The late 2016 arrest of two California teenagers for allegedly planning a “mass casualty event” by carrying out a chemical attack at a local high school pep rally highlights how individuals can use online resources to plan crude chemical or biological attacks. Violent extremists continue to circulate often ineffective or misleading how-to instructions for producing and disseminating poisons, crude biological toxins, and toxic industrial chemicals that in many cases are commercially available and easy to obtain. While we have no indication the suspects in this case subscribed to or consumed material related to violent extremist ideologies, their activity highlights one path to conducting a potential chemical or biological attack.
Over the past few years, there has been a definitive rise in school shooting incidents – specifically ‘Active Shooter’ or ‘Rampage Shooting’ events – but while the motives may have evolved, school violence is anything but new. With captive targets, a predictable attack environment, and little to no security hurdles, schools have long been a lucrative environment for violence. Recently though, the violent trend seems to be more popular amongst those with erroneous notions of vengeance, mental instability, and those seeking copycat infamy more than the staunch ideologist typically seen in other types of violent extremism. With that in mind, this joint Washington State Fusion Center (WSFC) and Oregon TITAN Fusion Center (TITAN) assessment intends to aid law enforcement and private and public sector security in understanding the various intricacies of the new-aged active or rampage shooter, how to recognize the signs, and what current measures are being taken to help mitigate the threat.
In accordance with Section 242 of PuЬlic Law 115-44 (P.L. 115-44) (“Countering America’s Adversaries Through Sanctions Act” (CAATSA)), the U.S. Department of the Treasury, in consultation with the Department of State and the Director of National Intelligence, was tasked with preparing а report addressing the potential effects of expanding sanctions under Directive 1 issued under Executive Order (Е.О.) 13662 to include sovereign debt and the full range of derivative products.
(U//FOUO) CBP Draft Report: Demographic Profile of Terrorists Post-9/11 Reveals Screening Implications
This assessment covers the demographic profile of the perpetrators, consisting of age, citizenship, gender, immigration status, national origin, international travel and religious background. This assessment is intended to inform United States foreign visitor screening, immigrant vetting and on-going evaluations of United States-based individuals who might have a higher risk of becoming radicalized and conducting a violent attack. This information is cut-off as of 22 January 2018.
The Special Testing and Research Laboratory’s Emerging Trends Program compiled the data for this report through a query of archived seizure and analysis information from drug evidence analyzed by the Drug Enforcement Administration’s laboratory system. This data is representative of drug evidence seized and analyzed in the date ranges annotated. This is not a comprehensive list of all new psychoactive substances and is not representative of all evidence analyzed by DEA. This data is a quarterly snapshot of the new psychoactive substance market in the United States.
On January 27th, the President directed the Department of Defense to conduct a new Nuclear Posture Review (NPR) to ensure a safe, secure, and effective nuclear deterrent that safeguards the homeland, assures allies, and deters adversaries. This review comes at a critical moment in our nation’s history, for America confronts an international security situation that is more Complex and demanding than any since the end of the Cold War. In this environment, it is not possible to delay modernization of our nuclear forces and remain faithful sentinels Of our nation’ s security and freedom for the next generation as well as our own.
(U//FOUO) U.S. Border Patrol Nationwide Apprehensions by Citizenship and Sector in FY2018 Through October
(U//FOUO) DHS Bulletin: Chemical Splash and Spray Attacks Potential Tactic for Violent Extremists in Homeland
We assess that terrorists likely view tactics involving throwing or spraying acids and a variety of chemical liquids, hereafter referred to as a chemical spray and splash attack (CSSA), as a viable tactic to cause injury and disrupt critical infrastructure, judging from open source reporting describing terrorist social media posts and terrorist and violent extremist use of this tactic overseas. An analysis of a small number of incidents described in media reporting revealed that CSSAs are commonly used by criminal actors to further criminal activities and by violent extremist groups overseas to create fear, intimidate, punish, and disfigure individuals and groups that resist their control or ideology in their area of operations; the tactic, however, has rarely been operationalized by actors in the Homeland. We note, however, that homegrown violent extremists (HVEs) and lone offenders likely would find this tactic appealing and could easily adapt it to the Homeland, as it requires no specific technical expertise and the materials most often associated with criminal attack are usually unregulated and widely available.
There is continued terrorist interest in attacking the rail system either as the primary target or as an attack mechanism. The US railroad system includes 800 railroads, 144,000 miles of track, and 212,000 railroad crossings. First responders should work closely with railroad police departments and other security partners to better protect rail assets—including freight rail (railcars loaded with commodities or hazardous materials), passenger rail (Amtrak, regional, or commuter rail), heavy rail (metro, and subway), and light rail (street cars, tramways, or trolleys)—from terrorist attacks and criminal activities. This product was developed to provide general rail safety tips and resources to help increase first responder awareness of the rail environment.
(U//FOUO) California Cybersecurity Integration Center Advisory: Security Concerns with Kaspersky Labs Products
On 11 July, the United States Government removed Moscow-based Kaspersky Lab from two lists of approved vendors used by government agencies to purchase technology equipment, amid concerns the cyber security firm’s products could be used by the Kremlin to gain entry into U.S. networks. Last month the Senate Armed Services Committee passed a defense spending policy bill that would ban Kaspersky products from use in the military. The move came a day after the FBI interviewed several of the company’s U.S. employees at their private homes as part of a counterintelligence investigation into its operations.
ATP 2-33.4 provides information on how intelligence personnel conduct intelligence analysis in support of unified land operations. It describes approaches used to conduct intelligence analysis and describes how intelligence analysis assists commanders with understanding the complex environments in which Army forces conduct operations.
assesses the increase in the number of vehicle-ramming attacks since January 2016 indicates Foreign Terrorist Organization (FTO) messaging efforts are probably resonating with violent extremists and will most likely continue in the near term. FTO-inspired violent extremists will probably continue to plan and engage in vehicle-ramming attacks against Western-based mass gathering and public venues since this tactic often requires minimal training, expertise, and preoperational planning. Since January 2016, eight FTO-inspired vehicle-ramming attacks have occurred in Western countries. OCIA identified three common characteristics among these attacks: targeting of public venues or mass gatherings; use of secondary weapons; and lack of observable indicators immediately before the attack.
(U//FOUO) Northwest High Intensity Drug Trafficking Area Threat Assessment and Strategy For Program Year 2018
The opioid epidemic continues to dominate headlines within the state and throughout the region. Powerful synthetic opioids, such as fentanyl and its derivatives, led to the overdose deaths of 70 individuals in Washington State during 2016 – more than twice the number of fentanyl-related deaths in the previous year. Although much of Washington’s focus is on curbing the opioid crisis, methamphetamine remains a critical threat in the Pacific Northwest. The regulation of recreational and medicinal marijuana continues to pose new challenges for law enforcement even as use of the drug in Washington State has been legal for several years.
NCTC assesses that the Sunni violent extremist threat in the US has evolved from one defined by complex, large-scale attacks directed by a foreign terrorist organization (FTO) to mostly self-initiated attacks by homegrown violent extremists using relatively simple methods. Of the 28 Sunni violent extremist attacks in the US since 9/11 only three were directed by an FTO. Most attacks were perpetrated by individuals enabled—through encouragement or operational support—or inspired by ISIS, al-Qa‘ida, and al-Qa‘ida affiliates.
(U//FOUO) Northern California Fusion Center: Violent Tactics Showcased at Berkeley Riots Likely to be Used at Future Demonstrations
Tactics used by violent Anti-fascists at events in Berkeley on 1 February, 4 March, and 15 April 2017 highlight their ability to exploit peaceful protests with coordinated violent demonstrations, attack law enforcement personnel, destroy property, and conduct information campaigns to advance their socio-political goals. This Advisory Bulletin is intended to inform law enforcement involved in operational planning and event safety at gatherings that violent anti-fascist elements may target.
In August, ISIS released a seven-minute, English-language video encouraging would-be fighters to travel to the Philippines instead of Syria and Iraq. The video was the latest sign the group has shifted its recruiting tactics as it loses ground to Coalition Forces in the Middle East. Asia has become a new focus for ISIS, according to private sector analysts, such as Flashpoint Intelligence.
As the American Army fought in Iraq and Afghanistan, it became the best tactical level counter insurgency force of the modern era. America’s enemies, however, did not rest. Russia observed the transformation of the American Army and began a transformation of their own. This new military barely resembles its former Soviet self. Wielding a sophisticated blend of Unmanned Aircraft Systems (UAS), electronic warfare (EW) jamming equipment, and long range rocket artillery, it took the Soviet model out of the 1980s and into the 21st Century.
(U//FOUO) DHS Reference Aid: Overview of Recently Successful or Arrested HVEs’ Radicalization to Violence
This Reference Aid is based on I&A’s review of the radicalization to violence of 39 US homegrown violent extremists (HVEs) who either successfully carried out or were arrested before attempting to carry out attacks in the Homeland between 1 January 2015 and 31 December 2016. It is intended to inform federal, state, local, tribal, and territorial counterterrorism, law enforcement, and countering violent extremism (CVE) officials. For additional information about these HVEs, please see the classified I&A Intelligence Assessment “(U//FOUO) Commonalities in HVEs’ Radicalization to Violence Provide Prevention Opportunities,” published 10 February 2017.
This case study is an examination of behaviors that resulted in a disrupted terrorist attack, revealing a cycle of planning and preparation that could provide indicators for preventing similar attempts. The terrorist attack planning cycle is not a static, linear process but rather could begin in any of the several stages with variances in details, sequence, and timing. An individual’s mobilization to violence often provides observable behavioral indicators such as, pre-attack surveillance, training, and rehearsal. The indicators potentially allow third-party observers and law enforcement to identify individuals moving to violence, circumstances that may allow for disruption of planned attacks. This product is intended to cultivate an awareness of the planning cycle among stakeholders for identification, mitigation, and disruption of attack planning.
We assess with moderate confidence that cyber actors, including those who support violent extremism, are likely to continue targeting first responders on the World Wide Web, including by distributing personally identifiable information (PII) for the purpose of soliciting attacks from willing sympathizers in the homeland, hacking government websites, or attacking 911 phone systems to hinder first responders’ ability to respond to crises.
The Delaware State Police (DSP) Intelligence Unit is providing the following information for officer safety and situational awareness. Officers should be mindful, when placing prisoners in custody, of smart watches and similar devices that can connect via Bluetooth to a cellular device. Smart watches have the capability to both make and receive phone calls and text messages, as well as erasing same. This could cause an issue if a cellular device and it’s contents are being used as evidence. Through experimentation at Troop 7, it was determined that if a prisoner is in the detention area and the phone is seized, the watch could still be operational.
Terrorist and violent extremist groups have long expressed interest in poisoning and adulterating food and beverage supplies in the West but rarely use this as a tactic. Nonetheless, recent incidents in Europe and Africa underscore the continued interest by some groups in targeting food products at point-of-sale, distribution, and storage. The mere threat of product adulteration in the Homeland almost certainly would cause psychological and economic harm. While we have not seen any specific, credible terrorist threats against Homeland food production and distribution infrastructure, we cannot rule out the possibility of inspired violent extremists or disgruntled insiders attempting to adulterate or poison food and beverages with commonly available toxic industrial chemicals or crude biological toxins due to the relative ease of product manipulation, especially at the last point of sale, which criminal actors have demonstrated consistently in the past.
OCIA assesses that if specific industrial control systems (ICS) were successfully infected with ransomware, it could affect the ability of certain sectors to provide real-time management and control of large networks of geographically scattered equipment. Although security researchers have demonstrated the possibility of ransomware targeting control systems, OCIA assesses that such an attack is highly unlikely given the higher success rate against consumer and business systems, the likelihood that business and process control networks are segmented, and the ability for operators to take a control system out of service and employ manual overrides.