Tag Archive for National Counterterrorism Center

(U//FOUO) NCTC Homegrown Violent Extremist Mobilization Indicators for Public Safety Personnel 2017 Edition

The indicators of violent extremist mobilization described herein are intended to provide federal, state, local, territorial and tribal law enforcement a roadmap of observable behaviors that could inform whether individuals or groups are preparing to engage in violent extremist activities including potential travel overseas to join a Foreign Terrorist Organization (FTO). The indicators are grouped by their assessed levels of diagnosticity—meaning how clearly we judge the behavior demonstrates an individual’s trajectory towards terrorist activity.

(U//FOUO) DHS-FBI-NCTC Bulletin: Terrorists Call for Attacks on Hospitals, Healthcare Facilities

Recent calls over the past year for attacks on hospitals in the West by media outlets sympathetic to the Islamic State of Iraq and ash-Sham (ISIS) highlight terrorists’ perception of hospitals as viable targets for attack. Targeting hospitals and healthcare facilities is consistent with ISIS’s tactics in Iraq and Syria, its previous calls for attacks on hospitals in the West, and the group’s calls for attacks in the West using “all available means.” While we have not seen any specific, credible threat against hospitals and healthcare facilities in the United States, we remain concerned that calls for such attacks may resonate with some violent extremists and lone offenders in the Homeland because of their likely perceived vulnerabilities and value as targets.

Feds Say Homegrown Terrorists Increasingly Prioritizing Civilian Targets

A joint intelligence bulletin issued in late August by the Department of Homeland Security, FBI, and National Counterterrorism Center (NCTC) assesses that homegrown violent extremists (HVEs) are “increasingly favoring civilian targets” as opposed to government facilities and personnel. Previous assessments have found that HVEs are most likely to prioritize “law enforcement personnel, military members, and US Government-associated targets.” However, a recent shift towards civilian targets has likely been driven by the accessibility of “soft targets” that are less secure and provide greater opportunities for mass casualty attacks.

(U//FOUO) DHS-FBI-NCTC Bulletin: Homegrown Violent Extremists Focusing More on Civilian Targets

This Joint Intelligence Bulletin (JIB) is intended to provide new insight into the targeting preferences of some homegrown violent extremists (HVEs) and to examine detection challenges and opportunities. This JIB is provided by FBI, DHS, and NCTC to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners in deterring, preventing, or disrupting terrorist attacks within the United States.

(U//FOUO) DHS-FBI-NCTC Bulletin: Tactics, Techniques, and Procedures Used in March 2016 Brussels Attacks

This Joint Intelligence Bulletin (JIB) is intended to provide a review of the tactics, techniques, and procedures demonstrated by the perpetrators of the 22 March 2016 attacks in Brussels, Belgium. The analysis in this JIB is based on statements by European government and law enforcement officials cited in media reporting and is subject to change with the release of official details from post-incident investigations. This JIB is provided by DHS, FBI, and NCTC to support their respective activities and to assist federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials, first responders and private sector partners in deterring, preventing, preempting, or disrupting terrorist attacks against the United States.

NCTC Counterterrorism Digest January 26-February 2, 2016

Counterterrorism Digest is a compilation of UNCLASSIFIED open source publicly available press material, to include relevant commentary on issues related to terrorism and counterterrorism over the past seven days. It is produced every Wednesday, excluding holidays. Counterterrorism Digest is produced by the National Counterterrorism Center and contains situational awareness items detailing on-going terrorism-related developments which may be of interest to security personnel.

NCTC Counterterrorism Digest January 20-26, 2016

Counterterrorism Digest is a compilation of UNCLASSIFIED open source publicly available press material, to include relevant commentary on issues related to terrorism and counterterrorism over the past seven days. It is produced every Wednesday, excluding holidays. Counterterrorism Digest is produced by the National Counterterrorism Center and contains situational awareness items detailing on-going terrorism-related developments which may be of interest to security personnel.

(U//FOUO) DHS-FBI-NCTC Bulletin: Terrorist Impersonation of First Responders Overseas

(U//FOUO) Two disrupted plots in Europe earlier this year highlight terrorists possible interest in impersonating first responders through the acquisition of authentic or fraudulent uniforms, equipment, vehicles, and other items which may be associated with government, military, law enforcement, fire,…

(U//FOUO) DHS-FBI-NCTC Bulletin: Risks for U.S. Persons Traveling to Fight ISIS

This Joint Intelligence Bulletin highlights the potential risks for US persons traveling to Syria or Iraq to combat the Islamic State of Iraq and the Levant (ISIL) or expressing online a desire to do so. The FBI, DHS, and NCTC remain concerned that US persons traveling to combat ISIL are at risk of being killed, wounded, or captured. Further, ISIL members or supporters could attempt disingenuously to identify and target US persons so as to harm them before or upon their arrival in Syria or Iraq. The State Department has issued travel warnings for both Iraq and Syria and the US Government does not support US persons traveling overseas to combat ISIL.

(U//FOUO) DHS-FBI-NCTC Bulletin: ISIL Supporters Targeting Uniformed Personnel for Weapons and Equipment

In the first half of 2015 there were at least two instances of Islamic State of Iraq and the Levant (ISIL) inspired individuals in the West expressing interest in targeting law enforcement (LE) to obtain weapons and other specialized gear through theft. As ISIL continues to exhort its individuals in the West to carry out attacks, the potential exists that some terrorists may use this tactic and attempt to steal weapons or issued items, such as credentials, badges, uniforms, radios, ballistic vests, vehicles, and other equipment, which could be used in furtherance of an attack. We note that laws governing the purchase of firearms differ widely among Western nations making this tactic more likely to occur in countries where laws are most restrictive and firearms are harder to obtain through legitimate means.

Feds Issue Bulletin on Google Dorking

A bulletin issued by the Department of Homeland Security, the FBI and the National Counterterrorism Center earlier this month warns law enforcement and private security personnel that malicious cyber actors can use “advanced search techniques” to discover sensitive information and other vulnerabilities in websites. The bulletin, titled “Malicious Cyber Actors Use Advanced Search Techniques,” describes a set of techniques collectively referred to as “Google dorking” or “Google hacking” that are used to refine search queries to provide more specific results.

(U//FOUO) DHS-FBI-NCTC Bulletin: Malicious Cyber Actors Use Advanced Search Techniques

Malicious cyber actors are using advanced search techniques, referred to as “Google dorking,” to locate information that organizations may not have intended to be discoverable by the public or to find website vulnerabilities for use in subsequent cyber attacks. “Google dorking” has become the acknowledged term for this malicious activity, but it applies to any search engine with advanced search capabilities. By searching for specific file types and keywords, malicious cyber actors can locate information such as usernames and passwords, e-mail lists, sensitive documents, bank account details, and website vulnerabilities. For example, a simple “operator:keyword” syntax, such as “filetype:xls intext:username,” in the standard search box would retrieve Excel spreadsheets containing usernames. Additionally, freely available online tools can run automated scans using multiple dork queries.

(U//FOUO) DHS-FBI-NCTC Bulletin: Medical Treatment Presents Opportunity for Discovery of Violent Extremist Activities

Efforts to gain expertise with explosive, incendiary, and chemical/biological devices may lead to injuries and emergency treatment, which may provide potential indicators of violent extremist activities to responding emergency medical service (EMS) personnel. Scene size-up and patient assessment provide first responders the opportunity to view both the scene and any patient injuries. EMS personnel and other first responders should consider the totality of information gleaned through direct observation and the statements of patients, witnesses, and bystanders to evaluate whether an injury is a genuine accident or related to violent extremist activity.

National Counterterrorism Center Flyer: College Drone Programs Can Be Targeted by Violent Extremists

College programs in unmanned aircraft systems (UAS) are susceptible to potential penetration or attack plotting by violent extremists. Enhanced information and operational security practices can reduce the likelihood of a violent extremist infiltrating UAS programs or planning an attack against students and faculty. There are potential indicators that a student or faculty member may possess ulterior motives for their interest in unmanned aircraft.

(U//FOUO) DHS-FBI-NCTC Bulletin: Terrorists Continued Interest in Targeting Mass Transit

Terrorists in late December 2013 conducted three attacks targeting people using public transportation systems in Russia, emphasizing terrorists’ persistent interest in attacking locations where large congregations of people are confined to small, often enclosed spaces. Russian officials claim North Caucasus-based violent extremists associated with the Imirat Kavkaz (IK) probably conducted these attacks to embarrass the Russian government in the build-up to the 2014 Olympic Games in Sochi. The IK, a violent extremist group based in Russia, has no known capability in the Homeland and is unlikely to directly target Western interests overseas.

National Counterterrorism Center Enhanced Safeguards Decision Matrix

The DNI, D/NCTC and the Attorney General approved revised Attorney General Guidelines for NCTC’s handling of US Person (USP) information in March 2012. These revised NCTC Attorney General Guidelines (“NCTC’s AGGs”) govern NCTC’s access, retention, use, and dissemination of datasets identified as including non-terrorism information and information pertaining exclusively to domestic terrorism, and provide NCTC with the authority to retain USP information for up to five years (unless a shorter period is required by law, executive order, regulation, international agreement, etc.). During this temporary retention and assessment period, additional safeguards and protections are applied to this data, to include baseline (and potentially enhanced) safeguards, as well as additional compliance, auditing, reporting and oversight mechanisms.

(U//FOUO) DHS-FBI-NCTC Bulletin: Fake Help Desk Scams an Ongoing Problem

Law enforcement continues to see reporting of malicious cyber actors using fake help desk scams, also known as technical support scams. These scams, if successful, seek to compromise and take control of computer systems. Malicious cyber actors send users an e-mail or they make cold calls, purportedly representing a help desk from a legitimate software or hardware vendor. The malicious cyber actors try to trick users into believing that their computer is malfunctioning—often by having them look at a system log that typically shows scores of harmless or low-level errors—then convincing them to download software or let the “technician” remotely access the personal computer to “repair” it.

(U//FOUO) DHS-FBI-NCTC Bulletin: Building Security Measures May Hinder Emergency Response Efforts

Facility security measures, such as interior control points or exterior barriers, may require first responders to adjust normal protocols and procedures to operate rapidly during emergencies. The timeline below is an overview of attacks and plots against US-based facilities with varying levels of security. The diversity of tactics and targets used underscores the need for interagency exercises and training that incorporates multiple scenarios to account for building security measures likely to be encountered.

(U//FOUO) DHS-FBI-NCTC Bulletin: Extortion Schemes Use Telephony-Based Denial-of-Service Attacks

Since at least January 2012, criminals are using telephony-based denial-of-service (TDoS) combined with extortion scams to phone an employee’s office and demand the employee repay an alleged loan. If the victim does not comply, the criminals initiate TDoS attacks against the employer’s phone numbers. TDoS uses automated calling programs—similar to those used by telemarketers—to prevent victims from making or receiving calls.