Tag Archive for For Official Use Only

(U//FOUO) DHS Intelligence Note: Unidentified Cyber Actor Attacks State and Local Government Networks with GrandCrab Ransomware

An unidentified cyber actor in mid-March 2018 used GrandCrab Version 2 ransomware to attack a State of Connecticut municipality network and a state judicial branch network, according to DHS reporting derived from a state law enforcement official with direct and indirect access. The municipality did not pay the ransom, resulting in the encryption of multiple servers that affected some data backups and the loss of tax payment information and assessor data. The attack against the state judicial branch resulted in the infection of numerous computers, but minimal content encryption, according to the same DHS report.

(U//FOUO) DIA Study: Warp Drive, Dark Energy, and the Manipulation of Extra Dimensions

If one is to realistically entertain the notion of interstellar exploration in timeframes of а human lifespan, а dramatic shift in the traditional approach to spacecraft propulsion is necessary. It has been known and well tested since the time of Einstein that all matter is restricted to motion at sublight velocities ( << З х 10⁸ m/s, the speed of light, or с), and that as matter approaches, the speed of light, its mass asymptotically approaches infinity. This mass increase ensures that an infinite amount of energy would Ье necessary to travel at the speed of light, and, thus, this speed is impossible to reach and represent an absolute speed limit to all matter traveling through spacetime.

(U//FOUO) DHS Final Decision on Removal of Kaspersky-Branded Products

BOD 17-01 requires all federal executive branch departments and agencies to (1) identify the use or presence of “Kaspersky-branded products” on all federal information systems within 30 days of BOD issuance (i.e., by October 13); (2) develop and provide to DHS a detailed plan of action to remove and discontinue present and future use of all Kaspersky-branded products within 60 days of BOD issuance (i.e., by November 12); and (3) begin to implement the plan of action at 90 days after BOD issuance (i.e., December 12), unless directed otherwise by DHS in light of new information obtained by DHS, including but not limited to new information submitted by Kaspersky.

(U//FOUO) DHS NCCIC Independent Assessment of Kaspersky-Branded Products

The Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) reviewed the Independent Assessment, titled Information Security Risks of Anti-Virus Software (hereafter “BRG Assessment”), prepared by Berkeley Research Group, LLC (BRG), and dated November 10, 2017. Kaspersky Lab (hereafter “Kaspersky”) submitted the BRG Assessment to DHS as an exhibit to Kaspersky’s request for DHS to initiate a review of Binding Operational Directive (BOD) 17-01. The BRG Assessment, in part, responds to the NCCIC Information Security Risk Assessment (hereafter “NCCIC Assessment”) on commercial off-the-shelf (COTS) anti-virus software and Kaspersky-branded products, dated August 29, 2017. The NCCIC Assessment was attached as Exhibit 1 to an Information Memorandum from the Assistant Secreta1Y for DHS Cybersecurity and Communications (CS&C) to the Acting Secretary of DHS, dated September 1, 2017 (hereafter “Information Memorandum”). This document is a Supplemental Information Security Risk Assessment and will similarly be attached to an Information Memorandum from the Assistant Secretary for CS&C to the Acting Secretary of DHS.

(U//FOUO) DHS NCCIC Information Security Risk Assessment of Kaspersky-Branded Products

This assessment presents the inherent information security concerns and security ramifications associated with the use of any commercial-off-the-shelf (COTS) antivirus solution in devices with access to a federal network. It also addresses specific risks presented by Kaspersky-branded products, solutions, and services (collectively, “Kaspersky-branded products”).

(U//FOUO) San Diego Fusion Center Bulletin: Ambulance Used to Conceal Improvised Explosive Device in Afghanistan

On January 27, 2018 at approximately 12:15pm local time, a vehicle resembling an ambulance and laden with explosives detonated after it passed through a police checkpoint in Kabul, Afghanistan. The explosion killed more than 100 people and wounded approximately 235 others. According to the deputy spokesperson for the Afghanistan Interior Ministry, the vehicle was painted to resemble an ambulance and had successfully passed through a checkpoint after the attacker allegedly told police he was transporting a patient to a nearby hospital. While stopped at a second checkpoint farther inside the city limits, the attacker detonated the explosives concealed in the vehicle.

(U//FOUO) DEA Emerging Threats Reports 2017

The Special Testing and Research Laboratory’s Emerging Trends Program compiled the data for this report through a query of archived seizure and analysis information from drug evidence analyzed by the Drug Enforcement Administration’s laboratory system. This data is representative of drug evidence seized and analyzed in the date ranges annotated. This is not a comprehensive list of all new psychoactive substances and is not representative of all evidence analyzed by DEA. This data is a quarterly snapshot of the new psychoactive substance market in the United States.

(U//FOUO) DHS-FBI-NCTC Bulletin: Online Information May Provide Potential Roadmap for Crude Chemical-Biological Attacks

The late 2016 arrest of two California teenagers for allegedly planning a “mass casualty event” by carrying out a chemical attack at a local high school pep rally highlights how individuals can use online resources to plan crude chemical or biological attacks. Violent extremists continue to circulate often ineffective or misleading how-to instructions for producing and disseminating poisons, crude biological toxins, and toxic industrial chemicals that in many cases are commercially available and easy to obtain. While we have no indication the suspects in this case subscribed to or consumed material related to violent extremist ideologies, their activity highlights one path to conducting a potential chemical or biological attack.

(U//FOUO) Washington and Oregon Fusion Centers Rampage School Shootings Report July 2014

Over the past few years, there has been a definitive rise in school shooting incidents – specifically ‘Active Shooter’ or ‘Rampage Shooting’ events – but while the motives may have evolved, school violence is anything but new. With captive targets, a predictable attack environment, and little to no security hurdles, schools have long been a lucrative environment for violence. Recently though, the violent trend seems to be more popular amongst those with erroneous notions of vengeance, mental instability, and those seeking copycat infamy more than the staunch ideologist typically seen in other types of violent extremism. With that in mind, this joint Washington State Fusion Center (WSFC) and Oregon TITAN Fusion Center (TITAN) assessment intends to aid law enforcement and private and public sector security in understanding the various intricacies of the new-aged active or rampage shooter, how to recognize the signs, and what current measures are being taken to help mitigate the threat.

(U//FOUO) U.S. Treasury Report on Economic Impact of Russian Sanctions

In accordance with Section 242 of PuЬlic Law 115-44 (P.L. 115-44) (“Countering America’s Adversaries Through Sanctions Act” (CAATSA)), the U.S. Department of the Treasury, in consultation with the Department of State and the Director of National Intelligence, was tasked with preparing а report addressing the potential effects of expanding sanctions under Directive 1 issued under Executive Order (Е.О.) 13662 to include sovereign debt and the full range of derivative products.

(U//FOUO) CBP Draft Report: Demographic Profile of Terrorists Post-9/11 Reveals Screening Implications

This assessment covers the demographic profile of the perpetrators, consisting of age, citizenship, gender, immigration status, national origin, international travel and religious background. This assessment is intended to inform United States foreign visitor screening, immigrant vetting and on-going evaluations of United States-based individuals who might have a higher risk of becoming radicalized and conducting a violent attack. This information is cut-off as of 22 January 2018.

(U//FOUO) DEA Emerging Threats Reports 2016

The Special Testing and Research Laboratory’s Emerging Trends Program compiled the data for this report through a query of archived seizure and analysis information from drug evidence analyzed by the Drug Enforcement Administration’s laboratory system. This data is representative of drug evidence seized and analyzed in the date ranges annotated. This is not a comprehensive list of all new psychoactive substances and is not representative of all evidence analyzed by DEA. This data is a quarterly snapshot of the new psychoactive substance market in the United States.

(U//FOUO) DoD Nuclear Posture Review Draft January 2018

On January 27th, the President directed the Department of Defense to conduct a new Nuclear Posture Review (NPR) to ensure a safe, secure, and effective nuclear deterrent that safeguards the homeland, assures allies, and deters adversaries. This review comes at a critical moment in our nation’s history, for America confronts an international security situation that is more Complex and demanding than any since the end of the Cold War. In this environment, it is not possible to delay modernization of our nuclear forces and remain faithful sentinels Of our nation’ s security and freedom for the next generation as well as our own.

(U//FOUO) DHS Bulletin: Chemical Splash and Spray Attacks Potential Tactic for Violent Extremists in Homeland

We assess that terrorists likely view tactics involving throwing or spraying acids and a variety of chemical liquids, hereafter referred to as a chemical spray and splash attack (CSSA), as a viable tactic to cause injury and disrupt critical infrastructure, judging from open source reporting describing terrorist social media posts and terrorist and violent extremist use of this tactic overseas. An analysis of a small number of incidents described in media reporting revealed that CSSAs are commonly used by criminal actors to further criminal activities and by violent extremist groups overseas to create fear, intimidate, punish, and disfigure individuals and groups that resist their control or ideology in their area of operations; the tactic, however, has rarely been operationalized by actors in the Homeland. We note, however, that homegrown violent extremists (HVEs) and lone offenders likely would find this tactic appealing and could easily adapt it to the Homeland, as it requires no specific technical expertise and the materials most often associated with criminal attack are usually unregulated and widely available.

(U//FOUO) DHS-FBI-NCTC Bulletin: Rail-Safety for First Responders

There is continued terrorist interest in attacking the rail system either as the primary target or as an attack mechanism. The US railroad system includes 800 railroads, 144,000 miles of track, and 212,000 railroad crossings. First responders should work closely with railroad police departments and other security partners to better protect rail assets—including freight rail (railcars loaded with commodities or hazardous materials), passenger rail (Amtrak, regional, or commuter rail), heavy rail (metro, and subway), and light rail (street cars, tramways, or trolleys)—from terrorist attacks and criminal activities. This product was developed to provide general rail safety tips and resources to help increase first responder awareness of the rail environment.

(U//FOUO) California Cybersecurity Integration Center Advisory: Security Concerns with Kaspersky Labs Products

On 11 July, the United States Government removed Moscow-based Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment, amid concerns the cyber security firm’s products could be used by the Kremlin to gain entry into U.S. networks. Last month the Senate Armed Services Committee passed a defense spending policy bill that would ban Kaspersky products from use in the military. The move came a day after the FBI interviewed several of the company’s U.S. employees at their private homes as part of a counterintelligence investigation into its operations.

(U//FOUO) DHS Assessment: Foreign Terrorist Organization-Inspired Vehicle-Ramming Attacks

assesses the increase in the number of vehicle-ramming attacks since January 2016 indicates Foreign Terrorist Organization (FTO) messaging efforts are probably resonating with violent extremists and will most likely continue in the near term. FTO-inspired violent extremists will probably continue to plan and engage in vehicle-ramming attacks against Western-based mass gathering and public venues since this tactic often requires minimal training, expertise, and preoperational planning. Since January 2016, eight FTO-inspired vehicle-ramming attacks have occurred in Western countries. OCIA identified three common characteristics among these attacks: targeting of public venues or mass gatherings; use of secondary weapons; and lack of observable indicators immediately before the attack.

(U//FOUO) Northwest High Intensity Drug Trafficking Area Threat Assessment and Strategy For Program Year 2018

The opioid epidemic continues to dominate headlines within the state and throughout the region. Powerful synthetic opioids, such as fentanyl and its derivatives, led to the overdose deaths of 70 individuals in Washington State during 2016 – more than twice the number of fentanyl-related deaths in the previous year. Although much of Washington’s focus is on curbing the opioid crisis, methamphetamine remains a critical threat in the Pacific Northwest. The regulation of recreational and medicinal marijuana continues to pose new challenges for law enforcement even as use of the drug in Washington State has been legal for several years.

(U//FOUO) NCTC Guide: Sunni Violent Extremist Attacks in the US Since 9/11

NCTC assesses that the Sunni violent extremist threat in the US has evolved from one defined by complex, large-scale attacks directed by a foreign terrorist organization (FTO) to mostly self-initiated attacks by homegrown violent extremists using relatively simple methods. Of the 28 Sunni violent extremist attacks in the US since 9/11 only three were directed by an FTO. Most attacks were perpetrated by individuals enabled—through encouragement or operational support—or inspired by ISIS, al-Qa‘ida, and al-Qa‘ida affiliates.

(U//FOUO) Northern California Fusion Center: Violent Tactics Showcased at Berkeley Riots Likely to be Used at Future Demonstrations

Tactics used by violent Anti-fascists at events in Berkeley on 1 February, 4 March, and 15 April 2017 highlight their ability to exploit peaceful protests with coordinated violent demonstrations, attack law enforcement personnel, destroy property, and conduct information campaigns to advance their socio-political goals. This Advisory Bulletin is intended to inform law enforcement involved in operational planning and event safety at gatherings that violent anti-fascist elements may target.

(U//FOUO) NCTC Counterterrorism Weekly Open Source Digest September 2017

In August, ISIS released a seven-minute, English-language video encouraging would-be fighters to travel to the Philippines instead of Syria and Iraq. The video was the latest sign the group has shifted its recruiting tactics as it loses ground to Coalition Forces in the Middle East. Asia has become a new focus for ISIS, according to private sector analysts, such as Flashpoint Intelligence.