Skip to main content
Support Us
Documents

RADAR Report for July 18 to 21, 2019

Sep. 11, 2020

1/23
Download
Page 1 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY ASSOCIATION OF AMERICAN RAILROADS RAIL AWARENESS DAILY ANALYTIC REPORT (RADAR) July 18 - 21, 2019 - . . 5' 1; ?519$ I-. OFFICIAL USE ONLY
OFFICIAL USE ONLY ASSOCIATION OF AMERICAN RAILROADS RAIL AWARENESS DAILY ANALYTIC REPORT (RADAR) July 18 - 21, 2019 - . . 5' 1; ?519$ I-. OFFICIAL USE ONLY
Page 2 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Summary of Content Climate Activism - \Vorldwide: ??ealthv Donors Create Fund to Support Climate Activist Groups 02? Three wealthy American philanthropists reportedly intend to donate over $600,000 to support the efforts of grassroots climate activist groups, such as Extinction Rebellion (XR), in opposing fossil fuels development, production, and transport. The three has promised to raise millions more in the coming months. - Prosecutors Drop Charges Against Atlantic Sunrise Pipeline Protesters 02? On Monday, July 8, the presiding judge in the Lancaster County Court of Common Pleas dismissed misdemeanor trespassing charges against seven defendants who blocked construction of the Atlantic Sunrise pipeline in October 2017, ordering them instead to perform community service. All defendants are members of local environmental activist group called Lancaster Against Pipelines, which issued a statement predicting this outcome will strengthen opposition to pipelines for fracked gas on public safety and climate change concerns. Rail Security Awareness - United States: New York Times Questions Oil?bv?Rail Safetv Improvements Since Lac?Megantic 02? On Tuesday, July 16, the New York Times published an article focused on the lingering dangers of oil-by-rail transport now six years after the 2013 Lac-Megantic derailment of a crude oil train in uncontrolled movement that killed 47 people and destroyed much of the downtown area of the Quebec town. The article, entitled Runaway Train Explosion Killed 47, but Deadly Cargo Still Rides the Rails,? asserts that renewed activism in the Paci?c Northwest is targeting the oil-by?rail industry. - Britain: London Tracking Tube Passengers via Smartphone ?iFi 03? Transport for London the agency which operates London?s subway system, has begun collecting data in its stations from passenger smartphones in an effort to improve services. Although other transportation services around the world use smartphone data, London?s subway system may be the ?rst transportation system to do so in order to track and use an individual?s trip data in real time. OFFICIAL USE ONLY
OFFICIAL USE ONLY Summary of Content Climate Activism - \Vorldwide: ??ealthv Donors Create Fund to Support Climate Activist Groups 02? Three wealthy American philanthropists reportedly intend to donate over $600,000 to support the efforts of grassroots climate activist groups, such as Extinction Rebellion (XR), in opposing fossil fuels development, production, and transport. The three has promised to raise millions more in the coming months. - Prosecutors Drop Charges Against Atlantic Sunrise Pipeline Protesters 02? On Monday, July 8, the presiding judge in the Lancaster County Court of Common Pleas dismissed misdemeanor trespassing charges against seven defendants who blocked construction of the Atlantic Sunrise pipeline in October 2017, ordering them instead to perform community service. All defendants are members of local environmental activist group called Lancaster Against Pipelines, which issued a statement predicting this outcome will strengthen opposition to pipelines for fracked gas on public safety and climate change concerns. Rail Security Awareness - United States: New York Times Questions Oil?bv?Rail Safetv Improvements Since Lac?Megantic 02? On Tuesday, July 16, the New York Times published an article focused on the lingering dangers of oil-by-rail transport now six years after the 2013 Lac-Megantic derailment of a crude oil train in uncontrolled movement that killed 47 people and destroyed much of the downtown area of the Quebec town. The article, entitled Runaway Train Explosion Killed 47, but Deadly Cargo Still Rides the Rails,? asserts that renewed activism in the Paci?c Northwest is targeting the oil-by?rail industry. - Britain: London Tracking Tube Passengers via Smartphone ?iFi 03? Transport for London the agency which operates London?s subway system, has begun collecting data in its stations from passenger smartphones in an effort to improve services. Although other transportation services around the world use smartphone data, London?s subway system may be the ?rst transportation system to do so in order to track and use an individual?s trip data in real time. OFFICIAL USE ONLY
Page 3 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Summary of Content Rail Security Awareness (cont?d) - Russia: Seven ISIS Suspects Sentenced to Prison for Plot to Derail Train 02? On Friday, July 12, 2019, Russian media outlets reported that seven men believed to have ties to the Islamic State of Iraq and Sham (ISIS) have been sentenced to between 15 and 21 years in prison for allegedly plotting an attack targeting a Russian high- speed train. The investigation found that the group had plans to carry out a bombing following the failed train crash, however, the suspects were apprehended before they could execute any attack. - Arizona: Protesters Arrested for Blocking Light Rail Outside ICE acilitv in Phoenix 02? On Friday, July 12, 2019, Phoenix police reportedly arrested 16 protesters after they refused to clear away from the road and light rail tracks outside an Immigration and Customs Enforcement (ICE) of?ce ahead of the federal roundup expected the following Sunday in other cities across the country. Terrorism/Extremism - United States: DHS Renews National Terrorist Advisorv Svstem Bulletin 02? As of Thursday, July 18, the Department of Homeland Security (DHS) has re-issued the National Terrorism Advisory System (N TAS) Bulletin for the period through January 17, 2020. The content of the NTAS Bulletins has remained virtually identical since May 2017 - six advisories covering a period of 2 years and 8 months with no signi?cant change in content, despite the assessment that the United States is confronting ?one of the most challenging threat environments since 9/11.? Incendiarv Attack at Maior Animation Studio Highlights Potential Terror Tactic At least 33 people died and dozens suffered injuries after a man set ?re to an animation studio in the Japanese city of Kyoto. Police reported the 41-year-old suspect broke into the Kyoto Animation studio on Thursday morning, July 18, and sprayed petrol before igniting it. The success of this tactic could inspire Islamist extremist propagandists to urge its use in public settings. OFFICIAL USE ONLY
OFFICIAL USE ONLY Summary of Content Rail Security Awareness (cont?d) - Russia: Seven ISIS Suspects Sentenced to Prison for Plot to Derail Train 02? On Friday, July 12, 2019, Russian media outlets reported that seven men believed to have ties to the Islamic State of Iraq and Sham (ISIS) have been sentenced to between 15 and 21 years in prison for allegedly plotting an attack targeting a Russian high- speed train. The investigation found that the group had plans to carry out a bombing following the failed train crash, however, the suspects were apprehended before they could execute any attack. - Arizona: Protesters Arrested for Blocking Light Rail Outside ICE acilitv in Phoenix 02? On Friday, July 12, 2019, Phoenix police reportedly arrested 16 protesters after they refused to clear away from the road and light rail tracks outside an Immigration and Customs Enforcement (ICE) of?ce ahead of the federal roundup expected the following Sunday in other cities across the country. Terrorism/Extremism - United States: DHS Renews National Terrorist Advisorv Svstem Bulletin 02? As of Thursday, July 18, the Department of Homeland Security (DHS) has re-issued the National Terrorism Advisory System (N TAS) Bulletin for the period through January 17, 2020. The content of the NTAS Bulletins has remained virtually identical since May 2017 - six advisories covering a period of 2 years and 8 months with no signi?cant change in content, despite the assessment that the United States is confronting ?one of the most challenging threat environments since 9/11.? Incendiarv Attack at Maior Animation Studio Highlights Potential Terror Tactic At least 33 people died and dozens suffered injuries after a man set ?re to an animation studio in the Japanese city of Kyoto. Police reported the 41-year-old suspect broke into the Kyoto Animation studio on Thursday morning, July 18, and sprayed petrol before igniting it. The success of this tactic could inspire Islamist extremist propagandists to urge its use in public settings. OFFICIAL USE ONLY
Page 4 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Summary of Content Terrorism/Extremism (cont?d) - ??ashington: Anarchist Killed by Police During Attack on Northwest Detention Center 03? Will Van Spronsen, a 69-year-old self-proclaimed anarchist and anti?fascist, was shot and killed while attacking the Northwest Detention Center in Tacoma, Washington. According to local media reports, Van Spronsen was armed with a ri?e, and threw incendiary devices at the facility, where migrants are being held pending deportation proceedings. - Italv: Police Seize Air-to?Air Missile from Far?Right Group On Monday, July 15, 2019, it was reported that three alleged members of a far-right group were detained by Italian anti?terror police following a raid in which of?cers seized a three-meter long air-to-air missile and a large stash of automatic weapons. The discoveries came after a year-long investigation into Italians who took part in the Russia-backed insurgency in of eastern Ukraine. - Somali: Al Shabaab Claims Responsibilitv for Deadlv Terror Attack in Kismavo On Friday, July 12, at least four militants af?liated with Al Shabaab, an Islamic terrorist group linked to al Qaeda, reportedly launched an attack on the Asasey hotel in the Somali port of Kismayo, killing 27 people and injuring 56 others. The assault began with a suicide bomber ramming a car packed with explosives and continued with a gun battle that lasted over 14 hours. Cyber . ?"orldwide: Far?Right Social Network Joins Social Justice Twitter Alternative 02? The social media platform Gab, which is home to one of the largest far-right online social media networks, has reportedly switched its backend to run on software from Mastodon - which was launched as a social justice friendly and decentralized alternative to Twitter. - ??orldwide: Iranian Drone Downed bv U.S. RIilitarv 02? The American military is reported to have destroyed an Iranian Drone that had come within 1000 yards of the USS Boxer deployed in the Strait of Hormuz. Using the new anti?Drone system, Marine Corp?s Light Marine Air Defense Integrated System, the drone?s Global Positioning System signal was ?jammed? or potentially spoofed, reportedly rendering it useless. OFFICIAL USE ONLY
OFFICIAL USE ONLY Summary of Content Terrorism/Extremism (cont?d) - ??ashington: Anarchist Killed by Police During Attack on Northwest Detention Center 03? Will Van Spronsen, a 69-year-old self-proclaimed anarchist and anti?fascist, was shot and killed while attacking the Northwest Detention Center in Tacoma, Washington. According to local media reports, Van Spronsen was armed with a ri?e, and threw incendiary devices at the facility, where migrants are being held pending deportation proceedings. - Italv: Police Seize Air-to?Air Missile from Far?Right Group On Monday, July 15, 2019, it was reported that three alleged members of a far-right group were detained by Italian anti?terror police following a raid in which of?cers seized a three-meter long air-to-air missile and a large stash of automatic weapons. The discoveries came after a year-long investigation into Italians who took part in the Russia-backed insurgency in of eastern Ukraine. - Somali: Al Shabaab Claims Responsibilitv for Deadlv Terror Attack in Kismavo On Friday, July 12, at least four militants af?liated with Al Shabaab, an Islamic terrorist group linked to al Qaeda, reportedly launched an attack on the Asasey hotel in the Somali port of Kismayo, killing 27 people and injuring 56 others. The assault began with a suicide bomber ramming a car packed with explosives and continued with a gun battle that lasted over 14 hours. Cyber . ?"orldwide: Far?Right Social Network Joins Social Justice Twitter Alternative 02? The social media platform Gab, which is home to one of the largest far-right online social media networks, has reportedly switched its backend to run on software from Mastodon - which was launched as a social justice friendly and decentralized alternative to Twitter. - ??orldwide: Iranian Drone Downed bv U.S. RIilitarv 02? The American military is reported to have destroyed an Iranian Drone that had come within 1000 yards of the USS Boxer deployed in the Strait of Hormuz. Using the new anti?Drone system, Marine Corp?s Light Marine Air Defense Integrated System, the drone?s Global Positioning System signal was ?jammed? or potentially spoofed, reportedly rendering it useless. OFFICIAL USE ONLY
Page 5 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Summary of Content Cyber (cont?d) - Iran: Identity of Iranian Hacker who Aided in Espionage Against US Revealed 0:0 Jeff Bardin, the Chief Intelligence Of?cer for the California?based security ?rm Treadstone 71, has reportedly unmasked ?Mr. Tekide?, a malware developer and hacker who allegedly assisted in Iranian espionage activities directed against the United States and other foreign countries and organizations. - Insider Threat Report: Out of Sight Should Never Be Out of blind 0.0 According to the Verizon Insider Threat report released March 2019, 57% of database breaches involved an insider within the organization, with Privilege Nlisuse2 (also called Insider and Privilege lVIisuse) representing approximately 20% of all cybersecurity incidents and nearly 15% of all data breaches in 2018. The Insider and Privilege Nlisuse pattern includes insider threats when external threats collaborate with internal actors to access a company?s information or assets. In the Breaches per Pattern data, Miscellaneous Errors rank second. - TrickBot 1\Ialware has Compromised 250 million Email Accounts 02? The security ?rm, Deep Instinct, has reported the discovery of a new variant of the ?nancial malware known as TrickBot and a corresponding database of 250 million harvested email accounts from government and businesses in the United States, Canada, and Britain. The TrickBot malware, active since 2016, had mostly focused on ?nancial data theft; however, it has evolved into a sophisticated multi-purpose self replicating malware that actively avoids detection and harvests an enormous amounts of data, including log-in credentials, according to Deep Instinct researchers. - Israel: vaer Bodv Warns of New BEC Phishing Attack that Uses AI 02? On Wednesday, July 10, published reporting indicated that the Israel National Cyber Directorate, an Israeli government ?cyber body,? has issued a warning on a new type of cyber attack that uses arti?cial intelligence technology that ?impersonates senior company executives.? This new method of attack is a form of business email compromise fraud, in which an attacker impersonating a vendor sends a fraudulent targeted email to employees with a ?social engineering method? that prompts a response, allowing the attack to escalate by giving instructions to company employees to perform tasks such as money and bank transfers, as well as provide private information to gain access to a company?s network while releasing malicious activity on the company's network. OFFICIAL USE ONLY
OFFICIAL USE ONLY Summary of Content Cyber (cont?d) - Iran: Identity of Iranian Hacker who Aided in Espionage Against US Revealed 0:0 Jeff Bardin, the Chief Intelligence Of?cer for the California?based security ?rm Treadstone 71, has reportedly unmasked ?Mr. Tekide?, a malware developer and hacker who allegedly assisted in Iranian espionage activities directed against the United States and other foreign countries and organizations. - Insider Threat Report: Out of Sight Should Never Be Out of blind 0.0 According to the Verizon Insider Threat report released March 2019, 57% of database breaches involved an insider within the organization, with Privilege Nlisuse2 (also called Insider and Privilege lVIisuse) representing approximately 20% of all cybersecurity incidents and nearly 15% of all data breaches in 2018. The Insider and Privilege Nlisuse pattern includes insider threats when external threats collaborate with internal actors to access a company?s information or assets. In the Breaches per Pattern data, Miscellaneous Errors rank second. - TrickBot 1\Ialware has Compromised 250 million Email Accounts 02? The security ?rm, Deep Instinct, has reported the discovery of a new variant of the ?nancial malware known as TrickBot and a corresponding database of 250 million harvested email accounts from government and businesses in the United States, Canada, and Britain. The TrickBot malware, active since 2016, had mostly focused on ?nancial data theft; however, it has evolved into a sophisticated multi-purpose self replicating malware that actively avoids detection and harvests an enormous amounts of data, including log-in credentials, according to Deep Instinct researchers. - Israel: vaer Bodv Warns of New BEC Phishing Attack that Uses AI 02? On Wednesday, July 10, published reporting indicated that the Israel National Cyber Directorate, an Israeli government ?cyber body,? has issued a warning on a new type of cyber attack that uses arti?cial intelligence technology that ?impersonates senior company executives.? This new method of attack is a form of business email compromise fraud, in which an attacker impersonating a vendor sends a fraudulent targeted email to employees with a ?social engineering method? that prompts a response, allowing the attack to escalate by giving instructions to company employees to perform tasks such as money and bank transfers, as well as provide private information to gain access to a company?s network while releasing malicious activity on the company's network. OFFICIAL USE ONLY
Page 6 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Worldwide: Wealthy Donors Create Fund to Support Climate Activist Groups According to reports, three wealthy U.S. philanthropists intend to donate over $600,000 to grassroots climate activist groups, such as Extinction Rebellion (XR), with the promise of raising ?tens of millions more? in the coming months. The donors - Trevor Neilson, Rory Kennedy and Aileen Getty - have launched the Climate Emergency Fund (CEF) to help support school strikes and activist groups like XR. Neilson, who has worked as an investor with prominent ?gures such as Bill Gates and Richard Branson, said the fund was inspired by Swedish teenager Greta Thunberg (founder of the school strike for climate movement) and the XR demonstrators who blocked traf?c and disrupted trains in London in April of this year. The level of monetary and potentially political support resulting from this commitment to the XR effort will likely bolster the number and frequency of campaigns, including direct actions. Rory 125;;- :15: 5 ?gray-J; 3-3.33.3. my; :5 a cg- Kennedy is the daughter of late US Senator and Attorney General Robert Kennedy. L's- ?hm-=3 9?4 - . Aileen Getty is the granddaughter to oil baron Jean Paul Getty and heir to the Getty I I: ?4 1' fortune an estimated $5 billion and ranked as one of America?s richest families. Among those serving on the advisory board are reportedly author and environmentalist Bill McKibben, who established 350.0rg, and David Wallace Wells, who wrote the international bestseller Uninhabitable Earth. The money will initially be used to support school strike and XR groups in the US, but will also be available to help ?seed? similar groups around the world. It offers tiers of funding to support different-sized groups, from individual activists seeking money for demonstration materials, to funding for salaries and of?ces for established groups in big cities. Some of the funding has already been committed to support XR groups in New York and Los Angeles. The overt funding of activist groups like Extinction Rebellion (XR), which was founded on the idea that illegal acts of civil disobedience are the best tactic to urge government action against climate change, supports the notion that unlawful behavior targeting the fossil fuel industry is both publicly acceptable and for the greater good. According to a report by The Guardian, Neilson notably states the CEF would back ?non-violent legal action? but does not clarify how groups such as New York chapter - which engaged in an illegal action in June of this year, when a number of its members scaled the New York Times building in Manhattan - will be required to allocate the money once they receive it, in order to ensure it is not being spent on illegal protest activities. 1, g, g, OFFICIAL USE ONLY
OFFICIAL USE ONLY Worldwide: Wealthy Donors Create Fund to Support Climate Activist Groups According to reports, three wealthy U.S. philanthropists intend to donate over $600,000 to grassroots climate activist groups, such as Extinction Rebellion (XR), with the promise of raising ?tens of millions more? in the coming months. The donors - Trevor Neilson, Rory Kennedy and Aileen Getty - have launched the Climate Emergency Fund (CEF) to help support school strikes and activist groups like XR. Neilson, who has worked as an investor with prominent ?gures such as Bill Gates and Richard Branson, said the fund was inspired by Swedish teenager Greta Thunberg (founder of the school strike for climate movement) and the XR demonstrators who blocked traf?c and disrupted trains in London in April of this year. The level of monetary and potentially political support resulting from this commitment to the XR effort will likely bolster the number and frequency of campaigns, including direct actions. Rory 125;;- :15: 5 ?gray-J; 3-3.33.3. my; :5 a cg- Kennedy is the daughter of late US Senator and Attorney General Robert Kennedy. L's- ?hm-=3 9?4 - . Aileen Getty is the granddaughter to oil baron Jean Paul Getty and heir to the Getty I I: ?4 1' fortune an estimated $5 billion and ranked as one of America?s richest families. Among those serving on the advisory board are reportedly author and environmentalist Bill McKibben, who established 350.0rg, and David Wallace Wells, who wrote the international bestseller Uninhabitable Earth. The money will initially be used to support school strike and XR groups in the US, but will also be available to help ?seed? similar groups around the world. It offers tiers of funding to support different-sized groups, from individual activists seeking money for demonstration materials, to funding for salaries and of?ces for established groups in big cities. Some of the funding has already been committed to support XR groups in New York and Los Angeles. The overt funding of activist groups like Extinction Rebellion (XR), which was founded on the idea that illegal acts of civil disobedience are the best tactic to urge government action against climate change, supports the notion that unlawful behavior targeting the fossil fuel industry is both publicly acceptable and for the greater good. According to a report by The Guardian, Neilson notably states the CEF would back ?non-violent legal action? but does not clarify how groups such as New York chapter - which engaged in an illegal action in June of this year, when a number of its members scaled the New York Times building in Manhattan - will be required to allocate the money once they receive it, in order to ensure it is not being spent on illegal protest activities. 1, g, g, OFFICIAL USE ONLY
Page 7 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Prosecutors Drop Charges Against Atlantic Sunrise Pipeline Protesters On Monday, July 8, 2019, Judge Howard Knisely of the Lancaster County Court of Common Pleas dismissed misdemeanor trespassing charges against seven defendants who blocked construction of the Atlantic Sunrise pipeline in October 2017, ordering them instead to perform community service as an alternative disposition. The defendants were part of a larger group of 23 activists who were arrested following their direct action against the fossil fuel project; while 16 of them pleaded ?no contest? to the charges, the remaining seven said they pleaded ?not guilty? in order to force the matter into court. All of the activists are members of local environmental group called Lancaster Against Pipelines, which subsequently issued a statement predicting that the outcome of the case will strengthen the position of those who say that pipelines carrying fracked gas threaten public safety and exacerbate climate change. Judge Kniseley reportedly welcomed the agreement between the defendants and the district attorney, and said that peaceful, nonviolent protest is protected, albeit with limitations, by state and federal law. He added that legislatures, not the courts, are the proper place to protect the natural environment and public safety. ?We must all be more vigilant to elect to those legislative positions persons who are highly concerned with their local constituents and local problems, and not those who merely look for personal advancement or who look to industry to ?ll their coffers for re-election,? he told the court. Mark latterbuck, a spokesman for the defendants, asserted the dismissal ?shows that communities that peacefully defend their health and safety and protect the earth against the gas industry were vindicated this morning.? One of the defendants, an 88-year-old Catholic nun named Barbara VanHorn, told interviewers that the outcome should encourage protesters against other pipelines such as Mariner East, which has sparked widespread community protest, particularly in the Philadelphia suburbs. VanHorn is one of among 15 nuns belonging to the order of the Adorers of the Blood of Christ in West Hemp?eld who participated 1n the action against the Atlantic Sunrise pipeline after they refused to sell their land to the Williams energy company .. . to make way for its construction. Williams then took the land by eminent domain, which prompted the nuns to ?le a lawsuit arguing that their religious rights had been violated. After losing 1n an appeals court, they took their case to the US. Supreme Court, which declined to hear it in February of this year. Multiple states in the United States have enacted critical infrastructure legislation as a means to deter pipeline protesters by de?ning offenses and stiffening penalties for criminal direct action tactics. Despite illegal activities, activists are claiming the court?s dismissal of charges as a victory. Regardless of perceptions, this case demonstrates activists are still using trespass incidents to cause arrests for the specific purpose of presenting arguments on climate change in courts to establish precedent that may potentially favor activists who face charges for climate?related protests in the future and encourage public perception that acts of criminality targeting fossil fuel companies are protected by law if they are carried out on behalf of climate activism. 5,
OFFICIAL USE ONLY Prosecutors Drop Charges Against Atlantic Sunrise Pipeline Protesters On Monday, July 8, 2019, Judge Howard Knisely of the Lancaster County Court of Common Pleas dismissed misdemeanor trespassing charges against seven defendants who blocked construction of the Atlantic Sunrise pipeline in October 2017, ordering them instead to perform community service as an alternative disposition. The defendants were part of a larger group of 23 activists who were arrested following their direct action against the fossil fuel project; while 16 of them pleaded ?no contest? to the charges, the remaining seven said they pleaded ?not guilty? in order to force the matter into court. All of the activists are members of local environmental group called Lancaster Against Pipelines, which subsequently issued a statement predicting that the outcome of the case will strengthen the position of those who say that pipelines carrying fracked gas threaten public safety and exacerbate climate change. Judge Kniseley reportedly welcomed the agreement between the defendants and the district attorney, and said that peaceful, nonviolent protest is protected, albeit with limitations, by state and federal law. He added that legislatures, not the courts, are the proper place to protect the natural environment and public safety. ?We must all be more vigilant to elect to those legislative positions persons who are highly concerned with their local constituents and local problems, and not those who merely look for personal advancement or who look to industry to ?ll their coffers for re-election,? he told the court. Mark latterbuck, a spokesman for the defendants, asserted the dismissal ?shows that communities that peacefully defend their health and safety and protect the earth against the gas industry were vindicated this morning.? One of the defendants, an 88-year-old Catholic nun named Barbara VanHorn, told interviewers that the outcome should encourage protesters against other pipelines such as Mariner East, which has sparked widespread community protest, particularly in the Philadelphia suburbs. VanHorn is one of among 15 nuns belonging to the order of the Adorers of the Blood of Christ in West Hemp?eld who participated 1n the action against the Atlantic Sunrise pipeline after they refused to sell their land to the Williams energy company .. . to make way for its construction. Williams then took the land by eminent domain, which prompted the nuns to ?le a lawsuit arguing that their religious rights had been violated. After losing 1n an appeals court, they took their case to the US. Supreme Court, which declined to hear it in February of this year. Multiple states in the United States have enacted critical infrastructure legislation as a means to deter pipeline protesters by de?ning offenses and stiffening penalties for criminal direct action tactics. Despite illegal activities, activists are claiming the court?s dismissal of charges as a victory. Regardless of perceptions, this case demonstrates activists are still using trespass incidents to cause arrests for the specific purpose of presenting arguments on climate change in courts to establish precedent that may potentially favor activists who face charges for climate?related protests in the future and encourage public perception that acts of criminality targeting fossil fuel companies are protected by law if they are carried out on behalf of climate activism. 5,
Page 8 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY United States: New York Times Questions Oil-by-Rail Safety Improvements On Tuesday, July 16, 2019, the New York Times published an article focused on the lingering dangers of oil-by- rail transport following the 2013 Lac-Megantic disaster, entitled Runaway Train Explosion Killed 47, but Deadly Cargo Still Rides the Rails.? While not explicitly stated, the article comes shortly after the sixth anniversary of the derailment and oil train explosion in Lac-Megantic that killed 47 people. The article covers many of the same points often made by environmental groups and known oil-by-rail critics, to include arguments against the Federal Railroad Administration?s abandonment of proposed legislation that would have required at least two?person crews on most trains, as well as concerns over the proven safety of newer tank cars. Moreover, the article particularly highlights the lasting impact the 2013 disaster has had on the Lac-Megantic community and warns of trains still carrying ?ammable cargo through densely populated areas in Canada and the United States. 1, Media criticism of the oil?by?rail industry, as well as related protests by environmental activist groups, tends to increase in the weeks surrounding the anniversary of the Lac-Megantic disaster. - About a week before the New York Times published its article, activists from Coalition to Ban Unsafe Oil Trains (CBUOT), along with several other groups, staged a rally in New Jersey to call for legislation that would increase oil train safety regulations. Around the same time, the activist group, Wild Idaho Rising Tide (WIRT), held a series of demonstrations in the Sandpoint area to commemorate the Lac-Megantic disaster and raise public awareness of its long-standing battle against BNSF Railway?s proposed construction of rail bridges in the area. Lastly, at the start of this month, prominent oil-by-rail critic Justin lVIikulka announced the release of his new book, ?Bomb Trains: How Industry Greed and Regulatory Failure Put the Public at Risk.? While this targeting of the oil-by-rail industry by both the media and environmentalists is typically isolated on a yearly basis around the Lac-Megantic anniversary, there has been a recent focus by climate groups based in the Paci?c Northwest, such as Extinction Rebellion - PDX, on opposing oil-by-rail expansion at the Zenith Portland Terminal. As such, their ongoing and widely publicized campaign, in combination with negative coverage by major news outlets such as the New York Times, may serve to in?uence or galvanize more long-term activism against the oil?by?rail industry throughout North America. OFFICIAL USE ONLY
OFFICIAL USE ONLY United States: New York Times Questions Oil-by-Rail Safety Improvements On Tuesday, July 16, 2019, the New York Times published an article focused on the lingering dangers of oil-by- rail transport following the 2013 Lac-Megantic disaster, entitled Runaway Train Explosion Killed 47, but Deadly Cargo Still Rides the Rails.? While not explicitly stated, the article comes shortly after the sixth anniversary of the derailment and oil train explosion in Lac-Megantic that killed 47 people. The article covers many of the same points often made by environmental groups and known oil-by-rail critics, to include arguments against the Federal Railroad Administration?s abandonment of proposed legislation that would have required at least two?person crews on most trains, as well as concerns over the proven safety of newer tank cars. Moreover, the article particularly highlights the lasting impact the 2013 disaster has had on the Lac-Megantic community and warns of trains still carrying ?ammable cargo through densely populated areas in Canada and the United States. 1, Media criticism of the oil?by?rail industry, as well as related protests by environmental activist groups, tends to increase in the weeks surrounding the anniversary of the Lac-Megantic disaster. - About a week before the New York Times published its article, activists from Coalition to Ban Unsafe Oil Trains (CBUOT), along with several other groups, staged a rally in New Jersey to call for legislation that would increase oil train safety regulations. Around the same time, the activist group, Wild Idaho Rising Tide (WIRT), held a series of demonstrations in the Sandpoint area to commemorate the Lac-Megantic disaster and raise public awareness of its long-standing battle against BNSF Railway?s proposed construction of rail bridges in the area. Lastly, at the start of this month, prominent oil-by-rail critic Justin lVIikulka announced the release of his new book, ?Bomb Trains: How Industry Greed and Regulatory Failure Put the Public at Risk.? While this targeting of the oil-by-rail industry by both the media and environmentalists is typically isolated on a yearly basis around the Lac-Megantic anniversary, there has been a recent focus by climate groups based in the Paci?c Northwest, such as Extinction Rebellion - PDX, on opposing oil-by-rail expansion at the Zenith Portland Terminal. As such, their ongoing and widely publicized campaign, in combination with negative coverage by major news outlets such as the New York Times, may serve to in?uence or galvanize more long-term activism against the oil?by?rail industry throughout North America. OFFICIAL USE ONLY
Page 9 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Britain: London Tracking Tube Passengers via Smartphone WiFi Transport for London the agency which operates London?s subway system, has begun collecting data in its stations from passenger smartphones in an effort to improve services. Although other transportation services around the world use smartphone data in this manner, London?s subway system may be the ?rst transportation system to use smartphone data to track an individual?s trip data in real time. The new data collection program, which began on July 8, 2019, and was developed in house by the is built off of a four-week pilot program tested in 2016 across 54 stations in Zones 1-4. The intends to use data collected from smartphones to determine the number of people moving through the subway system, as well as how crowded platforms and trains are. - Alternate transportation agencies reportedly use similar methods to track shared e-scooter and e-bikes, and will be used to monitor self-driving cars in the future. The has claimed that under this new system, passengers will bene?t by receiving more alerts about congestion and delays. maintains that it will be able to monitor in real time how many people are on a train, as well as how long it takes passengers to walk from the ticketing area to the platform. The program will rely on the Wi-Fi provided in 260 stations to determine passengers? locations. It is detect any smartphone in the area with its Wi-Fi in operating status. Passengers who wish to opt out of this data collection program will need to turn off Wi-Fi on their devices. The TfL?s data collection program has raised concerns over the possible misuse of data, as well as the potential risks posed by hacking and unwanted tracking. The has stated that it will not be linking collected anonymous data with additional customer information, and that this data will only be available to a controlled group of employees. According to media reports, only aggregated data is allowed to be shared with either different departments or with external bodies. This data can reportedly be shared with law enforcement agencies if the police are able to demonstrate through a formal process that a release of data can use justi?ed in order to detect or prevent crime, or prosecute a suspected offender. The TfL?s adaptation and implementation of its data collection plan may shape future developments related to potential infrastructure projects in London?s subway system. The questions on how public data collection plans by transportation agencies impacts personal privacy and the digital security of customers will likely remain pertinent as other transportation systems around the world potentially develop their own real-time data collection plans. 2, l_0 OFFICIAL USE ONLY
OFFICIAL USE ONLY Britain: London Tracking Tube Passengers via Smartphone WiFi Transport for London the agency which operates London?s subway system, has begun collecting data in its stations from passenger smartphones in an effort to improve services. Although other transportation services around the world use smartphone data in this manner, London?s subway system may be the ?rst transportation system to use smartphone data to track an individual?s trip data in real time. The new data collection program, which began on July 8, 2019, and was developed in house by the is built off of a four-week pilot program tested in 2016 across 54 stations in Zones 1-4. The intends to use data collected from smartphones to determine the number of people moving through the subway system, as well as how crowded platforms and trains are. - Alternate transportation agencies reportedly use similar methods to track shared e-scooter and e-bikes, and will be used to monitor self-driving cars in the future. The has claimed that under this new system, passengers will bene?t by receiving more alerts about congestion and delays. maintains that it will be able to monitor in real time how many people are on a train, as well as how long it takes passengers to walk from the ticketing area to the platform. The program will rely on the Wi-Fi provided in 260 stations to determine passengers? locations. It is detect any smartphone in the area with its Wi-Fi in operating status. Passengers who wish to opt out of this data collection program will need to turn off Wi-Fi on their devices. The TfL?s data collection program has raised concerns over the possible misuse of data, as well as the potential risks posed by hacking and unwanted tracking. The has stated that it will not be linking collected anonymous data with additional customer information, and that this data will only be available to a controlled group of employees. According to media reports, only aggregated data is allowed to be shared with either different departments or with external bodies. This data can reportedly be shared with law enforcement agencies if the police are able to demonstrate through a formal process that a release of data can use justi?ed in order to detect or prevent crime, or prosecute a suspected offender. The TfL?s adaptation and implementation of its data collection plan may shape future developments related to potential infrastructure projects in London?s subway system. The questions on how public data collection plans by transportation agencies impacts personal privacy and the digital security of customers will likely remain pertinent as other transportation systems around the world potentially develop their own real-time data collection plans. 2, l_0 OFFICIAL USE ONLY
Page 10 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Russia: Seven ISIS Suspects Sentenced to Prison for Plot to Derail Train On Friday, July 12, 2019, Russian media outlets reported that seven men convicted of ties to the Islamic State of Iraq and Syria (ISIS) have been sentenced to between 15 and 21 years in prison for plotting an attack targeting a Russian high?speed train. The suspects, who are from Tajikistan, a former Soviet republic, had placed a metal brake holder block on tracks on July 7, 2017, in an attempt to cause a crash and derailment of the high?speed Sapsan train operating between Moscow and St. Petersburg. Evidently, the train collided with a barrier but did not crash. As a result, five of the Sapsan train cars were damaged, estimated at a total of 55 million rubles ($880,000) in losses. Furthermore, the investigation found that the group had plans to carry out a bombing following the failed train crash, however, the suspects were apprehended before they could execute any attack. military involvement in Syria, while also posting their intended message online. The Moscow District Military Court (MOVS) sentenced all of the suspected terrorists to 15 to 21 years behind bars, adding that they will serve their sentences in ?special regime colonies,? which is the most common type of prison in Russia. Additionally, only one of the seven suspects pleaded guilty to all charges; another pled guilty to possession of firearms. The ?ve remaining suspects pled not guilty to all charged offense, including preparing and carrying out a terrorist act, as well as possessing weapons. 1 According to the court cited indictment, the suspected ISIS sleeper cells had plotted their attack plan as a way to protest Russia?s Russian news outlets state this case mirrors several other previous bomb plots that targeted high speed trains on the Moscow-Saint Petersburg Railway. - The Russian FSB security service reportedly foiled a terrorist bombing plot in 2011 to target a Sapsan high speed train transporting Russian elite class passengers at speeds up to 155 miles per hour. The ringleader of the cell was a 22-year-old from Kabardino-Balkaria in the North Caucasus who had recruited the three others, including a Chechen, at a mosque in Moscow. The four convicts are currently serving long-term prison sentences. On November 27, 2009, at approximately 9:34 pm, a bombing attack derailed a high speed Nevsky Express train in transit near Bologoye, Tver Oblast, resulting in 90 injuries and 28 fatalities. The ensuing investigation resulted in 10 suspects charged for the attack. On the night of August 13, 2007, a bomb placed along railroad tracks exploded as a high-speed Nevsky Express train was traversing a section of track crossing a bridge elevated an estimated 60 feet above a road. The passenger train cleared the bridge before derailing, its cars sliding on their sides, injuring at least 60 of the 230 on board. It has been reported that Islamist militant Pavel Kosolapov was behind the attack. His current whereabouts are unknown. u, E, Q, g,
OFFICIAL USE ONLY Russia: Seven ISIS Suspects Sentenced to Prison for Plot to Derail Train On Friday, July 12, 2019, Russian media outlets reported that seven men convicted of ties to the Islamic State of Iraq and Syria (ISIS) have been sentenced to between 15 and 21 years in prison for plotting an attack targeting a Russian high?speed train. The suspects, who are from Tajikistan, a former Soviet republic, had placed a metal brake holder block on tracks on July 7, 2017, in an attempt to cause a crash and derailment of the high?speed Sapsan train operating between Moscow and St. Petersburg. Evidently, the train collided with a barrier but did not crash. As a result, five of the Sapsan train cars were damaged, estimated at a total of 55 million rubles ($880,000) in losses. Furthermore, the investigation found that the group had plans to carry out a bombing following the failed train crash, however, the suspects were apprehended before they could execute any attack. military involvement in Syria, while also posting their intended message online. The Moscow District Military Court (MOVS) sentenced all of the suspected terrorists to 15 to 21 years behind bars, adding that they will serve their sentences in ?special regime colonies,? which is the most common type of prison in Russia. Additionally, only one of the seven suspects pleaded guilty to all charges; another pled guilty to possession of firearms. The ?ve remaining suspects pled not guilty to all charged offense, including preparing and carrying out a terrorist act, as well as possessing weapons. 1 According to the court cited indictment, the suspected ISIS sleeper cells had plotted their attack plan as a way to protest Russia?s Russian news outlets state this case mirrors several other previous bomb plots that targeted high speed trains on the Moscow-Saint Petersburg Railway. - The Russian FSB security service reportedly foiled a terrorist bombing plot in 2011 to target a Sapsan high speed train transporting Russian elite class passengers at speeds up to 155 miles per hour. The ringleader of the cell was a 22-year-old from Kabardino-Balkaria in the North Caucasus who had recruited the three others, including a Chechen, at a mosque in Moscow. The four convicts are currently serving long-term prison sentences. On November 27, 2009, at approximately 9:34 pm, a bombing attack derailed a high speed Nevsky Express train in transit near Bologoye, Tver Oblast, resulting in 90 injuries and 28 fatalities. The ensuing investigation resulted in 10 suspects charged for the attack. On the night of August 13, 2007, a bomb placed along railroad tracks exploded as a high-speed Nevsky Express train was traversing a section of track crossing a bridge elevated an estimated 60 feet above a road. The passenger train cleared the bridge before derailing, its cars sliding on their sides, injuring at least 60 of the 230 on board. It has been reported that Islamist militant Pavel Kosolapov was behind the attack. His current whereabouts are unknown. u, E, Q, g,
Page 11 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Arizona: Protesters Arrested for Blocking Light Rail Outside ICE Facility in Phoenix On Friday, July 12, 2019, Phoenix police arrested 16 direct actionists after they refused to clear away from the road and light rail tracks outside an Immigration and Customs Enforcement (ICE) of?ce ahead of the federal roundup expected the following Sunday in other cities across the country. Of those arrested, 14 were accused of unlawful assembly and obstructing a public thoroughfare and two were accused of aggravated assault on a police of?cer. This direct action supported the nationwide Lights for Liberty immigration demonstrations against the ?border . . . Phoenix Pollce Department Camps? that were planned for hundreds of c1t1es across the United States. . . Anyone mo is bloc<ing the Light Rail tracks or the roadway are Part1c1pants gathered on Central Avenue, north of McDowell Road. where they began chanting, ?(lose the camps, asked to leave the area of Central between Encanto Mchwel free our kids,? in reference to migrant children being held in US detention centers. Police of?cers in riot gear safer" Anyone 'nVOI?ed U'm'na' 5 sumemo repeatedly shouted over megaphones for them to get out of the road; however, despite this, a few of them sat down on the light rail tracks. According to Valley Metro, the operator of the light rail system for the Phoenix areathe protest shut down the Central and Encanto rall station. 3'3? . . . . Se'wce Alert Due to a police event they are cosmg the rail At around 20:30 LT, pollce forced everyone to leave the road and started taking some people into custody. Two of from Th?maa'central to Mrnowall-?Cemra We quI he getting buses to trarsfer "Iders east anc west from Thomas and the activists later claimed that one of those arrested for assaulting a police of?cer had merely sprayed an of?cer McDowell and take yo, ,0 he other ?anon, C, wearing a riot helmet with silly string. l_6, l_7, l_8 Friday?s protest in Phoenix serves to illustrate how rail assets located near ICE facilities can be incidentally targeted by activists. Similar direct action tactics were employed in July 2018, when anti-ICE demonstrators built a makeshift protest camp on top of BNSF tracks running directly adjacent to the NWDC. The railway was forced to build a fence to keep the protesters off the property - a move that was ultimately met with resistance. mom Protests targeting ICE facilities across the US will likely continue, particularly following the recent shooting by Tacoma Max:353, police of a 69-year-old anarchist who allegedly attempted to attack the Northwest Detention Center (NW DC) with incendiary devices. Following the incident, anarchists praised the slain attacker - identi?ed as Willem Van Spronsen - as a - hero among their movement, and vowed to maintain their opposition against the NWDC, as well as other ICE facilities. OFFICIAL USE ONLY
OFFICIAL USE ONLY Arizona: Protesters Arrested for Blocking Light Rail Outside ICE Facility in Phoenix On Friday, July 12, 2019, Phoenix police arrested 16 direct actionists after they refused to clear away from the road and light rail tracks outside an Immigration and Customs Enforcement (ICE) of?ce ahead of the federal roundup expected the following Sunday in other cities across the country. Of those arrested, 14 were accused of unlawful assembly and obstructing a public thoroughfare and two were accused of aggravated assault on a police of?cer. This direct action supported the nationwide Lights for Liberty immigration demonstrations against the ?border . . . Phoenix Pollce Department Camps? that were planned for hundreds of c1t1es across the United States. . . Anyone mo is bloc<ing the Light Rail tracks or the roadway are Part1c1pants gathered on Central Avenue, north of McDowell Road. where they began chanting, ?(lose the camps, asked to leave the area of Central between Encanto Mchwel free our kids,? in reference to migrant children being held in US detention centers. Police of?cers in riot gear safer" Anyone 'nVOI?ed U'm'na' 5 sumemo repeatedly shouted over megaphones for them to get out of the road; however, despite this, a few of them sat down on the light rail tracks. According to Valley Metro, the operator of the light rail system for the Phoenix areathe protest shut down the Central and Encanto rall station. 3'3? . . . . Se'wce Alert Due to a police event they are cosmg the rail At around 20:30 LT, pollce forced everyone to leave the road and started taking some people into custody. Two of from Th?maa'central to Mrnowall-?Cemra We quI he getting buses to trarsfer "Iders east anc west from Thomas and the activists later claimed that one of those arrested for assaulting a police of?cer had merely sprayed an of?cer McDowell and take yo, ,0 he other ?anon, C, wearing a riot helmet with silly string. l_6, l_7, l_8 Friday?s protest in Phoenix serves to illustrate how rail assets located near ICE facilities can be incidentally targeted by activists. Similar direct action tactics were employed in July 2018, when anti-ICE demonstrators built a makeshift protest camp on top of BNSF tracks running directly adjacent to the NWDC. The railway was forced to build a fence to keep the protesters off the property - a move that was ultimately met with resistance. mom Protests targeting ICE facilities across the US will likely continue, particularly following the recent shooting by Tacoma Max:353, police of a 69-year-old anarchist who allegedly attempted to attack the Northwest Detention Center (NW DC) with incendiary devices. Following the incident, anarchists praised the slain attacker - identi?ed as Willem Van Spronsen - as a - hero among their movement, and vowed to maintain their opposition against the NWDC, as well as other ICE facilities. OFFICIAL USE ONLY
Page 12 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY United States: DHS Renews National Terrorist Advisory System Bulletin As of Thursday, July 18, 2019, the Department of Homeland Security (DHS) has re-issued the National Terrorism Advisorv Svstem (NTAS) Bulletin for the period through January 17, 2020. As noted in the Bulletin, DHS has used this means since 2015 to ?highlight the continuing terror . . . . . . . SUMMARY OF TERRORISM THREAT TO THE S. HOMELAAD threat to the US. Homeland? in what is described as ?a generatlonal fight against terrorists who seek to attack the American people, our country, and our way of life.? - The purpose of the Bulletin is to ensure that an ?informed, vigilant and engaged public remains ADDITIONAL DETAILS w. .womnu- Ir. in). on- to not! Jim-ff; fro-l unc- on fuo'qp tau-I 1m 'wrct t. more Udbl, OI chad-rumma- ovum hora Pun-o'n: one of our greatest assets to identify potential terrorists and prevent attacks.? Emu-"rm ?mm comm-d "ad-l opal-cum- x. .000 ?anon Once again, the Bulletin emphaSIZes that the United States continues ?to face one of the most ?:11:me T: ?0.me Ed in. ?3 In challengmg threat env1ronments smce 9/11, as forelgn terrorist organizations the Internet ?mfg?: IRIOM .O'fi?u. Y. exploit the Internet to inspire, enable, or direct individuals already here in the homeland .W .. w. WHOM and mum! chunk; on: och-Lug or: unsung-1 may convey to comm1t terrorist acts. . . Indium" Inf-3'. m-vum 'fmn My hm omct'od In: mart" numb-xi may ited as 3 Signi?cant aggravating factor in the terrorist threat IS the reliance of homegrown - ?m . . . . co Erroars Violent extremists on technology, such as end-to-end soc1al media to 2.2137132?; ?31323?: ?37.27.3233 31231 aVOld deteCtlon 2:5. meta, m? If. ?8 :01! 11:0! ?:qu ponmn b; and Jammiemfmmumom-nm batch-10M waning "mm. Until"; .Jubo? 7m on: 4-3., whining vun'nl 'uzvmluum rd Terrorist groups urge their supporters ?to adopt easy?to-use tools to target public places and pm. But trendy, 9'15 comma-I: 1.: among ?Wu-and Tran "mm now-duo uncanny-01L on am but (1le mtg-m com-2m 0' com!? events such as ?vehicle ramming, to include the use of rental vehicles, small arms, straight-edged blades or knives, homemade explosives, and poisons or toxins.? HOW YOU CAN HELP BE PREPARED STAY INFORMED The content of the NTAS Bulletins has remained virtually identical since May 2017 six re?issued advisories covering a period of 2 years and 8 months with no signi?cant change in content, despite the assessment that the United States is confronting ?one of the most challenging threat environments since 9/11.? During this extended period, the private sector, acting through the Critical Infrastructure Cross Sector Council, has repeatedly offered substantive input to ensure the NTAS Bulletins actually support the informed vigilance, timely reporting, and ensuing investigative efforts that can lead and has led to prevention. This input has included materials that specifically highlight instances when employees or members of the public have contributed to disruption or deterrence of an act of terrorism by their attentiveness and timely reporting of observed suspicious activity or concerning behaviors or obj ects. Industry has also offered a tip guide for individual awareness in public settings. These initiatives have been ignored. The Critical Infrastructure Cross Sector Council is not even consulted on the planned re-issuance of the Bulletins. Their release comes as a surprise. The effects: the Bulletins are reduced to background noise with opportunities repeatedly missed to use them to gain and maintain attention through reference to speci?c incidents in which employees and the public have made the essential difference.
OFFICIAL USE ONLY United States: DHS Renews National Terrorist Advisory System Bulletin As of Thursday, July 18, 2019, the Department of Homeland Security (DHS) has re-issued the National Terrorism Advisorv Svstem (NTAS) Bulletin for the period through January 17, 2020. As noted in the Bulletin, DHS has used this means since 2015 to ?highlight the continuing terror . . . . . . . SUMMARY OF TERRORISM THREAT TO THE S. HOMELAAD threat to the US. Homeland? in what is described as ?a generatlonal fight against terrorists who seek to attack the American people, our country, and our way of life.? - The purpose of the Bulletin is to ensure that an ?informed, vigilant and engaged public remains ADDITIONAL DETAILS w. .womnu- Ir. in). on- to not! Jim-ff; fro-l unc- on fuo'qp tau-I 1m 'wrct t. more Udbl, OI chad-rumma- ovum hora Pun-o'n: one of our greatest assets to identify potential terrorists and prevent attacks.? Emu-"rm ?mm comm-d "ad-l opal-cum- x. .000 ?anon Once again, the Bulletin emphaSIZes that the United States continues ?to face one of the most ?:11:me T: ?0.me Ed in. ?3 In challengmg threat env1ronments smce 9/11, as forelgn terrorist organizations the Internet ?mfg?: IRIOM .O'fi?u. Y. exploit the Internet to inspire, enable, or direct individuals already here in the homeland .W .. w. WHOM and mum! chunk; on: och-Lug or: unsung-1 may convey to comm1t terrorist acts. . . Indium" Inf-3'. m-vum 'fmn My hm omct'od In: mart" numb-xi may ited as 3 Signi?cant aggravating factor in the terrorist threat IS the reliance of homegrown - ?m . . . . co Erroars Violent extremists on technology, such as end-to-end soc1al media to 2.2137132?; ?31323?: ?37.27.3233 31231 aVOld deteCtlon 2:5. meta, m? If. ?8 :01! 11:0! ?:qu ponmn b; and Jammiemfmmumom-nm batch-10M waning "mm. Until"; .Jubo? 7m on: 4-3., whining vun'nl 'uzvmluum rd Terrorist groups urge their supporters ?to adopt easy?to-use tools to target public places and pm. But trendy, 9'15 comma-I: 1.: among ?Wu-and Tran "mm now-duo uncanny-01L on am but (1le mtg-m com-2m 0' com!? events such as ?vehicle ramming, to include the use of rental vehicles, small arms, straight-edged blades or knives, homemade explosives, and poisons or toxins.? HOW YOU CAN HELP BE PREPARED STAY INFORMED The content of the NTAS Bulletins has remained virtually identical since May 2017 six re?issued advisories covering a period of 2 years and 8 months with no signi?cant change in content, despite the assessment that the United States is confronting ?one of the most challenging threat environments since 9/11.? During this extended period, the private sector, acting through the Critical Infrastructure Cross Sector Council, has repeatedly offered substantive input to ensure the NTAS Bulletins actually support the informed vigilance, timely reporting, and ensuing investigative efforts that can lead and has led to prevention. This input has included materials that specifically highlight instances when employees or members of the public have contributed to disruption or deterrence of an act of terrorism by their attentiveness and timely reporting of observed suspicious activity or concerning behaviors or obj ects. Industry has also offered a tip guide for individual awareness in public settings. These initiatives have been ignored. The Critical Infrastructure Cross Sector Council is not even consulted on the planned re-issuance of the Bulletins. Their release comes as a surprise. The effects: the Bulletins are reduced to background noise with opportunities repeatedly missed to use them to gain and maintain attention through reference to speci?c incidents in which employees and the public have made the essential difference.
Page 13 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Japan: Incendiary Attack at Animation Studio Highlights Potential Terror Tactic At least 33 people died and dozens suffered injuries after a man set ?re to an animation studio in the Japanese city of Kyoto. Police reported the 41-year-old suspect broke into the Kyoto Animation studio on Thursday morning, July 18, 2019, and sprayed petrol before igniting it. The suspect was detained by police and hospitalized with injuries. Japan's Prime Minister Shinzo Abe said the incident was ?too appalling for words? and offered condolences. This attack marks one of apan's worst mass casualty incidents since World War Two. Kyoto Animation, known as KyoAni, produces ?lms and graphic novels and is well regarded by fans for the quality of its productions. The ?re broke out at the three-story building at about 10:30 local time last Thursday. Eyewitnesses described a loud explosion followed by an inferno that rapidly engulfed the building. Police also found knives at the scene. Public broadcaster NHK said the man had been heard saying "drop dead" as he set ?re to the building. The suspect's relationship with the company is unclear. Published reports content the man is not a former employee - but witnesses say he appeared to be angry with the studio. The Asahi Shimbun newspaper quoted a 61-year-old neighbor as saying she clearly heard the man shout: ?You ripped me off.? Witnesses further described the attacker?s ?eeing from the scene, noting that he ran away from the building towards a nearby train station after the ?re started but fell to the ground. Some reports said he was pursued by employees of Kyoto Animation. Fire?ghters con?rmed ?nding 33 bodies two on the ?rst ?oor, 11 on the second ?oor, and 20 on the stairs from the third ?oor to the top ?oor. Some 36 people were hospitalized, some in a critical condition. About 70 people were in the building when the ?re started. A, 2 While a terrorist motivation is not attributed to the suspect in this mass casualty incendiary attack, the effects of what he in?icted are terrifying for the apparent ease with which he was able to kill and injure dozens of people at a globally renowned studio in Japan and for the example this tactic provides to plotters of acts of terrorism. With just 40 liters of gasoline about 9 gallons purchased earlier at a nearby gas station the attacker produced a conflagration that killed victims both by burning and damaging the building structure. Fire?ghters reported most bodies were found in stairwell that collapsed due to effects of the ?re. Relevant in this regard is Islamist extremist propaganda, notably Al Qaeda in the Arabian Peninsula?s Inspire magazine that urges use of ?re as a weapon. The focus has been on causing damage and devastation, such as through intentionally set forest ?res. With this mindset, it is a short step to urge tactics emulating the Kyoto Animation attackers.
OFFICIAL USE ONLY Japan: Incendiary Attack at Animation Studio Highlights Potential Terror Tactic At least 33 people died and dozens suffered injuries after a man set ?re to an animation studio in the Japanese city of Kyoto. Police reported the 41-year-old suspect broke into the Kyoto Animation studio on Thursday morning, July 18, 2019, and sprayed petrol before igniting it. The suspect was detained by police and hospitalized with injuries. Japan's Prime Minister Shinzo Abe said the incident was ?too appalling for words? and offered condolences. This attack marks one of apan's worst mass casualty incidents since World War Two. Kyoto Animation, known as KyoAni, produces ?lms and graphic novels and is well regarded by fans for the quality of its productions. The ?re broke out at the three-story building at about 10:30 local time last Thursday. Eyewitnesses described a loud explosion followed by an inferno that rapidly engulfed the building. Police also found knives at the scene. Public broadcaster NHK said the man had been heard saying "drop dead" as he set ?re to the building. The suspect's relationship with the company is unclear. Published reports content the man is not a former employee - but witnesses say he appeared to be angry with the studio. The Asahi Shimbun newspaper quoted a 61-year-old neighbor as saying she clearly heard the man shout: ?You ripped me off.? Witnesses further described the attacker?s ?eeing from the scene, noting that he ran away from the building towards a nearby train station after the ?re started but fell to the ground. Some reports said he was pursued by employees of Kyoto Animation. Fire?ghters con?rmed ?nding 33 bodies two on the ?rst ?oor, 11 on the second ?oor, and 20 on the stairs from the third ?oor to the top ?oor. Some 36 people were hospitalized, some in a critical condition. About 70 people were in the building when the ?re started. A, 2 While a terrorist motivation is not attributed to the suspect in this mass casualty incendiary attack, the effects of what he in?icted are terrifying for the apparent ease with which he was able to kill and injure dozens of people at a globally renowned studio in Japan and for the example this tactic provides to plotters of acts of terrorism. With just 40 liters of gasoline about 9 gallons purchased earlier at a nearby gas station the attacker produced a conflagration that killed victims both by burning and damaging the building structure. Fire?ghters reported most bodies were found in stairwell that collapsed due to effects of the ?re. Relevant in this regard is Islamist extremist propaganda, notably Al Qaeda in the Arabian Peninsula?s Inspire magazine that urges use of ?re as a weapon. The focus has been on causing damage and devastation, such as through intentionally set forest ?res. With this mindset, it is a short step to urge tactics emulating the Kyoto Animation attackers.
Page 14 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Washington: Anarchist Killed During Attack on Northwest Detention Center Will Van Spronsen, a 69-year-old self-proclaimed anarchist and anti-fascist, was shot and killed while attacking the Northwest Detention Center in Tacoma, Washington. According to local media reports, Van Spronsen was armed with a ri?e, and threw incendiary devices at the facility, where migrants are being held pending deportation proceedings. . . Twenty-s Irn?izrart ?athe?s and sons have sued The CEO Creep, \Ahid? immierat 0'1 . - - - The Tacoma Northwest Detentlon centel (RWDC) lS privately run by the G60 (Eroup1 and has detention centers the fetterel goverrn?ent, a leging that ern?ed men swarmec their accused 0f immigrant parents from their Children under the Trump "301?: a Texas based :er?tc anc L.:ed exceszve force to separate then, Administration?s ?zero tolerance? nth)! dli 11 wide iI j.1m linl agailm fall iy xt?pd'diit m. The police said in the aftermath of the incident that Van Spronsen set a vehicle on ?re and attempted to ignite a propane tank at the detention center. Van Spronsen was reportedly also found to have had ?ares and a satchel on his person. The police said that they called out to Van Spronsen and that shots were fired. Four police officers were involved in the response to Van Spronsen; the 1 ?7 I incident occurred at 4: 00 am local time after a peaceful why in front of the detention facility. . -15531 . ?in-ad; 'p "Si: i . In the aftermath of the incident, anarchists released an anonymously-written statement on the Paci?c Northwest- MM 7 based website Puget Sound Anarchist in support of Van Spronsen?s actions, and also stated their intent to continue opposing the detention center: ?W'ill gave his life fighting ICE we may never know what speci?cally what was going through his head in the last hours of his life but we know that the NWDC must be destroyed and the prisoners must . be freed.? The NWDC is located directly next to BNSF Railway tracks, and has attracted past protest actions. In July 2018, anti-ICE demonstrators reportedly blocked the gates of the facility and built a makeshift protest camp on top of the nearby tracks, temporarily disrupting railway operations. The controversy surrounding Van Spronsen?s attack on the NWDC may lead to an increase in protest activities at that location in the near future, spurring further opposition and protest activity from activists maintaining adverse stances towards both the Trump Administration?s immigration policies and Immigrant Customs Enforcement (ICE) operations. Q, a, OFFICIAL USE ONLY
OFFICIAL USE ONLY Washington: Anarchist Killed During Attack on Northwest Detention Center Will Van Spronsen, a 69-year-old self-proclaimed anarchist and anti-fascist, was shot and killed while attacking the Northwest Detention Center in Tacoma, Washington. According to local media reports, Van Spronsen was armed with a ri?e, and threw incendiary devices at the facility, where migrants are being held pending deportation proceedings. . . Twenty-s Irn?izrart ?athe?s and sons have sued The CEO Creep, \Ahid? immierat 0'1 . - - - The Tacoma Northwest Detentlon centel (RWDC) lS privately run by the G60 (Eroup1 and has detention centers the fetterel goverrn?ent, a leging that ern?ed men swarmec their accused 0f immigrant parents from their Children under the Trump "301?: a Texas based :er?tc anc L.:ed exceszve force to separate then, Administration?s ?zero tolerance? nth)! dli 11 wide iI j.1m linl agailm fall iy xt?pd'diit m. The police said in the aftermath of the incident that Van Spronsen set a vehicle on ?re and attempted to ignite a propane tank at the detention center. Van Spronsen was reportedly also found to have had ?ares and a satchel on his person. The police said that they called out to Van Spronsen and that shots were fired. Four police officers were involved in the response to Van Spronsen; the 1 ?7 I incident occurred at 4: 00 am local time after a peaceful why in front of the detention facility. . -15531 . ?in-ad; 'p "Si: i . In the aftermath of the incident, anarchists released an anonymously-written statement on the Paci?c Northwest- MM 7 based website Puget Sound Anarchist in support of Van Spronsen?s actions, and also stated their intent to continue opposing the detention center: ?W'ill gave his life fighting ICE we may never know what speci?cally what was going through his head in the last hours of his life but we know that the NWDC must be destroyed and the prisoners must . be freed.? The NWDC is located directly next to BNSF Railway tracks, and has attracted past protest actions. In July 2018, anti-ICE demonstrators reportedly blocked the gates of the facility and built a makeshift protest camp on top of the nearby tracks, temporarily disrupting railway operations. The controversy surrounding Van Spronsen?s attack on the NWDC may lead to an increase in protest activities at that location in the near future, spurring further opposition and protest activity from activists maintaining adverse stances towards both the Trump Administration?s immigration policies and Immigrant Customs Enforcement (ICE) operations. Q, a, OFFICIAL USE ONLY
Page 15 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Italy: Police Seize Air-to-Air Missile from Far-Right Group On Monday, July 15, 2019, it was reported that three alleged members of a far-right group were detained by Italian anti-terror police following a raid in which of?cers seized a three-meter long air-to-air missile and a large stash of automatic weapons. The discoveries came after a year-long operation that started with an initial investigation into Italians who took part in the Russia backed insurgency in the Donbass region of eastern Ukraine. The initial investigation led to the arrest of Fabio Del Bergiolo, a 50 year old ex-customs of?cer, who is an activist for a neo-fascist political party in Italy, Forza Nuova, and who also ran unsuccessfully as a Senate candidate in 2001. During a raid of his home in Gallarate, police found 9 assault weapons, including a submachine gun, about 30 hunting automatic ri?es, pistols, shotguns, ammunition, combat-style knives including bayonets, antique Nazi plaques with the swastika insignia, and several other Nazi memorabilia. Following the discovery of the ??combat?ready? missile,? police arrested Alessandro Michele Aloise Monti, a 42-year-old Swiss national, and Fabio Amalio Bernardi, a 51 year old Italian citizen, near Forli airport. The missile was found by police at an airport hanger at Rivanazzano Terme airport in Pavia, the Lombardy region in northern Italy, where the detainees were reportedly seeking to sell it for around $530,000 to an ?of?cial working for a foreign nation.? The missile is reportedly a French-made ?Matra Super 530 from October 1980 and in ?perfect working order.? The weapon was reportedly imported from Qatar. According to police, the missile is believed to have originated from the Qatari armed forces. The operation was led by the Turin special police force, called Digos, who deal with cases involving organized crime and terrorism, were joined by of?cers from Milan, Varese, Forli, and Novara. The chief of Digos, Carlo Ambra, issued a statement that said, ?investigators intercepted phone conversations between one of the men and an arms expert who proposed purchasing the missile on behalf of a third party.? He went on to say that investigations are ongoing. The name of group the detainees belong to has not been named. 2_6, g, E, E,
OFFICIAL USE ONLY Italy: Police Seize Air-to-Air Missile from Far-Right Group On Monday, July 15, 2019, it was reported that three alleged members of a far-right group were detained by Italian anti-terror police following a raid in which of?cers seized a three-meter long air-to-air missile and a large stash of automatic weapons. The discoveries came after a year-long operation that started with an initial investigation into Italians who took part in the Russia backed insurgency in the Donbass region of eastern Ukraine. The initial investigation led to the arrest of Fabio Del Bergiolo, a 50 year old ex-customs of?cer, who is an activist for a neo-fascist political party in Italy, Forza Nuova, and who also ran unsuccessfully as a Senate candidate in 2001. During a raid of his home in Gallarate, police found 9 assault weapons, including a submachine gun, about 30 hunting automatic ri?es, pistols, shotguns, ammunition, combat-style knives including bayonets, antique Nazi plaques with the swastika insignia, and several other Nazi memorabilia. Following the discovery of the ??combat?ready? missile,? police arrested Alessandro Michele Aloise Monti, a 42-year-old Swiss national, and Fabio Amalio Bernardi, a 51 year old Italian citizen, near Forli airport. The missile was found by police at an airport hanger at Rivanazzano Terme airport in Pavia, the Lombardy region in northern Italy, where the detainees were reportedly seeking to sell it for around $530,000 to an ?of?cial working for a foreign nation.? The missile is reportedly a French-made ?Matra Super 530 from October 1980 and in ?perfect working order.? The weapon was reportedly imported from Qatar. According to police, the missile is believed to have originated from the Qatari armed forces. The operation was led by the Turin special police force, called Digos, who deal with cases involving organized crime and terrorism, were joined by of?cers from Milan, Varese, Forli, and Novara. The chief of Digos, Carlo Ambra, issued a statement that said, ?investigators intercepted phone conversations between one of the men and an arms expert who proposed purchasing the missile on behalf of a third party.? He went on to say that investigations are ongoing. The name of group the detainees belong to has not been named. 2_6, g, E, E,
Page 16 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Somali: Al Shabaab Claims Responsibility for Deadly Terror Attack in Kismayo On Friday, July 12, 2019, at least four militants af?liated with Al Shabaab, an Islamist terrorist group linked to al Qaeda, launched an attack on the Asasey hotel in the Somali port of Kismayo, killing 27 people and injuring 56 others. The assault began with a suicide bomber ramming a car packed with explosives and continued with a gun battle that lasted over 14 hours. Those killed include three Kenyans, three Tanzanians, two Americans, one Canadian and one Briton, according to Ahmed Madobe, the president of Jubaland regional state which controls Kismayo. All of the attackers were also reportedly shot dead by Somali troops. Al Shabaab has claimed responsibility for the attack in an online statement, asserting it had targeted Jubaland state ministers, regional and federal lawmakers, as well as candidates in the hotel. The incident occurred as local of?cials met inside the hotel ahead of regional elections in August. Responding security forces reportedly managed to rescue dozens of people. The US State Department reportedly said it would continue to work with local authorities to support ?a credible, . ?5 democratic electoral process in Jubaland.? 3 a 1 The port of Kismayo has been relatively peaceful after Al Shabaab was driven out; however, attacks regularly occur in Mogadishu. Somalia remains war-torn and volatile security environment. Clan-based violence remains problematic. The Somali National Army (SNA) continues to receive training and support by the United States government. Allocated under the Somali National Government, the SNA provides a centralized effort for securing Somali region and borders. A heavy presence of UN-backed African Union peacekeepers also remains in country, supporting efforts to deter the terrorist group Al Shabaab (translated as ?the youth?), which remains active in portions of Somalia and Kenya. The United States reopened a diplomatic mission in the capital Mogadishu last December for the ?rst time in over 15 years a substantial development as the security environment throughout Mogadishu was such that would not allow sustained outside presence for years. The American embassy in Somalia was closed in 1991 and all diplomatic personnel were evacuated due to the ongoing civil war in the country. E,
OFFICIAL USE ONLY Somali: Al Shabaab Claims Responsibility for Deadly Terror Attack in Kismayo On Friday, July 12, 2019, at least four militants af?liated with Al Shabaab, an Islamist terrorist group linked to al Qaeda, launched an attack on the Asasey hotel in the Somali port of Kismayo, killing 27 people and injuring 56 others. The assault began with a suicide bomber ramming a car packed with explosives and continued with a gun battle that lasted over 14 hours. Those killed include three Kenyans, three Tanzanians, two Americans, one Canadian and one Briton, according to Ahmed Madobe, the president of Jubaland regional state which controls Kismayo. All of the attackers were also reportedly shot dead by Somali troops. Al Shabaab has claimed responsibility for the attack in an online statement, asserting it had targeted Jubaland state ministers, regional and federal lawmakers, as well as candidates in the hotel. The incident occurred as local of?cials met inside the hotel ahead of regional elections in August. Responding security forces reportedly managed to rescue dozens of people. The US State Department reportedly said it would continue to work with local authorities to support ?a credible, . ?5 democratic electoral process in Jubaland.? 3 a 1 The port of Kismayo has been relatively peaceful after Al Shabaab was driven out; however, attacks regularly occur in Mogadishu. Somalia remains war-torn and volatile security environment. Clan-based violence remains problematic. The Somali National Army (SNA) continues to receive training and support by the United States government. Allocated under the Somali National Government, the SNA provides a centralized effort for securing Somali region and borders. A heavy presence of UN-backed African Union peacekeepers also remains in country, supporting efforts to deter the terrorist group Al Shabaab (translated as ?the youth?), which remains active in portions of Somalia and Kenya. The United States reopened a diplomatic mission in the capital Mogadishu last December for the ?rst time in over 15 years a substantial development as the security environment throughout Mogadishu was such that would not allow sustained outside presence for years. The American embassy in Somalia was closed in 1991 and all diplomatic personnel were evacuated due to the ongoing civil war in the country. E,
Page 17 from RADAR Report for July 18 to 21, 2019
UNCLASSIFIEDHFOR OFFICIAL USE ONLY Worldwide: Far-Right Social Network Joins Social Justice Twitter Alternative The social media platform Gab, which is reportedly home to one of the largest far-right online social media networks, has reportedly switched its backend to run on software from Mastodon - which was launched as a social justice friendly and decentralized alternative to Twitter. Mastodon is run through numerous ?federations? - servers that any user can setup. Different ?federations? are able to interact with each other through Mastodon?s software. Due to Mastodon?s open-source code, there is now reportedly no functional way for Mastodon to close Gab, which has already been banned from accepting donations through PayPal, and also lost its former webhost, GoDaddy. Mastodon has released a statement denouncing Gab and has claimed that it will do everything in its power to isolate the extremist social media site. In recent years, Gab has attracted negative attention due to the proliferation of far-right extremist groups and individuals on its platform, including neo-Nazi and white supremacist militants. Among the users of Gab was the alleged perpetrator of the October 2018 Tree of Life synagogue mass shooting in Pittsburgh. Gab has attracted criticism for not cracking down on neo-Nazi and similar far-right content (unlike Facebook and Twitter); some far- right posters on Gab have called for violence against minority groups and for terrorist attacks. One Gab user was identi?ed as the member of a militant network (active in ?ve groups across the US, Canada, South Africa, and Europe) calling for attacks to carried out against the electrical grid; these groups were reportedly connected to the Attomwaffen Division and that group?s af?liated network. Some neo-Nazi militants posted pictures of themselves standing in front of power grids, urging their audience to commit attacks. Gab claims that it relies on a small moderation team, and relies on ?independent reports? to bring Violations of its terms of service to its attention. The role that social networks and other kinds of online activity has attracted greater attention from law enforcement agencies and counter-terrorism experts in recent years; some have argued that Gab plays an important role in spreading neo-Nazi ideology both by offering adherents a more ?mainstream? platform - which gives greater access to potential new recruits as well as opportunities to share violent propaganda. Q, OFFICIAL USE ONLY
UNCLASSIFIEDHFOR OFFICIAL USE ONLY Worldwide: Far-Right Social Network Joins Social Justice Twitter Alternative The social media platform Gab, which is reportedly home to one of the largest far-right online social media networks, has reportedly switched its backend to run on software from Mastodon - which was launched as a social justice friendly and decentralized alternative to Twitter. Mastodon is run through numerous ?federations? - servers that any user can setup. Different ?federations? are able to interact with each other through Mastodon?s software. Due to Mastodon?s open-source code, there is now reportedly no functional way for Mastodon to close Gab, which has already been banned from accepting donations through PayPal, and also lost its former webhost, GoDaddy. Mastodon has released a statement denouncing Gab and has claimed that it will do everything in its power to isolate the extremist social media site. In recent years, Gab has attracted negative attention due to the proliferation of far-right extremist groups and individuals on its platform, including neo-Nazi and white supremacist militants. Among the users of Gab was the alleged perpetrator of the October 2018 Tree of Life synagogue mass shooting in Pittsburgh. Gab has attracted criticism for not cracking down on neo-Nazi and similar far-right content (unlike Facebook and Twitter); some far- right posters on Gab have called for violence against minority groups and for terrorist attacks. One Gab user was identi?ed as the member of a militant network (active in ?ve groups across the US, Canada, South Africa, and Europe) calling for attacks to carried out against the electrical grid; these groups were reportedly connected to the Attomwaffen Division and that group?s af?liated network. Some neo-Nazi militants posted pictures of themselves standing in front of power grids, urging their audience to commit attacks. Gab claims that it relies on a small moderation team, and relies on ?independent reports? to bring Violations of its terms of service to its attention. The role that social networks and other kinds of online activity has attracted greater attention from law enforcement agencies and counter-terrorism experts in recent years; some have argued that Gab plays an important role in spreading neo-Nazi ideology both by offering adherents a more ?mainstream? platform - which gives greater access to potential new recruits as well as opportunities to share violent propaganda. Q, OFFICIAL USE ONLY
Page 18 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Worldwide: Iranian Drone Downed by US. Military The United States military is reported to have destroyed an Iranian Drone that had come within 1000 yards of the USS Boxer deployed in the Strait of Hormuz. Using the new anti?Drone system, Marine Corps? Light Marine Air Defense Integrated System (LMADIS), the drone?s Global Positioning System (GPS) signal was ?jammed? or potentially spoofed, reportedly rendering it useless. Details are minimal at this time. The recurring issue of GPS signal interference was highlighted in a recently released C4ADS report analyzing 10,000 GPS spoo?ng incidents conducted by Russia supporting their Syrian operations. These incidents are believed to be the source of other GPS interruptions across the Middle East that have impacted airports, including Tel Aviv?s Ben Gurion International Airport. This reported downing marks the second drone incident in the past few month-plus. In June 2019, a unit of the Iranian Revolutionary Guard shot down a .S. surveillance drone that, according to Iran?s of?cials position, was operating in its airspace. The United States has remained adamant that the drone was over international waters. In retaliation, the US allegedly conducted offensive cyber operations targeting Iran?s missile control systems and computer systems used by Iranian intelligence. A third operation was reported by CNN that claims Hezbollah?s communications network was also targeted. In 2011, Iran was able to spoof the US RQ-170 Sentinel and safely land it in Iran with minimal damage. Iran has claimed that they were able to reverse engineer the RQ-170, developing their own version named Sa?egheh or Shahed-l7l. In a February 2018 incident, Israel shot down a Sa?egheh, con?rming that the craft was advanced and the technology was largely based of the RQ- 1 70. Drones are becoming increasingly prevalent in military operations, as a means for surveillance and for transport of weapons. As their use increases, so do the capabilities to commandeer or destroy them through electronic means. GPS spoo?ng and jamming are relatively easy methods of electronic warfare using tools that are cheap and readily available on the internet. This method is not limited to drones, most of the Russian incidents in the C4ADS impacted maritime vessels and aircraft, although no accidents were reported. The commonality of this tactic prompted 14 Maritime organizations to ask the US Coast Guard to raise this concern at the International Maritime Organization Council. 4_0, Q, Q, Q, Images of the R0470 Sentnel tarzen from a US Army 'ecogmtvon mama: OFFICIAL USE ONLY
OFFICIAL USE ONLY Worldwide: Iranian Drone Downed by US. Military The United States military is reported to have destroyed an Iranian Drone that had come within 1000 yards of the USS Boxer deployed in the Strait of Hormuz. Using the new anti?Drone system, Marine Corps? Light Marine Air Defense Integrated System (LMADIS), the drone?s Global Positioning System (GPS) signal was ?jammed? or potentially spoofed, reportedly rendering it useless. Details are minimal at this time. The recurring issue of GPS signal interference was highlighted in a recently released C4ADS report analyzing 10,000 GPS spoo?ng incidents conducted by Russia supporting their Syrian operations. These incidents are believed to be the source of other GPS interruptions across the Middle East that have impacted airports, including Tel Aviv?s Ben Gurion International Airport. This reported downing marks the second drone incident in the past few month-plus. In June 2019, a unit of the Iranian Revolutionary Guard shot down a .S. surveillance drone that, according to Iran?s of?cials position, was operating in its airspace. The United States has remained adamant that the drone was over international waters. In retaliation, the US allegedly conducted offensive cyber operations targeting Iran?s missile control systems and computer systems used by Iranian intelligence. A third operation was reported by CNN that claims Hezbollah?s communications network was also targeted. In 2011, Iran was able to spoof the US RQ-170 Sentinel and safely land it in Iran with minimal damage. Iran has claimed that they were able to reverse engineer the RQ-170, developing their own version named Sa?egheh or Shahed-l7l. In a February 2018 incident, Israel shot down a Sa?egheh, con?rming that the craft was advanced and the technology was largely based of the RQ- 1 70. Drones are becoming increasingly prevalent in military operations, as a means for surveillance and for transport of weapons. As their use increases, so do the capabilities to commandeer or destroy them through electronic means. GPS spoo?ng and jamming are relatively easy methods of electronic warfare using tools that are cheap and readily available on the internet. This method is not limited to drones, most of the Russian incidents in the C4ADS impacted maritime vessels and aircraft, although no accidents were reported. The commonality of this tactic prompted 14 Maritime organizations to ask the US Coast Guard to raise this concern at the International Maritime Organization Council. 4_0, Q, Q, Q, Images of the R0470 Sentnel tarzen from a US Army 'ecogmtvon mama: OFFICIAL USE ONLY
Page 19 from RADAR Report for July 18 to 21, 2019
Jeff Bardin, the Chief Intelligence Of?cer for the alifornia-based security ?rm Treadstone 71 has reportedly unmasked ?Mr. Tekide?, a malware developer and hacker who allegedly assisted in Iranian espionage activities directed against the United States and other foreign countries and organizations. Bardin has alleged that the true identity of ?Mr. Tekide? is a 29-year?old Iranian veterinarian named Mostafa Selahi Qalavand. According to Bardin. Qalavand?s role was not to attack Western targets himself, but to assist others in doing so through developing sophisticated and malware. are the tools used to conceal the malware used in an attack. They have been reportedly used in attacks directed against the United States, other Western countries, Sunni Arab countries, and Israel. Qalavand apparently started his cyber activities in the late 20008 with the Iranian hacker forum Ashiyane. Bardin has started his belief that Qalavand tried to stop his hacking activities in order to focus on his veterinary career - with the eventual goal of working in the European Union, but restarted his cyber-activities in late 2018 apparently owing to monetary needs. The true identity of ?Mr. Tekide? was reportedly uncovered due to Qalavand?s attempts to scrub his hacking background. Bardin has noted that the cyphers developed by Qalavand as ?Mr. Tekide? have been used in cyber- attacks undertaken by the APT34 hacking group (also known as ?OilRig? and ?MuddyWater?), which is responsible for cyber-attacks directed against targets in the Middle East. In March 2019, a hacker group exposed the members of operations of APT34. In recent years, Iran has emerged as one of the major state sponsors of cyber-attacks on foreign targets. The unmasking of ?Mr. Tekide?, along with other recent revelations pertaining to APT34, may shed additional light on the extent and reach of Iran?s cyber warfare infrastructure. OFFICIAL USE ONLY OFFICIAL USE ONLY Iran: Identity of Iranian Hacker who Aided in Espionage Against US Revealed The revelation of the true identity of ?Mr. Tekide? comes at a time of increased geopolitical tensions between Iran and the United States in the Middle East, which has also manifested in the realm of cyberspace. The US Department of Homeland Security has issued warnings to US companies that Iranian state- backed hacking groups may attempt to increase their attacks against US targets. It is possible that additional information regarding this case may shed further light on the ways in which the Iranian government and security agencies develop and utilize malware and cypher tools in attacks. g,
Jeff Bardin, the Chief Intelligence Of?cer for the alifornia-based security ?rm Treadstone 71 has reportedly unmasked ?Mr. Tekide?, a malware developer and hacker who allegedly assisted in Iranian espionage activities directed against the United States and other foreign countries and organizations. Bardin has alleged that the true identity of ?Mr. Tekide? is a 29-year?old Iranian veterinarian named Mostafa Selahi Qalavand. According to Bardin. Qalavand?s role was not to attack Western targets himself, but to assist others in doing so through developing sophisticated and malware. are the tools used to conceal the malware used in an attack. They have been reportedly used in attacks directed against the United States, other Western countries, Sunni Arab countries, and Israel. Qalavand apparently started his cyber activities in the late 20008 with the Iranian hacker forum Ashiyane. Bardin has started his belief that Qalavand tried to stop his hacking activities in order to focus on his veterinary career - with the eventual goal of working in the European Union, but restarted his cyber-activities in late 2018 apparently owing to monetary needs. The true identity of ?Mr. Tekide? was reportedly uncovered due to Qalavand?s attempts to scrub his hacking background. Bardin has noted that the cyphers developed by Qalavand as ?Mr. Tekide? have been used in cyber- attacks undertaken by the APT34 hacking group (also known as ?OilRig? and ?MuddyWater?), which is responsible for cyber-attacks directed against targets in the Middle East. In March 2019, a hacker group exposed the members of operations of APT34. In recent years, Iran has emerged as one of the major state sponsors of cyber-attacks on foreign targets. The unmasking of ?Mr. Tekide?, along with other recent revelations pertaining to APT34, may shed additional light on the extent and reach of Iran?s cyber warfare infrastructure. OFFICIAL USE ONLY OFFICIAL USE ONLY Iran: Identity of Iranian Hacker who Aided in Espionage Against US Revealed The revelation of the true identity of ?Mr. Tekide? comes at a time of increased geopolitical tensions between Iran and the United States in the Middle East, which has also manifested in the realm of cyberspace. The US Department of Homeland Security has issued warnings to US companies that Iranian state- backed hacking groups may attempt to increase their attacks against US targets. It is possible that additional information regarding this case may shed further light on the ways in which the Iranian government and security agencies develop and utilize malware and cypher tools in attacks. g,
Page 20 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Insider Threat Report: Out of Sight Should Never Be Out of Mind According to the Verizon Insider Threat report released March 2019, 57% of database breaches involved an insider employed or contracted by the organization, with Privilege NIisuse2 (also called Insider and Privilege Misuse) representing approximately 20% of all cybersecurity incidents and nearly 15% of all data breaches in the 2018. The Insider and Privilege lVIisuse pattern includes insider threats when external threats collaborate with internal actors to access a company?s information or assets. In the Breaches per Pattern data, Miscellaneous Errors rank second. The unintentional insider can be mitigated through low cost policy and process changes and security awareness. For example, having a clear policy in place that limits USB use or that restricts emailing to a personal account can prevent sensitive information from leaving the network. Annual security awareness training that instructs employees on how to identify and report phishing attempts can prevent a network breach. Unfortunately, the Privilege NIisuse incidents are more dif?cult to detect and prevent due to the individuals privileged access network administrator credentials) and knowledge of the network environment to circumvent security measures. The recently unsealed indictment of William Yao for stealing proprietary data from a locomotive Manufacturer in the Chicago area demonstrates the impact and economic and security consequences and implications of a malicious insider. This case also highlights the extent of damage to which a knowledgeable insider, such as a software or network engineer or system administrator, can cause without detection. The importance of being prepared for both external and interna: threats is clear in reading the 2018 Verizon DBIR. Will? a data-driven overview of cata breaches' and cybersecurily inciuenls. [he DBIR idemilies key Incident classr?icallon patterns In cybe'securily incrdenls and data breaches, Internal and throats mo bot'i cause for concern Incidents per Pattern Breaches per Pattern nuFigures 1-2. 2018 DBIR Incidents per Pattern and Breaches per Pattern Yao began downloading a large amount of ?les only two weeks from his hire date. This early illegal activity indicates that he sought employment at the victim?s company intentionally for the purpose of stealing sensitive information, most likely at the behest of the Chinese government. The undisclosed company likely hired Yao because of his technical background, which is increasingly hard to come by for organizations with constrained information technology budgets. This constraint on resources also makes it dif?cult to purchase, implement and maintain the people, processes and technologies to prevent sensitive data and intellectual property from being ex?ltrated. In this case, Human Resource processes that can be established, reviewed and adjusted can assist in vetting and selection of potential employees. For example: detailed job descriptions that clearly communicate responsibilities; hiring processes that includes vetting through background checks, comprehensive interviews and pre-employment checks; established and communicated disciplinary actions; and exit processes that include timely user account termination and employee issued equipment returns, are relatively low cost measures that can prevent an intentional and unintentional insider from doing costly damage. Q,
OFFICIAL USE ONLY Insider Threat Report: Out of Sight Should Never Be Out of Mind According to the Verizon Insider Threat report released March 2019, 57% of database breaches involved an insider employed or contracted by the organization, with Privilege NIisuse2 (also called Insider and Privilege Misuse) representing approximately 20% of all cybersecurity incidents and nearly 15% of all data breaches in the 2018. The Insider and Privilege lVIisuse pattern includes insider threats when external threats collaborate with internal actors to access a company?s information or assets. In the Breaches per Pattern data, Miscellaneous Errors rank second. The unintentional insider can be mitigated through low cost policy and process changes and security awareness. For example, having a clear policy in place that limits USB use or that restricts emailing to a personal account can prevent sensitive information from leaving the network. Annual security awareness training that instructs employees on how to identify and report phishing attempts can prevent a network breach. Unfortunately, the Privilege NIisuse incidents are more dif?cult to detect and prevent due to the individuals privileged access network administrator credentials) and knowledge of the network environment to circumvent security measures. The recently unsealed indictment of William Yao for stealing proprietary data from a locomotive Manufacturer in the Chicago area demonstrates the impact and economic and security consequences and implications of a malicious insider. This case also highlights the extent of damage to which a knowledgeable insider, such as a software or network engineer or system administrator, can cause without detection. The importance of being prepared for both external and interna: threats is clear in reading the 2018 Verizon DBIR. Will? a data-driven overview of cata breaches' and cybersecurily inciuenls. [he DBIR idemilies key Incident classr?icallon patterns In cybe'securily incrdenls and data breaches, Internal and throats mo bot'i cause for concern Incidents per Pattern Breaches per Pattern nuFigures 1-2. 2018 DBIR Incidents per Pattern and Breaches per Pattern Yao began downloading a large amount of ?les only two weeks from his hire date. This early illegal activity indicates that he sought employment at the victim?s company intentionally for the purpose of stealing sensitive information, most likely at the behest of the Chinese government. The undisclosed company likely hired Yao because of his technical background, which is increasingly hard to come by for organizations with constrained information technology budgets. This constraint on resources also makes it dif?cult to purchase, implement and maintain the people, processes and technologies to prevent sensitive data and intellectual property from being ex?ltrated. In this case, Human Resource processes that can be established, reviewed and adjusted can assist in vetting and selection of potential employees. For example: detailed job descriptions that clearly communicate responsibilities; hiring processes that includes vetting through background checks, comprehensive interviews and pre-employment checks; established and communicated disciplinary actions; and exit processes that include timely user account termination and employee issued equipment returns, are relatively low cost measures that can prevent an intentional and unintentional insider from doing costly damage. Q,
Page 21 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY TrickBot Malware has Compromised 250 million Email Accounts The security ?rm, Deep Instinct, has discovered a new variant of the ?nancial malware known as TrickBot and a corresponding database of 250 million harvested email accounts from government and businesses in the 17.8., Canada and Britain. The TrickBot malware, active since 2016, has mostly focused on ?nancial data theft; however, it has evolved into a sophisticated multi?purpose self replicating malware that actively avoids detection and harvests an enormous amounts of data, including log-in credentials, according to Deep Instinct researchers. The malware is typically distributed via spear phishing emails - like bogus resumes sent to human resources or invoices sent to accounting personnel, in the form of NIicrosoft Word or Excel ?les. Once a computer has been compromised, TrickBot downloads a distribution module called Trickbooster, which is signed with a valid certi?cate. The Trickbooster malware will quickly harvest the email addresses associated with the compromised account and sends them malicious emails, deleting any trace of the sent email from the outbox and trash folders. Attack Flow According to the Deep Instinct investigation and analysis, the 250 million accounts were not associated with previous known breaches. It is, therefore, a new and successful campaign. The breakdown of these accounts encompasses many government departments and agencies in the United States, including but not limited to the Department of Justice, the Department of Homeland Security, the Department of State, the Social Security Administration, the Internal Revenue Service, the Federal Aviation Administration, and the National Aeronautics and Space Administration. Others affected include government organizations and universities in Britain and Canada. l'?ug'dpl?. sfluwfry wIl'l Of note, the TrickBot malware also has other variants that deploy malicious modules, such as the IcedID module that performs web injection attacks, a module that delivers the Ryuk ransomware and a module (cookielel64) that steals the browser cookies from the infected machine. In the past, different malware variants would compete with each other to gain and keep control of a victim?s computer by searching and deleting. For example, the malware SpyEye would search for and delete versions of the Zeus malware. The coupling of the TrickBot and the IcedID indicates coordination between two administrator of these malwares. reported in February that the IcedID malware was developed and used by an Easter European group called Lunar Spider and the TrickBot malware is administered by a Russian based cyber criminal group referred to as Wizard Spider. The forming of these alliances between criminal elements allows them to have ?exibility, expand their arsenal of malware that allows them to change tactics mid campaign, complicating detection. Technical details are available on bot Deep Instinct and the blogs linked in this report. 5_1, 2,
OFFICIAL USE ONLY TrickBot Malware has Compromised 250 million Email Accounts The security ?rm, Deep Instinct, has discovered a new variant of the ?nancial malware known as TrickBot and a corresponding database of 250 million harvested email accounts from government and businesses in the 17.8., Canada and Britain. The TrickBot malware, active since 2016, has mostly focused on ?nancial data theft; however, it has evolved into a sophisticated multi?purpose self replicating malware that actively avoids detection and harvests an enormous amounts of data, including log-in credentials, according to Deep Instinct researchers. The malware is typically distributed via spear phishing emails - like bogus resumes sent to human resources or invoices sent to accounting personnel, in the form of NIicrosoft Word or Excel ?les. Once a computer has been compromised, TrickBot downloads a distribution module called Trickbooster, which is signed with a valid certi?cate. The Trickbooster malware will quickly harvest the email addresses associated with the compromised account and sends them malicious emails, deleting any trace of the sent email from the outbox and trash folders. Attack Flow According to the Deep Instinct investigation and analysis, the 250 million accounts were not associated with previous known breaches. It is, therefore, a new and successful campaign. The breakdown of these accounts encompasses many government departments and agencies in the United States, including but not limited to the Department of Justice, the Department of Homeland Security, the Department of State, the Social Security Administration, the Internal Revenue Service, the Federal Aviation Administration, and the National Aeronautics and Space Administration. Others affected include government organizations and universities in Britain and Canada. l'?ug'dpl?. sfluwfry wIl'l Of note, the TrickBot malware also has other variants that deploy malicious modules, such as the IcedID module that performs web injection attacks, a module that delivers the Ryuk ransomware and a module (cookielel64) that steals the browser cookies from the infected machine. In the past, different malware variants would compete with each other to gain and keep control of a victim?s computer by searching and deleting. For example, the malware SpyEye would search for and delete versions of the Zeus malware. The coupling of the TrickBot and the IcedID indicates coordination between two administrator of these malwares. reported in February that the IcedID malware was developed and used by an Easter European group called Lunar Spider and the TrickBot malware is administered by a Russian based cyber criminal group referred to as Wizard Spider. The forming of these alliances between criminal elements allows them to have ?exibility, expand their arsenal of malware that allows them to change tactics mid campaign, complicating detection. Technical details are available on bot Deep Instinct and the blogs linked in this report. 5_1, 2,
Page 22 from RADAR Report for July 18 to 21, 2019
OFFICIAL USE ONLY Israel: Cyber Body Warns of New BEC Phishing Attack that Uses AI It was reported on Wednesday, July 10, 2019, that that Israel National Cyber Directorate (INCD), an Israeli ?cyber body,? has issued a warning on a new type of cyber attack that uses arti?cial intelligence (AI) technology that ?impersonates senior company executives.? This new method of attack is a form of business email compromise (BEC) fraud, in which an attacker impersonating a vendor sends a fraudulent targeted email to employees with a ?social engineering method? that prompts a response, allowing the attack to escalate by giving instructions to company employees to perform tasks such as money and bank transfers, as well as provide private information to gain access - to a company?s network while releasing malicious activity on the company's network. lgN?lwg This new scheme uses AI-based software to ?makes voice phishing calls to senior executives.? The innovation in this attacking software is in its ability to ?mimic the voice of a person de?ned for it and makes a conversation with an employee on behalf of the This type of scheme is reliant on the criminals? ability to persuade the employee that the company?s CEO is sending instructions for a wire. There are currently programs that can speak in a users voice after listening to that particular voice for 20 minutes. According to NBC yber Security Reporter, Kate Fazzini, ?Most law enforcement agencies recommend ?voice verifying? these wires to ensure they are coming from a legitimate source.? The Head of Information Security Data Protection Of?cer for Matrix Medical Network, Dr. Rebecca Wynn, suggests immediate veri?cation upon a request by calling the designated corporate number for verification and asking for a follow-up email. The INC warns of potentially high economic consequences for companies that fall prey to this type cyber attack and suggests to take precautions by raising awareness, such as by ?training employees, paying attention to deviations in organizational process, verifying instructions, and using technological means to prevent misuse of email.? 5_4, i, The security firm Malwarebytes estimates that proliferation of artificial intelligence (AI) in malware is 1-3 years out. The adoption of AI by advanced, well resourced cyber threat actors will increase the dif?culty to detect sophisticated malware. By learning users behavior, such as characteristics of their typing, vocabulary and misspellings, AI enhanced malware could mimic the user to bypass detection measures such user behavioral monitoring. Much like mimicking of the voice in the above incident, AI could create and insert conversational content to a spear phishing email that fools the user into believing it is legitimate. Other evasive tactics that could be used by AI enhanced malware by changing based on the network environment or deleting itself if detected. OFFICIAL USE ONLY
OFFICIAL USE ONLY Israel: Cyber Body Warns of New BEC Phishing Attack that Uses AI It was reported on Wednesday, July 10, 2019, that that Israel National Cyber Directorate (INCD), an Israeli ?cyber body,? has issued a warning on a new type of cyber attack that uses arti?cial intelligence (AI) technology that ?impersonates senior company executives.? This new method of attack is a form of business email compromise (BEC) fraud, in which an attacker impersonating a vendor sends a fraudulent targeted email to employees with a ?social engineering method? that prompts a response, allowing the attack to escalate by giving instructions to company employees to perform tasks such as money and bank transfers, as well as provide private information to gain access - to a company?s network while releasing malicious activity on the company's network. lgN?lwg This new scheme uses AI-based software to ?makes voice phishing calls to senior executives.? The innovation in this attacking software is in its ability to ?mimic the voice of a person de?ned for it and makes a conversation with an employee on behalf of the This type of scheme is reliant on the criminals? ability to persuade the employee that the company?s CEO is sending instructions for a wire. There are currently programs that can speak in a users voice after listening to that particular voice for 20 minutes. According to NBC yber Security Reporter, Kate Fazzini, ?Most law enforcement agencies recommend ?voice verifying? these wires to ensure they are coming from a legitimate source.? The Head of Information Security Data Protection Of?cer for Matrix Medical Network, Dr. Rebecca Wynn, suggests immediate veri?cation upon a request by calling the designated corporate number for verification and asking for a follow-up email. The INC warns of potentially high economic consequences for companies that fall prey to this type cyber attack and suggests to take precautions by raising awareness, such as by ?training employees, paying attention to deviations in organizational process, verifying instructions, and using technological means to prevent misuse of email.? 5_4, i, The security firm Malwarebytes estimates that proliferation of artificial intelligence (AI) in malware is 1-3 years out. The adoption of AI by advanced, well resourced cyber threat actors will increase the dif?culty to detect sophisticated malware. By learning users behavior, such as characteristics of their typing, vocabulary and misspellings, AI enhanced malware could mimic the user to bypass detection measures such user behavioral monitoring. Much like mimicking of the voice in the above incident, AI could create and insert conversational content to a spear phishing email that fools the user into believing it is legitimate. Other evasive tactics that could be used by AI enhanced malware by changing based on the network environment or deleting itself if detected. OFFICIAL USE ONLY
Page 23 from RADAR Report for July 18 to 21, 2019