuspiciousActivity

This document is intended to highlight several suspicious activity behaviors and indicators that may be indicative of preoperational terrorist activity for business owners and private sector security personnel. This product focuses on behaviors and indicators that would be of interest prior to any major event. This proactive public safety strategy is an ongoing attempt to provide our private sector partners with some information on suspicious activity.

NCTC Counterterrorism Digest January 26-February 2, 2016

NCTC-CT-Digest-02-03-16

Counterterrorism Digest is a compilation of UNCLASSIFIED open source publicly available press material, to include relevant commentary on issues related to terrorism and counterterrorism over the past seven days. It is produced every Wednesday, excluding holidays. Counterterrorism Digest is produced by the National Counterterrorism Center and contains situational awareness items detailing on-going terrorism-related developments which may be of interest to security personnel.

NCTC Counterterrorism Digest January 20-26, 2016

NCTC-CT-Digest-01-27-16

Counterterrorism Digest is a compilation of UNCLASSIFIED open source publicly available press material, to include relevant commentary on issues related to terrorism and counterterrorism over the past seven days. It is produced every Wednesday, excluding holidays. Counterterrorism Digest is produced by the National Counterterrorism Center and contains situational awareness items detailing on-going terrorism-related developments which may be of interest to security personnel.

DHS Report Details “Persistent” Cyber Targeting of Police, Emergency Services

cyber-targeting

Cyber attacks against law enforcement, fire departments and other emergency services have become increasingly common and are likely to increase according to a recent intelligence assessment prepared by the Department of Homeland Security and the Multi-State Information Sharing and Analysis Center (MS-ISAC). The assessment, which was distributed to law enforcement in September 2015 and was obtained by Public Intelligence, reviewed a number of “cyber attacks against the [emergency services sector or ESS] between February 2012 and May 2015,” finding that “targeting of the ESS will likely increase as ESS systems and networks become more interconnected and the ESS becomes more dependent on information technology for the conduct of daily operations—creating a wider array of attack vectors for cyber targeting.”

(U//FOUO) DHS Assessment: Cyber Targeting of the US Emergency Services Sector Limited, But Persistent

DHS-CyberTargetingESS

Cyber targeting of the ESS will likely increase as ESS systems and networks become more interconnected and the ESS becomes more dependent on information technology for the conduct of daily operations—creating a wider array of attack vectors for cyber targeting. Independent researchers have already reported on the widespread availability of vulnerabilities and attack vectors for critical hardware and software that is used in this sector extensively. Such vulnerable systems include call-center communications-management software, closed-circuit TV camera systems, interactive voice response systems, and emergency alert systems—particularly wireless emergency alert systems.

FBI Preventing Violent Extremism in Schools Guide

FBI-PreventingExtremismSchools

Despite efforts to counter violent extremism, the threat continues to evolve within our borders. Extremism and acts of targeted violence continue to impact our local communities and online violent propaganda has permeated social media. Countering these prevailing dynamics requires a fresh approach that focuses on education and enhancing public safety—protecting our citizens from becoming radicalized by identifying the catalysts driving extremism.

(U//LES) DHS-FBI Bulletin: Domestic Extremists Arrested for Illegal Occupation of Malheur National Wildlife Refuge

DHS-FBI-OregonOccupation

This Joint Intelligence Bulletin (JIB) is intended to provide information on the recent arrest of 11 domestic extremists for conspiracy to impede officers of the United States from discharging their official duties through force, intimidation, or threats, in violation of 18 USC §372. This JIB is provided by the FBI and DHS to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials in deterring, preventing, or disrupting terrorist attacks against the United States. As in any criminal case, defendants are presumed innocent until proven guilty in a court of law.

(U//FOUO) JIEDDO Patterns of IED Use in Somalia 2009

JIEDDO-SomaliaIEDs

Shabaab al-Mujahideen (aka al-Shabaab, aka Mujahideen Youth Movement) is the Salafist-Jihadist off-shoot of the Mogadishu-based Islamic Courts Union (ICU). Al-Shabaab’s leaders maintain connections with al-Qaeda, and receives financial, logistical, and rhetorical support. The group is fighting the internationally recognized TFG for control of Somalia’s southern cities, and ultimately seeks to control the entire Horn of Africa. Al-Shabaab employs IEDs in support of its broader strategy of ousting the TFG and the contingent of African Union peacekeepers (mostly from Uganda and Burundi) protecting the TFG, called the African Mission in Somalia (AMISOM). As a result, their IEDs target TFG and AMISOM personnel and operations. Al-Shabaab will continue to focus its IED efforts against TFG and AMISOM operations, primarily in Mogadishu, as part of an al-Qaeda-inspired strategy of attrition and exhaustion.

(U//FOUO) JIEDDO Patterns of IED Use in Germany and Spain 2009

JIEDDO-GermanySpainIEDs_Page_1

Despite official statistics showing a decrease in the number of arrests related to Salafist-jihadist activity, EU-based security services have thwarted numerous IED-centered plots since 2003. Many of the EU plots involve al Qaeda-networked terrorists in Afghanistan and Pakistan, and included plots in Spain, Germany, Italy, Belgium, and the United Kingdom (UK). Two recent plots are representative of the current IED threat in the EU: the Sauerland plot in Germany (2007) and the Barcelona plot in Spain (2008).

(U//FOUO) Utah Fusion Center Bulletin on Oregon Wildlife Refuge Occupier LaVoy Finicum’s Funeral

UT-SAIC-LaVoyFinicumFuneral

Recent events surrounding the occupation of the Malheur Wildlife Refuge in Harney County Oregon, have culminated in the fatal confrontation of Northern Arizona rancher, LaVoy Finicum. His funeral services will be held on 05 FEB 2016, in Kanab, UT. Finicum will be buried on 06 FEB 2016, close to his Arizona ranch in Cane Beds, AZ. While no credible threats to law enforcement are present at this time, armed extremists are expected to travel through UT; some of which may see this event as a tipping point, and potentially shift toward more violent action. A number of individuals, several of whom were present at the Burns, OR occupation, are planning caravans from UT and NV to travel to the funeral in show of support.