DHS Human Factors/Behavioral Sciences Division presentation on social network analysis, behavioral threat detection and biometrics programs as of May 2009.
Overview presentation from 2007 regarding the Future Attribute Screening Technology Mobile Module (FAST M2), a system for identifying potential threats via behavioral analysis.
Department of Homeland Ssecurity Bomb-Making Awareness Program (BMAP) Law Enforcement and Private Sector User Guides along with accompanying promotional posters from 2009.
According to multiple media reports, on 7 September an explosion occurred inside the reception area of the Delhi High Court in New Delhi, India at approximately 10:00am local time. The blast killed at least 11 people and injured some 76 others. Indian authorities reported to the press that the explosives were inside a briefcase left in a reception area in between the security gates of the High Court. India’s National Security Guard Director indicated that the device contained ammonium nitrate, which was also used in the most recent bomb against the court complex on 25 May. Harakat-ul-Jihad al-Islami (HUJI) claimed responsibility for the blast in an e-mail message and demanded that India repeal the death sentence of Afzal Guru, who was convicted of attacking the Indian Parliament building in 2001 and is awaiting execution.
DHS Interagency Remote Sensing Coordination Cell (IRSCC) briefing from July 2011.
The recent ten-year anniversary of the September 11 attacks brought a deluge of news regarding the transformation of the United States in the wake of the most devastating terrorist attacks in the country’s history. Many reports focused on debating the efficacy, or lack thereof, of policies implemented over the decade since the attacks occurred. One set of particularly revealing reports from the Center for Investigative Journalism discussed suspicious activity reporting at the Mall of America and the transformation of Homeland Security following September 11. Some publications discussed the waste inherent in the Department of Homeland Security (DHS) and its various grant programs. In addition to these critical evaluations of security policy, a number of public relations pieces from the national network of fusion centers appeared in local publications around the country. A local television station in Michigan covered the state’s local fusion center, having “unprecedented access” to walk around inside without cameras. Another piece from Tennessee discussed the Tennessee Bureau of Investigation’s fusion center, ending with appeals for viewers to report suspicious activity and “say something” if they “see something”. Articles from other states including Arkansas and Alabama, sometimes written by Homeland Security officials, emphasized the important work of their local fusion centers and the continued need for funding and support.
Contact list by region including the names and phone numbers of approximately 68 Intelligence Officers and Regional Directors assigned to fusion centers around the United States.
Version 3.0 Federal Interagency Geospatial Concept of Operations (GeoCONOPS) final draft from June 2011.
DHS presentation titled “The National Network of Fusion Center: Where We Have Been and Where We are Going” containing general overview information on fusion centers from August 1, 2011.
(U//FOUO) DHS-FBI Potential Al-Qaeda Threat to New York City and Washington, DC During 9/11 Anniversary Period
We assess that al-Qa‘ida has likely maintained an interest since at least February 2010 in conducting large attacks in the Homeland timed to coincide with symbolic dates, to include the 10-year anniversary of the 9/11 terrorist attacks. We also remain concerned that the May 2011 death of Usama bin Ladin (UBL), coupled with the subsequent removal of several key al-Qa’ida figures, could further contribute to al-Qa’ida’s desire to stage an attack on a symbolic date—such as the 10-year anniversary of 9/11—as a way to avenge UBL’s death and reassert the group’s relevance, although operational readiness likely remains the primary driving factor behind the timing of al-Qa’ida attacks.
Al-Qa‘ida and its affiliates have maintained an interest in obtaining aviation training, particularly on small aircraft, and in recruiting Western individuals for training in Europe or the United States, although we do not have current, credible information or intelligence of an imminent attack being planned against aviation by al-Qa‘ida or its affiliates.
Department of Homeland Security National Cyber Security Division presentation on “Cyber Resilience” with overviews of recent hacking incidents, including many connected with the hacktivist group Anonymous.
Since it began operations in 2003, DHS has implemented key homeland security operations and achieved important goals and milestones in many areas to create and strengthen a foundation to reach its potential. As it continues to mature, however, more work remains for DHS to address gaps and weaknesses in its current operational and implementation efforts, and to strengthen the efficiency and effectiveness of those efforts to achieve its full potential. DHS’s accomplishments include developing strategic and operational plans; deploying workforces; and establishing new, or expanding existing, offices and programs.
As of February 2010, al-Qa‘ida was allegedly contemplating conducting an operation against trains at an unspecified location in the United States on the tenth anniversary of 11 September 2001. As one option, al-Qa‘ida was looking at the possibility of tipping a train by tampering with the rails so that the train would fall off the track at either a valley or a bridge. Al-Qa‘ida noted that an attack from tilting the train would only succeed one time because the tilting would be spotted. Al-Qa‘ida also noted that newer train cars each have their own braking system, and that movement in a specific direction would derail it, but would not cause it to fall off the track.
Malicious users seeking to exploit interest related to physical events such as earthquakes and hurricanes will likely use subject lines and attachment titles related to the incidents in phishing e-mails. Network administrators and general users should be aware of these attempts and avoid opening messages with attachments and/or subject lines related to physical events.
Hurricane Irene Department of Homeland Security Infrastructure Sector Analysis Summary as of August 27, 2011 11:00 EDT.
This Joint Intelligence Bulletin (JIB) highlights potential terrorist threats related to the 10-year anniversary of the 11 September 2001 (9/11) attacks. This JIB provides perspective on the threat to the Homeland and US interests overseas from al-Qa‘ida, al-Qa‘ida affiliates and allies, and al-Qa‘ida-inspired homegrown violent extremists (HVEs). FBI and DHS are providing this information to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials, as well as first responders and private sector security officials, in effectively deterring, preventing, or disrupting terrorist attacks against the United States. Unless otherwise noted, this JIB uses the FBI’s definitions of terms, which may differ from the definitions used by DHS.
This Joint Intelligence Bulletin (JIB) updates a DHS-FBI joint analytic product of the same title dated 3 September 2010 and is intended to provide warning and perspective regarding the scope of the potential terrorist threats to the United States, specifically towards US persons. This product is provided to support the activities of DHS and FBI and to help federal, state, and local government counterterrorism and law enforcement officials deter, prevent, preempt, or respond to terrorist attacks directed against the United States.
“Body packing” is a well-documented concealment method criminals have used to smuggle drugs or other contraband. Body packing in humans and animals may involve several forms of concealment — including insertion into body orifices, ingestion, or possibly surgical implantation—of illicit items or material inside or hidden on the body to escape detection by security systems and personnel. Terrorists often assign high priority to concealment in planning attacks, and such methods—to include surgical implantation—offer potential means for suicide operatives to deliver improvised explosive devices to targets.
Reported copper thefts from critical infrastructure and key resource (CIKR) sectors in the United States rose at least 50 percent in 2010 compared to the previous year, largely driven by record-high prices for copper. Individuals and criminal organizations have engaged in copper thefts primarily for financial gain. We have seen no indication that terrorists are using copper thefts in the homeland as a tactic to damage or destroy CIKR facilities or to fund terrorist activity.
The SM-CCTV System is a computer network consisting of closed-circuit video cameras, digital video recorders (DVRs), and monitoring capabilities that capture video-only feeds in and around ICE facilities. The purpose of the SM-CCTV System is to help ICE secure and regulate physical access to ICE facilities. The system also serves to enhance officer safety, prevent crimes, and assist in the investigation of criminal acts committed inside and on the perimeter of protected ICE facilities. Video surveillance also supports terrorism prevention and facility protection with its visible presence, and detects and deters unauthorized intrusion at ICE facilities. The SM-CCTV System is planned to be deployed in numerous ICE facilities nationwide.
The Department of Homeland Security (DHS) currently uses the Terrorist Screening Database (TSDB), a consolidated database maintained by the Department of Justice Federal Bureau of Investigation Terrorist Screening Center (TSC) of identifying information about those known or reasonably suspected of being involved in terrorist activity in order to facilitate DHS mission-related functions, such counterterrorism, law enforcement, border security, and inspection activities. DHS and TSC are improving the current method of transmitting TSDB data from TSC to DHS. Through a new service called the “DHS Watchlist Service” (WLS), TSC and DHS will automate and simplify the current manual process. TSC remains the authoritative source of watchlist data and will provide DHS with near real-time synchronization of the TSDB. DHS will ensure that each DHS component system receives only those TSDB records which they are authorized to use under the WLS Memorandum of Understanding and authorized under existing regulations and privacy compliance documentation between TSC and DHS (WLS MOU) and any amendments or modifications thereto. DHS conducted this privacy impact assessment (PIA) because the WLS will maintain a synchronized copy of the TSDB, which contains personally identifiable information (PII), and disseminate it to authorized DHS components.
This Bulletin is being provided for your Executive Leadership, Operational Management, and Security Administrators situational awareness. The actors who make up the hacker group “Anonymous” and several likely related offshoots like “LulzSec”, continue to harass public and private sector entities with rudimentary exploits and tactics, techniques, and procedures (TTPs) commonly associated with less skilled hackers referred to as “Script Kiddies”. Members of Anonymous routinely claim to have an overt political agenda and have justified at least a portion of their exploits as retaliation for perceived ‘social injustices’ and ‘freedom of speech’ issues. Attacks by associated groups such as LulzSec have essentially been executed entirely for their and their associates’ personal amusement, or in their own hacker jargon “for the lulz”.
This report explores how terrorists or other non-state adversaries could potentially facilitate an avian influenza outbreak within the United States. The report was primarily intended to assist the Secretary of Homeland Security, Chief Intelligence Officer, Deputy Assistant Secretary, and Chief Medical Officer as they consider the implications of avian influenza to the Homeland. The scenarios explored in this paper are speculative and meant only to broaden the scope of thinking. They are not based on specific evidence or intelligence about terrorists’ plans and capabilities, but are considered scientifically feasible, according to experts that were interviewed.
Insiders often possess detailed operational and system-security knowledge, as well as authorized physical and systems access to utilities. Insiders can be employees, contractors, service providers, or anyone with legitimate access to utility systems. They often are self-motivated, know system security measures, and raise no alarms due to their authorized systems access. With knowledge of and access to a utility’s network, malicious actors could seize control of utility systems or corrupt information sent to plant operators, causing damage to plant systems and equipment. Systems and networks used by utilities are potential targets for a variety of malicious cyber actors. Threat actors who target these systems may be intent on damaging equipment and facilities, disrupting services, stealing proprietary information, or other malicious activities. The greater the individual’s knowledge and authorized systems access, the greater risk the individual poses. Furthermore, any individual with access to a plant’s systems could unwittingly or inadvertently introduce malware into a system through portable media or by falling victim to socially engineered e-mails.