The loosely organized hacking collective known as Anonymous has recently expressed an interest in targeting industrial control systems (ICS). This product characterizes Anonymous’ capabilities and intent in this area, based on expert input from DHS’s Control Systems Security Program/Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) in coordination with the other NCCIC components.
This product was created in response to a request for information (RFI) concerning impacts to the Pittsburgh area from the planned Occupy Pittsburgh set for October 15, 2011. This product is intended to provide the private sector and first responders information on the event and appropriate prevention and response measures. Information in this report was collected through open source materials only. Open sources used in this product may include bias and misleading information. This product is an update to a previous assessment disseminated on October 6, 2011.
The hacker collective known as ‘Anonymous’ has successfully attacked a wide range of public and private sector entities since 2003 with relatively crude tools. Historically, they rely on tools such as the Low Orbit Ion Cannon (LOIC) or Botnets to deny access to websites, or hijack or deface web pages and post quasi-political statements, or perform other malicious activity. Since many of these older tools made it relatively easy for law enforcement and other government forces to identify the source of an attack and then arrest the perpetrator, Anonymous members may have recognized a need to have more advanced tools that offered a lesser degree of exposure. They recently claimed to have developed and possibly employed several new cyber attack tools for use in their self-proclaimed ‘internet civil disobedience’ campaigns. The NCCIC, coordinating with several of its partners, believes there are at least four new tools being shared among and employed by Anonymous members: #RefRef, Apache Killer, Anonware, and Universal Rapid Gamma Emitter (URGE).
The FBI assesses that the hacktivist group Anonymous is likely to participate in the “Day of Rage” protest scheduled for 17 September 2011 in New York City‟s financial district. While the extent of group members‟ participation in the event is unknown, in late August 2011 Anonymous endorsed the event through propaganda consisting of a video posted on YouTube and a campaign poster, as well as references in their Twitter accounts. In the past, Anonymous has been involved in physical protests that coincided with planned cyber attacks. This could indicate an intention to conduct a cyber attack in conjunction with the “Day of Rage” protest.
As you know, for over three weeks, Zuccotti Park (the “Park”) has been used by “Occupy Wall Street” and other protesters as their home base. The Park is owned by a Brookfield affiliate and was recently renovated at Brookfield’s considerable expense as an amenity for the general public. It is intended to be a relaxing tree-filled oasis in the midst of the hustle and bustle of Lower Manhattan. We fully support the rights of free speech and assembly, but the manner in which the protesters are occupying the Park violates the law, violates the rules of the Park, deprives the community of its rights of quiet enjoyment to the Park, and creates health and public safety issues that need to be addressed immediately. Within the Park, the protesters have set up living spaces with tarpaulins, mattresses, sleeping bags, tables, bookshelves, gasoline-powered generators and other items that arc inconsistent with the rules and normal public use of the Park. At all hours of the day and night, protesters arc sleeping on benches and walkways, blocking normal pedestrian access to the general public and preventing cleaning and maintenance workers from performing necessary upkeep. When not blocked by protesters, the walkways throughout the Park are blocked by the various items and equipment brought to the Park by the protesters.
Northern California Regional Intelligence Center presentation on “Fusion Centers Information Sharing, Analysis and Coordination” from October 2011.
The following photos are from a fascinating series by Eddie McShane called The Occupiers. A description of the series was provided by McShane: “I live in New York City and until yesterday had not gone to Zucotti Park to see…
As part of a systematic evaluation framework, agency policies should ensure organizational competence, evaluations of a system’s effectiveness and privacy protections, executive review, and appropriate transparency throughout the system’s life cycle. While DHS and three of its component agencies—U.S. Customs and Border Protection, U.S. Immigration and Customs Enforcement, and the U.S. Citizenship and Immigration Services—have established policies that address most of these key policy elements, the policies are not comprehensive. For example, DHS policies do not fully ensure executive review and transparency, and the component agencies’ policies do not sufficiently require evaluating system effectiveness. DHS’s Chief Information Officer reported that the agency is planning to improve its executive review process by conducting more intensive reviews of IT investments, including the data-mining systems reviewed in this report. Until such reforms are in place, DHS and its component agencies may not be able to ensure that critical data mining systems used in support of counterterrorism are both effective and that they protect personal privacy.
The total area under opium poppy cultivation in Afghanistan in 2011 was estimated at 131,000 hectares (ha), a 7% increase compared to 2010. 95% of total cultivation took place in nine provinces in the Southern and Western regions, which include the most insecure provinces in the country. This confirms the link between insecurity and opium cultivation observed since 2007. The number of poppy-free provinces decreased from 20 in 2010 to 17 in 2011 as Baghlan and Faryab provinces in the Northern region and Kapisa province in the Eastern region lost their poppy-free status. Potential opium production in 2011 was estimated at 5,800 mt, a 61% increase compared to 2010, when opium yields were much reduced due to plant diseases.
From October 2010 to August 2011, the United Nations Assistance Mission in Afghanistan (UNAMA) interviewed 379 pre‐trial detainees and convicted prisoners at 47 detention facilities in 22 provinces across Afghanistan. In total, 324 of the 379 persons interviewed were detained by National Directorate of Security (NDS) or Afghan National Police (ANP) forces for national security crimes ‐ suspected of being Taliban fighters, suicide attack facilitators, producers of improvised explosive devices, and others implicated in crimes associated with the armed conflict in Afghanistan. Interviews were conducted at facilities including ANP detention centres, NDS facilities, Ministry of Justice prisons and juvenile rehabilitation centres; as a result of transfers, the interviews dealt with detainees located in 24 of Afghanistan’s 34 provinces. With two exceptions, Government officials from the ANP, NDS, Ministry of Justice and other departments cooperated with UNAMA and provided full access to detainees and facilities. UNAMA acknowledges the critical and extremely difficult role that NDS and ANP have in safeguarding national security in the current situation of armed conflict in Afghanistan. Torture and Abuse of Detainees by NDS and ANP UNAMA’s detention observation found compelling evidence that 125 detainees (46 percent) of the 273 detainees interviewed who had been in NDS detention experienced interrogation techniques at the hands of NDS officials that constituted torture, and that torture is practiced systematically in a number of NDS detention facilities throughout Afghanistan. Nearly all detainees tortured by NDS officials reported the abuse took place during interrogations and was aimed at obtaining a confession or information. In almost every case, NDS officials stopped the use of torture once detainees confessed to the crime of which they were accused or provided the requested information. UNAMA also found that children under the age of 18 years experienced torture by NDS officials. More than one third of the 117 conflict‐related detainees UNAMA interviewed who had been in ANP detention experienced treatment that amounted to torture or to other cruel, inhuman or degrading treatment.
Abusive activity on the internet continues to rise, and public concern about the safety of the internet is clear. Verisign is aware that some reports have sought to portray the com/net TLDs as being at risk from maliciousness. All parts of the internet community are feeling the pressure to be more proactive in dealing with malicious activity. ICANN has recognized this and the new gTLD Applicant Guidebook requires new gTLDs to adopt a clear definition of rapid takedown or suspension systems that will be implemented. To address concerns over malware, Verisign is seeking to (i) provide a malware scanning service to assist registrars in identifying legitimate sites that have been infected and (ii) establish an anti-abuse policy to facilitate the takedown of abusive non-legitimate sites.
(U//LES) El Paso Intelligence Center Bulletins: Drug-Smuggling Ambulance, Cocaine in Tin Cans, Contaminated Pot
Three bulletins from the El Paso Intelligence Center on a drug-smuggling ambulance, cocaine hidden in tin cans and pot contaminated with Halon.
Criminal complaint issued in the Iran-linked plot to assassinate the Saudi Arabian ambassador to the United States, USA vs. MANSSOR ARBABSIAR a/k/a “Mansour Arbabsiar” and GHOLAM SHAKURI a/k/a “Ali Gholam Shakuri”.
The full text version of a notice first tweeted, then physically handed out to protesters at the Occupy Boston Rally reminding them that the Boston Police Department “Respects Your Right to Peacefully Protest.” The note should be juxtaposed against the events which later transpired, including a large number of arrests well documented in photos and video.
Los Angeles Joint Drug Intelligence Group Intelligence Bulletin on Diverted Pharmaceuticals & Gang Distribution from March 2010.
On 21 Sep 11, USACIDC reported the CRIPS have put out an order to shoot any Solider in uniform on sight in retaliation for the shooting of their members by Soldiers earlier in the week. The Lawton Oklahoma Police Department has confirmed the CRIPS have threatened to kill soldiers in uniform. The threat stems from when the soldiers, in retaliation for drug rip off, entered the off-post residence of the CRIPS, robbed and subsequently shot some of the CRIPS members. Three of the victims were identified as members of the “107 Hoover CRIPS.”
This order directs structural reforms to ensure responsible sharing and safeguarding of classified information on computer networks that shall be consistent with appropriate protections for privacy and civil liberties. Agencies bear the primary responsibility for meeting these twin goals. These structural reforms will ensure coordinated interagency development and reliable implementation of policies and minimum standards regarding information security, personnel security, and systems security; address both internal and external security threats and vulnerabilities; and provide policies and minimum standards for sharing classified information both within and outside the Federal Government. These policies and minimum standards will address all agencies that operate or access classified computer networks, all users of classified computer networks (including contractors and others who operate or access classified computer networks controlled by the Federal Government), and all classified information on those networks.
DHS Human Factors/Behavioral Sciences Division presentation on social network analysis, behavioral threat detection and biometrics programs as of May 2009.
Overview presentation from 2007 regarding the Future Attribute Screening Technology Mobile Module (FAST M2), a system for identifying potential threats via behavioral analysis.
Customs and Border Protection Bandidos Motorcycle Club global distribution map produced in May 2010.
Confidential Draft of U.S. Treasury “Volcker Rule” Restrictions on Proprietary Trading With Hedge Funds
The OCC, Board, FDIC, and SEC (individually, an “Agency,” and collectively, “the Agencies”) are requesting comment on a proposed rule that would implement Section 619 of the Dodd-Frank Wall Street Reform and Consumer Protection Act (“Dodd-Frank Act”) which contains certain prohibitions and restrictions on the ability of a banking entity and nonbank financial company supervised by the Board to engage in proprietary trading and have certain interests in, or relationships with, a hedge fund or private equity fund.
Department of Homeland Ssecurity Bomb-Making Awareness Program (BMAP) Law Enforcement and Private Sector User Guides along with accompanying promotional posters from 2009.
According to multiple media reports, on 7 September an explosion occurred inside the reception area of the Delhi High Court in New Delhi, India at approximately 10:00am local time. The blast killed at least 11 people and injured some 76 others. Indian authorities reported to the press that the explosives were inside a briefcase left in a reception area in between the security gates of the High Court. India’s National Security Guard Director indicated that the device contained ammonium nitrate, which was also used in the most recent bomb against the court complex on 25 May. Harakat-ul-Jihad al-Islami (HUJI) claimed responsibility for the blast in an e-mail message and demanded that India repeal the death sentence of Afzal Guru, who was convicted of attacking the Indian Parliament building in 2001 and is awaiting execution.
These photos and videos depict a New York Police Department Lieutenant named Connolly striking protesters blindly with a baton. This man has been identified as Lt. Brian Connolly of the 9th Precinct, who was awarded the Medal for Valor in…
A method is described for tracking information about the activities of users of a social networking system while on another domain. The method includes maintaining a profile for each of one or more users of the social networking system, each profile identifying a connection to one or more other users of the social networking system and including information about the user. The method additionally includes receiving one or more communications from a third-party website having a different domain than the social network system, each message communicating an action taken by a user of the social networking system on the thirdparty website. The method additionally includes logging the actions taken on the third-party website in the social networking system, each logged action including information about the action. The method further includes correlating the logged actions with one or more advertisements presented to the one or more users on the third-party website as well as correlating the logged actions with a user of the social networking system.