This Joint Intelligence Bulletin (JIB) is intended to provide a review of the tactics, techniques, and procedures demonstrated by the perpetrators of the 13 November 2015 attacks in Paris, France. This JIB does not provide analysis of any follow-on operations or operations occurring in Europe in the wake of the attacks. It relies on a variety of open source and media reporting for the analysis, which could change as official details of the post-incident investigations come to light. This JIB is intended to support the activities of DHS, FBI and NCTC to assist federal, state, and local government counterterrorism and law enforcement officials, first responders, and private-sector security partners in effectively deterring, preventing, preempting, or responding to terrorist attacks against the United States.
After the September 11, 2001 terrorist attacks, the United States adopted a preventive approach to combating all forms of terrorist activity. Efforts to combat the financing of terrorism (CFT) are a central pillar of this approach. Cutting off financial support to terrorists and terrorist organizations is essential to disrupting their operations and preventing attacks. To that end, the U.S. government has sought to identify and disrupt ongoing terrorist financing (TF) and to prevent future TF. The law enforcement community, including various components of the U.S. Departments of Justice, Homeland Security, and the Treasury, along with the intelligence community and the federal functional regulators, applies robust authorities to identify, investigate, and combat specific TF threats, enforce compliance with applicable laws and regulations, and prosecute supporters in order to deter would-be terrorist financiers. The U.S. Department of the Treasury (Treasury), which leads financial and regulatory CFT efforts for the U.S. government, employs targeted financial sanctions, formulates systemic safeguards, and seeks to increase financial transparency to make accessing the U.S. financial system more difficult and risky for terrorists and their facilitators. All of these efforts involve extensive international engagement to try to prevent any form of TF, particularly financing that does not necessarily originate in the United States, from accessing the U.S. financial system.
Since 2013, the country has experienced several waves of Libyan returnees, which also formed the backbone of the newly established ISIL in Libya. In addition, the country continues to attract foreign terrorist fighters in significant numbers from North Africa. While currently concentrated in its stronghold in Sirte, ISIL could seek local alliances to expand its territorial control, also entailing the risk of motivating additional foreign terrorist fighters to join the group in Libya.
Targeting of high profile and international events by state-sponsored or other foreign adversaries, cyber criminals and issue motivated groups is a real and persistent threat. The information contained on government systems, whether classified or unclassified, is of strategic interest to cyber adversaries. Information gathered through cyber espionage can be used to gain an economic, diplomatic or political advantage.
Mexican transnational criminal organizations (TCOs) pose the greatest criminal drug threat to the United States; no other group is currently positioned to challenge them. These Mexican poly-drug organizations traffic heroin, methamphetamine, cocaine, and marijuana throughout the United States, using established transportation routes and distribution networks. They control drug trafficking across the Southwest Border and are moving to expand their share, particularly in the heroin and methamphetamine markets.
DEA continues to identify eight major cartels currently operating in Mexico: Sinaloa, Cartel de Jalisco Nueva Generacion (New Generation Jalisco Cartel or CJNG), Beltran-Leyva Organization (BLO), Los Zetas, Gulf, Juarez/La Linea, La Familia Michoacana (LFM), and Los Caballeros Templarios (Knights Templar or LCT); however, leadership losses for LFM and LCT over the last year have significantly degraded their operational capabilities and organizational cohesion. The attached graphic illustrates fluctuations in the areas of dominant control for Mexico’s major DTOs, most notably the significant expansion of CJNG.
The DDIS Intelligence Risk Assessment gives an overview of our current intelligence-based assessments of developments in a number of countries and conflict areas and provides an outline of foreign policy issues that may impact on Denmark’s security. This year’s Risk Assessment emphasizes the terrorist threat posed by militant Islamist groups, Russia’s attempt at repositioning itself as a great power, cyber espionage against businesses and public authorities, and the conflict-ridden and unstable situation in the Middle East and North Africa. The analyses contained in this risk assessment are based on classified intelligence. The assessment is, however, unclassified and aimed at a wide audience, which limits the level of detail in analyses.
Early tests show that the Islamic State of Iraq and the Levant (ISIL) used chemical agents during an attack on Kurdish Peshmerga forces on August 11 in Makhmour, Iraq. U.S. government officials reported that preliminary tests on shell fragments indicated a presence of chemical agents, although additional analyses would be necessary to determine the full composition. Early media reports have pointed to the use of mustard agent. Overall, ISIL’s use of mustard agent appears to be largely undeveloped – although the group is likely seeking to advance its capabilities – and there is no evidence that they have used mustard agent (also known as mustard gas) against civilian interests at this point.
The National Counterintelligence Strategy of the United States of America 2016 (Strategy) was developed in accordance with the Counterintelligence Enhancement Act of 2002 (Pub.L. No. 107-306, 116 Stat. 2383 (as amended) codified at 50 U.S.C. sec. 3383(d)(2)). The Strategy sets forth how the United States (U.S.) Government will identify, detect, exploit, disrupt, and neutralize foreign intelligence entity (FIE) threats. It provides guidance for the counterintelligence (CI) programs and activities of the U.S. Government intended to mitigate such threats.
This report highlights that understanding how a terrorist organisation manages its assets is critical to starving the organisation of funds and disrupting their activities in the long term. Terrorist organisations have different needs, depending on whether they are large, small, or simply constituted of a network of seemingly isolated individuals. The section on financial management explores the use of funds by terrorist organisations, not only for operational needs but also for propaganda, recruitment and training, and the techniques used to manage these funds, including allocating specialised financial roles. The report finds that authorities need to do further work to identify and target various entities responsible for these functions.
Joint Staff Strategic Assessment: Neurobiological Insights on Radicalization and Mobilization to Violence
This concise review presents theories, findings, and techniques from the neurobiology and cognitive sciences, as well as insights from the operational community, to provide a current and comprehensive description of why individuals and groups engage in violent political behavior. This report is based primarily on recent findings from the academic community. It has been compiled with the policy, planning, and operational community as the primary audience.
The New Jersey Office of Homeland Security and Preparedness (OHSP) compiles a statewide list of special events that provides situational awareness to law enforcement, as well as to assist in local planning requirements. Special events include any events that attracts large numbers of participants. Examples include concerts, marathons, parades, sporting events, holiday gatherings, etc.
ATP 3-07.6 discusses the importance of civilian protection during unified land operations and presents guidelines for Army units that must consider the protection of civilians during their operations. Protection of civilians refers to efforts to protect civilians from physical violence, secure their rights to access essential services and resources, and contribute to a secure, stable, and just environment for civilians over the long-term. ATP 3-07.6 describes different considerations including civilian casualty mitigation and mass atrocity response operations.
(U//FOUO) FBI Counterintelligence Note: Huawei Chinese Government-Subsidized Telecommunications Company
Huawei is a threat to intellectual property and business communications due to its opaque relationship with the Chinese Government. Huawei has legal obligations to work on behalf of the Chinese state, probably through the Chinese Communist Party (CCP) committee residing within Huawei. This relationship likely influences the company’s decision-making through threats of corruption investigations.
This publication is for soldiers holding military occupation specialty (MOS) 98G and their trainer/first-line supervisor. It contains standardized training objectives in the form of task summaries that support unit missions during wartime. Soldiers holding MOS 98G should be issued or have access to this publication. It should be available in the soldier’s work area, unit learning center, and unit libraries. Trainers and first-line supervisors should actively plan for soldiers to have access to this publication. It is recommended that each 98G soldier be issued an individual copy.
These Guidelines are provided for use by law enforcement or other government entities in the U.S. when seeking information from Apple Inc. (“Apple”) about users of Apple’s products and services, or from Apple devices. Apple will update these Guidelines as necessary. This version was released on September 29, 2015.
Our BSA analysis of 6048 IP addresses associated with the Tor darknet found that in the majority of the SAR filings, the underlying suspicious activity, most frequently account takeovers, might have been prevented if the filing institution had been aware that their network was being accessed via Tor IP addresses. Darknets are Internet based networks used to access content in a manner designed to obscure the identity of the user and his or her associated Internet activity.
(U//FOUO) Two disrupted plots in Europe earlier this year highlight terrorists possible interest in impersonating first responders through the acquisition of authentic or fraudulent uniforms, equipment, vehicles, and other items which may be associated with government, military, law enforcement, fire,…
UNODC Briefing Paper Endorsing Decriminalization of Drug Use and Possession for Personal Consumption
This document clarifies the position of UNODC to inform country responses to promote a health and human rights-based approach to drug policy. It explains that decriminalising drug use and possession for personal consumption is consistent with international drug control conventions and may be required to meet obligations under international human rights law.
In the report, submitted in accordance with Human Rights Council resolution 25/2, the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression addresses the protection of sources of information and whistle-blowers. Everyone enjoys the right to access to information, an essential tool for the public’s participation in political affairs, democratic governance and accountability. In many situations, sources of information and whistle-blowers make access to information possible, for which they deserve the strongest protection in law and in practice. Drawing on international and national law and practice, the Special Rapporteur highlights the key elements of a framework for the protection of sources and whistle-blowers.
A biometric is a measurable physical characteristic or personal behavior trait used to recognize the identity or verify the claimed identity of an individual. Fingerprints are an example of a physical biometric characteristic. Behavioral biometric characteristics like handwriting are learned and acquired over time. Biometrics is the process of recognizing an individual based on measurable anatomical, physiological and behavioral characteristics. Employing biometrics can help positively identify adversaries, allies and neutral persons. This is particularly useful when facing adversaries who rely on anonymity to operate. Biometrics is not forensics even though the two can, and often are, employed in concert. Forensics involves the use of scientific analysis to link people, places, things and events while biometrics involves the use of automated processes to identify people based on their personal traits. Because of the interrelationship between biometrics and forensics, the Department of Defense (DOD) intends to develop a single concept of operation (CONOP) in the future describing how biometrics and forensics can be employed in a complementary manner.
The report presents the key findings of the Afghanistan Opium Survey 2015. The full report on cultivation and production will be published in November and a separate report with a socioeconomic analysis will be presented early 2016. The survey is implemented annually by MCN in collaboration with the UNODC. The survey team collects and analyses information on the location and extent of opium cultivation, potential opium production and the socio-economic situation in rural areas. Since 2005, MCN and UNODC have also been involved in the verification of opium eradication conducted by provincial governors and poppy-eradication forces. The information is essential for planning, implementing and monitoring the impact of measures required for tackling a problem that has serious implications for Afghanistan and the international community.
This report fulfills the requirement contained in the National Defense Authorization Act (NDAA) for Fiscal Year (FY) 2014, Section 933(e) “National Guard Assessment.” The results of the National Guard’s assessment reflect the Chief of the National Guard Bureau’s (CNGB) view for successfully integrating the National Guard into the Department of Defense’s (DoD) Cyber Mission Force (CMF) and across all Cyber missions to create a Whole of Government and Whole of Nation approach to securing U.S. cyberspace.