The ‘Locky’ malware is a ransomware variant, which has extensively utilized spam campaigns to distribute malicious files that download and execute code capable of encrypting numerous critical file types on both local and networked file stores. Encrypted files are renamed with a unique hexadecimal filename and receive the “.locky” extension. Each directory containing encrypted files contains instructions on how to utilize Bitcoin in order to pay a ransom for file recovery, and the system’s computer background is also changed to contain payment instructions. Recovery of encrypted files is impossible without data backup or acquisition of the private key due to the well-implemented, strong encryption. Historically, while payment of the ransom may result in receipt of the valid private key, enabling decryption of the targeted files, the FBI does not recommended the victim pay the ransom.
This guide is a quick reference of Unconventional Warfare (UW) theory, principles, and tactics, techniques and procedures. It is not a complete treatment of the subject. To guide further study, it includes (in annotated form) as many references as possible starting with established law, policy and doctrine, includes scientific studies, and finishes with recommended reading on the subject.
While in the United States, some of the September 11 hijackers were in contact with, and received support or assistance from, individuals who may be connected to the Saudi Government. There is information, primarily from FBI sources, that at least two of those individuals were alleged by some to be Saudi intelligence officers. The Joint Inquiry’s review confirmed that the Intelligence Community also has information, much of which has yet to be independently verified, indicating that individuals associated with Saudi Government in the United States may have other ties to al-Qa’ida and other terrorist groups. The FBI and CIA have informed the Joint Inquiry that, since the September 11 attacks, they are treating the Saudi issue seriously, but both still have only a limited understanding of the Saudi Government’s ties to terrorist elements. In their testimony, neither CIA nor FBI witnesses were able to identify definitively the extent of Saudi support for terrorist activity globally or within the United States and the extent to which such support, if it exists, is knowing or inadvertent in nature.
As of 5 May 2016, the Islamic State of Iraq and the Levant (ISIL) Sympathizer hacking group United Cyber Caliphate (UCC) defaced a Nigerian-hosted Web site, posting an html file containing the heading “USA Online Company Data Dumped by United Cyber Caliphate,” there was no other message or threat associated with the file. The file contained approximately 1,137 entries, many of which appeared to be US-based individuals with corresponding personally identifiable information (PII) fields such as name, company, e-mail, phone, city, state, and zip code. The PII was doxed from the personnel directory of a US business, according to FBI and open source reporting.
Records Related to Former NSA Director Keith Alexander’s Attendance of Bilderberg Meetings in 2008, 2009, 2011
(U//FOUO) FBI New Orleans Alert: Violence Against Law Enforcement and Riots Planned for July 8-10 2016
DHS Report Finds “Immeasurable Vulnerabilities and Attack Vectors” Against U.S. Critical Infrastructure
A Department of Homeland Security assessment released in April states that critical infrastructure throughout the U.S. faces “immeasurable vulnerabilities and attack vectors” due to the increasingly prominent role of information and communication technology (ICT) in critical infrastructure sectors. The strategic risk assessment, authored by the Office of Cyber and Infrastructure Analysis within DHS, was obtained by Public Intelligence and describes the “convergence of cyber and physical domains” as a strategic threat to the nation’s infrastructure.
Office of the Director of National Intelligence Summary of U.S. Counterterrorism Strikes Outside Areas of Active Hostilities
In accordance with the President’s direction and consistent with the President’s commitment to providing as much information as possible to the American people about U.S. counterterrorism activities, the Director of National Intelligence (DNI) is releasing today a summary of information provided to the DNI about both the number of strikes taken by the U.S. Government against terrorist targets outside areas of active hostilities and the assessed number of combatant and non-combatant deaths resulting from those strikes. “Areas of active hostilities” currently include Afghanistan, Iraq, and Syria.
The FBI has identified two Android malware families, SlemBunk and Marcher, actively phishing for specified US financial institutions’ customer credentials. The malware monitors the infected phone for the launch of a targeted mobile banking application to inject a phishing overlay over the legitimate application’s user interface. The malware then displays an indistinguishable fake login interface to steal the victim’s banking credentials. According to cyber threat industry reports, both malware families have targeted foreign financial institutions since 2014, gradually broadening the list to include Western banks, and offered the malware for lease or purchase, respectively, in underground forums. At least as of December 2015, the malware expanded its configuration to include the Android package names of US financial institutions.
The United States US Army Chief of Staff Studies Group has identified the megacity as a future challenge to the security environment. Due to their complexity, megacities present a vulnerable and challenging future operational environment. Currently, however, the US Army is incapable of operating within the megacity. The US Army must think and learn through leveraging partnerships, which enhance institutional understanding. Historical experiences and lessons learned should assist in refining concepts and capabilities needed for the megacity.
A collection obtained from a variety of sources who contributed copies of documents related to the Bilderberg Group from academic institutions. Documents contributed to the collection are sometimes photocopied and in other cases photographed page by page during visits to academic institutions, diplomatic libraries and legal archives including the Presidential Library of Dwight D. Eisenhower, the Harvard Law Library, the National Archive and the archive of former State Department official and member of the Bilderberg Steering Committee Robert Murphy held at the Hoover Institution at Stanford University.
The 64th Bilderberg meeting is set to take place from 9 – 12 June 2016 in Dresden, Germany. A total of around 130 participants from 20 countries have confirmed their attendance. As ever, a diverse group of political leaders and experts from industry, finance, academia and the media have been invited.
The Department of Homeland Security National Cybersecurity and Communications Integration Center (NCCIC) has notified the Department of Health and Human Services (HHS) of an increase in ransomware incidents at some healthcare organizations in the U.S. This Bulletin provides Healthcare and Public Health (HPH) Partners with information regarding ransomware, mitigation strategies, as well as additional materials to reference located within the HSIN HPH Cyber Threat Library.
A financially motivated cyber crime insider trading scheme targets international law firm information used to facilitate business ventures. The scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information (MNPI). This information, gained prior to a public announcement, is then used by a criminal with international stock market expertise to strategically place bids and generate a monetary profit.
The purpose of the present background paper is to provide a snapshot of policies and practices of some major US service providers regarding their “voluntary” disclosure of information to law enforcement authorities in foreign jurisdictions, and thus to facilitate discussion of future options regarding criminal justice access to electronic evidence in the cloud.
The Financial Crimes Enforcement Network (FinCEN) is issuing this advisory to provide financial institutions with information on identifying and reporting transactions possibly associated with Foreign Terrorist Fighters (FTFs) who support the Islamic State of Iraq and the Levant (ISIL), al-Qa’ida, and their affiliates in Iraq and the Lev ant region. Financial institutions may use this information to enhance their Anti-Money Laundering (AML) risk-based strategies and monitoring systems. This advisory is not intended to call into question financial institutions’ maintenance of normal relationships with other financial institutions, or to be used as basis for engaging in wholesale or indiscriminate de-risking practices.
KeySweeper is a covert device that resembles a functional Universal Serial Bus (USB) enabled device charger which conceals hardware capable of harvesting keystrokes from certain wireless keyboards. If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information. Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen.
On order and in response to natural/manmade incidents, the Defense Coordinating Officer / Defense Coordinating Element (DCO/DCE) anticipates and conducts Defense Support of Civil Authorities (DSCA) operations coordinating Title 10 forces and resources in support of the Federal Primary Agency (PA) in order to minimize impacts to the American people, infrastructure and environment.
In June 2013, reports concerning large-scale intelligence collection programmes in the U.S. raised serious concerns at both EU and Member State level about the impact on the fundamental rights of Europeans of large-scale processing of personal data by both public authorities and private companies in the United States. In response, on 27 November 2013 the Commission issued a Communication on Rebuilding Trust in EU-U.S. Data Flows setting out an action plan to restore trust in data transfers for the benefit of the digital economy, the protection of European individuals’ rights, and the broader transatlantic relationship.
Gray zone security challenges, existing short of a formal state of war, present novel complications for U.S. policy and interests in the 21st century. We have well-developed vocabularies, doctrines and mental models to describe war and peace, but the numerous gray zone challenges in between defy easy categorization. For purposes of this paper, gray zone challenges are defined as competitive interactions among and within state and non-state actors that fall between the traditional war and peace duality. They are characterized by ambiguity about the nature of the conflict, opacity of the parties involved, or uncertainty about the relevant policy and legal frameworks.
This paper was produced in support of the Strategic Multi-layer Assessment (SMA) of the Islamic State of Iraq and the Levant (ISIL) led by Joint Staff J39 in support of the Special Operations Command Central (SOCCENT). The paper leverages and melds the latest thinking of academic and operational subject matter experts in fields of organizational and social dynamics, network analysis, psychology, information operations and narrative development, social media analysis, and doctrine development related to aspects of maneuver and engagement in the narrative space.