In accordance with the President’s direction and consistent with the President’s commitment to providing as much information as possible to the American people about U.S. counterterrorism activities, the Director of National Intelligence (DNI) is releasing today a summary of information provided to the DNI about both the number of strikes taken by the U.S. Government against terrorist targets outside areas of active hostilities and the assessed number of combatant and non-combatant deaths resulting from those strikes. “Areas of active hostilities” currently include Afghanistan, Iraq, and Syria.
The FBI has identified two Android malware families, SlemBunk and Marcher, actively phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface. The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. According to cyber threat industry reports, both malware families have targeted foreign financial institutions since 2014, gradually broadening the list to include Western banks, and offered the malware for lease or purchase, respectively, in underground forums. At least as of December 2015, the malware expanded its configuration to include the Android package names of US financial institutions.
The United States US Army Chief of Staff Studies Group has identified the megacity as a future challenge to the security environment. Due to their complexity, megacities present a vulnerable and challenging future operational environment. Currently, however, the US Army is incapable of operating within the megacity. The US Army must think and learn through leveraging partnerships, which enhance institutional understanding. Historical experiences and lessons learned should assist in refining concepts and capabilities needed for the megacity.
A collection obtained from a variety of sources who contributed copies of documents related to the Bilderberg Group from academic institutions. Documents contributed to the collection are sometimes photocopied and in other cases photographed page by page during visits to academic institutions, diplomatic libraries and legal archives including the Presidential Library of Dwight D. Eisenhower, the Harvard Law Library, the National Archive and the archive of former State Department official and member of the Bilderberg Steering Committee Robert Murphy held at the Hoover Institution at Stanford University.
The 64th Bilderberg meeting is set to take place from 9 – 12 June 2016 in Dresden, Germany. A total of around 130 participants from 20 countries have confirmed their attendance. As ever, a diverse group of political leaders and experts from industry, finance, academia and the media have been invited.
The Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC) has notified the Department of Health and Human Services (HHS) of an increase in ransomware incidents at some healthcare organizations in the U.S. This Bulletin provides Healthcare and Public Health (HPH) Partners with information regarding ransomware, mitigation strategies, as well as additional materials to reference located within the HSIN HPH Cyber Threat Library.
A financially motivated cyber crime insider trading scheme targets international law firm information used to facilitate business ventures. The scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information (MNPI). This information, gained prior to a public announcement, is then used by a criminal with international stock market expertise to strategically place bids and generate a monetary profit.
The purpose of the present background paper is to provide a snapshot of policies and practices of some major US service providers regarding their “voluntary” disclosure of information to law enforcement authorities in foreign jurisdictions, and thus to facilitate discussion of future options regarding criminal justice access to electronic evidence in the cloud.
The Financial Crimes Enforcement Network (FinCEN) is issuing this advisory to provide financial institutions with information on identifying and reporting transactions possibly associated with Foreign Terrorist Fighters (FTFs) who support the Islamic State of Iraq and the Levant (ISIL), al-Qa’ida, and their affiliates in Iraq and the Lev ant region. Financial institutions may use this information to enhance their Anti-Money Laundering (AML) risk-based strategies and monitoring systems. This advisory is not intended to call into question financial institutions’ maintenance of normal relationships with other financial institutions, or to be used as basis for engaging in wholesale or indiscriminate de-risking practices.
KeySweeper is a covert device that resembles a functional Universal Serial Bus (USB) enabled device charger which conceals hardware capable of harvesting keystrokes from certain wireless keyboards. If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information. Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen.
On order and in response to natural/manmade incidents, the Defense Coordinating Officer / Defense Coordinating Element (DCO/DCE) anticipates and conducts Defense Support of Civil Authorities (DSCA) operations coordinating Title 10 forces and resources in support of the Federal Primary Agency (PA) in order to minimize impacts to the American people, infrastructure and environment.
In June 2013, reports concerning large-scale intelligence collection programmes in the U.S. raised serious concerns at both EU and Member State level about the impact on the fundamental rights of Europeans of large-scale processing of personal data by both public authorities and private companies in the United States. In response, on 27 November 2013 the Commission issued a Communication on Rebuilding Trust in EU-U.S. Data Flows setting out an action plan to restore trust in data transfers for the benefit of the digital economy, the protection of European individuals’ rights, and the broader transatlantic relationship.
Gray zone security challenges, existing short of a formal state of war, present novel complications for U.S. policy and interests in the 21st century. We have well-developed vocabularies, doctrines and mental models to describe war and peace, but the numerous gray zone challenges in between defy easy categorization. For purposes of this paper, gray zone challenges are defined as competitive interactions among and within state and non-state actors that fall between the traditional war and peace duality. They are characterized by ambiguity about the nature of the conflict, opacity of the parties involved, or uncertainty about the relevant policy and legal frameworks.
This paper was produced in support of the Strategic Multi-layer Assessment (SMA) of the Islamic State of Iraq and the Levant (ISIL) led by Joint Staff J39 in support of the Special Operations Command Central (SOCCENT). The paper leverages and melds the latest thinking of academic and operational subject matter experts in fields of organizational and social dynamics, network analysis, psychology, information operations and narrative development, social media analysis, and doctrine development related to aspects of maneuver and engagement in the narrative space.
The Department of Homeland Security Office of Cyber and Infrastructure Analysis (DHS OCIA) produces cyberdependency papers to address emerging risks to critical infrastructure and provide increased awareness of the threats, vulnerabilities, and consequences of those risks to the Homeland. This note informs infrastructure and cybersecurity analysts about the potential consequences of cyber-related incidents in the Nuclear Reactors, Materials, and Waste Sector and its resilience to such incidents. This note also clarifies how computer systems support infrastructure operations, how cybersecurity incidents compromise these operations, and the likely functional outcome of a compromise.
The NJ ROIC currently has no specific indication of any credible specific threats to transportation facilities. However, with the rise in “self-radicalized” actor(s), and homegrown violent extremists (HVEs) influenced by ISIL and other terror groups, targeted violent attacks to any of these sectors could occur with little or no notice by an individual(s) who has not yet garnered law enforcement attention. This advisory highlights recent transportation concerns in the wake of the recent attacks in Belgium.
The FBI previously identified that the actor(s) exploit Java-based Web servers to gain persistent access to a victim network and infect Windows-based hosts. The FBI also indicated that several victims have reported the initial intrusion occurred via JBOSS applications. Further analysis of victim machines indicates that, in at least two cases, the attackers used a Python tool, known as JexBoss, to probe and exploit target systems. Analysis of the JexBoss Exploit Kit identified the specific JBoss services targeted and vulnerabilities exploited. The FBI is distributing these indicators to enable network defense activities and reduce the risk of similar attacks in the future.
On Oct. 3, 2015, members of U.S. Forces-Afghanistan (USFOR-A) supporting a partnered Afghan force, conducted a combat operation that struck Trauma Center in Kunduz operated by Médecins Sans Frontières (MSF), also known as “Doctors without Borders.” U.S. Army Gen. John Campbell, then the Commander of USFOR-A, directed an investigation to determine the cause of this incident. The lead investigating officer was Army Maj. Gen. William Hickman. He was assisted by Air Force Brig. Gen. Robert Armfield and Army Brig. Gen Sean Jenkins. All three generals were brought in from outside Afghanistan in order to provide an objective perspective. The investigation team included over a dozen subject matter experts from several specialty fields.
Syria and its ongoing civil war represent an operational environment (OE) that includes many of the characteristics illustrative of the complexities of modern warfare. Now in its fourth year, the civil war in Syria has lured a variety of threat actors from the Middle East and beyond. What began as a protest for improved opportunities and human rights has devolved into a full-scale civil war. As the Syrian military and security forces fought to subdue the civil unrest across the country, these protest groups responded with increasing violence aided by internal and external forces with a long history of terrorist activity. Ill-suited for the scale of combat that was unfolding across the country, Syrian forces turned to their allies for help, including Hezbollah and Iran. The inclusion of these forces has in many ways transformed the military of President Bashar al Assad from a conventional defensive force to a counterinsurgency force.
This Tactical Action Report (TAR) provides information on the capture and subsequent recapture of Sinjar, a town at the foot of the Sinjar Mountains. The Nineveh Offensive, of which Sinjar was a key target, led to the capture of a large part of northern Iraq and included the occupation of Mosul. ISIL pushed Peshmerga forces from the area and threatened Erbil, the government seat of the KRG in 2014. A growing humanitarian crisis developed as ISIL began purging villages in the Sinjar area of the minority group known as Yazidis. Thousands were killed, kidnapped, or forced to flee their homes. Many Yazidis retreated to the Sinjar Mountains where they were besieged by ISIL fighters. These circumstances led to President Barack Obama ordering air strikes to protect Erbil, where US military advisors were headquartered, and to relieve the displaced Yazidi civilians. Over a year later Peshmerga fighters, with the help of other Kurdish factions, pushed ISIL forces out of Sinjar and other surrounding areas and severed a key supply route connecting ISIL-held Raqqa, Syria, with Mosul, Iraq.
(U//FOUO) DHS-FBI-NCTC Bulletin: Tactics, Techniques, and Procedures Used in March 2016 Brussels Attacks
This Joint Intelligence Bulletin (JIB) is intended to provide a review of the tactics, techniques, and procedures demonstrated by the perpetrators of the 22 March 2016 attacks in Brussels, Belgium. The analysis in this JIB is based on statements by European government and law enforcement officials cited in media reporting and is subject to change with the release of official details from post-incident investigations. This JIB is provided by DHS, FBI, and NCTC to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials, first responders and private sector partners in deterring, preventing, preempting, or disrupting terrorist attacks against the United States.