Tag Archive for Federal Bureau of Investigation

FBI Cyber Bulletin: Malware Targeting Foreign Banks

FBI-BankMalware

The FBI has obtained information regarding a malicious cyber group that has compromised the networks of foreign banks. The actors have exploited vulnerabilities in the internal environments of the banks and initiated unauthorized monetary transfers over an international payment messaging system. In some instances, the actors have been present on victim networks for a significant period of time. Contact law enforcement immediately regarding any activity related to the indicators of compromise (IOCs) in the attached appendix that are associated with this group.

(U//FOUO) DHS-FBI Bulletin: Law Enforcement Vigilance and Caution Urged at Public and Political Events

DHS-FBI-LawEnforcementVigilance

This Joint Intelligence Bulletin (JIB) is intended to provide situational awareness concerning the domestic extremist threat to national public and political events. This JIB is provided by the FBI and DHS to support law enforcement in their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks against the United States.

FBI Cyber Bulletin: Identification of Locky Ransomware

FBI-LockyRansomware

The ‘Locky’ malware is a ransomware variant, which has extensively utilized spam campaigns to distribute malicious files that download and execute code capable of encrypting numerous critical file types on both local and networked file stores. Encrypted files are renamed with a unique hexadecimal filename and receive the “.locky” extension. Each directory containing encrypted files contains instructions on how to utilize Bitcoin in order to pay a ransom for file recovery, and the system’s computer background is also changed to contain payment instructions. Recovery of encrypted files is impossible without data backup or acquisition of the private key due to the well-implemented, strong encryption. Historically, while payment of the ransom may result in receipt of the valid private key, enabling decryption of the targeted files, the FBI does not recommended the victim pay the ransom.

Declassified 28 Pages From Congressional 9/11 Investigation

US-911-Commission-28-Pages

While in the United States, some of the September 11 hijackers were in contact with, and received support or assistance from, individuals who may be connected to the Saudi Government. There is information, primarily from FBI sources, that at least two of those individuals were alleged by some to be Saudi intelligence officers. The Joint Inquiry’s review confirmed that the Intelligence Community also has information, much of which has yet to be independently verified, indicating that individuals associated with Saudi Government in the United States may have other ties to al-Qa’ida and other terrorist groups. The FBI and CIA have informed the Joint Inquiry that, since the September 11 attacks, they are treating the Saudi issue seriously, but both still have only a limited understanding of the Saudi Government’s ties to terrorist elements. In their testimony, neither CIA nor FBI witnesses were able to identify definitively the extent of Saudi support for terrorist activity globally or within the United States and the extent to which such support, if it exists, is knowing or inadvertent in nature.

FBI Bulletin: Criminals Hacking Law Firms to Steal Information for Insider Trading

FBI-InsiderTradingHacking

A financially motivated cyber crime insider trading scheme targets international law firm information used to facilitate business ventures. The scheme involves a hacker compromising the law firm’s computer networks and monitoring them for material, non-public information (MNPI). This information, gained prior to a public announcement, is then used by a criminal with international stock market expertise to strategically place bids and generate a monetary profit.

FBI Cyber Division Bulletin: KeySweeper Wireless Keystroke Logger Disguised as USB Device Charger

FBI-KeySweeper

KeySweeper is a covert device that resembles a functional Universal Serial Bus (USB) enabled device charger which conceals hardware capable of harvesting keystrokes from certain wireless keyboards. If placed strategically in an office or other location where individuals might use wireless devices, a malicious cyber actor could potentially harvest personally identifiable information, intellectual property, trade secrets, passwords, or other sensitive information. Since the data is intercepted prior to reaching the CPU, security managers may not have insight into how sensitive information is being stolen.
Technical Details

FBI Flash Alerts on MSIL/Samas.A Ransomware and Indicators of Compromise

FBI-SamasRansomware

The FBI previously identified that the actor(s) exploit Java-based Web servers to gain persistent access to a victim network and infect Windows-based hosts. The FBI also indicated that several victims have reported the initial intrusion occurred via JBOSS applications. Further analysis of victim machines indicates that, in at least two cases, the attackers used a Python tool, known as JexBoss, to probe and exploit target systems. Analysis of the JexBoss Exploit Kit identified the specific JBoss services targeted and vulnerabilities exploited. The FBI is distributing these indicators to enable network defense activities and reduce the risk of similar attacks in the future.

(U//FOUO) DHS-FBI-NCTC Bulletin: Tactics, Techniques, and Procedures Used in March 2016 Brussels Attacks

DHS-FBI-NCTC-BrusselsAttacks

This Joint Intelligence Bulletin (JIB) is intended to provide a review of the tactics, techniques, and procedures demonstrated by the perpetrators of the 22 March 2016 attacks in Brussels, Belgium. The analysis in this JIB is based on statements by European government and law enforcement officials cited in media reporting and is subject to change with the release of official details from post-incident investigations. This JIB is provided by DHS, FBI, and NCTC to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials, first responders and private sector partners in deterring, preventing, preempting, or disrupting terrorist attacks against the United States.

FBI Cyber Bulletin: Smart Farming May Increase Cyber Targeting Against US Food and Agriculture Sector

FBI-SmartFarmHacking

The FBI and the US Department of Agriculture (USDA) assess the Food and Agriculture (FA) Sector is increasingly vulnerable to cyber attacks as farmers become more reliant on digitized data. While precision agriculture technology (a.k.a. smart farming)a reduces farming costs and increases crop yields, farmers need to be aware of and understand the associated cyber risks to their data and ensure that companies entrusted to manage their data, including digital management tool and application developers and cloud service providers, develop adequate cybersecurity and breach response plans.

FBI Cyber Bulletin: Global Extremists Conducting Cyber Activity in Support of ISIL

FBI-CyberAttackISIL

Over the past 18-24 months, an unknown number of online extremists have conducted “hacktivist” cyber operations – primarily Web site defacements, denial-of-service attacks, and release of personally identifiable information (PII) in an effort to spread pro-Islamic State of Iraq and the Levant (ISIL) propaganda and to incite violence against the United States and the West. Recent open source reporting from the Daily Mail India, indicates ISIL is recruiting Indian hackers and offering upwards of $10,000 USD per job to hack government Web sites, steal data, and to build social media databases for recruiting purposes. Indian officials believe as many as 30,000 hackers in India may have been contacted. The FBI cannot confirm the validity of the media reports, and beyond this single article on Indian hackers and ISIL, does not have information indicating any such relationship exists to date. The FBI assesses this activity is most likely independent of ISIL’s leaders located in Syria and Iraq.

FBI Preventing Violent Extremism in Schools Guide

FBI-PreventingExtremismSchools

Despite efforts to counter violent extremism, the threat continues to evolve within our borders. Extremism and acts of targeted violence continue to impact our local communities and online violent propaganda has permeated social media. Countering these prevailing dynamics requires a fresh approach that focuses on education and enhancing public safety—protecting our citizens from becoming radicalized by identifying the catalysts driving extremism.

(U//LES) DHS-FBI Bulletin: Domestic Extremists Arrested for Illegal Occupation of Malheur National Wildlife Refuge

DHS-FBI-OregonOccupation

This Joint Intelligence Bulletin (JIB) is intended to provide information on the recent arrest of 11 domestic extremists for conspiracy to impede officers of the United States from discharging their official duties through force, intimidation, or threats, in violation of 18 USC §372. This JIB is provided by the FBI and DHS to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials in deterring, preventing, or disrupting terrorist attacks against the United States. As in any criminal case, defendants are presumed innocent until proven guilty in a court of law.

FBI Cyber Bulletin: Chinese Hackers Targeting U.S. Navy Contractors

FBI-DefenseContractorIntrusions

The FBI has obtained information regarding a group of cyber actors who have compromised and stolen sensitive military information from US cleared defense contractors (CDCs) through cyber intrusions. This group utilizes infrastructure emanating from China to conduct their nefarious computer network exploitation (CNE) activities. Information obtained from victims and subsequent analysis indicates that they were targeted based on their US Navy Seaport Enhanced contracts. The actors did not target information pertaining to a specific contract but instead stole all information that they accessed via their malicious cyber activities. Any activity related to this group detected on a network should be considered an indication of a compromise requiring extensive mitigation and contact with law enforcement.

(U//FOUO) DHS-FBI Bulletin: Criminal Hackers Target Police to Protest Perceived Injustices

DHS-FBI-HackersTargetPolice

Disruptive cyber attacks by criminal hackers—primarily distributed-denial-of-service (DDoS) attacks—targeting local law enforcement websites have increased since August 2014. We judge that this is almost certainly a result of the heightened coverage surrounding the alleged use of excessive force by law enforcement and an increased focus on incidents of perceived police brutality. The primary impact from the majority of these attacks has been the temporary disruption of the targeted public-facing websites.

(U//LES) FBI Suicide Vest and Belt Use in Middle East, Africa, and Europe Show Minimal Signs of Tactic Migration

FBI-TEDAC-SuicideVests

The FBI Terrorism Explosive Device Analytical Center (TEDAC) assesses the tactics used to construct suicide vest and belt improvised explosive devices (IEDs) in the Middle Eastern, African, and European regions likely have minimal correlation. Use of these tactics allows suicide bombers to discretely move to a desired target location and make real-time decisions to maximize lethality. The suicide belt design allows the wearer to conceal the device and blend in with their surrounding environment, as well as to position themselves in potentially crowded environments while not raising suspicion.

(U//FOUO) FBI Counterintelligence Note: Huawei Chinese Government-Subsidized Telecommunications Company

FBI-Huawei

Huawei is a threat to intellectual property and business communications due to its opaque relationship with the Chinese Government. Huawei has legal obligations to work on behalf of the Chinese state, probably through the Chinese Communist Party (CCP) committee residing within Huawei. This relationship likely influences the company’s decision-making through threats of corruption investigations.

(U//FOUO) DHS-FBI-NCTC Bulletin: Terrorist Impersonation of First Responders Overseas

DHS-FBI-NCTC-ImpersonatingResponders

(U//FOUO) Two disrupted plots in Europe earlier this year highlight terrorists possible interest in impersonating first responders through the acquisition of authentic or fraudulent uniforms, equipment, vehicles, and other items which may be associated with government, military, law enforcement, fire,…

(U//FOUO) DHS-FBI-NCTC Bulletin: Risks for U.S. Persons Traveling to Fight ISIS

DHS-FBI-NCTC-FightingISIS_Page_1

This Joint Intelligence Bulletin highlights the potential risks for US persons traveling to Syria or Iraq to combat the Islamic State of Iraq and the Levant (ISIL) or expressing online a desire to do so. The FBI, DHS, and NCTC remain concerned that US persons traveling to combat ISIL are at risk of being killed, wounded, or captured. Further, ISIL members or supporters could attempt disingenuously to identify and target US persons so as to harm them before or upon their arrival in Syria or Iraq. The State Department has issued travel warnings for both Iraq and Syria and the US Government does not support US persons traveling overseas to combat ISIL.

FBI Mobile Biometric Application Request for Quotations

FBI-MobileBiometrics-RFQ

The Criminal Justice Information Services (CJIS) Division’s Quick Capture Platform (QCP) is a state-of-the-art biometric system that enables investigators to collect and store fingerprint data during domestic and international investigations. The QCP enables instant access to federal fingerprint databases. This comprehensive access to the main United States (U.S.) Government biometric holdings enables QCP users to quickly establish whether a subject has possible terrorist links (in the U.S. or abroad) or is likely to pose a threat to the U.S.

Department of Justice Inspector General Audit of FBI Next Generation Cyber Initiative

DoJ-OIG-AuditNGI

Following the Office of the Inspector General’s (OIG) April 2011 report on the FBI’s ability to address the national cyber intrusion threat, in October 2012 the FBI launched its Next Generation Cyber (Next Gen Cyber) Initiative to enhance its ability to address cybersecurity threats to the United States. In fiscal year 2014, the FBI initially budgeted $314 million for its Next Gen Cyber Initiative, including a total of 1,333 full-time positions (including 756 agents). In addition, the Department of Justice (Department) requested an $86.6 million increase in funding for fiscal year 2014 to support the Initiative. The objective of this audit was to evaluate the FBI’s implementation of its Next Gen Cyber Initiative.

(U//LES) FBI Intelligence Bulletin: Militia Extremists Expand Target Sets To Include Muslims

FBI-MilitiaTargetingMuslims

Militia extremists are expanding their target sets to include Muslims and Islamic religious institutions in the United States. This has resulted in increased violent rhetoric and plotting and has the potential to lead, over the long term, to additional harassment of or violence against Muslims by domestic extremists. The FBI makes these assessments with high confidence on the basis of a large body of source reporting generated mainly since 2013. This information augments prior FBI analysis that established militia extremists target government personnel and law enforcement officers, perceived threats from abroad, and individuals or institutions that seek to constrain Second Amendment rights.

(U//FOUO) FBI Alert: Middle-Eastern Males Approaching Family Members of US Military Personnel

FBI-MiddleEasternMales

In May 2015, the wife of a US military member was approached in front of her home by two Middle-Eastern males. The men stated that she was the wife of a US interrogator. When she denied their claims, the men laughed. The two men left the area in a dark-colored, four-door sedan with two other Middle-Eastern males in the vehicle. The woman had observed the vehicle in the neighborhood on previous occasions.