An unidentified actor or actors between November 2016 and January 2017 targeted a US water and sewage authority’s network, resulting in excessive cellular charges and unusual traffic on ports 10000 and 9600, according to an FBI source with excellent access who spoke in confidence but whose reliability cannot be determined. The FBI source indicated that four of the seven devices on the authority’s cellular data plan were impacted with high data usage, which was likely a result of compromised network devices. The November 2016–December 2016 billing cycle totaled $45,000, and the December 2016–January 2017 billing cycle totaled $53,000.
(U//FOUO) U. S. Marine Corps Forces Europe and Africa Campaign Plan 2016-2020: Theater Crisis and Contingency Response Forces in Readiness
The U.S. Marine Corps Forces Europe and Africa Campaign Plan 2016-2020 defines the organization’s desired baseline operating conditions and capabilities beyond a one-year planning and execution cycle and directs action to achieve desired end states. The Campaign Plan synthesizes strategic guidance provided by U.S. European Command (USEUCOM), U.S. Africa Command (USAFRICOM), and Headquarters Marine Corps (HQMC); accounts for the Commanders’ priorities and vision; establishes a deliberate yet broadly-defined multi-year plan to achieve stated objectives; and provides a framework for implementation, periodic assessment, and refinement.
(U//FOUO) NCTC Homegrown Violent Extremist Mobilization Indicators for Public Safety Personnel 2017 Edition
The indicators of violent extremist mobilization described herein are intended to provide federal, state, local, territorial and tribal law enforcement a roadmap of observable behaviors that could inform whether individuals or groups are preparing to engage in violent extremist activities including potential travel overseas to join a Foreign Terrorist Organization (FTO). The indicators are grouped by their assessed levels of diagnosticity—meaning how clearly we judge the behavior demonstrates an individual’s trajectory towards terrorist activity.
Department of Homeland Security, Federal Bureau of Investigation, Intelligence Fusion Centers, U.S. Secret Service
(U//FOUO) DHS-FBI-USSS Joint Threat Assessment 2017 Presidential Address to a Joint Session of Congress
This Joint Threat Assessment (JTA) addresses threats to the 2017 Presidential Address to a Joint Session of Congress (the Presidential Address) at the US Capitol Building in Washington, DC, on 28 February 2017. This assessment does not consider nonviolent civil disobedience tactics (for example, protests without a permit) that are outside the scope of federal law enforcement jurisdiction; however, civil disobedience tactics designed to cause a hazard to public safety and/or law enforcement fall within the scope of this assessment.
Recent calls over the past year for attacks on hospitals in the West by media outlets sympathetic to the Islamic State of Iraq and ash-Sham (ISIS) highlight terrorists’ perception of hospitals as viable targets for attack. Targeting hospitals and healthcare facilities is consistent with ISIS’s tactics in Iraq and Syria, its previous calls for attacks on hospitals in the West, and the group’s calls for attacks in the West using “all available means.” While we have not seen any specific, credible threat against hospitals and healthcare facilities in the United States, we remain concerned that calls for such attacks may resonate with some violent extremists and lone offenders in the Homeland because of their likely perceived vulnerabilities and value as targets.
CI focuses on negating, mitigating, or degrading the foreign intelligence and security services (FISS) and international terrorist organizations (ITO) collection threat that targets Army interests through the conduct of investigations, operations, collection, analysis, production, and technical services and support.
(U//FOUO) DHS Intelligence Note: Germany Christmas Market Attack Underscores Threat to Mass Gatherings and Open-Access Venues
A 25-ton commercial truck transporting steel beams from Poland to Germany plowed into crowds at a Christmas market in Berlin at about 2000 local time on 19 December, killing at least 12 people and injuring 48 others, several critically, according to media reporting citing public security officials involved in the investigation. The truck was reportedly traveling at approximately 40 miles per hour when it rammed the Christmas market stands. Police estimate the vehicle traveled 80 yards into the Christmas market before coming to a halt.
The Arab World is a vast area which is home to people from diverse cultures. The way in which people behave and interact with you will therefore vary greatly across the region. This guide discusses aspects of Arab culture that you might experience in Algeria, Bahrain, Egypt, Iraq, Jordan, Kuwait, Lebanon, Libya, Mauritania, Morocco, Oman, the Palestinian Territories, Qatar, Saudi Arabia, Sudan, Syria, Tunisia, the United Arab Emirates (UAE) and Yemen. Further reading on individual countries is recommended before you deploy.
(U//FOUO) DHS, Fusion Centers Reference Aid: Malicious Terrorism Hoaxes Likely to Endure, Strain State and Local First Responder Resources
This Reference Aid is intended to provide information on malicious terrorism hoaxes that will continue to challenge first responder resources throughout the Homeland and territories. This Reference Aid is provided by I&A, DIAC, NCRIC, NVRIC, and NJ-ROIC to support their respective activities, to provide situational awareness, and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and first responders with recognizing the indicators and implications of malicious terrorism hoaxes. The use of hoax calls may also be used as a technique to lure authorities to a particular location for the purpose of conducting a potential attack, but is not discussed in this article, as luring is viewed as its own distinct tactic.
(U//FOUO) California Fusion Center: California Leads in Unauthorized UAS Encounters, Risk to Public Safety
California has had more disclosed unauthorized Unmanned Aircraft Systems (UAS) encounters than any other state between October 2015 and September 2016—accounting for 21 percent of the reported encounters nationwide—according to the Federal Aviation Administration (FAA). These encounters continue to pose a direct risk to public safety air assets.
DHS has no indication that adversaries or criminals are planning cyber operations against US election infrastructure that would change the outcome of the coming US election. Multiple checks and redundancies in US election infrastructure—including diversity of systems, non-Internet connected voting machines, pre-election testing, and processes for media, campaign, and election officials to check, audit, and validate results—make it likely that cyber manipulation of US election systems intended to change the outcome of a national election would be detected.
Army commanders rely upon timely, relevant, and accurate combat information and intelligence in order to successfully plan, prepare, and execute operations. Human intelligence (HUMINT) and counterintelligence (CI) are two critical assets commanders have, either organic to their unit’s table of organization and equipment (TOE) or through attachment from a supporting command, which can provide input to both combat information and intelligence. While there are similarities between the methodology and tactics, techniques, and procedures (TTP) used by HUMINT and CI, their training and missions are separate and distinct.
This Joint Intelligence Bulletin (JIB) is intended to provide new insight into the targeting preferences of some homegrown violent extremists (HVEs) and to examine detection challenges and opportunities. This JIB is provided by FBI, DHS, and NCTC to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks within the United States.
(U//FOUO) New Jersey Regional Operations Intelligence Center Bulletin: Improvised Explosive Device Awareness
The purpose of this LIR is to inform DSAC and other relevant private sector partners about new methods ATM skimming crews use to target standalone or kiosk-style ATM terminals such as those found at casinos, hotels, airports, shopping malls, gas stations, restaurants, and supermarkets. The skimming crews intercept customers’ account data through the ATMs’ external cables. The activity observed to date in the United States was discovered at convenience store locations in California, Delaware, and Pennsylvania. This LIR provides details on the methods used in these skimming attempts as well as previously reported use of internal wiretap skimming devices.
The healthcare sector has been a desirable target for hackers due to the sensitive nature of patient information contained in their systems. The stakes are very high in the healthcare industry because any disruption in operations and care can have significant repercussions for patients. As such, this industry offers an ideal victim for ransomware, and these attacks are likely to continue—disrupting employee access to important documents and patient data and hampering the ability to provide critical services—creating a public safety concern.
(U//FOUO) Wisconsin Fusion Centers Bulletin: Threats Against Law Enforcement and Public Sector Personnel
Chinese Talent Programs are a vital part of Chinese industry. Talent programs recruit experts to fill technical jobs that drive innovation and growth in China’s economy. National, provincial, and municipal talent recruitment programs provide opportunities for experts to work in industry and academic organizations supporting key areas deemed critical to China’s development. The talent programs recruit experts globally from businesses, industry, and universities with multiple incentives to work in China. Associating with these talent programs is legal and breaks no laws; however, individuals who agree to the Chinese terms must understand what is and is not legal under US law when sharing information. A simple download of intellectual property (IP) or proprietary information has the potential to become criminal activity.
(U//FOUO) DHS-FBI Bulletin: Law Enforcement Vigilance and Caution Urged at Public and Political Events
This Joint Intelligence Bulletin (JIB) is intended to provide situational awareness concerning the domestic extremist threat to national public and political events. This JIB is provided by the FBI and DHS to support law enforcement in their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks against the United States.
(U//FOUO) FBI New Orleans Alert: Violence Against Law Enforcement and Riots Planned for July 8-10 2016
The NJ ROIC currently has no specific indication of any credible specific threats to transportation facilities. However, with the rise in “self-radicalized” actor(s), and homegrown violent extremists (HVEs) influenced by ISIL and other terror groups, targeted violent attacks to any of these sectors could occur with little or no notice by an individual(s) who has not yet garnered law enforcement attention. This advisory highlights recent transportation concerns in the wake of the recent attacks in Belgium.