Due to indications of an increase in extremist activity by former and current military personnel, evidenced by a spike in open source reporting, the ARTIC has produced this report examining 22 cases of current and former DoD members expressing support for and or allegedly affiliated with extremist groups while serving in or having recently separated from the military from 2017 – 2019. For the purposes of this report, the ARTIC considered an organization to be “extremist” if its core ideology espouses racially motivated hatred, such as Neo-Nazism, white supremacism, or black separatism, and or religious hatred, such as espoused by al-Qa’ida or the Islamic State of Iraq and Syria. The majority of the information within this report was obtained via open sources. Due to the nature of open source reporting, and the possibility of ongoing investigations involving DoD personnel within this report, some of the allegations presented may prove to be unfounded.
The threat from the production, use, and trafficking of illegal drugs throughout the State of Michigan continues to be of great concern. In 2022, the demand and availability of some commonly used drugs increased while others slightly decreased compared to 2021. Also, several drugs showed an increase in use, while others showed a slight decrease throughout the state during the 2022 reporting period. According to drug teams’ survey responses on the most significant threat in their area of responsibility (AOR), as well as contributing factors such as availability and seizures, the drug threat ranking has remained the same from the previous reporting period.
(U//FOUO) NCTC Report: Terrorist and Militant Attacks on Electricity Infrastructure Continue at High Rate
Terrorist and militant attacks on electric power infrastructure outside the United States in 2021 and 2022 occurred at more than three times the average annual number of attacks from 2015 through 2020, according to an NCTC database. The peak of 101 attacks in 2021 at least partly reflected incidents attributed to ISIS’s “economic war” campaign, judging from press reporting and terrorist social media. We expect the high rate of attacks to continue for the remainder of 2023 because of the accessibility and ongoing vulnerability of electricity infrastructure and the number of well-publicized attacks in 2021-22.
The key finding of the COTE response is that, broadly, COTE plan requirements included in the FY 2021 NDAA are addressed through existing authorities, policies, plans, and frameworks. Creation of a COTE plan with a singular economic focus, coupled with new response frameworks, has the potential to create confusion and duplicate existing response and recovery mechanisms. However, the fundamentally important concept of economic recovery and response detailed in the COTE requirement should be deeply integrated within existing incident response frameworks to avoid creating an additional layer of potentially divergent planning and response activities operating in parallel to already established procedures. In lieu of developing a standalone COTE plan, the federal government should continue to refine and strengthen existing authorities, policies, plans, and frameworks for Federal Mission Resilience and domestic incident preparedness, response, and recovery. This COTE response provides several specific recommendations for how the federal government can continue to enhance the ability to maintain and restore the U.S. economy in response to a significant event.
(U//FOUO) DHS Report: Chinese Municipal Government Publishing Anti-US Social Media Content With Limited Reach
A People’s Republic of China (PRC) municipal government-controlled media outlet is very likely directing a cluster of English-language, coordinated inauthentic Twitter accounts that posted content denigrating the United States (see graphics). The cluster of accounts, which we have dubbed SPICYPANDA, has been active from at least January 2021 and has published sophisticated content, but it failed to grow a follower base thus far. DHS attributed SPICYPANDA to the municipal media entity Chongqing International Communications Center (CICC) based on its leadership’s creation of SPICYPANDA’s anti-US messaging campaign, its overt ties to a website promoted by the accounts, and its Western social media messaging accolades and capabilities.
Anarchist violent extremists are anti-government/anti-authority violent extremists who consider capitalism and centralized government to be unnecessary and oppressive, and who further their political or social goals wholly or in part through illegal activities involving threat or use of force or violence in violation of criminal law. In support of their goals of eliminating capitalism and the current form of the US Government, anarchist violent extremists oppose economic globalization; political, economic, and social hierarchies based on class, religion, race, gender, or private ownership of capital; and external forms of authority represented by centralized government, the military, and law enforcement. Anarchist violent extremists believe the abolition of capitalism and the state would restore equality and encourage the need for mutual cooperation.
(U//FOUO) Militia violent extremists (MVEs) are anti-government/anti-authority violent extremists who seek to use or threaten force or violence to further their ideology in response to perceived abuses of power by the government, perceived bureaucratic incompetence, or perceived government overreach, especially…
The following symbols and phrases are sometimes used by anti-government or anti-authority violent extremists, specifically anarchist violent extremists (AVEs). AVE symbols are often found on online platforms, in propaganda, and as graffiti. Some common themes for AVE symbols include images and stylized rhetoric conveying anti-capitalist, anti-fascist, or anti-government or anti-law enforcement sentiment. Although the majority of criminal activity by AVEs violates state or local laws, some crimes may be investigated and prosecuted at the federal level. The use or sharing of these symbols or phrases alone should not independently be considered evidence of AVE presence or affiliation or serve as an indicator of illegal activity. Additionally, some individuals use such references for their original, historic meaning, or other non-violent purposes. The FBI does not investigate, collect, or maintain information solely for the purposes of monitoring activities protected by the First Amendment.
The following symbols are used by Anti-Government or Anti-Authority Violent Extremists, specifically Militia Violent Extremists (MVE). MVE symbols are often found on propaganda, online platforms, memes, merchandise, group logos, flags, tattoos, uniforms, etc. Widespread use of symbols and quotes from American history, especially the Revolutionary war, exists within MVE networks. Historic and contemporary military themes are common for MVE symbols. The use or sharing of these symbols alone should not independently be considered evidence of MVE presence or affiliation or serve as an indicator of illegal activity, as many individuals use these symbols for their original, historic meaning, or other non-violent purposes.
A study of individuals who disengaged from violent movements concludes that tailored approaches to countering violent extremism (CVE) at key turning points in the disengagement process can help facilitate disengagement. CVE efforts will be most effective after an individual experiences initial doubts about involvement in violent extremist activities. From that point in the process, an effective disengagement strategy needs to consider the individual’s role within the group, vulnerabilities in that role, his or her support system, and level of commitment to violent extremism.
We judge that narratives driven by Chinese, Iranian, and Russian state media, and proxy websites linked to these governments, often involve fact-based articles as well as editorials; these publications may include misinformation, disinformation, or factual but misrepresented information. This monthly “Snapshot” compiles English-language narratives, which we assess are intended for US and Western audiences, and highlights both consistent trends and emergent messaging, which we assess to reveal foreign actors’ changing influence priorities. We judge that, typically, China uses state and proxy media—including US-based outlets—to try to shape diaspora conduct and US public and leadership views; Iran state media manipulates emerging stories and emphasizes Tehran’s strength while denigrating US society and policy; and Russia uses both state and proxy media to amplify narratives seeking to weaken Washington’s global position relative to Moscow’s.
This Intelligence In View provides federal, state, local, and private sector stakeholders an overview of Russian Government-affiliated cyber activity targeting the United States and Russian regional adversaries, including disruptive or destructive cyber activity, cyber espionage in support of intelligence collection, and malign foreign influence in service of Russian political agendas. This In View also provides examples of malware and tools used by Russian Government-affiliated cyber actors.
(U//FOUO) DHS-FBI-NCTC Bulletin: Dissemination of Tactics, Techniques, and Procedures Used by Buffalo Attacker Likely To Enhance Capabilities of Future Lone Offenders
This Joint Intelligence Bulletin (JIB) provides an overview of significant tactics, techniques, and procedures (TTPs) discussed or used by the alleged perpetrator of the 14 May 2022 mass casualty shooting in Buffalo, New York and details how related documents spread after the attack may contribute to the current threat landscape. The alleged attacker drew inspiration from previous foreign and domestic racially or ethnically motivated violent extremists (RMVEs) and their online materials, underscoring the transnational nature of this threat. DHS, FBI, and NCTC advise federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners to remain vigilant of this enduring threat.
During the six-month period from April 2022 to September 2022, we project that US Customs and Border Protection (CBP) will record between 1 and 2.1 million encounters at the US Southwest Border. We have low confidence in these projections because migration is a complex and fluid issue, making predictive analysis difficult. Additionally, the percentage of selected Latin American and Caribbean nationals encountered at the US Southwest Border has increased from 11 percent in the first six months of FY 2021 to 31 percent in the first six months of FY 2022. This increasing diversification of migrant nationalities encountered at the US Southwest Border—on top of other capacity challenges—will further complicate US capacity to manage the expected flow, as it requires engagement with other migrant-source countries besides Mexico and Northern Triangle countries. Specifically, encounters of Cuban, Nicaraguan, and Venezuelan nationals pose unique challenges because of our limited relationships with these host countries.
(U//FOUO) DHS Bulletin: Domestic Violent Extremist Activity Likely in Response to US Supreme Court Decision on Abortion
Some domestic violent extremists (DVEs) will likely exploit the recent US Supreme Court decision to overturn Roe V. Wade to intensify violence against a wide range of targets. We expect violence could occur for weeks following the release, particularly as DVEs may be mobilized to respond to changes in state laws and ballot measures on abortion stemming from the decision. We base this assessment on an observed increase in violent incidents across the United States following the unauthorized disclosure in May of a draft majority opinion on the case.
Domestic violent extremists (DVEs) continue to exploit 3-D printing to produce weapons and firearm accessories that are unregulated and easy to acquire, according to recent federal and local arrests. This jointly authored Reference Aid is intended to highlight recent incidents of DVE misuse of 3-D printing and demonstrative examples of how the tactic could be exploited by DVEs in the United States.
(U//FOUO) Central Florida Intelligence Exchange Bulletin: Literary Propaganda Used To Drive Violent Extremist Narratives Towards the U.S. Government and Law Enforcement
This bulletin was created by the Central Florida Intelligence Exchange (CFIX) to provide situational awareness regarding the use of literary propaganda used to drive black racially and ethnically motivated extremist (BRMVE) narratives in present-day America. This information is intended to support local, state and federal government agencies along with the private sector in developing/ prioritizing protective and support measures relating to existing or emerging threats to homeland security.
(U//FOUO) DHS Bulletin: Moscow’s Invasion of Ukraine Impeding Reach of Russian State Media in the West
Russia’s invasion of Ukraine has spurred Western governments, social media companies, and individuals to limit or disengage from Russian state media outlets, likely degrading many outlets’ ability to directly message to Western audiences through 2022. This Western response impedes the ability of critical elements of Russia’s influence ecosystem to recruit and retain culturally adept media talent, shape in-country reporting, maintain a perception of media independence, and generate revenue. These setbacks affect multiple facets of RT’s and Sputnik’s operations, hampering the prospects for a speedy reconstitution of their Western-facing efforts. These actions, and others being considered by Western countries, go well beyond previous efforts to counter Moscow’s use of its state media outlets to spread mis-, dis-, and malinformation (MDM), such as deplatforming, foreign agent registration, and social media labeling of content.
(U//FOUO) DHS Bulletin: Warning of Potential for Cyber Attacks Targeting the United States in the Event of a Russian Invasion of Ukraine
We assess that Russia would consider initiating a cyber attack against the Homeland if it perceived a US or NATO response to a possible Russian invasion of Ukraine threatened its long-term national security. Russia maintains a range of offensive cyber tools that it could employ against US networks—from low-level denials-of-service to destructive attacks targeting critical infrastructure. However, we assess that Russia’s threshold for conducting disruptive or destructive cyber attacks in the Homeland probably remains very high and we have not observed Moscow directly employ these types of cyber attacks against US critical infrastructure—notwithstanding cyber espionage and potential prepositioning operations in the past.
(U//FOUO) DHS Bulletin: Iranian Influence Efforts Primarily Use Online Tools to Target US Audiences, Remain Easily Detectable for Now
We assess that Iran likely will continue to rely primarily on proxy news websites and affiliated social media accounts to attempt sustained influence against US audiences, while we expect intermittent, issue-specific influence attempts via other means (e.g., e-mails). We base this assessment on Iran’s actions since at least 2008 to build and maintain vast malign influence networks anchored by proxy websites, as well as Iran’s attempts to find new avenues to re-launch established malign influence networks after suspension. Tehran employs a network of proxy social media accounts and news websites that typically launder Iranian state media stories (stripped of attribution), plagiarize articles from Western wire services, and occasionally pay US persons to write articles to appear more legitimate to US audiences.
(U//FOUO) DHS-FBI-NCTC Bulletin: First Responder Awareness of Privately Made Firearms May Prevent Illicit Activities
Criminals and violent extremists continue to seek ways to acquire firearms through the production of privately made firearms (PMFs). PMFs can be easily made using readily available instructions and commonly available tools, require no background check or firearms registration (serial number) under federal law, and their parts have become more accessible and affordable. This, combined with the increase in law enforcement recoveries of nonserialized and counterfeit firearms in criminal investigations, will most likely create increasing challenges in law enforcement investigations, including weapon accountability access and tracking. PMF awareness and identification can aid PMF recovery, prevention of illicit activities including terrorism, and overall first responder and public safety.
(U//FOUO) Maryland Fusion Center Bulletin: Islamic State Propaganda Video Encourages Incendiary Attacks in the Homeland
On 26 July 2020, al-Hayat Media Center, a news outlet of the Islamic State of Iraq and ash-Sham (ISIS), released an English-language propaganda video entitled “Incite the Believers,” which encourages ISIS supporters to conduct incendiary attacks in the United States. The narrator acknowledges that ISIS supporters may have difficulty traveling to ISIS-controlled territory overseas and instead encourages them to conduct attacks where they live. The video also encourages ISIS supporters who are unable to obtain firearms or explosives to consider using incendiary attacks as an alternative.