The intent of U.S. UW efforts is to exploit a hostile power’s political, military, economic, and psychological vulnerabilities by developing and sustaining resistance forces to accomplish U.S. strategic objectives. Historically, the military concept for the employment of UW was primarily in support of resistance movements during general-war scenarios. While this concept remains valid, the operational environment since the end of World War II has increasingly required U.S. forces to conduct UW in scenarios short of general war (limited war). Enabling a resistance movement or insurgency entails the development of an underground and guerrilla forces, as well as supporting auxiliaries for each of these elements. Resistance movements or insurgencies always have an underground element. The armed component of these groups is the guerrilla force and is only present if the resistance transitions to conflict. The combined effects of two interrelated lines of effort largely generate the end result of a UW campaign. The efforts are armed conflict and subversion. Forces conduct armed conflict, normally in the form of guerrilla warfare, against the security apparatus of the host nation (HN) or occupying military. Conflict also includes operations that attack and degrade enemy morale, organizational cohesion, and operational effectiveness and separate the enemy from the population. Over time, these attacks degrade the ability of the HN or occupying military to project military power and exert control over the population. Subversion undermines the power of the government or occupying element by portraying it as incapable of effective governance to the population.
U.S. Navy
(U//FOUO) U.S. Navy WikiLeaks Safeguarding Classified National Security Information Recommendations
PROTECTING INFORMATION CRITICAL TO OUR NATION’S SECURITY IS THE RESPONSIBILITY OF EVERYONE. THAT RESPONSIBILITY BECOMES MORE COMPLEX IN AN ELECTRONIC ENVIRONMENT. IT IS INCUMBENT UPON US ALL TO PROMOTE GOOD SECURITY PRACTICES ON THE NETWORK, MAINTAINING AN INFORMATION ADVANTAGE WHILE BALANCING INFORMATION SECURITY. WE OWE IT TO OURSELVES AND OUR FELLOW SAILORS AND MARINES TO PROTECT VITAL INFORMATION NECESSARY TO FIGHT AND WIN. REFS A THROUGH E ARE INTENDED TO IMPROVE THE BASIC PRINCIPLES AND PRACTICES OF INFORMATION SECURITY. THESE PRINCIPALS AND PRACTICES NEED TO BECOME OUR STANDARD AND NOT THE EXCEPTION.
Texas
(U//FOUO/LES) Arlington Police Department Khalid Ali‐M Aldawsari Saudi IED Plot Advisory
On 02/23/2011 Khalid Ali‐M Aldawsari (pictured left), a Saudi national currently attending college at South Plains College, near Lubbock, Texas, was arrested on federal terrorism charges. Aldawsari was charged with attempted use of a weapon of mass destruction (WMD), in connection with the alleged purchase of chemicals and equipment necessary to make an improvised explosive device (IED), in addition to research into possible U.S. based targets. Court documents advise that Aldawsari had performed internet research on how to construct an IED, using chemical components. It has also been alleged he had acquired/taken major steps in acquiring the necessary components and equipment needed to build such a device. According to court documents, on 02/01/2011 a chemical supplier reported to the FBI a suspicious purchase of concentrated phenol, by a man named Khalid Aldawsari. Although the toxic chemical phenol can have legitimate uses; it can also be used to make explosives. Concentrated sulfuric and nitric acids, beakers, flasks, clocks, wiring, and a Hazmat suit were found during 2 FBI searches of Aldawsari’s apartment.
Corporate
HBGary Morgan Stanley CERT Physical Memory Standard Operating Procedures
Memory forensics allows MSCERT to become more effective and agile regarding the acquisition of actionable intelligence. Traditional disk forensic approaches to investigations are slow and non-scalable. Large amounts of data must be acquired, transferred, and then analyzed. Memory forensics reveal what the true running state of a target system is at the time of acquisition. Hidden processes and other system activities are made available to an analyst by analyzing a smaller set of data than disk forensics. This document details Morgan Stanley’s (MS) Standard Operating Procedures (SOPs) for acquiring and analyzing physical memory using the HBGary forensic toolset. Fastdump Professional and Responder Professional usage are detailed through a case study methodology.
Corporate, Department of Defense
HBGary DoD Cyber Warfare Support Work Statement
Cyber Warfare is warfare in the Cyberspace domain, which is defined by the SECDEF as “a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the internet, telecommunications networks, computer systems and embedded processors and controllers.” Cyber Warfare encompasses Computer Network Operations (e.g. Attack, Defend and Exploit,) Information Assurance, and the network operations that encompass Command, Control, Communications, Intelligence, Surveillance and Reconnaissance (C4ISR) and Information Operations (IO) functions that occur within the Cyberspace domain. This includes Computer Network Operations (CNO) against automated systems (e.g. C4ISR), and the interaction between the physical, social and biological networks that define human-machine interaction.
Corporate
Internal BP Azerbaijan Subsea Drilling Safety, Security, Environmental Procedure Manuals
A .zip file containing more than one-hundred internal BP documents relating to Health, Safety, Security and Environment (HSSE) procedures for the company’s operations in Azerbaijan (Azerbaijan Business Unit/AzSPU). The titles of all the documents contained in the file are listed below. Most of the documents are classified internally within BP at the Document Control Tier 2 level. Many of the documents appear to reflect procedural revisions made following the 2010 oil spill in the Gulf of Mexico.
Congressional Research Service
Africa: U.S. Foreign Assistance Issues
U.S. aid to Africa initially reached a peak in 1985, when global competition with the Soviet Union was at a high point. After the cold war ended, security assistance levels for Africa began to decline. In 1995, at the outset of the 104th Congress, substantial reductions in aid to Africa had been anticipated, as many questioned the importance of Africa to U.S. national security interests in the post-cold war era. As the debate went forward, however, congressional reports and bills emphasized U.S. humanitarian, economic, and other interests in Africa. Aid levels did fall, but gradually began to increase again in FY1997. U.S. assistance to Africa is reaching new highs due to a significant increase in health care sectors under the Global Health and Child Survival (GHCS) program. U.S. aid to Africa nearly quadrupled from $1.2 billion in FY2006 to $6.7 billion in FY2010. Moreover, the United States is the leading donor of humanitarian assistance to Africa. Between FY1999 and FY2009, the United States provided over $10.1 billion to East and Central African countries and an estimated $2.2 billion to Southern Africa countries.
Congressional Research Service
Libya: Background and U.S. Relations
Major anti-government protests broke out in Libya on February 15 and have since intensified, eliciting violent government responses. The demonstrations are in opposition to the 42-year regime of Libya’s leader, Muammar al Qadhafi. As of February 18, some sources have reported that opposition forces have taken over areas of Benghazi, Libya’s second-largest city, and its surroundings in Libya’s northeastern Mediterranean region of Cyrenaica.
Congressional Research Service
Bahrain: Reform, Security, and U.S. Policy
After experiencing serious unrest during the late 1990s, Bahrain undertook several steps to enhance the inclusion of the Shiite majority in governance. However, protests erupting following the uprising that overthrew Egyptian President Hosni Mubarak on February 11, 2011, demonstrate that Shiite grievances over the distribution of power and economic opportunities remain unsatisfied. The new unrest comes four months after smaller protests against the efforts by the Sunni-led government’s efforts to maintain its tight grip on power in the October 23, 2010, parliamentary election. That election, no matter the outcome, would not have unseated the ruling Al Khalifa family from power, but the Shiite population was hoping that winning a majority in the elected lower house could give it greater authority with which to challenge the ruling family. In advance of the elections, the government launched a wave of arrests intended to try to discredit
some of the hard-line Shiite leadership as tools of Iran.
North Atlantic Treaty Organization
NATO Sensors for Urban Operations Technical Report
Increasingly NATO nations are being involved in military operations that are radically different from traditional scenarios, and that involve operations in towns and cities that may be occupied by a combination of non-combatants and hostile forces. This will lead to requirements for new concepts of operations to be developed, and the impact of novel sensors, or novel ways of deploying or using existing sensors to be investigated. Previous studies have looked at the requirements for operations in this new theatre but have not addressed sensor characteristics or limitations specifically.
Headline
Gaddafi Billboards and Signage
The following photos date back as far as 2007 and demonstrate the presence of Gaddafi on signs and billboards throughout Libya. Sometimes he even appears on commemorative stamps. Many of the signs are promoting anniversaries of the Libyan Revolution that…
New York
New York Enhanced Security Guard Training Program Instruction Plan
Eighty-five percent of the critical infrastructure in the United States belongs to private enterprise and corporations. Thus, security guards are literally one of the nation’s first groups of defenders and play an integral role in prevention and deterrence efforts. Success in prevention and deterrence of both general crime, and terrorist acts as well, begins with the establishment of a baseline and maintenance of a robust all-hazards and all-crimes management infrastructure. The professional security guard industry in New York State with an excess of 140,000 certified security guards inhabit that baseline. This program will provide security guards with the basic awareness of terrorism issues that can potentially affect responsibilities within the purview of their employment. It will improve observation, detection and reporting capabilities while enhancing coordination capability with other emergency response professionals. Additionally, this program will elaborate on previously provided instruction, thereby elevating participants’ familiarity with access control issues and security technology.
United States
US National Grid Training Information and Maps
US National Grid Training Information, Grid Reader, and Demonstration Maps.
Intelligence Fusion Centers, Louisiana
(U//FOUO) Louisiana State Analytical & Fusion Exchange (LA-SAFE) Overview
FOUO Louisiana State Analytical & Fusion Exchange (LA-SAFE) Overview from February 2011.
Florida, Intelligence Fusion Centers
(U//FOUO) CFIX Chemical Suicide Identification Guide
FOUO Central Florida Intelligence Exchange Chemical Suicide Identification Guide for 911 Communications, February 2011.
Corporate
HBGary Qosmos Deep Packet Inspection White Paper
Given the massive volumes of data that the U.S. and other governments must manage and the volume of traffic across IT networks, government-wide security solutions pose significant technical challenges. According to Phil Bond, president of TechAmerica, “Now more than ever, a partnership between the public and private sectors in leveraging IT to achieve a more transparent government is essential to securing the public’s safety.”
Arizona, Intelligence Fusion Centers
(U//LES) Arizona Fusion Center Warning: Police Officers Targeted on Facebook
On October 28, 2010 a DUI traffic stop by MCSO uncovered a CD containing multiple photographs and names of over 30 Phoenix PD officers and civilian employees. All of the names and photographs found on the CD were obtained from Facebook and reveal the identity of several patrol and undercover officers. All officers who were identified on the CD have been notified. It is unknown how many more CDs (if any) may be circulating. This information is provided for Officer Safety and Situational Awareness purposes.
Corporate
HBGary QinetiQ Cyber Attack Response Report
Beginning in March 2010, HBGary, Inc. was contracted to assist in the identification, analysis, and removal of malware from QinetiQ North America (QNA) internal systems. This was in response to what QNA believed to be an organized and sophisticated cyber attack involving the potential theft of ITAR controlled data. HBGary was given background on the attack, which included information on targeted attacks on digital data systems that have occurred in the past.
Headline
Bahrain Protest Carnage Photos February 2011
The following photos are from Salmaniya Hospital, Thursday 17 February 2011 following protests in Pearl Square in Manama, Bahrain. The photos were taken by the Islamic Human Rights Commission and some of them are extremely graphic.
Federal Bureau of Investigation
(U//FOUO) FBI Terrorist Training and Recruitment of CONUS Subjects: Lackawanna, Portland, and Northern Virginia
This assessment addresses the central role of terrorist training in three significant post-9/11 continental United States (CONUS) terrorism investigations: Lackawanna, Portland, and Northern Virginia. This assessment does not address other individuals who may have sought training independently, nor does it address groups of individuals who sought training in regions outside of South or Central Asia.
Department of State
U.S. State Department OSAC: Is China Next for Social Unrest?
The recent social unrest and subsequent government overthrows in Egypt and Tunisia have had deep reverberations not only around the Middle East, but throughout the world. While speculation proliferates about which country will be the next to experience such tumult, a critical analysis of important variables present in both countries should be applied to any other country when making this assessment. In this report, those variables will be analyzed with respect to the People’s Republic of China, and the probability it will be the next country to experience social unrest.
Corporate
HBGary Windows Rootkit Analysis Report
This report focuses on Windows Rootkits and their affects on computer systems. We also suggest that combining deployment of a rootkit with a BOT makes for a very stealth piece of malicious software. We have used various monitoring tools on each of the rootkits and have included most but not all of the monitor logs due to space constraints. However, if a log is needed for perusal it is available. Some of the rootkits we investigated contained readme files which were, for the most part, quite informative and actually substantiated some of our monitoring log findings. For the rootkits that contained readme files we have either included them within the document or have included a link for them. At the beginning of this report we have included clean monitoring logs from two different tools that we employed on the rootkits. We have other clean logs but did not include them for the sake of space. Once more, as the logs for the rootkits will be available if needed so will these clean logs.
Transportation Security Administration
(U//FOUO) TSA Liquid and Natural Gas Pipeline Threat Assessment 2011
The Transportation Security Administration’s (TSA’s) mission includes enhancing the security preparedness of U.S. hazardous liquid and natural gas pipeline systems. This TSA Office of Intelligence (TSA-OI) threat assessment primarily addresses the potential for attacks against the pipeline industry in the Homeland and assesses the tactics, techniques, and procedures (TTPs) used in attacks against pipelines and related infrastructure overseas for their potential use by terrorists in the Homeland.
Transportation Security Administration
(U//FOUO) TSA Pipeline Security Smart Practices Report
U.S. hazardous liquids and natural gas pipelines are critical to the nation’s commerce and economy and, as a consequence, they can be attractive targets for terrorists. Before September 11, 2001, safety concerns took precedence over physical and operational security concerns for a majority of pipeline operators. Security matters were mainly limited to prevention of minor theft and vandalism. The terrorist attacks of 9/11 forced a thorough reconsideration of security, especially with respect to critical infrastructure and key resources. Pipeline operators have responded by seeking effective ways to incorporate security practices and programs into overall business operations.
Intelligence Fusion Centers, Louisiana
(U//LES) LA-SAFE Geomagnetic Storm Warning
A series of coronal mass ejections (CMEs) are en route to Earth from a sunspot which will buffet the Earth’s magnetic field during the next 12 to 60 hours. These CMEs are a result of the strongest solar flare in more than four years, which peaked on February 15th and registered as an X-flare. X-flares are the strongest type of solar flare. NOAA forecasters estimate a 45% chance of geomagnetic activity on February 17, 2011. Geomagnetic storms usually last 24 to 48 hours, but some may last for many days. They also have the capability of disrupting communication systems, navigation systems and electric grids.