UNCLASSIFIED

UNCLASSIFIED

1

(U) FBI Tampa Division

National Security Threat Awareness Monthly Bulletin

APRIL 2014

(U) Handling notice: Although UNCLASSIFIED, this information is property of the FBI and may be distributed only to members of

organizations receiving this bulletin. Dissemination outside of your agency or company is only authorized with prior approval of the FBI. Further publication is not authorized in any manner; however dissemination within your agency to appropriate individuals is

appropriate. Precautions should be taken to ensure this information is stored and/or destroyed in a manner that precludes unauthorized

access.

(U) The FBI Tampa Division National Security Threat Awareness Monthly Bulletin provides a summary of previously reported US

government press releases, publications, and news articles from wire services and news organizations relating to counterintelligence,

cyber and terrorism threats. The information in this bulletin represents the views and opinions of the cited sources for each article, and

the analyst comment is intended only to highlight items of interest to organizations in Florida. This bulletin is provided solely to inform

our Domain partners of news items of interest, and does not represent FBI information.

(U) If you are a security officer, foreign sales representative, or employee of a business or company in Florida, you

may receive unsolicited, suspicious emails from a foreign company or individual asking specific and detailed questions

about your products, or inquires about starting a joint-venture or other commercial relationship. Your company or

agency may also host foreign visitors or delegations that ask specific questions about or seeks access to technology or

information outside the scope of their visit. If you have incidents like these to report, please contact FBI Strategic

Partnership Coordinator, James “Pat” Laflin, 813-253-1029, e-mail james.laflin@ic.fbi.gov .Please note, defense

contractors are required under the NISPOM to submit suspicious contact reports to their Defense Security Service

(DSS) representative.

In the 10 APR 2014 Issue:

Article Title Page NATIONAL SECURITY THREAT NEWS FROM GOVERNMENT AGENCIES:

Naval Espionage - Stopping a Dangerous Insider Threat p. 2

COUNTERINTELLIGENCE/ECONOMIC ESPIONAGE THREAT ITEMS FROM THE PRESS:

Hawaii Man Pleads Guilty to Communicating Classified National Defense Information to An

Unauthorized Person

p. 3

Two Individuals and Company Found Guilty in Conspiracy to Sell Trade Secrets to Chinese

Companies; First Federal Jury Conviction Under Economic Espionage Act of 1996

p. 4

Reston Man Pleads Guilty to Exporting Unlicensed Goods to Iran; Defendant Shipped over

$250,000 in High-Tech Items Through United Arab Emirates

p. 7

Former Winchester Brake Pad Engineer Pleads Guilty to Theft of Trade Secrets Charge p. 7

Analyst at Canadian Anti-Terrorism Agency Stripped of Position after Meeting Russian Diplomats

at Social Events

p. 8

Former Employee of Navy Contractor Pleads Guilty in International Navy Bribery Scandal p. 8

The Black Box of China’s Military; Beijing is Spending Hundreds of Billions of Dollars on Defense,

but No One Quite Knows What They're up to

p. 9

CYBERSECURITY SPECIAL FOCUS FOR INDUSTRY:

How do the FBI and Secret Service Know Your Network Has Been Breached Before You Do? They

Work Hard to Find Evidence of Stolen Data, but Companies Don't Always Appreciate the Effort

p. 11

Big Threats for Small Businesses; Five Reasons Your Small or Midsize Business is a Prime Target

for Cybercriminals

p. 12

CYBER THREAT ITEMS FROM THE PRESS:

Cyber-War: In Deed and Desire, Iran Emerging as a Major Power p. 14

A Cyber History of the Ukraine Conflict p. 14

Hack Attack - Russia's First Targets in Ukraine: Its’ Cell Phones and Internet Lines p. 15

(U) Administrative Note: This product reflects the views of the FBI-Tampa

Division and has not been vetted by FBI Headquarters.

UNCLASSIFIED

UNCLASSIFIED

2

Hacking Critical Infrastructure Companies -- A Pen Tester's View p. 16

IT Leaders Share Tips on Managing Security Risks p. 17

Three Ways to Raise Infosec Awareness among Non-Security Executives p. 18

Major Companies, like Target, Often Fail to Act on Malware Alerts; Target Paid the Price for its

Apparent Failure; Other Big Firms Follow the Same Pattern and Could Face the Same Fate,

Analysts Say

p. 19

4 Lessons CIOs Can Learn From the Target Breach p. 20

Healthcare Industry Advised to do More Thorough Risk Analyses p. 21

Pre-Installed Malware Turns Up on New Phones; A Fake Version of Netflix that Steals Personal

Data and Sends it to Russia Has Been Found on Several Phone Models

p. 21

Sophisticated Scam Targeting Verizon Wireless Customers p. 22

COUNTERTERRORISM THREAT ITEMS FROM THE PRESS:

San Joaquin County Man Arrested at Canadian Border on Charges of Attempting to Provide

Material Support to Foreign Terrorist Organization

p. 22

Dearborn Resident Charged with Attempting to Support a Foreign Terrorist Organization p. 23

US House of Representatives - Joint Subcommittee Hearing entitled: Iran’s Support for Terrorism

Worldwide

p. 24

Authorities Identify Third Suspect in Bulgarian Bus Bombing Linked to Canadian Member of

Hezbollah

p. 26

Al-Qaeda Unveils New Magazine Aimed at Western Jihadis p. 26

Al Qaeda's Latest Magazine: Notes from Dead American Terrorists p. 26

Officials: Al-Qaida Plots Comeback in Afghanistan p. 27

Nigeria: Al-Qaeda Takes Over Boko Haram p. 27

AP Interview: Jihadi Head Says Gaza Groups Growing p. 27

Militant Islamist Website Calls for Attacks on France And Hollande – SITE p. 28

Al-Qaeda Threat to United States Risked In Afghanistan Exit, General Says p. 28

(U) NATIONAL SECURITY THREAT NEWS FROM GOVERNMENT AGENCIES:

(U) Naval Espionage - Stopping a Dangerous Insider Threat (FBI News Blog, 07 MAR 2014)

(U) As a sailor with a top secret clearance, a sensitive job on a submarine, and 20 years of service

in the Navy, Robert Hoffman possessed a tremendous amount of knowledge about the US nuclear

fleet and its operations—knowledge he was willing to sell to the Russians.

(U) “It’s almost impossible to say why someone would become a spy,” said Special Agent James

Dougherty, who investigated the case from our Norfolk Division, but Hoffman represents a

classic example of the insider threat. “When a US citizen with classified information threatens to

betray his country,” Dougherty explained, “the resulting damage to national security and loss of

American lives can be catastrophic.”

(U) Special Agent James Dougherty has a dozen years of experience investigating spies, and

in almost all of the cases he has worked, the subjects’ families, friends, or colleagues had

concerns but failed to report them to authorities. “The FBI needs the public’s help to fight

the insider threat,” Dougherty said, “and we are willing to pay for that help.”

(U) Individuals who provide information leading to the arrest and conviction of a spy—or to the

prevention of espionage—are eligible for a $500,000 reward. To report suspicious activities,

contact your local FBI office or submit an anonymous tip online. “There will always be espionage

cases,” Dougherty said. “This is a war that can’t be won—it can only be fought. But we can never

give up the fight.”

UNCLASSIFIED

UNCLASSIFIED

3

(U) Investigators speculate that Hoffman may have blamed his divorce on the Navy, along with

his failure to gain promotion. The FBI and the Naval Criminal Investigative Service (NCIS)

became concerned in 2011 when, nearing retirement, Hoffman told friends he was going on a

“man-cation” to Belarus to see Russian women he had previously met when he was stationed in

Bahrain—even though he knew the women would not be there.

(U) “He had some sort of motivation to travel to Belarus that didn’t seem logical,” said

Dougherty. In addition, Hoffman ignored the requirement to alert military security officers

that he would be traveling out of the country, and he failed to adhere to other security rules

of reporting any suspicious incidents while overseas. However, Hoffman did post items on

social media channels saying he met the president of Belarus. “All of that added to our

suspicion,” Dougherty noted.

(U) Using court-authorized surveillance, wiretaps, and other investigative tools, FBI and NCIS

investigators began monitoring Hoffman’s movements at his home in Virginia Beach following

his retirement from the Navy in late 2011. Soon after, our undercover operatives made contact

with him to assess his intentions. Then, in September 2012, a female FBI undercover agent

posing as a Russian operative knocked on Hoffman’s door and delivered a message ostensibly

from Russian intelligence officials. “He received instructions from the woman, who asked him to

respond by e-mail within one week,” Dougherty said. “We didn’t want to pressure him. We

wanted him to make a conscious decision, knowing he would be dealing with the Russian

intelligence service.”

(U) Hoffman didn’t wait a week—he responded within hours. He agreed to answer a series of

questions on an encrypted thumb drive that was to be left in a hollow tree in a park—a hiding

place known in the spy world as a dead drop. On the third such drop, Hoffman divulged top secret

national defense information. “American lives could have been lost based on the information he

was willing to give up,” Dougherty said. “He had access to things that were highly, highly

sensitive.”

(U) In August 2013, a jury in Norfolk found Hoffman guilty of attempted espionage; last month,

the 40-year-old was sentenced to 30 years in prison. “The insider threat is very real,” said

Dougherty, explaining that in these types of cases, there are often people who are suspicious of a

friend or colleague’s statements or behavior but who don’t act on those suspicions. “One of the

things we teach in insider threat training,” Dougherty said, “is that if you see something, say

something. Often, people don’t want to rock the boat,” he added, “but if you see something that

doesn’t seem right, it’s your legal obligation to report it. Let the FBI sort it out. That’s what we

get paid for.”

(U) COUNTERINTELLIGENCE/ECONOMIC ESPIONAGE THREAT ITEMS FROM

THE PRESS:

(U) Hawaii Man Pleads Guilty to Communicating Classified National Defense Information

to An Unauthorized Person (US Department of Justice Press Release, 13 MAR 2014)

(U) Benjamin Pierce Bishop, 60, a Honolulu, Hawaii defense contractor and former Lt. Colonel

in the US Army, pled guilty in federal court to willfully communicating classified national

defense information to a person not authorized to receive it and willfully retaining classified

national defense information. Bishop was arrested on March 15, 2013 on charges that he

UNCLASSIFIED

UNCLASSIFIED

4

communicated classified information to a person identified as a 27 year old Chinese woman

with whom he had a romantic relationship during the year preceding the charges.

(U) According to the criminal complaint, during Bishop’s relationship with the woman,

further identified as a graduate student in the United States on a J1 Visa, he communicated

classified information concerning US national defense systems and removed classified

information from his work space at US Pacific Command which he then kept at his Honolulu

area residence. In his plea agreement filed with the Court, Bishop admitted that on or about May

12, 2012, he “willfully communicated, in an email attachment entitled “Comments on Extending

Deterrence from the Triad”, to PERSON 1, classified US national defense information related to

joint training and planning sessions between the United States and the Republic of Korea, which

information related to the national defense and was classified at the SECRET level.” Bishop also

admitted to willfully retaining multiple classified documents at his residence related to US

national defense, including the US Armed Forces Defense Planning Guide for years 2014-2018; a

document entitled: Optimizing US Force Posture in the Asia-Pacific; the US Department of

Defense China Strategy; and the 2010 Guidance for Employment of Force (GEF).

(U) When sentenced on June 26, 2014 by United States District Judge Leslie E. Kobayashi,

Bishop will face a maximum sentence of 10 years in prison, a fine of up to $250,000, and three

years of supervised release for each of the two counts of conviction. US Attorney Florence T.

Nakakuni stated: “This case once again demonstrates our commitment and unwavering resolve to

pursue and prosecute individuals who violate their security oaths and endanger our national

security by unlawfully communicating sensitive and damaging classified national defense

information to persons who are not entitled to receive it.”

(U) This case was investigated by the FBI and the Naval Criminal Investigative Service. This

case was prosecuted by Assistant US Attorney Ken Sorenson of the US Attorney’s Office for the

District of Hawaii and Senior Trial Attorney Robert E. Wallace Jr., of the Counterespionage

Section of the Justice Department’s National Security Division.

(U) Analyst Comment: This case shows that the Peoples Republic of China (PRC) will use

graduate students as intelligence collectors to assess and target US individuals with access to

classified, sensitive military and civilian information. Individuals in Florida with this access

should use caution when receiving unsolicited social contact from PRC nationals.

(U) Two Individuals and Company Found Guilty in Conspiracy to Sell Trade Secrets to

Chinese Companies; First Federal Jury Conviction Under Economic Espionage Act of 1996

(US Department of Justice Press Release, 05 MAR 2014)

(U) A federal jury in San Francisco has found two individuals and one company guilty of

economic espionage, theft of trade secrets, bankruptcy fraud, tax evasion, and obstruction of

justice for their roles in a long-running effort to obtain US trade secrets for the benefit of

companies controlled by the government of the People’s Republic of China (PRC), announced

US Attorney Melinda Haag; John P. Carlin, Acting Assistant Attorney General for National

Security at the Department of Justice; David Johnson, Special Agent in Charge of the Federal

Bureau of Investigation (FBI), San Francisco Division; and Jose Martinez, Special Agent in

Charge of the Oakland Field Office, Internal Revenue Service (IRS), Criminal Investigation.

UNCLASSIFIED

UNCLASSIFIED

5

(U) The jury found that Walter Lian-Heen Liew (aka Liu Yuanxuan); his company, USA

Performance Technology Inc. (USAPTI); and Robert Maegerle conspired to steal trade secrets

from E.I. du Pont de Nemours & Company regarding their chloride-route titanium dioxide

production technology and sold those secrets for large sums of money to state-owned

companies of the PRC. The purpose of their conspiracy was to help those companies

develop large-scale chloride-route titanium dioxide production capability in the PRC,

including a planned 100,000-ton titanium dioxide factory in Chongqing. This case marks the

first federal jury conviction on charges brought under the Economic Espionage Act of 1996.

(U) “Fighting economic espionage and trade secret theft is one of the top priorities of this office,

and we will aggressively pursue anyone, anywhere, who attempts to steal valuable information

from the United States,” said US Attorney Melinda Haag. “As today’s verdict demonstrates,

foreign governments threaten our economic and national security by engaging in aggressive and

determined efforts to steal US intellectual property. I commend the efforts of the women and men

of the FBI and the IRS in protecting America’s businesses and our national security.” “The theft

of America’s trade secrets for the benefit of a foreign government poses a substantial threat to our

economic and national security,” said Acting Assistant Attorney General John Carlin. “Today’s

verdict clearly demonstrates that we take this threat seriously. This case shows that we will not

hesitate to pursue and prosecute those who steal from American businesses.”

(U) “The battle against economic espionage has become one of the FBI’s main fronts in its efforts

to protect US national security in the 21st century,” said Special Agent in Charge David Johnson.

“This is a case about lying, cheating, and stealing,” said José M. Martínez, Special Agent in

Charge, IRS-Criminal Investigation. “The defendants stole secrets, lied to the bankruptcy court,

and cheated the IRS and creditors. In today’s economic environment, it’s more important than

ever that the American people feel confident that everyone is playing by the rules and paying

their fair share.”

(U) The jury also found that Liew, USAPTI, and Maegerle obstructed justice during the course of

their conspiracy. The jury found that Liew filed false tax returns for USAPTI and Performance

Group, a predecessor company to USAPTI, and made false statements and oaths in bankruptcy

proceedings for Performance Group. The guilty verdicts followed a seven-week jury trial before

the Honorable Jeffery S. White of the Northern District of California.

(U) Liew, 56, of Walnut Creek, California, was convicted of conspiracy to commit economic

espionage, conspiracy to commit theft of trade secrets, attempted economic espionage, attempted

theft of trade secrets, possession of trade secrets, conveying trade secrets, conspiracy to obstruct

justice, witness tampering, conspiracy to tamper with evidence, false statements, filing false tax

returns, false statements in bankruptcy proceedings, and false oath in bankruptcy proceedings.

Liew was an owner and president of USAPTI, a company headquartered in Oakland, California,

that offered consulting services. USAPTI was found guilty of conspiracy to commit economic

espionage, conspiracy to commit theft of trade secrets, attempted economic espionage, attempted

theft of trade secrets, possession of trade secrets, conveying trade secrets, and conspiracy to

obstruct justice.

(U) Evidence at trial showed that in the 1990s, Liew met with the government of the PRC

and was informed that the PRC had prioritized the development of chloride-route titanium

dioxide (TiO2) technology. TiO2 is a commercially valuable white pigment with numerous uses,

including coloring paint, plastics, and paper. DuPont’s TiO2 chloride-route process also produces

titanium tetrachloride, a material with military and aerospace uses. Liew was aware that DuPont

UNCLASSIFIED

UNCLASSIFIED

6

had developed industry-leading TiO2 technology over many years of research and

development and assembled a team of former DuPont employees, including Robert

Maegerle, to assist him in his efforts to convey DuPont’s TiO2 technology to entities in the

PRC. Liew executed contracts with state-owned entities of the PRC for chloride-route TiO2

projects that relied on the transfer of illegally obtained DuPont technology. Liew, Maegerle, and

USAPTI obtained and sold DuPont’s TiO2 trade secret to the Pangang Group companies for more

than $20 million.

(U) Robert Maegerle, 78, of Harbeson, Delaware, was found guilty of conspiracy to commit theft

of trade secrets, attempted theft of trade secrets, conveying trade secrets, and conspiracy to

obstruct justice. Evidence at trial showed that Maegerle was employed by DuPont as an engineer

from 1956 to 1991, where he had developed detailed knowledge of DuPont’s TiO2 technology

and expertise in building TiO2 production lines. He also had access to DuPont TiO2 trade secrets,

including specific information regarding DuPont’s TiO2 facility at Kuan Yin, Taiwan. He

provided these trade secrets to Liew and USAPTI in furtherance of their contracts with state-

owned companies of the PRC for chloride-route TiO2 projects.

(U) The jury also found Liew, Maegerle, and USAPTI guilty of obstructing justice by causing an

answer to be filed in a federal civil lawsuit in which they falsely claimed that no information from

DuPont’s Kuan Yin plant was used in the USAPTI designs for the development of TiO2

manufacturing facilities. Liew was also found guilty of witness tampering for his efforts to

influence a co-defendant’s testimony in the civil lawsuit. The jury also convicted Liew of

conspiring with his wife, Christina Liew, to mislead the FBI by corruptly concealing records,

documents, and other objects during the FBI’s investigation into their criminal activity. Liew was

also convicted of filing a false income tax return for his company, Performance Group, for

calendar years 2006, 2007, and 2008 and for USAPTI in 2009 and 2010. The jury also found

Liew guilty of making false statements and a false oath in connection with filing for bankruptcy

for Performance Group in 2009. Liew, as co-owner of USAPTI, entered into contracts worth in

excess of $20 million to convey TiO2 trade secret technology to Pangang Group companies. The

Liews received millions of dollars of proceeds from these contracts. The proceeds were wired

through the United States, Singapore, and ultimately back into several bank accounts in the PRC

in the names of relatives of Christina Liew.

(U) The second superseding indictment also charges Liew’s wife, Christina Hong Qiao Liew (aka

Qiao Hong), with conspiracy to commit economic espionage, conspiracy to commit theft of trade

secrets, attempted theft of trade secrets, possession of trade secrets, witness tampering, conspiracy

to tamper with evidence, and false statements. The charges against Ms. Liew were severed from

those against Walter Liew, Maegerle, and USAPTI. Tze Chao (aka Zhao Zhi), a former DuPont

employee who was also charged in the second superseding indictment, pled guilty to conspiracy

to commit economic espionage on March 1, 2012. Hou Shengdong, the vice director of the

Chloride Process TiO2 Project Department for the Pangang Group, was also charged in the

second superseding indictment with conspiracy to commit economic espionage, conspiracy to

commit theft of trade secrets, and attempted economic espionage. He is currently a fugitive.

(U) Charges of conspiracy to commit economic espionage, conspiracy to commit theft of trade

secrets, and attempted economic espionage are also pending against the four PRC state-owned

companies charged in the second superseding indictment. The case is being prosecuted by the

Special Prosecutions and National Security Unit of the US Attorney’s Office in San Francisco,

the Counterespionage Section of the National Security Division of the US Department of Justice

UNCLASSIFIED

UNCLASSIFIED

7

in Washington, D.C., the FBI, Palo Alto Resident Agency, and Oakland Field Office of the IRS-

Criminal Investigation.

(U) Analyst Comment: This case highlights the widespread and sophisticated threat of Chinese

targeting and collection against sensitive proprietary business information in the United States.

Private and public security officers in Florida should note the tradecraft used by the PRC once the

Chinese government identified TiO2 technology as an economic collection priority. China used

middlemen to conduct a long-term HUMINT collection campaign to identify, assess and recruit

former DuPont employees willing to compromise TiO2 technology. Every company in Florida

should analyze and identify its most critical “crown jewels”, and ensure it has a comprehensive

program to debrief employees who leave and ensure non-disclosure agreements are in place.

(U) Reston Man Pleads Guilty to Exporting Unlicensed Goods to Iran; Defendant Shipped

over $250,000 in High-Tech Items Through United Arab Emirates (US Department of

Justice Press Release, 06 MAR 2014)

(U) Vahid Hosseini, 62, of Reston, Va., pled guilty to two felony counts arising from his

involvement in exporting various unlicensed goods from the United States to Iran. Hosseini

pleaded guilty to conspiracy to violate the Iranian Transactions and Sanctions Regulations under

the International Emergency Economic Powers Act (IEEPA), and a separate count of money

laundering. Hosseini faces a maximum penalty of 15 years in prison and fines totaling $250,000

when he is sentenced on June 6, 2014.

(U) In a statement of facts filed with the plea agreement, from at least as early as January 2008 to

July 2013, Hosseini operated a business known as Sabern Instruments from his residence in

Reston. Through this business, Hosseini procured over $250,000 worth of goods from over 60

American manufacturers, which he then repackaged and shipped to entities in Iran. The list of

high-tech goods included tachometers, power supply instruments, high-temperature probes,

ammonia test tubes, valves and machinery parts, all of which are used in a variety of commercial

applications, including power plants. Hosseini routed these shipments through the United Arab

Emirates (UAE) in an attempt to disguise the fact that the items were destined for Iran. Such

exports are prohibited without a license issued by the Treasury Department’s Office of Foreign

Assets Control.

(U) In a related money laundering scheme, Hosseini had over $700,000 wired into his company

business account from entities in Iran and the UAE, much of which was derived from his illegal

export business. He then unlawfully withdrew money from his business account for personal

expenditures. This case was investigated by the FBI’s Washington Field Office.

(U) Former Winchester Brake Pad Engineer Pleads Guilty to Theft of Trade Secrets

Charge (US Department of Justice Press Release, 05 MAR 2014)

(U) Kerry B. Harvey, US Attorney for the Eastern District of Kentucky; Perrye Turner, Special

Agent in Charge, FBI; and Mythili Raman, Acting Assistant Attorney General for the US

Department of Justice’s Criminal Division jointly announced that a Winchester, Kentucky man,

David Lewis, 65, pled guilty to conspiracy to commit theft of trade secrets, and admitted in

federal court that he conspired to share confidential information about his employer’s brake pads

with another company.

UNCLASSIFIED

UNCLASSIFIED

8

(U) Lewis admitted that, between 2006 and 2007, he e-mailed trade secrets concerning the

specifications of brake pads, which information is the property of Lewis’s former employer,

Brake Parts International Inc. According to the plea agreement, Lewis was paid thousands of

dollars by a Canadian company for this information. On March 3, Lewis waived his right to be

indicted and pled guilty to the charge brought by US Attorney Harvey.

(U) The investigation was conducted by the FBI and the US Attorney’s Office was represented by

Assistant US Attorney Hydee Hawkins and Evan Williams, Senior Council of the Department of

Justice’s Computer Crime & Intellectual Property Section. David Lewis is scheduled to be

sentenced on July 7, 2014. He faces up 10 years in prison and a maximum fine of $250,000.

However, any sentence will be imposed by the Court after consideration of the US Sentencing

Guidelines and the applicable federal statutes.

(U) Analyst at Canadian Anti-Terrorism Agency Stripped of Position after Meeting Russian

Diplomats at Social Events (The National Post, 05 MAR 2014)

(U) An analyst at Canada's anti-terrorism financing agency was stripped of her security clearance

and position after she acknowledged meeting Russian diplomats at social events in Ottawa,

according to court documents released Wednesday. Irina Vladirmirovna Koulatchenko, 36, who

was born in Kyrgyzstan and is a citizen of both Russia and Canada, was never accused of any

wrongdoing, but had told a Canadian intelligence officer about her contacts with Russian

embassy officials. A Canadian Security Intelligence Service report, released by the Federal Court

in redacted form, said she had met three Russian diplomats and one she suspected was with the

intelligence services, but had never been asked for information. After receiving the CSIS report,

the Director of the Financial Transactions and Reports Analysis Centre (FINTRAC), where she

worked, revoked her security clearance and her job appointment, prompting her to appeal to the

court. In its decision, the court ruled that because of the sensitive nature of FINTRAC's work

there were grounds for concern about her "loyalty and her reliability" but that she was denied

procedural fairness since she was never given a chance to respond to those concerns...

(U) To access the full National Post article: http://news.nationalpost.com/2014/03/05/analyst-

at-canadian-anti-terrorism-agency-stripped-of-position-after-meeting-russian-diplomats-at-social-

events-documents/

(U) Former Employee of Navy Contractor Pleads Guilty in International Navy Bribery

Scandal (US Department of Justice Press Release, 18 MAR 2014)

(U) Alex Wisidagama, a citizen of Singapore formerly employed by Glenn Defense Marine Asia

(GDMA), pled guilty to one count of conspiracy to defraud the United States for his role in a

scheme to overbill the US Navy for ship husbanding services. Wisidagama’s plea is the second

in an expanding investigation into acts of alleged fraud and bribery committed by GDMA and

several United States Navy officers and personnel. Acting Assistant Attorney General Mythili

Raman of the Justice Department’s Criminal Division, US Attorney Laura E. Duffy of the

Southern District of California, Director Andrew Traver of the Naval Criminal Investigative

Service (NCIS) and Deputy Inspector General for Investigations James B. Burch of the US

Department of Defense Office of the Inspector General made the announcement after the plea

was accepted by US Magistrate Judge Jan M. Adler of the Southern District of California. The

UNCLASSIFIED

UNCLASSIFIED

9

plea is subject to acceptance by US District Judge Janis Sammartino. Sentencing is set for June

13, 2014, before Judge Sammartino.

(U) Wisidagama, who was arrested in San Diego, Calif., on Sept. 16, 2013, served as the general

manager of global government contracts for GDMA, which was owned and operated by his

cousin, Leonard Glenn Francis . GDMA was a multi-national corporation with headquarters in

Singapore and operating locations in other countries, including Japan, Thailand, Malaysia, Korea,

India, Hong Kong, Indonesia, Australia, Philippines, Sri Lanka and the United States. GDMA

provided the US Navy with hundreds of millions of dollars in husbanding services, which involve

the coordinating, scheduling and procurement of items and services required by ships and

submarines when they arrive at port. These services included providing tugboats; paying port

authority and customs fees; furnishing security and transportation; supplying provisions, fuel and

water; and removing trash and collecting liquid waste.

(U) In his plea agreement, Wisidagama admitted to conspiring to defraud the US Navy in

different ways. Wisidagama and other GDMA employees generated bills charging the US Navy

for port tariffs that were far greater than the tariffs that GDMA actually paid. In some cases,

Wisidagama and others created fictitious port authorities for ports visited by US Navy ships, and

in other cases, Wisidagama and GDMA created fake invoices from legitimate port authorities

purporting to bill the US Navy at inflated tariff rates. Wisidagama and GDMA also overbilled

the US Navy for fuel by creating fraudulent invoices which represented that GDMA acquired fuel

at the same cost that it charged the US Navy when in fact GDMA sold the fuel to the US Navy

for far more than it actually paid. Wisidagama and GDMA also defrauded the US Navy on the

provision of incidental items by creating fake price quotes purportedly from other vendors to

make it appear that the other vendors’ offering prices were greater than GDMA’s prices.

(U) Wisidagama is the second defendant to plead guilty as part of this investigation. On Dec. 17,

2013, former NCIS Supervisory Special Agent John Bertrand Beliveau Jr. pleaded guilty to

conspiracy to commit bribery after admitting to providing Francis with sensitive law enforcement

information in exchange for things of value such as cash, travel accommodations, lavish dinners,

and prostitutes. In addition to Beliveau and Wisidagama, Francis and US Navy Commanders

Michael Vannak Khem Misiewicz and Jose Luis Sanchez have been charged as part of a bribery

and fraud scheme designed to defraud the US Navy. The charges against Misiewicz, Sanchez

and Francis are merely allegations, and the defendants are presumed innocent unless and until

proven guilty.

(U) The ongoing investigation is being conducted by NCIS, the Defense Criminal Investigative

Service and the Defense Contract Audit Agency. Significant assistance was provided by the

Criminal Division’s Office of International Affairs, as well as the Drug Enforcement

Administration, US Immigration and Customs Enforcement’s Homeland Security Investigations,

the Royal Thai Police and the Corrupt Practices Investigation Bureau in Singapore.

(U) The Black Box of China’s Military; Beijing is Spending Hundreds of Billions of Dollars

on Defense, but No One Quite Knows What They're up to (Foreign Policy, 07 MAR 2014)

(U) On March 5, during an annual meeting of its legislature, Beijing announced that it is

increasing its military budget by 12.2 percent, to a total of $131.6 billion in 2014. While still less

than a third of the $496 billion that Defense Secretary Chuck Hagel proposed in February for the

US military in 2015, it still represents a significant expansion, even after two decades of double-

UNCLASSIFIED

UNCLASSIFIED

10

digit growth in the Peoples Liberation Army’s official budget. But few doubt that the grand total

allocated to China's military is yet higher, and many in the US government wish they had more

insight into the method to the darkness surrounding the PLA.

(U) There is general consensus that China, like many nations, spends more on its military than it

reports: In February, the US Defense Intelligence Agency said that China's military budget

reached $240 billion in 2013, according to Bloomberg. As the most salient data point of China's

military, Beijing's official budget gets a lot of attention. And that's largely because there's little

other information that comes with it. "The single number, without any accompanying detail,

represents the sum total of public transparency by the world's second-largest defense spender and

the fastest rising military power, pored over by intelligence agencies and military experts from

around the world in an effort to glean any clues about China's future strategic intentions,"

reported the Financial Times.

(U) So how opaque is the PLA, and how much insight and information does the United States

possess? It's important to distinguish between what the general public and the media understands,

and classified information on the PLA available to US government officials. "There's a big

difference between what you know and what we know," said a senior Pentagon official, who

asked to speak on background because of the sensitivity of the matter. The United States has long

worried about the Chinese military's lack of openness. "They mock us some times, for how much

we repeat" this call for a higher level of transparency, said the senior Pentagon official. Most

recently, Adm. Harry B. Harris Jr., the commander of the United States Pacific Fleet, expressed

concerns about the "aggressive" growth of the Chinese military and "their lack of transparency"

in a February speech.

(U) It's not only foreigners who are kept in the dark. "One of the biggest discoveries of the last 10

years is that the PLA doesn't share with the civilian leadership," said the senior Pentagon official.

Indeed, an editorial announcing the institution of PLA spokespeople in the Global Times, a

Communist Party newspaper, politely offered suggestions for making the PLA more open: "They

could also create an 'Open Barracks' day for some troops garrisoned in cities, allowing the public

to observe the troops going about their daily tasks. This is done by not a few foreign armies, and

the positive effects are clear."

(U) Whether the PLA will choose to adopt such nominal efforts at openness is still an unanswered

question. What's not is that China's military is still a black box. "Is there a Chinese doctrine on

military space? How does the military command? If there is a crisis, who do we call. We just

don't know," Cheng said. The key questions are the unknown unknowns in a time of potential

crisis. If there is a major, unannounced build-up of China's military, said the senior Pentagon

official, "then not knowing is a disaster."

(U) To access the full Foreign Policy article:

http://www.foreignpolicy.com/articles/2014/03/07/the_black_box_of_china_s_military

UNCLASSIFIED

UNCLASSIFIED

11

(U) CYBERSECURITY SPECIAL FOCUS FOR INDUSTRY:

(U) How do the FBI and Secret Service Know Your Network Has Been Breached Before

You Do? They Work Hard to Find Evidence of Stolen Data, but Companies Don't Always

Appreciate the Effort (Network World, 26 MAR 2014)

(U) We totally get you're reluctant to report intrusions — James Comey, Director of the FBI

(U) By all accounts, many of the massive data breaches in the news these days are first revealed

to the victims by law enforcement, the Secret Service and Federal Bureau of Investigation (FBI).

But how do the agencies figure it out before the companies know they have been breached,

especially given the millions companies spend on security and their intense focus on compliance?

(U) The agencies do the one thing companies don’t do. They attack the problem from the other

end by looking for evidence that a crime has been committed. Agents go undercover in criminal

forums where stolen payment cards, customer data and propriety information are sold. They

monitor suspects and sometimes get court permission to break into password-protected enclaves

where cyber-criminals lurk. They have informants, they do interviews with people already

incarcerated for cybercrime, and they see clues in the massive data dumps of information stolen

from companies whose networks have been breached.

(U) They are constantly investigating, says Shawn Henry, president of CrowdStrike Services, a

subsidiary of security firm CrowdStrike, describing how law enforcement follows the digital trail

of cybercrime. He should know. Until two years ago Henry was executive assistant director of the

Criminal, Cyber, Response and Services Branch of the FBI. In the course of all of this

monitoring, Henry says, law enforcement often finds itself in the odd position of having to show

companies evidence they have been victimized. And they aren’t always thanked for their efforts.

Sometimes, Henry says, companies say “’Please just go away.’” He adds, “It happens all the

time.”

(U) The FBI acknowledged the reluctance issue when James Comey, FBI director, said during his

keynote at the RSA Conference in February, “We come knocking on your door to say you’re

under attack,” and “we totally get you’re reluctant to report intrusions because you fear

government rummaging in your network or that competitors will hear about it.” Law enforcement

“asks for a lot but doesn’t seem to offer much in return,” he said, but the knowledge is critical for

the industry at large. The companies presented with evidence of stolen data don’t have to work

with law enforcement investigators, Henry points out, but many do, sometimes providing

forensics reports to show how intruders got into their network to exfiltrate sensitive information.

(U) How frequently do the Secret Service and FBI come calling? “About 40 percent to 50

percent of our customer base have regular conversations with the FBI and other agencies that

have warned that they have been breached,” says Simon Crosby, chief technology officer at

security vendor Bromium. Law enforcement is very actively trolling the Internet to discover

things, he says.

(U) What happens after the FBI or Secret Service show up with evidence of a breach? Bromium’s

Crosby points out that law enforcement typically shows up at the business they think was

compromised with concrete evidence, such as the stolen data itself and technical information like

IP addresses. And one of the main questions then becomes, are the companies victimized ready to

investigate it? Unfortunately, often they are not, say security experts at Solutionary, which last

UNCLASSIFIED

UNCLASSIFIED

12

year became part of NTT’s security group. Rob Kraus, Solutionary’s director of the company’s

security engineering research team, who has participated in forensics investigations at the behest

of corporate customers who’ve had the “bad news” visits from FBI and the Secret Service, says

every case is different.

(U) To access the full Network World article:

http://www.networkworld.com/news/2014/032614-fbi-secret-service-breach-280126.html

(U) Big Threats for Small Businesses; Five Reasons Your Small or Midsize Business is a

Prime Target for Cybercriminals (FireEye White Paper, MAR 2014)

(U) Your business could be one mouse click away from closing its doors forever. That’s the

conclusion of a 2012 study by the National Cyber Security Alliance, which found that 60 percent

of small firms go out of business within six months of a data breach. Cyber attacks are growing

more sophisticated and, more often than not, target small and midsize businesses (SMBs). One

unlucky click—a malicious email attachment, a link to a legitimate but compromised website—

could result in a costly data breach that drains your bank account and customer trust.

(U) Cybercriminals know there’s nothing small about SMBs. In addition to creating 64 percent of

net new jobs in the United States, these economic mainstays account for 54 percent of all US

sales and about half of all private-sector payrolls. Given their vital role in the economy, it’s no

surprise that the smaller firms face a growing tide of cyber attacks. SMBs aren’t just targets—

they’re cybercriminals’ top targets. According to the Verizon 2013 Data Breach Investigations

Report, small and midsize businesses suffered data breaches more often than larger firms. “The

‘I’m too small to be a target’ argument doesn’t hold water,” the Verizon report states. “We see

victims of espionage campaigns ranging from large multi-nationals all the way down to those that

have no staff at all.”

(U) A New York mannequin maker learned that lesson the hard way in 2012 when it lost $1.2

million within a matter of hours through a series of fraudulent wire transfers. Cybercriminals

breached the 100-employee firm and got its online banking credentials. The company’s anti-virus

(AV) software never detected anything amiss.

(U) The cost of data breaches can devastate a small or midsize business. According to the

Ponemon Institute, data breaches cost US companies $5.4 million per breach on average. That

amounts to $188 per stolen record. And that figure doesn’t include potential liability issues for the

target or the incalculable damage a data breach can wreak on a business’ reputation. Business

disruption alone can cost more than $937,000 per breach, the Ponemon Institute estimates. That

figure might be bearable for a large enterprise, but would damage most SMBs. This paper

explains targeted attacks and examines five reasons cyber attackers are aiming at small and

midsize businesses.

(U) Today’s Attacks Target Small and Midsize Businesses

(U) News headlines tend to highlight wide-scale attacks against large enterprises, spectacular

attacks that hit millions of customers. But most attacks actually target small and midsize

businesses. And in relative terms, these attacks often are much more costly to smaller targets.

Unlike the broad, scattershot attacks of the past, today’s cyber assaults are well funded, well

organized, and laser focused. The new generation of attacks, including advanced persistent threats

UNCLASSIFIED

UNCLASSIFIED

13

(APTs), are focused on acquiring something valuable—sensitive personal details, intellectual

property authentication credentials, insider information, and the like.

(U) Cyber threat actors often lay the groundwork with early reconnaissance. So they know what

to look for, where to look, and all too often, the weak links in your cyber defenses. From there,

each attack often cuts across multiple threat vectors—Web, email, file, and mobile—and unfolds

in multiple stages. With calculated steps, malware gets in, signals back out of the breached

network, and gets valuables out.

(U) Reason No. 1: Your data is more valuable than you think.

(U) Most businesses have information they want to keep secret. It might be customers’ credit card

numbers. It could be employees’ personal data. Or as in the case of the mannequin maker, it

might be something as valuable as the keys to the business banking account. The question isn’t

whether cybercriminals are targeting your business, but which ones—and what they’re after.

(U) Reason No. 2: Cyber attacks offer low risk and high returns for criminals

The Internet has connected the globe in ways barely conceivable just a few decades ago. It has

opened up remote markets, uncovered lucrative niches to serve, and created brand new ways of

doing business. The dark side of this progress: the Internet has also made attacks possible from

anywhere in the world. Attackers are rarely caught, let alone punished. Advanced malware

typically resides in infected systems for weeks, even months, before common security tools detect

it. Some malware quietly cleans up after itself after exfiltrating data to make a clean getaway.

And in some cases, attackers are even sponsored by their home government.

(U) Reason No. 3: You’re an easier target

(U) Small and midsize businesses are facing the same cyber threats as large enterprises, but have

a fraction of the budget to deal with them. More than 40 percent don’t have an adequate IT

security budget, according to a November 2013 survey by the Ponemon Institute. Unlike big

corporations—with dedicated roles for chief information security officer, chief information

officer, and the like—the typical IT director at a small or midsize business wears many hats. Only

26 percent of small and midsize businesses in the Ponemon survey were confident their firm has

enough in-house expertise for a strong security posture.

(U) Reason No. 4: Many SMBs have their guards down

(U) The statistics are clear: a small or midsize business is more likely—not less—to face a cyber

attack compared with large enterprises. And yet nearly 60 percent of small and midsize

businesses in the Ponemon survey don’t consider cyber attacks a big risk to their organization.

And 44 percent don’t consider strong security a priority.

(U) Reason No. 5: Most SMB security tools are no match against today’s attacks

(U) The defenses most SMBs have in place today are ill equipped to combat today’s advanced

attacks. Firewalls, next-generation firewalls, intrusion prevention systems (IPS), AV software,

and gateways remain important security defenses. But they are woefully ineffective at stopping

targeted attacks. These technologies rely on approaches such as URL blacklists and signatures.

By definition, these approaches cannot stop dynamic attacks that exploit zero-day vulnerabilities.

UNCLASSIFIED

UNCLASSIFIED

14

If an IPS or AV program does not have the signature of a new exploit, it cannot stop it. When

highly dynamic malicious URLs are employed, URL blacklists do not cut it. Most defenses stop

known attacks. But they are defenseless against unknown advanced targeted attacks.

(U) To access the full FireEye white paper: http://www2.fireeye.com/blog-smb-five-reasons-

wp.html

(U) CYBER THREAT ITEMS FROM THE PRESS

(U) Cyber-War: In Deed and Desire, Iran Emerging as a Major Power (Christian Science

Monitor, 16 MAR 2014)

(U) Iran is being recognized in the US intelligence community and in cyber-security firms

protecting corporate America as having vaulted into the top 10 of the world's offensive cyber-

powers. As high-level international talks in Vienna over Iran's nuclear program edged closer to a

deal last fall, something curious happened – massive cyber-attacks that had hammered Wall

Street bank websites repeatedly for about a year slowed to a near stop. While banking industry

officials were relieved, others wondered why those Iran-linked "distributed denial of service"

attacks that had so regularly flooded bank websites with bogus Internet traffic were shut off like a

faucet. One likely reason, say US experts on cyber-conflict: to reduce friction, at least

temporarily, at the Vienna nuclear talks.

(U) Yet, even as the "distributed denial of service" attacks abated for apparently diplomatic

reasons, overall Iranian cyber-spying on US military and energy corporation networks has surged,

these experts say. Iran was fingered last fall, for instance, for infiltrating the US Navy Marine

Corps Intranet. It then took the Navy nearly four months to root out the Iranian hackers infesting

its largest unclassified computer network, the Wall Street Journal reported in February. This

litany of Iranian activity is evidence, say experts, that after years as a cyber also-ran, Iran is

morphing swiftly into a major threat in the rapidly evolving era of cyber-conflict. That shift is

causing a growing recognition – from the halls of the US intelligence community to the cyber-

security firms protecting corporate America – that Iran has vaulted into the ranks of the world's

top-10 offensive cyber-powers.

(U) To access the full Christian Science Monitor article:

http://www.csmonitor.com/World/Security-Watch/Cyber-Conflict-Monitor/2014/0316/Cyber-

war-In-deed-and-desire-Iran-emerging-as-a-major-power

(U) A Cyber History of the Ukraine Conflict (Dark Reading, 27 MAR 2014)

(U) The CTO for the US Cyber Consequences Unit offers a brief lesson in Russian geopolitics

and related cyber flare-ups, and explains why we should be concerned. For the second time in

recent history Russia has flexed both its military and cyber muscles. The latest incident is playing

out in The Autonomous Republic of Crimea (Ukraine). The previous incident occurred in South

Ossetia (Georgia) in 2008. Both countries were once integral pieces of the vast Soviet empire,

which crumbed more than two decades ago. Russia has also flexed its cyber power in the former

Soviet states of Estonia (2007) and Kyrgyzstan (2009).

UNCLASSIFIED

UNCLASSIFIED

15

(U) Over the years, the international community has closely monitored each of these worrisome

incidents. The Georgian incident was especially troublesome, because it was the first time cyber

attacks were used in concert with traditional military operations, which included tanks storming

across the border of a sovereign nation.

(U) My post-analysis of this incident concluded that 11 Georgian websites were knocked offline

prior to the Russian military invasion. The official website of the President of the Republic of

Georgia and several media outlets (e.g., www.news.ge) were among those impacted by the initial

cyber barrage. The attack method used to disrupt these key sites was a distributed denial-of-

service (DDoS) attack, launched from botnets controlled by Russian cyber criminals -- most

likely cooperating with the Russian government. The attacks didn’t wane from their targets for

the entire duration of the Russian military campaign against Georgia; they stopped immediately

after Russia and Georgia signed a preliminary ceasefire agreement.

(U) Flash forward to today and the situation in Ukraine. While the current state of affairs there is

complicated, it’s clear that Russia isn’t running the same cyber playbook it used in Georgia. For

instance, when Russian forces invaded Crimea they didn’t blind the Ukrainian government with

massive cyber attacks. Such attacks were not launched, because the strategic and operational

environments in Ukraine and Crimea were much different from those in Georgia.

(U) In the current crisis, Russian forces severed the Internet and other communication channels

that connect the Crimean peninsula with the rest of Ukraine. Some cyberwar experts have

referred to this incident as a cyber attack, although information surrounding it points to physical

sabotage by a military force, for example, cutting cables and destroying equipment. What this

means is that the recent incident wasn’t a cyber attack in and of itself, even though it interfered

with communication services delivered by cyber technology.

(U) To access the full Dark Reading article: http://www.darkreading.com/attacks-breaches/a-

cyber-history-of-the-ukraine-conflict/d/d-id/1127892

(U) Hack Attack - Russia's First Targets in Ukraine: Its’ Cell Phones and Internet Lines

(Foreign Policy, 03 MAR 2014)

(U) The Russian forces occupying Crimea are jamming cell phones and severing Internet

connections between the peninsula and the rest of Ukraine. Moscow hasn't succeeded in imposing

an information blackout, but the attacks could be sign that Russia is looking to escalate its

military operations against the new government in Kiev without firing a shot. Russia has a

history of launching cyber attacks on its neighbors with the aim of disrupting the countries'

ability to communicate to their citizens and with the outside world. One attack in 2008,

during Russia's war with Georgia, accompanied a ground-based military assault and was

intended to disrupt government and media communications.

(U) Although the efforts in Crimea so far have failed to choke the region's communications lines,

experts are concerned that the strikes could be a precursor to damaging Russian cyber attacks on

communications infrastructure elsewhere in Ukraine, particularly if tensions escalate or Russian

military forces push beyond Crimea. Disrupting Internet service or knocking out Ukrainian

government websites would allow Russia to flex its muscle without necessarily drawing a

military response from Kiev or its Western allies. The new strikes appear to have been conducted

mostly by hand rather than by hackers, but they have the same goal.

UNCLASSIFIED

UNCLASSIFIED

16

(U) A spokesperson for the National Security Agency and US Cyber Command declined to

comment about what steps the United States might take to defend Ukraine's computer networks.

Still, there are clear parallels between the Crimea attacks and those in Georgia and Estonia

in 2007, which were widely attributed to hackers working at the unofficial behest of the

Russian government. Those attacks knocked government and media websites offline,

blocked Internet access, and in Estonia disabled ATMs. "Russia wants to degrade the ability

of Ukraine to communicate inside and outside the country," said Adam Segal, a senior fellow at

the Council on Foreign Relations who tracks countries offensive cyber capabilities. "If there is

military conflict, cyber attacks will be used to degrade the ability of conventional forces to

operate," Segal said. If history is a guide, any cyber attacks from Russia might not come

directly from military or intelligence services, but through mercenaries or so-called

"patriotic hackers" Moscow quietly encouraged to strike Estonia and Georgia. This would

give the Russian government the ability to deny that it was behind any offensive.

(U) To access the full Foreign Policy article:

http://www.foreignpolicy.com/articles/2014/03/03/hack_attack

(U) Hacking Critical Infrastructure Companies -- A Pen Tester's View; At the RSA

Conference, a Penetration Tester Outlines Some of the Elements of a Successful Attack on

Energy Companies (Dark Reading, 03 MAR 2014)

(U) Dramatic attacks can have simple beginnings, even when the target is a critical infrastructure

company. This is certainly true if Andrew Whitaker's experience is any indication. Whitaker is

director of penetration-testing services for Knowledge Consulting Group. A the RSA

Conference last week in San Francisco, he took the stage and described the ways pen testers

con and sneak their way past security. For Whitaker, it starts with phishing emails

targeting SCADA engineers. "We go after you because you know how to get into the

industrial control systems, and we want to find out how are you getting in there," he told

attendees. "I could try to brute-force your login credentials, but it's so much easier just to

ask."

(U) How much easier? According to Whitaker, 18 percent of the people fall for these password

phishing requests -- not an insignificant number, considering the fact that an attacker needs only

one set of account credentials to access a network. It could start off with the spoofing of a login

page for Microsoft Outlook Web Access, for example. The email would include a link to the

spoofed page and pretend to come from a system administrator requesting the user follow the link

and log on for some reason. When a user does that, his or her username and password would be

captured.

(U) The most effective phishing emails are short and sweet, he explains. "What we've discovered

is that when you do really long phishing emails, if somebody knows the sys admin, they are going

to read it and go, that doesn't sound like him at all," he says. "So keeping it short [and] to the

point has been far more effective."

(U) But the social engineering employed by Whitaker's pen testers did not end with clever emails;

it continued from there as needed to include pen testers getting inside the building using fake

employee badges and ruses, such as pretending to be support staff for a company performing

network monitoring for one of its targets. Then there was always the prospect of sneaking in the

UNCLASSIFIED

UNCLASSIFIED

17

door behind employees smoking outside. "For me, I don't smoke anymore. I used to," Whitaker

says. "But I will smoke in order to hack into your building."

(U) The ultimate goal, of course, is to get access to the SCADA network. "We'll target the

SCADA engineers," he explains. "We just spy on them. We'll spend an entire day ... just

monitoring that engineer. We want to find out how they are getting in. We may take

screenshots. We may inject keyloggers. The bottom line, he says, is that critical

infrastructure companies need to do three things: secure their people, involve their people,

and invest in their people.

(U) To access the full Dark Reading article: http://www.darkreading.com/vulnerabilities---

threats/hacking-critical-infrastructure-companies----a-pen-testers-view/d/d-id/1141416

(U) Analyst Comment: This article highlights not only the high threat of intrusions against

SCADA systems, but the fact that hackers target energy (and other business sector) employees

through phishing and social engineering, not by breaking through firewalls. IT security officers

in Florida need to ensure that personnel security training programs for employees are in place and

are as important as network security efforts like firewalls and network monitoring software.

(U) IT Leaders Share Tips on Managing Security Risks (CIO, 24 MAR 2014)

(U) IT security is a tricky issue: Too much security -- or too little -- could bankrupt your

company. The key is to strike the right balance. These three IT executives share their advice.

(U) Determine Your Investment Best Bets

(U) Martin Gomberg, global director of security, governance and business protection, A&E

Networks: Security is a slide switch. Slide it all the way to the right, and nothing will get in,

nothing will get out -- and nothing will get done. Slide it all the way to the left, and we will all

have a party, it will be a great day -- but we'll only have one of them. My approach is to find the

setting where risk is not too high, nor is risk mitigation an impediment to innovation.

(U) Balance Risk With Efficiency

(U) Dru Rai, senior vice president and CIO, Axalta Coating Systems: When DuPont sold Axalta

Coating Systems to the Carlyle Group, we had the opportunity to rethink the security strategy for

the company. The legacy security policies and procedures were very conservative. We reformed

the security policies and procedures to balance efficiency and risk management. What we want to

do is consider not just risk, but the likelihood of risk. The probability of our primary data center

being blown up is very low. By comparison, the probability of a server going down in the primary

data center is much higher. As a result, we invested heavily in failover processes and a high-

availability architecture in our primary data center, and we reduced the disaster recovery data

center's footprint to key applications and servers.

UNCLASSIFIED

UNCLASSIFIED

18

(U) Keep Evolving; Risk Is a Moving Target

(U) Eric Lindgren, vice president and CIO, PerkinElmer: As a life sciences company, the

foundation of everything we do from a security standpoint is ensuring that we meet federal, state

and industry regulations and standards. We build from there until we reach a comfortable level

that's in line with best practices and the latest standards but that doesn't hurt productivity.

(U) Because the threats we face are continually evolving, our investments have to evolve with

them. Five years ago, I created a separate security and compliance group. When someone is 95

percent responsible for ERP or the network and only 5 percent responsible for security, they

naturally focus on the 95 percent. I took that 5 percent and gave it to full-time people who

understand the issues, are dedicated to them, and can educate IT and hold everyone accountable.

(U) To access the full CIO article: http://www.networkworld.com/news/2014/032414-it-leaders-

share-tips-on-279996.html

(U) Three Ways to Raise Infosec Awareness among Non-Security Executives (Tech Target,

13 Feb 2014)

(U) While the information security industry is maturing at a rapid rate, we are still not at a point

where businesses fully appreciate the potential impact of deploying insecure systems, leaving

many CISOs in a difficult political situation when the business wants to deploy a new,

vulnerability-ridden technology. As a result, CISOs often find themselves making uncomfortable

compromises around acceptable amounts of security risk to satisfy business requirements, with

some security execs possibly being left discouraged as that line continues to be pushed.

(U) To effectively communicate information security risk to the business and raise infosec

awareness among non-security executives, CISOs need to utilize new approaches. Let's discuss

three possible approaches.

(U) Use FUD sparingly

(U) When faced with the challenge of explaining how security risk is relevant to a business, many

security pros still turn to fear, uncertainty and doubt (FUD) in order to press a point home. This

tactic can be effective, but only if used infrequently and precisely. It is critical not to try to scare

executives by continually presenting the latest unrelated breach or vulnerability to them. Instead

of relying on FUD, try to present accurate data around relevant security risks, which is more

likely to get a positive response from other executives.

(U) Become part of the overall business

(U) With an ever-evolving threat landscape to monitor, CISOs tend to spend much of their time

focused on the latest infosec risk, making it difficult to build relationships with other executives.

This is especially true when a CISO is unable to pivot conversation away from the nuts and bolts

of everyday risk mitigation. To truly be effective in the position, CISOs need to learn the

vocabulary of business and build those key relationships with the C-suite. The best security

executives know as much about the revenue drivers for the business as they do about the latest

data breach statistics.

UNCLASSIFIED

UNCLASSIFIED

19

(U) Give business leaders a voice in security

(U) Finally, one of the most effective methods for driving infosec awareness among non-security

executives is to let them play a part in security-related decisions. One way to accomplish this is

by forming an information security governance committee. At first, it can be difficult to get time

with busy executives for security matters, but if they know they'll actually get to make key

decisions, participation and commitment will usually follow.

(U) To access the full Tech Target article: http://searchsecurity.techtarget.com/tip/Three-ways-

to-raise-infosec-awareness-among-non-security-executives?vgnextfmt=print

(U) Major Companies, like Target, Often Fail to Act on Malware Alerts; Target Paid the

Price for its Apparent Failure; Other Big Firms Follow the Same Pattern and Could Face

the Same Fate, Analysts Say (Computerworld, 14 MAR 2014)

(U) Companies that suffer major data breaches almost always portray themselves as victims of

cutting edge attack techniques and tools. The reality, though, is often much more mundane. Case

in point: Target, which last year was hit with a major data breach that exposed to hackers data on

some 40 million credit and debit cards and personal data on another 70 million customers. The

retailer acknowledged that it could have mitigated or even avoided the breach had it paid closer

attention to alerts generated by a security monitoring tools.

(U) Target isn't alone in making such mistakes, says Joe Schumacher, a security consultant for

Neohapsis, a security and risk consulting company. "I have seen enterprises roll out very

expensive systems to handle security monitoring, yet there is no subject matter expert for this

technology or risks within the enterprise," he said. Often, companies deploy security

technologies with default alerts, resulting in many false positive warnings, Schumacher added.

(U) Eric Chiu, president and co-founder of HyTrust, a cloud security company, added that

companies often ignore security alarms because they are numb to them, they get too many false

warnings or because they are understaffed. "You can have all the alarms you want, but unless

you put security in a prominent position in the company and have enough staff to review them,

those alarms don't mean anything," he said. While alarms are great at signaling that something

bad may be happening, they're just a means to monitor for inappropriate actions, he said.

(U) Such incidents show why IT operations can't depend on technology alone to secure business

networks, said Gartner analyst Avivah Litan. Companies also need strong security polices and

processes for managing systems -- and for dealing with alerts, she said. She added Target's

response is typical for large organizations. "In fact, I have heard several times and from several

sources that in the case of each large breach over the past few years, the alarms and alerts went

off but no one paid attention to them."

(U) To access the full Computerworld article:

http://www.networkworld.com/research/2014/031414-major-companies-like-target-often-

279724.html

UNCLASSIFIED

UNCLASSIFIED

20

(U) 4 Lessons CIOs Can Learn From the Target Breach (CIO, 17 MAR 2014)

(U) We're all familiar with the Target payment card breach late last year. Up to 110 million

payment card numbers were stolen through a huge hole in the company's network, right down to

the security of the PIN pads. The breach cost Target CIO Beth Jacobs her job; it was, and still is,

a serious matter. Target is obviously a public company, so this situation garnered a lot of

attention. As a CIO or member of the executive technical staff, though, there are some

observations about the situation that can apply to your company.

(U) Here are four key lessons from Target's very public example of a data breach.

(U) 1. It's Vital to Know Which Alarms You Can Safely Ignore

(U) In this connected age, security vulnerabilities are a dime a dozen. Different software has

different risk profiles, and some of the vulnerabilities that affect certain organizations severely are

already safely mitigated in other organizations simply by the structure of how components are set

up. Performing a thorough threat analysis is crucial, but knowing how to manage the onslaught of

event logs, audit logs, vendor vulnerability notifications and intrusion prevention messages is just

as critical.

(U) One best practice: Develop a rubric by which a weight is assigned to alerts about security

vulnerabilities and attempted penetration. Depending on what business you're in, you can score

this either by system involved or by the source of the alert.

(U) 2. Lobby for a CISO to Handle Significant Security, Liability Responsibilities

(U) As the old saying goes, the buck must stop somewhere. As with most things technology, the

head of the information services organization is likely to get the blame. But CIOs are burdened

with more areas of responsibility than ever before, from keeping the computers running to

creating new technology-driven lines of business that can actually represent a profit center to

liaising with marketing and the executive suite to unlock secrets that lie within the massive

amounts of data warehoused in the corporate IT warehouse.

Yes, security is an important part of all this, but creating a security regimen and implementing it

through the organization is really best done by a dedicated CISO - someone whose sole job is to

monitor the security posture of a business and then carefully and deliberately enhance it over

time. A CIO is simply too rushed and spread too thin, to fully handle this responsibility.

(U) 3. Incident Response Plans Key to Successful Recovery from Data Breaches

(U) In the hours and initial couple of days after a breach has been discovered, there is usually

only one priority: Fix the breach, at all costs. Stop the bleeding.

(U) This is a fine approach for the technical team. However, others in your organization need to

at least be activated to begin planning a communications approach that keeps all stakeholders

informed. Witness the somewhat haphazard way in which Target disclosed the breach. Were

PINs compromised, or just payment card numbers? Were PINs leaked? Were encrypted PINs

leaked? Was anything leaked? The story seemed to change as the situation developed. That's a

symptom of an incomplete crisis communications plan.

UNCLASSIFIED

UNCLASSIFIED

21

(U) 4. The Weakest Point in Your Security Is Something You Haven't Considered

The Target breach began with an HVAC contractor accessing a wireless network on the

vulnerable side of the Target corporate firewall. It all began because something as innocuous as a

thermostat wasn't functioning correctly. Hackers and crackers are sophisticated; at this level,

they're playing a long game to nail lucrative, high-value targets. They're looking where they think

you're not looking.

(U) To access the full CIO article: http://www.networkworld.com/news/2014/031714-4-

lessons-cios-can-learn-279785.html

(U) Healthcare Industry Advised to do More Thorough Risk Analyses (CSO, 13 MAR 2014)

(U) Healthcare organizations see an expanding landscape of uncertainty that has raised concerns

among security pros and points to the need for more thorough threat analyses, a study showed.

Risks posed by health insurance and information exchanges, employee negligence, cloud services

and mobile device usage has dampened confidence in protecting patient data, the Fourth Annual

Benchmark Study on Patient Privacy & Data Security found. The study was conducted by the

Ponemon Institute and sponsored by data breach prevention company ID Experts.

(U) Security pros have been battling a rising number of data breaches caused by criminal activity

in and outside an organization. Such breaches accounted for 40 percent of all incidents of data

loss compared to 20 percent in 2010, the study found.

(U) Three-quarters of the organizations said employee negligence represented the greatest

security risk. Employees using their own mobile device on the corporate network were also a

major concern, yet nearly nine in 10 organizations condoned the practice.

(U) While cloud services were also a big concern, 40 percent of the respondents used the cloud

heavily, an increase of 32 percent from last year. Services most used included backup and

storage, file sharing, business applications and document sharing and collaboration. Another

major area of concern was trusting sensitive patient data to third parties or business associates.

Almost three-quarters of the organizations surveyed either had no confidence or were only

somewhat confident in these entities.

(U) To access the full CSO article: http://www.networkworld.com/news/2014/031314-

healthcare-industry-advised-to-do-279683.html

(U) Pre-Installed Malware Turns Up on New Phones; A Fake Version of Netflix that Steals

Personal Data and Sends it to Russia Has Been Found on Several Phone Models (IDG News

Service, 05 Mar 2014)

(U) David Jevans, CTO and founder of Marble Security, recently received some bad feedback

from a potential customer testing his company's product, which helps organizations manage and

secure their mobile devices. "They basically said 'Your stuff doesn't work'," Jevans said. "It

thinks Netflix is malicious." Marble Security performs static code analysis of Android and iOS

applications, which shows what the code is supposed to do. Apps are also run through an

emulator with instrumentation that allows analysts to get a larger view of how an application

UNCLASSIFIED

UNCLASSIFIED

22

performs. They also check an app's network traffic to see if it is communicating with known

malicious servers. After taking a close look at the suspicious application, Jevans said they found

it wasn't the real Netflix app. "We're like, yeah, this isn't the real Netflix," Jevans said "You've

got one that has been tampered with and is sending passwords and credit card information to

Russia."…

(U) To access the full IDG News Service article:

http://www.networkworld.com/news/2014/030514-pre-installed-malware-turns-up-on-

279401.html

(U) Sophisticated Scam Targeting Verizon Wireless Customers (Layer 8, 13 MAR 2014)

(U) The Better Business Bureau recently warned of a scam targeting Verizon Wireless customers

that tries to trick users into giving up personal information. According to the BBB, the scam

begins when a customer gets a call that appears to come from "Technical Support" and claims to

be Verizon Wireless. It is a recorded message saying you are eligible to receive a voucher for

your account. You need to visit a website to claim it. The web address given contains "Verizon"

and the value of the voucher. One recent version of the scam used "verizon54.com," but watch for

variations, the BBB stated.

(U) The BBB offers these suggestions for this scamfest:

(U) • Watch for look alike URLs. Be wary of sites that have Verizon as a subdomain of another

URL (i.e. "verizon.scamwebsite.com" or part of a longer URL (i.e. "verizonvoucher105.com").

(U) • Consider how the business normally reaches you. Beware of a departure from the normal

routine. Verizon Wireless typically sends its customers text messages, so be wary of a phone call.

(U) • Contact the business: When in doubt, call the business's customer support line to check the

legitimacy of the offer. Be sure to find the phone number on your bill or by a web search -- not

the website the scammers gave you.

(U) • Don't believe what you see. The website that scammers created for this con looks

amazingly similar to the real Verizon Wireless site. But ripping off logos, colors and graphics

online is easy for scammers. Just because it looks real, does not mean it is.

(U) COUNTERTERRORISM THREAT ITEMS FROM THE PRESS:

(U) San Joaquin County Man Arrested at Canadian Border on Charges of Attempting to

Provide Material Support to Foreign Terrorist Organization (US Department of Justice

Press Release, 1 MAR 2014; Los Angeles Times, 17 MAR 2014)

(U) In the early hours of the morning, Nicholas Teausant, 20, of Acampo, Calif. was arrested near

the Canadian border, in Blaine, Wash. He was charged in a complaint containing a single count of

attempting to provide material support to a foreign terrorist organization, United States Attorney

Benjamin B. Wagner announced. According to the complaint, Teausant traveled to the Canadian

border with the intent of continuing to travel to Syria to join the Islamic State of Iraq and Syria, a

foreign terrorist organization more widely known as al-Qaida in Iraq.

UNCLASSIFIED

UNCLASSIFIED

23

(U) He was a 20-year-old community college student, a single father to an infant daughter and a

failed National Guardsman living in a trailer park outside Lodi, Calif. Online, Nicholas Teausant

took on a different persona, authorities allege. On Instagram, he was "Assad Teausant

bigolsmurf," who posted that he despised the United States and that he wanted "to join Allah's

army but I don't even know how to start." On ask.fm, he was "assadthelion" who wrote, "how do

you bring america to its knees?" On Facebook, he allegedly met "brothers" with whom he

discussed a plot to blow up the Los Angeles County subway system.

(U) Federal authorities outlined in an affidavit extensive exchanges between the informant and

Teausant, in which Teausant allegedly detailed his desire to travel to the Middle East to join

Islamic extremists and harm the United States. Teausant had enrolled as a trainee with the US

Army National Guard but never entered basic training because he lacked the minimum

qualifications, according to the affidavit. The informant befriended Teausant last fall, posing as a

fellow convert to Islam. Teausant told the informant "his goal was maximum fear and a

maximum blow to the US government so he could watch it tumble and fall in the wake of a civil

war," according to the affidavit. "I'll do the acting, I'll be the pawn. You just figure out the brainy

stuff," he told the informant, authorities alleged.

(U) This case is the product of an investigation by the Federal Bureau of Investigation and the

Modesto Police Department and San Joaquin Sheriff’s Office, who are members of the

Modesto/Stockton Joint Terrorism Task Force, with significant assistance from US Customs and

Border Protection. Assistant United States Attorneys Jean M. Hobler and Jason S. Hitt are

prosecuting the case in conjunction with Trial Attorney Andrew Sigler of the National Security

Division of the US Department of Justice.

(U) The charges are only allegations; the defendant is presumed innocent until and unless proven

guilty beyond a reasonable doubt. If convicted, Teausant faces a maximum statutory penalty of 15

years in prison and a $250,000 fine. Any sentence, however, would be determined at the

discretion of the court after consideration of any applicable statutory factors and the Federal

Sentencing Guidelines, which take into account a number of variables.

(U) To access the full Los Angeles Times article: http://latimes.com/local/la-me-subway-plot-

20140318,0,1993475.story

(U) Dearborn Resident Charged with Attempting to Support a Foreign Terrorist

Organization (US Department of Justice Press Release, 17 MAR 2014)

(U) A 22-year-old Dearborn, Michigan resident was charged in a criminal complaint with

attempting to provide material support to a foreign terrorist organization, specifically Hizballah,

announced United States Attorney Barbara L. McQuade. Joining in the announcement was Paul

Abbate, Special Agent in Charge, Federal Bureau of Investigation, Detroit Division.

(U) The complaint alleges that on March 16, 2014, Hamdan attempted to fly to Lebanon and onto

Syria to fight on behalf of Hizballah in the Syrian civil war. Hizballah is a designated terrorist

organization under US law, which makes it illegal to provide money, goods, or services to a

terrorist organization. Hamdan is a Lawful Permanent Resident of the United States who

immigrated in 2007. If convicted, Hamdan faces up to 15 years in prison and a $250,000 fine. A

UNCLASSIFIED

UNCLASSIFIED

24

criminal complaint contains merely accusations, and the defendant is presumed innocent unless

and until proven guilty.

(U) US House of Representatives - Subcommittee on Terrorism, Nonproliferation, and

Trade, Subcommittee on the Middle East and North Africa - Joint Subcommittee Hearing

entitled: Iran’s Support for Terrorism Worldwide (04 MAR 2014)

(U) Rep. Ileana Ros-Lehtinen, Chairman, opened the Hearing. This is an edited version of her

statements. A summary of testimony follows.

(U) The hearing will focus on the critical fact that Iran is the world’s foremost state sponsor of

terrorism. Iran is one of only four countries designated by the United States as a State Sponsor of

Terrorism (SST). The other three: Syria, Sudan and Cuba. In order to be designated an SST, a

country must have repeatedly provided support for acts of international terror, and that is a major

part of Iran’s foreign policy. Recently we have seen Iran support terrorist acts in Europe, Africa,

Southeast Asia, and even right here in Washington, D.C., as an Iranian plot to assassinate the

ambassador of Saudi Arabia was uncovered.

Then there is Iran’s involvement in Latin America; Iran’s presence there has grown rapidly and

now poses a very serious threat to our national security. In fact, last year, I convened a hearing on

the Iran-Syria nexus and Ambassador John Bolton testified that the largest Iranian diplomacy

facility in the world is in Caracas, Venezuela, because that is where Iran launders its money.

(U) Witness - The Honorable Pete Hoekstra, Shillman Senior Fellow, The Investigative

Project on Terrorism (Former Chairman of the US House Permanent Select Committee on

Intelligence)

(U) Iran’s Dark Past Foreshadows an Even Darker Future. Chairwoman Ros-Lehtinen, Chairman

Poe, Ranking Members Deutch and Sherman, and the distinguished members of the House

Committee on Foreign Affairs: Thank you for inviting me to testify at today’s important hearing

on Iran.

(U) I have had the pleasure of working with many of you, and I understand your deep

commitment to shaping and influencing American foreign policy. I appreciate your bipartisan

efforts to achieve that end.

As talks between the P+5 nations and Iran over its nuclear program continue, we need to examine

Iran’s past and present, and determine how that will foreshadow its future.

(U) We are all well-aware of the threats and actions of the Islamic Republic over the past 30 years

– including its failure to pay what is now $18 billion in judgments against it – which I will

discuss later in my testimony. However, it is the future and evolving threat about which we must

be most concerned. My intelligence background tells me that we need to be anticipating potential

developments and asking the tough questions about where Iran may be heading.

(U) We know the past. How does that inform the future? What are the potential dramatic

developments that could transform the threat from Iran, and its proxy Hizballah? There are at

least three areas that I believe will significantly magnify the threat that the United States will face

from Iran. These go well beyond Iran’s commitment to continue to use conventional terrorist

tools, expand its sphere of influence, and develop its ballistic missile and nuclear program.

Transformational areas include:

UNCLASSIFIED

UNCLASSIFIED

25

(U) An increasing sophistication of Iran's cyber program and capability to conduct cyber

warfare.

(U) A strengthening of the relationship between Iran and Russia.

(U) The possibility of more collaboration between Iran, Hizballah, Hamas, Al Qaeda, and

the Muslim Brotherhood, as well as other Islamist groups.

(U) The developments in these areas will profoundly impact America’s security moving forward.

Please allow me to discuss each of these in more detail.

(U) To access the full Testimony:

http://docs.house.gov/meetings/FA/FA13/20140304/101832/HHRG-113-FA13-Wstate-

HoekstraP-20140304.pdf

(U) Witness - Matthew Levitt, Ph.D, Director and Fromer-Wexler Fellow, Stein Program

on Counterterrorism and Intelligence, The Washington Institute for Near East Policy

(U) Chairman Poe, Ranking Member Sherman, Chairman Ros-Lehtinen, Ranking Member

Deutch, distinguished members of the Subcommittee on Terrorism, Nonproliferation, and Trade

and the Subcommittee on the Middle East and North Africa, it is an honor to appear before you

this morning to discuss Iran’s support for terrorism worldwide.

(U) This hearing is timely. Over the past few years, Iran’s state sponsorship of terrorism has

increased dramatically to levels not seen since the late 1980s and early 1990s. Some of this is

terrorism carried out by the regime’s own operatives from the Islamic Revolutionary Guard Corps

(IRGC) Qods Force, and some by the regime’s closest militant ally, Hezbollah. Whereas

Hezbollah might have once been described as just an Iranian proxy group, today US intelligence

characterizes the relationship of Hezbollah and Iran as “a partnership arrangement[,] with the

Iranians as the senior partner.” This “strategic partnership,” as National Counterterrorism Center

(NCTC) director Matthew Olsen put it, “is the product of a long evolution from the 1980s, when

Hezbollah was just a proxy of Iran.” Events in Syria today have further cemented this partnership,

with dire consequences for regional and international security.

(U) Iran’s Support for Terrorism Continues

Iranian surveillance and terror plots reportedly continue, but not at the same scope, scale, or

tempo of 2012. At least one of these appears to have focused on American diplomatic interests: in

September 2013, an Iranian with Belgian citizenship was arrested for conducting surveillance

outside the US embassy in Tel Aviv. Another occurred in North America: in July 2013, seven

Iranians were caught using fake Israeli passports at Vancouver International Airport. Two months

later, in early September of 2013, three men—one Iranian, two possibly Eastern European—were

arrested at a Brussels airport with forged Israeli passports. The men were attempting to fly to

Toronto and Montreal. Meanwhile, more standard Iranian state sponsorship of terrorism

continues unabated.

(U) To access the full Testimony:

http://docs.house.gov/meetings/FA/FA13/20140304/101832/HHRG-113-FA13-Wstate-LevittM-

20140304.pdf

UNCLASSIFIED

UNCLASSIFIED

26

(U) Authorities Identify Third Suspect in Bulgarian Bus Bombing Linked to Canadian

Member of Hezbollah (The National Post, 20 FEB 2014)

(U) Bulgarian authorities have identified a third accomplice suspected of involvement in a 2012

bus bombing linked to an alleged Canadian member of the terrorist group Hezbollah. The

country's chief prosecutor, Sotir Tsatsarov, told reporters the suspect had been unknown to

investigators until recently. He did not reveal the man's nationality. The development will delay

an indictment against the bombers, which was to have filed next month, he said. The attack at the

Burgas airport targeted a bus carrying Israeli tourists. "This does not mean that the indictment

will be postponed indefinitely, but we'll need a bit more time", Tsatsarov said, according to the

Sofia News Agency. "We will have a lot more evidence. Until now we knew of two bombers,

now they're three." The July 18, 2012 bombing has been widely attributed to Hezbollah, which at

the time attempted several terrorist attacks around the world against Israelis that experts believe

were orchestrated by Iran.

(U) To access the full National Post article:

http://repubhub.icopyright.net/freePost.act?tag=3.11150?icx_id=430131

(U) Al-Qaeda Unveils New Magazine Aimed at Western Jihadis; Advert for 'Resurgence'

Magazine uses Words of Malcolm X in Appeal to Disaffected Muslims in US and Europe, as

it Turns Focus Away from Middle East (The Daily Telegraph, 10 MAR 2014)

(U) Al-Qaeda is starting an English language magazine as part of a fresh effort to recruit and

inspire Western jihadis to launch attacks in their own countries, according to security analysts. A

video posted on YouTube uses the words of Malcolm X to justify violent struggle, before

announcing the name of the magazine, Resurgence. It appears to be modeled on Inspire, an

online publication produced by al-Qaeda in the Arabian Peninsula (AQAP), which has carried

messages from Osama bin Laden, bomb making directions and tactics for launching "lone wolf"

attacks. However, the new magazine appears to be the first English language magazine from the

group's core leadership and is advertised with a slick video from as-Sahab, its media production

house. Analysts believe it marks a shift from al-Qaeda's recent focus on Syria. It mixes graphics,

images of George W Bush and warplanes launching missiles with a speech by Malcolm X, the

African-American Muslim leader, in which he said: "You can't ever reach a man if you don't

speak his language. If a man speaks the language of brute force, you can't come to him with

peace."…

(U) To access the full Daily Telegraph article: http://www.telegraph.co.uk/news/worldnews/al-

qaeda/10687163/Al-Qaeda-unveils-new-magazine-aimed-at-Western-jihadis.html

(U) Al Qaeda's Latest Magazine: Notes from Dead American Terrorists (ABC News, 17

MAR 2014)

(U) A new issue of al Qaeda's notorious Inspire magazine urges its readers to detonate car bombs

in major American cities, and claims to feature justifications for violent jihad written by two US-

born al Qaeda terrorists who were killed more than two years ago. As is common in Inspire, a

section near the end features instructions for explosives written by the "AQ Chef" — this time for

a car bomb designed not to bring down a building, but to be "very effective" in killing

individuals. The magazine puts New York City and Washington, D.C. at the top of its target list,

UNCLASSIFIED

UNCLASSIFIED

27

but includes Chicago, Los Angeles, and locations in England and France. It also urges the would-

be perpetrators to use disguises, like perhaps a white beard around Christmas time. Written in

near-perfect English, the highly-produced magazine from al Qaeda's most dangerous branch, al

Qaeda in the Arabian Peninsula (AQAP), is dated "Spring 2014" and references the reported

death of Pakistani Taliban leader Hakimullah Meshud, meaning portions were written at least

after late October 2013.

(U) To access the full ABC News article: http://abcnews.go.com/blogs/headlines/2014/03/al-

qaedas-latest-magazine-notes-from-dead-american-terrorists/

(U) Officials: Al-Qaida Plots Comeback in Afghanistan (Associated Press, 28 FEB 2014)

(U) Al-Qaida's Afghanistan leader is laying the groundwork to re-launch his war-shattered

organization once the United States and international forces withdraw from the country, as they

have warned they will do without a security agreement from the Afghan government, US officials

say. Farouq al-Qahtani al-Qatari has been cementing local ties and bringing in small numbers of

experienced militants to train a new generation of fighters, and US military and intelligence

officials say they have stepped up drone and jet missile strikes against him and his followers in

the mountainous eastern provinces of Kunar and Nuristan. The objective is to keep him from

restarting the large training camps that once drew hundreds of followers before the US-led war

began.

(U) To access the full Associated Press article:

http://hosted.ap.org/dynamic/stories/U/US_AFGHANISTAN_AL_QAIDA

(U) Nigeria: Al-Qaeda Takes Over Boko Haram (allAfrica.com, 09 MAR 2014)

(U) There are very strong indications to suggest that al-Qaeda, the global terror organization

founded by the late Osama Bin Laden, may have taken control of the notorious and deadly

Jama'atu Ahliss-Sunnah Lidda'awati Wal Jihad, popularly known as Boko Haram, Sunday

Vanguard can report authoritatively. In addition, it was learnt that some of the camps used by

Boko Haram members as safe haven in Cameroun have been detected by Nigeria's security

forces. The problem, however, according to sources, is that "except Cameroun enters into

concrete collaboration with Nigeria, nothing can be done". The alleged arrowhead of the take-

over, which is the al-Qaeda in the Islamic Maghreb, AQIM, has its headquarters in Algeria.

(U) To access the full allAfrica article: http://allafrica.com/stories/201403101121.html

(U) AP Interview: Jihadi Head Says Gaza Groups Growing (Associated Press, 09 MAR

2014)

(U) A leader of one of Gaza's secretive jihadi groups says the al-Qaida-inspired movement now

has several thousand armed fighters in the seaside strip, posing a formidable threat to both Israel

and the area's Hamas rulers. In an interview with The Associated Press, Abu Bakir al-Ansari

described a movement that is larger and better organized than is generally believed, with dozens

of fighters now in Syria, and claimed his group killed an Italian activist three years ago. He said

Gaza's Salafis have agreed with Hamas to observe a truce with Israel for the time being, but that

UNCLASSIFIED

UNCLASSIFIED

28

they are ready to fight at any time. We have a deal with Hamas to abide by the truce as long as

Israel abides," Abu Bakir said. "But once it violates the truce, we fire our rockets without any

consultation with Hamas."

(U) To access the full Associated Press article: http://bigstory.ap.org/article/ap-interview-

jihadi-head-saysgaza-groups-growing

(U) Militant Islamist Website Calls for Attacks on France And Hollande – SITE (Reuters, 11

MAR 2014)

(U) A militant Islamist website has created a series of posters calling for attacks on France and

for the assassination of President Francois Hollande in reprisal for the country's policies in Mali

and the Central African Republic, SITE monitoring service said late on Monday. In addition to

assisting Mali in its war against Islamists, France sent troops four months ago to the majority

Christian Central African Republic, where predominantly Muslim "Seleka" rebels seized power a

year ago... The al Minbar Jihadi Media Network, a well-known Islamist website, created six

posters as part of a campaign it dubbed, "We will not be silent, O France," SITE said.

(U) To access the full Reuters article: http://www.reuters.com/article/2014/03/11/us-jihadist-

message-france-idUSBREA2A0B120140311

(U) Al-Qaeda Threat to United States Risked In Afghanistan Exit, General Says (Business

Week, 12 MAR 2014)

(U) Al-Qaeda is likely to re-emerge from hiding places in Afghanistan to plan attacks on the US

homeland unless American counterterrorism forces remain in the country after this year, the head

of US-led forces there said. Elements of al-Qaeda continue to operate from Kunar and Nuristan

provinces, and the group would "view it as a great victory were we to withdraw so they'd have the

space within which to conduct operations," Marine Corps General Joseph Dunford, commander

of the International Security Assistance Force, told the Senate Armed Services committee today.

In invoking the threat of potential attacks on the United States, Dunford tied the military's case

for a continued presence in Afghanistan directly to the terrorist threat the United States cited

when it intervened there after the attacks of Sept. 11, 2001.

(U) To access the full Business Week article: http://www.businessweek.com/news/2014-03-

12/al-qaeda-threat-to-u-dot-s-dot-risked-in-afghanistan-exit-general-says

(U) This bulletin has been prepared by the Tampa Division of the FBI.

PRESENTATIONS AND OUTREACH

The CI Strategic Partnership Newsletter is a product of the FBI’s Counterintelligence Program Coordination Section which plays a key role in protecting our sensitive technologies from our adversaries.

UNCLASSIFIED

UNCLASSIFIED

29

The Challenge: to protect United States sensitive information, technologies and thereby competitiveness in an age of globalization. Our Solution: to foster communication and build awareness through partnerships with key public and private entities, by educating, and enabling our partners to identify what is at counterintelligence risk and how to protect it. We call it “knowing your domain”—identifying the research, information and technologies that are targeted by our adversaries, and establishing an ongoing dialog and information exchange with partners, the goal of which is to change behaviors and reduce opportunities that benefit the opposition’s efforts. The United States is a world’s leader in innovation. Consider the breakthrough research and development that’s taking place on the nation’s campuses and in research facilities—often on behalf of the government. Sensitive research, much of which occurs in the unclassified realm, is the key to our nation’s global advantage, both economically and militarily. The Counterintelligence (CI) Program Coordination Section is responsible for determining and safeguarding those technologies which, if compromised, would result in catastrophic losses to national security. Through our partnerships with businesses, academia, and US Government agencies, the FBI and its counterintelligence community partners are able to identify and effectively protect projects of great importance to the U.S. Government. This provides the first line of defense inside facilities where research and development occurs and where intelligence services are focused. The FBI’s outreach efforts continue to evolve. This newsletter is one way we hope to expand our outreach to the elements of our “CI Domain.” We continue in contacting businesses and organizations with which we have not yet made personal contact. In support of its Counterintelligence Domain/Strategic Partnership Program, the Federal Bureau of Investigation hosts an annual Research and Technology Protection (RTP) Conference for Facility Security Officers and RTP Professionals. Unclassified presentations address specific country threats to your technology, industrial and economic espionage, counterintelligence threat issues, and computer intrusion/cyber threat matters. The annual RTP Conference is offered in two locations during the year: Orlando and Clearwater.

The FBI's Domain/Strategic Partnership Program seeks to interface with private industry, high tech companies, research institutes, any stakeholder and/or contractor that design, develop, produce, and distribute critical information and technologies. Our job is to establish contact with these "Domain entities" in our territory, and assist them to better understand the foreign intelligence threat, and improve their ability to institute protective mechanisms. In addition to

UNCLASSIFIED

UNCLASSIFIED

30

hosting an annual Research Technology Protection (RTP) Conference for security professionals, we also provide security awareness threat briefings to our defense contractor partners, high tech companies and research institutes. To schedule CI, cyber, security, education, training and awareness briefings, contact the Tampa Domain/SPC. You may also be interested in scheduling a presentation of the FBI video “BETRAYED” or “GAME OF PAWNS” followed by Q&A. “Betrayed” represents a scenario where an FBI Intelligence Analyst is slowly but steadly compromised by a series of steps that ultimately fully compromise him into working on behalf of a foreign intelligence service. The video clearly demonstrates the traits and activities demonstrated by individuals who are involved in stealing classified information (or even proprietary information and trade secrets). The video also shows the passivity of co-workers who have clearly seen demonstrations of suspicious activity by the Intelligence Analyst, and how their failure to report the suspicious activity exasperates the situation.

“Game of Pawns” is the story of Glenn Duffie Shriver, who was a student fulfilling his dream of a year studying abroad in Shanghai when he was befriended by three Chinese intelligence officers. What first seemed like an innocent offer of friendship and a scholarship ended in a life-altering prison term for conspiracy to commit espionage against the United States. Based on a true story, Game of Pawns is a call for vigilance to the nearly 260,000 American students studying abroad. Game of Pawns also offers a valuable message for those active in today’s international workplace. Joint projects, overseas symposiums, and international tradeshows are all opportunities for intelligence services to develop relationships.

The Tampa Field Office Counterintelligence Strategic Partnership

Program Coordinator: James “Pat” Laflin (James.Laflin@ic.fbi.gov) 813.253.1029

Federal Bureau of Investigation 5525 West Gray Street Tampa, FL 33609

Phone: 813.253.1000