From: Sent: To: Subject: Christa L. Burch Thursday, July 07, 2016 9:14 PM JRIC Norwalk Personnel Fwd: @DallasPD: This is one of our suspects. Please help us find him! https://t.co/Na5T8ZxSz6 Categories: YES-RESPONSIVE Christa Burch Desk Blackberry christa.burch@jric.org Begin forwarded message: From: "Rhodes, Kathleen" Date: July 7, 2016 at 20:57:43 PDT To: Mikenzie Howard , Lena Grote , "Vanthof, Jason" , Dylan McCulley , "Christa L. Burch" , Andre Guillerm Subject: Fwd: @DallasPD: This is one of our suspects. Please help us find him! https://t.co/Na5T8ZxSz6 FYSA Sent from my iPhone Begin forwarded message: From: Dataminr Flash Date: July 7, 2016 at 8:56:09 PM PDT To: Subject: @DallasPD: This is one of our suspects. Please help us find him! https://t.co/Na5T8ZxSz6 Reply-To: Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Flash 07.07.2016 at 11:52 PM EDT Texas, United States 1 ER This is one of our suspects. Please help us find him! pic.twitter.com/Na5T8ZxSz6 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Dallas Police Depart @DallasPD Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 04.04.2009 Tweets 21,597 Followers 101,556 Official Twitter Account for the Dallas Police Dept. THIS ACCT IS NOT MONITORED ON A 24 HOUR BASIS. FOR EMERGENCY CALL 9-1-1. Area: Texas, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event Urgent Update 07.07.2016 at 11:50 PM EDT Texas, United States Alright, #dallas. We think this is one of our suspects. Help us find Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. him. pic.twitter.com/MEaZEKSunq CTR (((Sana))) @dallaspiosana VIEW ALERT 07.07.2016 at 11:37 PM EDT Texas, United States Here's man wearing body armor who was arrested after #Dallas shooting. Multiple cops shot, at least one dead pic.twitter.com/lRd8cUa7iE RPR Jason Howerton @jason_howerton VIEW ALERT 2 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Flash 07.07.2016 at 11:28 PM EDT Statement from @DPDChief on tonight's shooting in downtown Texas, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Dallas pic.twitter.com/22VjuKGkJS RPR Robert Wilonsky @RobertWilonsky VIEW ALERT Topics: Riots and Protests, Crime - Criminal Activity, Conflicts and Violence Right-click here to download pictures. To Adjust topic importance by opening settings Dataminr is a real-time information discovery company. CONFIDENTIALITY NOTICE: This communication with its contents may contain confidential and/or legally privileged information. It is solely for the use of the intended recipient(s). Unauthorized interception, review, use or disclosure is prohibited and may violate applicable laws including the Electronic Communications Privacy Act. If you are not the intended recipient, please contact the sender and destroy all copies of the communication. 3 Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 3:37 PM tracy.frederickson@jric.org #BREAKING New photos released of suspect in fatal attacks on homeless men in San Diego https://t.co/F5i3hAwTJm https://t.co/QI93meQ4Kp Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 06:34 PM EDT California, United States LN #BREAKING New photos released of suspect in fatal attacks on homeless men in San Diego via.kswbtv.com/aqVCM pic.twitter.com/QI93meQ4Kp Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download FOX 5 San Diego @fox5sandiego Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 12.19.2008 Tweets 37,632 Followers 113,647 Official page for FOX 5 covering San Diego news, sports, weather, politics and entertainment. 4:30 10 a.m. 1, 4, 5, 6 & 10 p.m. Area: California, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline 4 Recent notifications from ongoing event 07.06.2016 at 09:38 AM EDT California, United States BREAKING: According to detectives, victim set on fire is not Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. expected to survive. pic.twitter.com/Unn6P6Ep7m RPR Carlos Correa @CarlosCorrea2 VIEW ALERT 07.06.2016 at 09:13 AM EDT California, United States #BREAKING @SanDiegoPD chopper overhead searching for suspect who set a homeless man on fire in downtown. #NBC7 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/P88OvHnXCt RPR Liberty Zabala @LibertyNBC7SD VIEW ALERT Urgent Update 07.06.2016 at 09:08 AM EDT California, United States #BREAKING: Person set on fire in downtown. Transported to hospital. Police looking for suspect - white, thin, dark hoodie CTR Aric Richards @AricFOX5 VIEW ALERT 07.06.2016 at 08:58 AM EDT California, United States Police investigating attack on homeless man near Broadway & State. One person taken to hospital. New info on @10News Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/UeQprkbZ9N RPR Jared Aarons @10NewsAarons VIEW ALERT Urgent 07.06.2016 at 08:53 AM EDT California, United States #BREAKING Another homeless person attacked. This time downtown. Someone tried to set him on fire. Since Sun, 3 others attacked. 2 are dead. RPR Nicole Gomez @nicolenbcsd VIEW ALERT 5 Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 6 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 3:02 PM tracy.frederickson@jric.org Here's @LorettaLynch statement on Hillary Clinton email investigation @CQnow https://t.co/0aAc6Ys491 Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 05:59 PM EDT District of Columbia, United States RPR Here's @LorettaLynch statement on Hillary Clinton email investigation @CQnow pic.twitter.com/0aAc6Ys491 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Todd Ruger @ToddRuger Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 03.03.2009 Tweets 5,957 Followers 2,438 I cover legal issues for CQ Roll Call (@cqnow and @rollcall) including the Supreme Court, DOJ and Congress. I wrote this: https://t.co/1tPZFBD8La Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Legal Action, Politics and International Affairs - U.S. Politics Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 7 Dataminr is a real?time information discovery company. From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 2:56 PM tracy.frederickson@jric.org The situation at UNLV is now all clear. Visit https://t.co/6EPKjPPD8F for more information. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 05:54 PM EDT Nevada, United States CTR The situation at UNLV is now all clear. Visit unlv.edu/safety for more information. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download UNLV Police Services @UNLVPD SOURCE VERIFICATION & EVENT AREA: Account Created: 11.06.2015 Tweets 179 Followers 303 Official Twitter page of the UNLV Police Department. For emergencies, dial 911 from a campus landline or from a cellphone. Twitter not monitored 24/7 Area: Nevada, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 07.06.2016 at 05:53 PM EDT Nevada, United States 9 So I'm walking to the admissions office right. And they called me saying its a shooter on campus.. Boy I have never turned around sow quick CTR MarcusTheDoctor @TheDoc__ VIEW ALERT 07.06.2016 at 05:51 PM EDT Nevada, United States Active shooter on campus ๟ pic.twitter.com/OdPc11s9vQ CTR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Rona Summer @lecoronaa VIEW ALERT 07.06.2016 at 05:51 PM EDT Nevada, United States When you have an appointment to go to UNLV and their is a shooter on campus โ fuck all that CTR E. Lanez ❄ @Erikkkka__ VIEW ALERT 07.06.2016 at 05:51 PM EDT Nevada, United States There's an active shooter on campus?????? Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/gv37byfDed CTR Arleezy™⛅ @itsbarbiebishx3 VIEW ALERT Urgent 07.06.2016 at 05:49 PM EDT Nevada, United States EMERGENCY! There is a suspect with a firearm on the UNLV campus. (Continued...) CTR UNLV Police Services @UNLVPD VIEW ALERT Topics: Infrastructure - Education, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 10 11 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 2:53 PM tracy.frederickson@jric.org EMERGENCY! There is a suspect with a firearm on the UNLV campus. (Continued...) Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 05:49 PM EDT Nevada, United States CTR EMERGENCY! There is a suspect with a firearm on the UNLV campus. (Continued...) Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download UNLV Police Services @UNLVPD SOURCE VERIFICATION & EVENT AREA: Account Created: 11.06.2015 Tweets 178 Followers 288 Official Twitter page of the UNLV Police Department. For emergencies, dial 911 from a campus landline or from a cellphone. Twitter not monitored 24/7 Area: Nevada, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 07.06.2016 at 05:51 PM EDT Nevada, United States 12 Active shooter on campus ๟ pic.twitter.com/OdPc11s9vQ CTR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Rona Summer @lecoronaa VIEW ALERT 07.06.2016 at 05:51 PM EDT Nevada, United States When you have an appointment to go to UNLV and their is a shooter on campus โ fuck all that CTR E. Lanez ❄ @Erikkkka__ VIEW ALERT Topics: Infrastructure - Education, Threats and Precautions, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 13 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 2:39 PM tracy.frederickson@jric.org @TheJusticeDept: Man Facing Al-Qaeda Terrorism Charges Indicted for Plotting to Murder Federal Judge Presiding Over His Case https://t.co/JfeXufrsvK Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 05:33 PM EDT District of Columbia, United States GOV Man Facing Al-Qaeda Terrorism Charges Indicted for Plotting to Murder Federal Judge Presiding Over His Case justice.gov/opa/pr/man-fac… Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Justice Department @TheJusticeDept SOURCE VERIFICATION & EVENT AREA: Account Created: 09.10.2009 Tweets 4,408 Followers 1,075,677 Official DOJ Twitter account. Please refer to DOJ’s privacy policy for DOJ use of third-party websites here: http://www.justice.gov/do... Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Legal Action, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 14 Dataminr is a real?time information discovery company. 15 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 2:38 PM tracy.frederickson@jric.org Officer involved shooting. Market and jones. #SanFrancisco #SFPD I pray they live. https://t.co/Fn1oca9eb8 Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 05:31 PM EDT California, United States Officer involved shooting. Market and jones. #SanFrancisco #SFPD I pray they live. pic.twitter.com/Fn1oca9eb8 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download nancypili @nancypili Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 04.24.2009 Tweets 2,094 Followers 785 Hippy Chola. Area: California, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 16 CTR 07.06.2016 at 05:31 PM EDT California, United States BREAKING: Major police activity in San Francisco at Jones and McAllister CTR Brittany Brown @brittanymbrown VIEW ALERT 07.06.2016 at 05:31 PM EDT California, United States Officer involved shooting. Market and jones. #SanFrancisco #SFPD I pray they live. pic.twitter.com/Fn1oca9eb8 CTR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. nancypili @nancypili VIEW ALERT Urgent 07.06.2016 at 05:29 PM EDT California, United States #Breaking: SFPD responding to man with gun at Jones and Market streets. CTR Joel Angel Juárez @jajuarezphoto VIEW ALERT 07.06.2016 at 05:28 PM EDT California, United States police asking for backup in riot gear at jones and market BG ScanSF @ScanSF VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 17 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 2:20 PM tracy.frederickson@jric.org @SenRubioPress: .@MarcoRubio-@SenatorMenendez Venezuela Sanctions Bill Passes House, Heads To President’s Desk To Be Signed Into Law https://t.co/cvzEY2p2mt Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 05:13 PM EDT District of Columbia, United States GOV .@MarcoRubio-@SenatorMenendez Venezuela Sanctions Bill Passes House, Heads To President’s Desk To Be Signed Into Law bit.ly/29mPuS6 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Senator Rubio Press @SenRubioPress SOURCE VERIFICATION & EVENT AREA: Account Created: 12.23.2010 Tweets 2,874 Followers 23,366 Official account of U.S. Senator @MarcoRubio's PressShop. For more information please visit his website. Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 18 07.06.2016 at 05:06 PM EDT Distrito Capital, Venezuela LAST MINUTE Extension of sanctions congelerá visas and assets in the US of the sanctioned regime officials Nicolas Maduro ÚLTIMA HORA Extensión de sanciones congelerá visas y los activos en EE.UU. de los funcionarios sancionados del régimen de Nicolás Maduro CTR Alberto Rodríguez @AlbertoRT51 VIEW ALERT Topics: Politics and International Affairs - International Politics, Politics and International Affairs U.S. Politics Right-click here to download pictures. To help protect y our priv ac Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 19 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 2:15 PM tracy.frederickson@jric.org Some more updates in #AltonSterling case. Shop owner's atty, Joel Porter, confirms his client shot the new cellphone video that was released Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 05:10 PM EDT Louisiana, United States RPR Some more updates in #AltonSterling case. Shop owner's atty, Joel Porter, confirms his client shot the new cellphone video that was released Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Maya Lau @mayalau SOURCE VERIFICATION & EVENT AREA: Account Created: 09.14.2009 Tweets 7,597 Followers 6,193 Crime/criminal justice reporter @advocatebr // formerly @shreveporttimes & @NYTMag // Insta: @maya_lau // Contact info here: http://mayalau.com Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 20 07.06.2016 at 05:12 PM EDT Louisiana, United States New video not given to BRPD, but it was given to FBI, Porter says. "He does not trust the city police," Porter says of client RPR Maya Lau @mayalau VIEW ALERT 07.06.2016 at 05:11 PM EDT Louisiana, United States "BRPD & (DA) Hillar Moore came and got everything, but they didn't get everything," Porter says. #AltonSterling RPR Maya Lau @mayalau VIEW ALERT 07.06.2016 at 04:53 PM EDT Louisiana, United States Emotions ratcheting up at Sterling shooting site. Owner of store pleading for police to come out, but they’re not. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/8AY1WUgH4S RPR Matthew Teague @MatthewTeague VIEW ALERT 07.06.2016 at 04:44 PM EDT Louisiana, United States DA Hillar Moore says he did not know about this latest cell phone video to emerge in the #AltonSterling case RPR Maya Lau @mayalau VIEW ALERT 07.06.2016 at 04:34 PM EDT Louisiana, United States #batonrouge pic.twitter.com/2xHP6cw4IG RPR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Molly Hennessy-Fiske @mollyhf VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 21 Dataminr is a real?time information discovery company. 22 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 1:58 PM tracy.frederickson@jric.org Cell phone battery apparently exploded on a United flight at DIA. Nobody hurt. Still developing.... Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 04:55 PM EDT Colorado, United States RPR Cell phone battery apparently exploded on a United flight at DIA. Nobody hurt. Still developing.... Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Shannon Ogden @ShannonOgden1 SOURCE VERIFICATION & EVENT AREA: Account Created: 01.29.2012 Tweets 6,096 Followers 2,550 Television News Anchor Area: Colorado, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Transportation - Aviation, Disasters and Weather - Structure Fires and Collapses Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 23 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 1:23 PM tracy.frederickson@jric.org It’s with incredible sadness for us to confirm the tragic loss of two pilots during a flight test today in the Bell 525. (1/3) Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 04:09 PM EDT Texas, United States CTR It’s with incredible sadness for us to confirm the tragic loss of two pilots during a flight test today in the Bell 525. (1/3) Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Bell Helicopter @one_bell SOURCE VERIFICATION & EVENT AREA: Account Created: 02.18.2010 Tweets 3,021 Followers 45,491 On a Mission. Area: Texas, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 07.06.2016 at 04:10 PM EDT 24 Texas, United States We’re working with relevant authorities to determine the cause of the accident and will provide further details as they come available.(3/3) CTR Bell Helicopter @one_bell VIEW ALERT 07.06.2016 at 04:09 PM EDT Texas, United States Our deepest sympathies are with their family and friends and we ask that you join us in sending thoughts and prayers. (2/3) CTR Bell Helicopter @one_bell VIEW ALERT 07.06.2016 at 01:37 PM EDT Texas, United States UPDATE: Two people confirmed dead in Ellis County helicopter crash RPR kristen orsborn @kristenorsborn VIEW ALERT Urgent Update 07.06.2016 at 01:22 PM EDT Texas, United States Update - Confirmed crash. Reports of at least one fatality at the scene. BG DFW Scanner @DFWscanner VIEW ALERT Urgent 07.06.2016 at 01:09 PM EDT Texas, United States Confirmed helicopter crash in south Ellis County , unknown further information CTR Stephanie Parker @EMC_Parker VIEW ALERT Topics: Transportation - Aviation Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 25 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 1:11 PM tracy.frederickson@jric.org New video from store owner shows #AltonSterling wasn't holding a gun https://t.co/yV1rfvjzAr https://t.co/fEtdqVobF7 Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 04:07 PM EDT Louisiana, United States RPR New video from store owner shows #AltonSterling wasn't holding a gun thedailybeast.com/articles/2016/… pic.twitter.com/fEtdqVobF7 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Justin Miller @justinjm1 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 07.08.2010 Tweets 45,870 Followers 12,995 Senior editor @thedailybeast. Alumnus of @NYMag, @TheAtlantic, @umich Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 26 07.06.2016 at 03:46 PM EDT Louisiana, United States My Heart is broken, thoughts and prayers to #AltonSterling and his family. When is enough, enough ? CTR Chloë Grace Moretz @ChloeGMoretz VIEW ALERT 07.06.2016 at 03:40 PM EDT Louisiana, United States If only #AltonSterling had this luxury. pic.twitter.com/uueoZE5eDP CTR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Anthony Anderson @anthonyanderson VIEW ALERT Urgent Update 07.06.2016 at 03:25 PM EDT Louisiana, United States Police scanner response in Alton Sterling shooting released, TV station says bit.ly/29ib4kP LN NOLA.com @NOLAnews VIEW ALERT 07.06.2016 at 03:18 PM EDT Louisiana, United States So to you petition signers, y'all on "Hmmm well maybe Jesse had a point"? status yet or still nah? #AltonSterling CTR Questlove Gomez @questlove VIEW ALERT 07.06.2016 at 02:56 PM EDT Louisiana, United States the only way to end police brutality is to boycott that which gives them power. #FollowTheBreadCrumbs CTR B.o.B @bobatl VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 27 Dataminr is a real?time information discovery company. 28 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 1:09 PM tracy.frederickson@jric.org Protester in the Senate threw a bunch of dollar bills and told Sen. Stabenow to stop taking $$ from Monsanto… Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 04:01 PM EDT District of Columbia, United States RPR Protester in the Senate threw a bunch of dollar bills and told Sen. Stabenow to stop taking $$ from Monsanto… Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Tim Mak @timkmak SOURCE VERIFICATION & EVENT AREA: Account Created: 12.05.2008 Tweets 28,403 Followers 13,906 Daily Beast Senior Correspondent, writing about campaigns and national security. From YVR, McGill alum. 202/ Gmail: timkmak Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Riots and Protests, Crime - Criminal Activity, Politics and International Affairs - U.S. Politics Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 29 30 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 10:55 AM tracy.frederickson@jric.org BREAKING: Allegiant Air Flight 749 made emergency landing at @JAXairport after smoke was reported on board. https://t.co/7sQUexxo6K Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 01:50 PM EDT Florida, United States LN BREAKING: Allegiant Air Flight 749 made emergency landing at @JAXairport after smoke was reported on board. pic.twitter.com/7sQUexxo6K Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download News4JAX @wjxt4 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 09.25.2008 Tweets 143,751 Followers 87,451 News4JAX is a fully local TV station owned by Graham Media Group located in Jacksonville, Florida. Area: Florida, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Transportation - Aviation Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 31 Dataminr is a real?time information discovery company. 32 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 10:25 AM tracy.frederickson@jric.org Update - Confirmed crash. Reports of at least one fatality at the scene. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 01:22 PM EDT Texas, United States BG Update - Confirmed crash. Reports of at least one fatality at the scene. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download DFW Scanner @DFWscanner SOURCE VERIFICATION & EVENT AREA: Account Created: 02.02.2011 Tweets 36,362 Followers 145,029 Local, community emergencies and public safety incidents in the greater Dallas/Ft Worth and North Texas area via social media. App: DFW Scanner #BackTheBlue Area: Texas, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event Urgent 07.06.2016 at 01:09 PM EDT Texas, United States 33 Confirmed helicopter crash in south Ellis County , unknown further information CTR Stephanie Parker @EMC_Parker VIEW ALERT Topics: Transportation - Aviation Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 34 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 10:16 AM tracy.frederickson@jric.org Confirmed helicopter crash in south Ellis County , unknown further information Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 01:09 PM EDT Texas, United States CTR Confirmed helicopter crash in south Ellis County , unknown further information Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Stephanie Parker @EMC_Parker SOURCE VERIFICATION & EVENT AREA: Account Created: 12.20.2013 Tweets 1,110 Followers 586 Ellis County Emergency Management Area: Texas, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Transportation - Aviation Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 35 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 9:41 AM tracy.frederickson@jric.org Howie Lake, II has been involved in a police killing before. https://t.co/O6FXCqOZzS #AltonSterling Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 12:34 PM EDT Louisiana, United States CTR Howie Lake, II has been involved in a police killing before. m.wafb.com/wafb/pm_/conte… #AltonSterling Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Johnetta Elzie @Nettaaaaaaaa SOURCE VERIFICATION & EVENT AREA: Account Created: 03.23.2013 Tweets 179,888 Followers 137,891 I am the stone that the builder refused...the promise of what's to come. And I'mma remain a soldier till the war is won. contact: netta@thisisthemovement.org Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event Urgent Update 07.06.2016 at 12:14 PM EDT Louisiana, United States 36 blane salamoni and his wife Allison on the far left. #ALTONSTERLING #Justice pic.twitter.com/W7QjoZBP2v CTR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Mrs. Sibley (Deon) @BlutifulRN VIEW ALERT 07.06.2016 at 12:12 PM EDT Louisiana, United States To the African American community. I am so sorry.I am horrified by this senseless violence. I pray our nation becomes unified #AltonSterling CTR Clint Gresham @Gresh49 VIEW ALERT 07.06.2016 at 12:03 PM EDT Louisiana, United States BRPD not letting me, @SteveRHardy and other media inside RPR Maya Lau @mayalau VIEW ALERT Urgent Update 07.06.2016 at 11:58 AM EDT Louisiana, United States From @BRPD two involved police officers are Blane Salamoni, 4 yr veteran, & Howie Lake II, 3 yr veteran @WAFB RPR Kiran Chawla @Kiran_WAFB VIEW ALERT 07.06.2016 at 11:57 AM EDT New York, United States Our hearts break for the loved ones of #AltonSterling. We must put an end to all forms of hate and injustice. #BlackLivesMatter NGO GLAAD @glaad VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 37 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 8:50 AM tracy.frederickson@jric.org @USTreasury: Today, Treasury designated top North Korean officials for their ties to #NorthKorea's notorious human rights abuses https://t.co/mLE7zueIDl Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 11:31 AM EDT District of Columbia, United States GOV Today, Treasury designated top North Korean officials for their ties to #NorthKorea's notorious human rights abuses pic.twitter.com/mLE7zueIDl Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Treasury Department @USTreasury Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 03.05.2010 Tweets 5,135 Followers 516,123 Executive agency responsible for promoting economic prosperity & ensuring financial security of the U.S. http://go.usa.gov/3BNQR Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Human Interest, Politics and International Affairs - International Politics Right-click here to download pictures. To 38 Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 39 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 8:34 AM tracy.frederickson@jric.org BREAKING: Police investigating a shooting at the Safety First Gun Range in Edmond. Headed to scene now @koconews Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 11:31 AM EDT Oklahoma, United States RPR BREAKING: Police investigating a shooting at the Safety First Gun Range in Edmond. Headed to scene now @koconews Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Markie Martin @KOCOmarkie SOURCE VERIFICATION & EVENT AREA: Account Created: 11.24.2013 Tweets 3,850 Followers 2,529 KOCO 5 weekend anchor #Oklahoma #OKC Pilot Lover of laughter and the underdog Instagram: markie_martin Area: Oklahoma, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 40 Dataminr is a real?time information discovery company. 41 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 8:28 AM tracy.frederickson@jric.org Investigation will be conducted by US DOJ Civil Rights division, @LouisianaGov says. #AltonSterling Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 11:20 AM EDT Louisiana, United States RPR Investigation will be conducted by US DOJ Civil Rights division, @LouisianaGov says. #AltonSterling Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Elizabeth Crisp @elizabethcrisp SOURCE VERIFICATION & EVENT AREA: Account Created: 04.06.2009 Tweets 32,257 Followers 7,118 Capitol reporter for @TheAdvocateBR • Covering Louisiana Legislature (#lalege), @LouisianaGov, elections & other politics. ecrisp@theadvocate.com Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event Urgent Update 07.06.2016 at 10:51 AM EDT Louisiana, United States 42 My letter to @POTUS requesting a federal investigation into the shooting of #AltonSterling richmond.house... GOV Rep Cedric Richmond @RepRichmond VIEW ALERT 07.06.2016 at 10:52 AM EDT California, United States #AltonSterling CTR LILDURK2x @lildurk VIEW ALERT 07.06.2016 at 10:48 AM EDT California, United States My heart and prayers go out to his family #AltonSterling CTR Wiz Khalifa @wizkhalifa VIEW ALERT 07.06.2016 at 10:36 AM EDT New York, United States Gut-wrenching. #RIPAlton #black_live_matter twitter.com/cnn/status/750… Gut-wrenching. #RIPAlton #blacklivesmatter twitter.com/cnn/status/750… CTR olivia wilde @oliviawilde VIEW ALERT 07.06.2016 at 10:34 AM EDT California, United States The suffering of the African American ppl is also humanities Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. suffering! This is ALL of our issue! #AltonSterling pic.twitter.com/1WbycB9tQ8 CTR Keke Palmer @KekePalmer VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 43 44 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 8:00 AM tracy.frederickson@jric.org @RepRichmond: My letter to @POTUS requesting a federal investigation into the shooting of #AltonSterling https://t.co/TKODuST18q Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 10:51 AM EDT Louisiana, United States GOV My letter to @POTUS requesting a federal investigation into the shooting of #AltonSterling richmond.house... Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Rep Cedric Richmond @RepRichmond SOURCE VERIFICATION & EVENT AREA: Account Created: 03.17.2011 Tweets 1,815 Followers 9,629 Representing the 2nd Congressional District of Louisiana and the Who Dat Nation. Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 07.06.2016 at 10:52 AM EDT California, United States 45 #AltonSterling CTR LILDURK2x @lildurk VIEW ALERT 07.06.2016 at 10:48 AM EDT California, United States My heart and prayers go out to his family #AltonSterling CTR Wiz Khalifa @wizkhalifa VIEW ALERT 07.06.2016 at 10:36 AM EDT New York, United States Gut-wrenching. #RIPAlton #black_live_matter twitter.com/cnn/status/750… Gut-wrenching. #RIPAlton #blacklivesmatter twitter.com/cnn/status/750… CTR olivia wilde @oliviawilde VIEW ALERT 07.06.2016 at 10:34 AM EDT California, United States The suffering of the African American ppl is also humanities suffering! This is ALL of our issue! #AltonSterling Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/1WbycB9tQ8 CTR Keke Palmer @KekePalmer VIEW ALERT New York, United States We're worried about ISIS in a distant land. What about the cops on American soil? They're more of a concern to me than ISIS. #AltonSterling CTR @Luvvie VIEW ALERT Topics: Crime - Criminal Activity, Politics and International Affairs - U.S. Politics Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 46 47 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 7:21 AM tracy.frederickson@jric.org Navy SEAL Trainee's Drowning Death Ruled a 'Homicide' https://t.co/Wh8OO6FYtd via @nbcnews Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent California, United States CTR Navy SEAL Trainee's Drowning Death Ruled a 'Homicide' nbcnews.to/29ydL4B via @nbcnews @KenDilanianNBC Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Infrastructure - Government Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 48 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 6:59 AM tracy.frederickson@jric.org JUST IN: Gov. Edwards meeting with La. State Police, DA in aftermath of Alton Sterling shooting https://t.co/mh0sZWLqdM Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 09:54 AM EDT Louisiana, United States CTR JUST IN: Gov. Edwards meeting with La. State Police, DA in aftermath of Alton Sterling shooting wafb.com/story/32380350… Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Scottie Hunter WAFB @ScottieWAFB SOURCE VERIFICATION & EVENT AREA: Account Created: 04.26.2009 Tweets 3,353 Followers 595 @WAFB reporter, Montgomery, Ala. native, @myASU alum, proud @pbs_1914 member, news junkie, movie buff and music lover/ email: shunter@wafb.com. Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 49 Urgent Update 07.06.2016 at 09:50 AM EDT District of Columbia, United States #AltonSterling was shot in cold blood. @TheJusticeDept needs to investigate this atrocity & bring #justice to his family. #BlackLivesMatter GOV Rep. Barbara Lee @RepBarbaraLee VIEW ALERT 07.06.2016 at 09:38 AM EDT #AltonSterling #SandraBland #TamirRice #MikeBrown #EricGarner...The list goes on & on like a never ending quilt of tears & rage. CTR Audra McDonald @AudraEqualityMc VIEW ALERT 07.06.2016 at 09:32 AM EDT Woke to the news that yet another black man was murdered by the police. Another hashtag, another day, another injustice. ඗ #AltonSterling CTR Layshia Clarendon @Layshiac VIEW ALERT 07.06.2016 at 09:26 AM EDT New York, United States Watching #AltonSterling's family at presser is gut wrenching. I don't know the fact yet about the shooting, but the result is awful. CTR Chely Wright @chelywright VIEW ALERT 07.06.2016 at 09:22 AM EDT Louisiana, United States Calling for police chief to resign. Alton's son escorted out in tears while saying he wants his dad. CTR Jade Cunningham @Cunningham_JL VIEW ALERT Topics: Crime - Criminal Activity, Politics and International Affairs - U.S. Politics Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 50 51 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 6:48 AM tracy.frederickson@jric.org @GOPoversight: BREAKING: @jasoninthehouse calls FBI Director Comey to testify Thursday at 10 AM. https://t.co/hBfNevqlfB Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 09:44 AM EDT District of Columbia, United States GOV BREAKING: @jasoninthehouse calls FBI Director Comey to testify Thursday at 10 AM. oversight.house.gov/hearing/oversi… Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Oversight Committee @GOPoversight SOURCE VERIFICATION & EVENT AREA: Account Created: 03.02.2009 Tweets 7,505 Followers 26,667 House Oversight Committee Est. 1816 Chaired by @jasoninthehouse http://instagram.com/gopo... Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Politics and International Affairs - U.S. Politics Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 52 Dataminr is a real?time information discovery company. 53 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 6:10 AM tracy.frederickson@jric.org #BREAKING: Person set on fire in downtown. Transported to hospital. Police looking for suspect - white, thin, dark hoodie Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 09:08 AM EDT California, United States #BREAKING: Person set on fire in downtown. Transported to hospital. Police looking for suspect white, thin, dark hoodie Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Aric Richards @AricFOX5 SOURCE VERIFICATION & EVENT AREA: Account Created: 08.24.2015 Tweets 318 Followers 312 FOX 5 San Diego Reporter Have a story idea? Tweet me! Area: California, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 07.06.2016 at 08:58 AM EDT 54 CTR California, United States Police investigating attack on homeless man near Broadway & State. One person taken to hospital. New info on @10News Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/UeQprkbZ9N RPR Jared Aarons @10NewsAarons VIEW ALERT Urgent 07.06.2016 at 08:53 AM EDT California, United States #BREAKING Another homeless person attacked. This time downtown. Someone tried to set him on fire. Since Sun, 3 others attacked. 2 are dead. RPR Nicole Gomez @nicolenbcsd VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 55 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 6:07 AM tracy.frederickson@jric.org #isis #USAvJPN #ALFURQAN media center coming soon https://t.co/iR5mV340vr Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 08:59 AM EDT District of Columbia, United States CTR #isis #USAvJPN #ALFURQAN media center coming soon pic.twitter.com/iR5mV340vr Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download α ϳϗϭѧѧѧѧѧѧѧѧΑ΍ ’ ϲѧѧϧ΍ ϭѧѧϣ ϲѧѧϧ΍ @ansaryis3700 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 07.04.2016 Tweets 137 Followers 702 ΏѧѧѧѧѧѧѧѧϳέϏ Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Extremist and Rebel Messaging Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 56 57 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 5:57 AM tracy.frederickson@jric.org #BREAKING Another homeless person attacked. This time downtown. Someone tried to set him on fire. Since Sun, 3 others attacked. 2 are dead. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 08:53 AM EDT California, United States RPR #BREAKING Another homeless person attacked. This time downtown. Someone tried to set him on fire. Since Sun, 3 others attacked. 2 are dead. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Nicole Gomez @nicolenbcsd SOURCE VERIFICATION & EVENT AREA: Account Created: 09.15.2011 Tweets 1,791 Followers 2,115 Reporter for NBC7. SoCal native. Trojan through and through. Fight on! Love to write. Excellent listener. Motto: laugh until it hurts. Area: California, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 58 Dataminr is a real?time information discovery company. 59 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 4:52 AM tracy.frederickson@jric.org @AlamedaCoFire: Emeryville Update: Firefighters are battling a 6-alarm fire @ 3800 San Pablo Ave. Defensive fire attack in progress. https://t.co/q23kangsgN Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 07:46 AM EDT California, United States ER Emeryville Update: Firefighters are battling a 6-alarm fire @ 3800 San Pablo Ave. Defensive fire attack in progress. pic.twitter.com/q23kangsgN Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Alameda County Fire @AlamedaCoFire Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 08.27.2009 Tweets 4,871 Followers 9,760 The official Twitter account for the Alameda County Fire Department. Tweets are not monitored 24/7. RTs are not endorsements. To report an emergency, call 9-1-1 Area: California, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story 60 Event Timeline See more notification(s) Recent notifications from ongoing event 07.06.2016 at 07:31 AM EDT California, United States Oakland / Emeryville fire POV pic.twitter.com/x3KSfIGAMv CTR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. larry buttes @mountainmildew VIEW ALERT 07.06.2016 at 07:28 AM EDT California, United States Oakland FD, Alameda Co. FD, & Emeryville FD on scene of a 5- Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. alarm fire on the 3800 blk of San Pablo Ave. pic.twitter.com/YGSRmBZSUe RPR Sami Mamou @TheSamiMamou VIEW ALERT 07.06.2016 at 07:25 AM EDT California, United States Apartment complex on 39th & Adeline evacuated earlier this AM Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. after fire breaks out in #Emeryville. pic.twitter.com/y2uDgbJEcZ RPR Brian Flores @BrianFloresKTVU VIEW ALERT 07.06.2016 at 07:21 AM EDT California, United States A huge multi-alarm structure fire is burning on San Pablo Ave near MacArthur ave on the Oakland - Emeryville border. ktvu.com/news/170127477… CTR Future Oakland @FutureOakland VIEW ALERT 07.06.2016 at 07:17 AM EDT California, United States #Emeryville: @AlamedaCoFire, @OaklandFireLive battling 5alarm fire @ 3800 San Pablo. No reports of injuries. pic.twitter.com/CrwFntQDGR ER Alameda County Fire @AlamedaCoFire VIEW ALERT 61 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Topics: Disasters and Weather - Structure Fires and Collapses Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 62 From: Sent: To: Subject: Dataminr Urgent Wednesday, July 06, 2016 4:12 AM tracy.frederickson@jric.org Fire in Emeryville near 39th & Adeline continues to burn.Along w/ building 3 cars also burned. Danger also of crane. https://t.co/ZhbhZp8258 Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.06.2016 at 07:10 AM EDT California, United States RPR Fire in Emeryville near 39th & Adeline continues to burn.Along w/ building 3 cars also burned. Danger also of crane. pic.twitter.com/ZhbhZp8258 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Brian Flores @BrianFloresKTVU Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 02.22.2013 Tweets 2,218 Followers 3,073 @KTVU weekday morning anchor/reporter. Believer, husband, father of 3, wanna-be baseball player. @CSUnorthridge alum. R/T not endorsements. Area: California, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Disasters and Weather - Structure Fires and Collapses Right-click here to download pictures. To 63 Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 64 From: Sent: To: Subject: Dataminr Urgent Update Wednesday, July 06, 2016 2:16 AM tracy.frederickson@jric.org Homicide detectives are being sent out to #Altadena after a young boy was shot to death. updates on @CBSLA beginning at 430a #cbsla Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 05:12 AM EDT California, United States RPR Homicide detectives are being sent out to #Altadena after a young boy was shot to death. updates on @CBSLA beginning at 430a #cbsla Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download christina heller @CHeller0209 SOURCE VERIFICATION & EVENT AREA: Account Created: 05.24.2009 Tweets 11,471 Followers 1,688 Assignment Editor• @CBSLA @KCBSKCALDesk #News• These are my tweets #amnewsers #ITFDB #breakingnews Area: California, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 65 07.06.2016 at 02:41 AM EDT California, United States RE #Altadena shooting: child and adult vict transported to hospital in critical condition. No suspect info at this time. Active scene. ER LA County Sheriff's @LASDHQ VIEW ALERT 07.06.2016 at 02:23 AM EDT California, United States RE: Shooting in #Altadena- #LASD asks for public to stay clear of Olive Av/Figueroa Dr. as deps access crime scene. ER LA County Sheriff's @LASDHQ VIEW ALERT 07.06.2016 at 02:23 AM EDT Virginia, United States My brother just got shot right at my front door like this shit is real my nigga. CTR . @champagneninja VIEW ALERT 07.06.2016 at 02:23 AM EDT California, United States RE: Shooting in #Altadena- #LASD asks for public to stay clear of Olive Av/Figueroa Dr. as deps access crime scene. ER LA County Sheriff's @LASDHQ VIEW ALERT 07.06.2016 at 02:18 AM EDT California, United States 1 adult and 1 child both transported to Huntington Memorial Hosp. Condition unknown at this time twitter.com/lasdhq/status/… ER LASD Altadena @ALDLASD VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 66 Dataminr is a real?time information discovery company. 67 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 10:26 PM tracy.frederickson@jric.org U.S. Rep Cedric Richmond of La. re #AltonSterling: "I share in this anger," calls for dignity in search for justice https://t.co/pbTOvzMVHR Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.06.2016 at 01:22 AM EDT Louisiana, United States RPR U.S. Rep Cedric Richmond of La. re #AltonSterling: "I share in this anger," calls for dignity in search for justice pic.twitter.com/pbTOvzMVHR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Maya Lau @mayalau Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 09.14.2009 Tweets 7,537 Followers 4,716 Crime/criminal justice reporter @advocatebr // formerly @shreveporttimes & @NYTMag // Insta: @maya_lau // Contact info here: http://mayalau.com Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story 68 Event Timeline See more notification(s) Recent notifications from ongoing event 07.06.2016 at 01:08 AM EDT Louisiana, United States Just watched police officers kill #AltonSterling in cold blood. My heart hurts. I am sick. My black son lays sleeping -his future? #Jesus CTR Sherri Shepherd @SherriEShepherd VIEW ALERT 07.06.2016 at 01:10 AM EDT Louisiana, United States It's all peaceful out here—lots of chanting in the streets but nothing out of hand— just saying haven't seen police in a few hours. Notable. RPR Bryn Stole @BrynStole VIEW ALERT 07.06.2016 at 01:01 AM EDT Louisiana, United States @nargiswtf @godinthischilis fake twitter.com/Walldo/status/… CTR dingus ex machina @G3K VIEW ALERT 07.06.2016 at 12:54 AM EDT Louisiana, United States Fireworks, going off on Foster near shooting spot. At least 150 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. still out here #AltonSterling pic.twitter.com/vOqm2tHKq8 RPR Bryn Stole @BrynStole VIEW ALERT 07.06.2016 at 12:49 AM EDT Louisiana, United States Can't watch the video, but I'll loudly #SayHisName. There is no reason nor justification for the murder of #AltonSterling. #BLACKLIVESMATTER CTR Jackée Harry @JackeeHarry VIEW ALERT Topics: Riots and Protests, Crime - Criminal Activity Right-click here to download pictures. To 69 Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 70 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 8:10 PM tracy.frederickson@jric.org Both police officers claim that their body cameras fell off and we're not functioning properly when they murdered #AltonSterling Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 11:07 PM EDT Louisiana, United States RPR Both police officers claim that their body cameras fell off and we're not functioning properly when they murdered #AltonSterling Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Shaun King @ShaunKing SOURCE VERIFICATION & EVENT AREA: Account Created: 02.06.2007 Tweets 14,898 Followers 262,770 Senior Justice Writer @NYDailyNews; @Morehouse alum; Husband; Father of 5; Views expressed here are mine & mine alone; News Tips: sking@nydailynews.com Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 71 07.05.2016 at 10:57 PM EDT Louisiana, United States North Foster shut down in front of store where #AltonSterling shot by BR police. Bkgrnd: theadvocate.com/news/16311988-… Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/yfFS18J7D6 RPR Bryn Stole @BrynStole VIEW ALERT Urgent Update 07.05.2016 at 10:52 PM EDT Louisiana, United States GO OUT AND DESTROY SOME POLICE PROPERTY IF U CAN CTR KOOL A.D. @veeveeveeveevee VIEW ALERT 07.05.2016 at 10:51 PM EDT Louisiana, United States Intersection is now totally blocked, cars on both sides turning around. "8 o'clock in the morning we're going to Mayflower," i.e. City Hall. RPR Bryn Stole @BrynStole VIEW ALERT Urgent Update 07.05.2016 at 10:47 PM EDT Louisiana, United States Protestors now parking in street to block traffic, raising fiats & Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. chanting "black lives matter" #AltonSterling pic.twitter.com/aGu463ZTN4 RPR Bryn Stole @BrynStole VIEW ALERT Urgent Update 07.05.2016 at 10:41 PM EDT Louisiana, United States *Trigger warning* 37-year-old #AltonSterling shot and killed by a Baton Rouge police officer. pic.twitter.com/xJRm500its CTR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Philip Lewis @Phil_Lewis_ VIEW ALERT Topics: Riots and Protests, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 72 Dataminr is a real?time information discovery company. 73 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 7:59 PM tracy.frederickson@jric.org GO OUT AND DESTROY SOME POLICE PROPERTY IF U CAN Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 10:52 PM EDT Louisiana, United States CTR GO OUT AND DESTROY SOME POLICE PROPERTY IF U CAN Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download KOOL A.D. @veeveeveeveevee SOURCE VERIFICATION & EVENT AREA: Account Created: 11.03.2009 Tweets 21,300 Followers 31,544 Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 07.05.2016 at 10:51 PM EDT Louisiana, United States 74 Intersection is now totally blocked, cars on both sides turning around. "8 o'clock in the morning we're going to Mayflower," i.e. City Hall. RPR Bryn Stole @BrynStole VIEW ALERT Urgent Update 07.05.2016 at 10:47 PM EDT Louisiana, United States Protestors now parking in street to block traffic, raising fiats & Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. chanting "black lives matter" #AltonSterling pic.twitter.com/aGu463ZTN4 RPR Bryn Stole @BrynStole VIEW ALERT Urgent Update 07.05.2016 at 10:41 PM EDT Louisiana, United States *Trigger warning* 37-year-old #AltonSterling shot and killed by a Baton Rouge police officer. pic.twitter.com/xJRm500its CTR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Philip Lewis @Phil_Lewis_ VIEW ALERT Urgent 07.05.2016 at 05:09 PM EDT Louisiana, United States #BREAKING: Coroner: Man shot by BRPD multiple times to chest and back >> bit.ly/29hmkPB LN WAFB @WAFB VIEW ALERT Topics: Riots and Protests, Threats and Precautions, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 75 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 7:53 PM tracy.frederickson@jric.org Protestors now parking in street to block traffic, raising fiats & chanting "black lives matter" #AltonSterling https://t.co/aGu463ZTN4 Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 10:47 PM EDT Louisiana, United States RPR Protestors now parking in street to block traffic, raising fiats & chanting "black lives matter" #AltonSterling pic.twitter.com/aGu463ZTN4 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Bryn Stole @BrynStole Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 08.02.2011 Tweets 3,007 Followers 824 Covers crime & other tidbits for @TheAdvocatebr // Previously @gwcommonwealth & @aminterest. 'Always grumpy, never trendy' is a thing someone said about me. Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline 76 Recent notifications from ongoing event Urgent Update 07.05.2016 at 10:41 PM EDT Louisiana, United States *Trigger warning* 37-year-old #AltonSterling shot and killed by a Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Baton Rouge police officer. pic.twitter.com/xJRm500its CTR Philip Lewis @Phil_Lewis_ VIEW ALERT Urgent 07.05.2016 at 05:09 PM EDT Louisiana, United States #BREAKING: Coroner: Man shot by BRPD multiple times to chest and back >> bit.ly/29hmkPB LN WAFB @WAFB VIEW ALERT Topics: Riots and Protests, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 77 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 7:51 PM tracy.frederickson@jric.org *Trigger warning* 37-year-old #AltonSterling shot and killed by a Baton Rouge police officer. https://t.co/xJRm500its Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 10:41 PM EDT Louisiana, United States *Trigger warning* 37-year-old #AltonSterling shot and killed by a Baton Rouge police officer. pic.twitter.com/xJRm500its Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Philip Lewis @Phil_Lewis_ Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 04.23.2011 Tweets 155,300 Followers 15,842 Life-long Detroiter. Past: @HuffPostPol. Now: @Mic, @TheMovement. FB: https://www.facebook.com/... Email: plewis @ mic dot com Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline 78 CTR Recent notifications from ongoing event Urgent 07.05.2016 at 05:09 PM EDT Louisiana, United States #BREAKING: Coroner: Man shot by BRPD multiple times to chest and back >> bit.ly/29hmkPB LN WAFB @WAFB VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 79 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 7:48 PM tracy.frederickson@jric.org #BREAKING: @StPetePD say they have caught John Riggins, the man accused of setting his girlfriend on fire tonight. https://t.co/GgMVel24Cp Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 10:45 PM EDT Florida, United States RPR #BREAKING: @StPetePD say they have caught John Riggins, the man accused of setting his girlfriend on fire tonight. pic.twitter.com/GgMVel24Cp Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download John Strang @wfla_John Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 07.19.2012 Tweets 3,194 Followers 819 Nightside assignment editor and web producer for WFLA News Channel 8. Opinions are mine, except retweets, that are those of others. Retweets r not endorsements. Area: Florida, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story 80 Event Timeline See more notification(s) Recent notifications from ongoing event 07.05.2016 at 09:46 PM EDT Florida, United States The victim was burned from her face to her upper thighs, according to the fire department. @abcactionnews @StPetePD RPR Marisela Burgos @MBurgosNews VIEW ALERT 07.05.2016 at 09:39 PM EDT Florida, United States 37yo John Riggins.@StPetePD officers say he set girlfriend on Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. fire then fled home. Has previous arson charges pic.twitter.com/NV146497Jf CTR Crystal Clark @1crystalclark VIEW ALERT 07.05.2016 at 08:47 PM EDT Florida, United States #BREAKING: @StPetePD seeking John Riggins for setting his Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. girlfriend on fire. on.wtsp.com/29oWfjX pic.twitter.com/NhZQ0Ug9tb LN 10News WTSP @10NewsWTSP VIEW ALERT 07.05.2016 at 08:45 PM EDT Florida, United States #BREAKING - @StPetePD say Riggins is 6-03, has low cut hair, and has tattoos on his arms - probable cause for attempted murder @WFLA CTR Paul Michael Mueller @WFLAPaulM VIEW ALERT 07.05.2016 at 08:43 PM EDT Florida, United States #BREAKING @StPetePD: Searching area of 24th Ave S. for John Riggins, accused of pouring gas on girlfriend/setting her on fire #WTSP RPR Kendra Conlon @KendraWTSP VIEW ALERT 81 Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 82 From: Sent: To: Subject: Dataminr Urgent Tuesday, July 05, 2016 7:28 PM tracy.frederickson@jric.org BREAKING: Now at least FOURTEEN heroin ODs reported in Akron since this afternoon. Afraid the number will continue to grow. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.05.2016 at 10:24 PM EDT Ohio, United States RPR BREAKING: Now at least FOURTEEN heroin ODs reported in Akron since this afternoon. Afraid the number will continue to grow. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Homa Bash @HomaBash SOURCE VERIFICATION & EVENT AREA: Account Created: 01.18.2010 Tweets 14,121 Followers 4,290 Reporter @WEWS Channel 5. Arkansas/Northwestern grad. Oklahoma girl. Lover of books & animals, Dr. Pepper & sunsets. Opinions are my own ;) Homa.Bash@wews.com Area: Ohio, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Narcotics Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 83 Dataminr is a real?time information discovery company. 84 From: Sent: To: Subject: Dataminr Urgent Tuesday, July 05, 2016 6:11 PM tracy.frederickson@jric.org #breaking .@WPLGLocal10 .@Uber driver busted while delivering cocaine in Coconut Grove. detectives tell me he's armed w/gun. .@MiamiPD Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.05.2016 at 09:07 PM EDT Florida, United States RPR #breaking .@WPLGLocal10 .@Uber driver busted while delivering cocaine in Coconut Grove. detectives tell me he's armed w/gun. .@MiamiPD Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Michael Seiden @SeidenLocal10 SOURCE VERIFICATION & EVENT AREA: Account Created: 09.03.2011 Tweets 5,473 Followers 2,676 Reporter for WPLG (ABC) in Miami, FL. Avid sports fan, aspiring foodie, husband and proud father of 2 pups-Cannoli and Cooper. Area: Florida, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Transportation - Traffic and Roadways, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 85 Dataminr is a real?time information discovery company. 86 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 6:03 PM tracy.frederickson@jric.org Power is out all over Saint Paul. No stop lights or street lights and everyone has gone ferrel. It's like mad max out here. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 08:58 PM EDT Minnesota, United States CTR Power is out all over Saint Paul. No stop lights or street lights and everyone has gone ferrel. It's like mad max out here. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download david spade's #1 fan @sir_mattpeters SOURCE VERIFICATION & EVENT AREA: Account Created: 06.28.2009 Tweets 26,779 Followers 618 I eat burritos Area: Minnesota, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 07.05.2016 at 08:51 PM EDT 87 Minnesota, United States A part of Stinson Ave. just north of Lowry Ave. in NE Mpls is closed. @PioneerPress #mnwx pic.twitter.com/jwatINPGtZ RPR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Nick Ferraro @NFerraroPiPress VIEW ALERT 07.05.2016 at 08:42 PM EDT Minnesota, United States Yikes. Flooding at 18th and Monroe in NE via @arianabk1 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/USadxDZKTc CTR zǝq @AdamBez VIEW ALERT 07.05.2016 at 08:15 PM EDT Minnesota, United States breakingweather: Numerous reports of street flooding around Minneapolis tonight. MT buginmyeye: MinneapolisFire #… Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/YaOYFJme0z CTR AOA WEATHER BLOG @AOAWEATHER VIEW ALERT 07.05.2016 at 08:01 PM EDT Minnesota, United States Scenes from a flooded University Avenue in Fridley, by Jill Burcum. Trees down, power out. strib.mn/29gvu2n Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/Hys4BimBWx LN Star Tribune @StarTribune VIEW ALERT 07.05.2016 at 07:59 PM EDT Minnesota, United States My daughter is trying to make her way to DT St. Paul for Adele concert and reports difficult time getting anywhere. #flooding CTR Brian Quarstad @IMSoccerNews VIEW ALERT Topics: Infrastructure - Utilities Right-click here to download pictures. To 88 Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 89 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 4:32 PM tracy.frederickson@jric.org Trees down in our neighborhood. Power is out, streets flooding. @wcco https://t.co/4oU4HVU1Ve Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 07:29 PM EDT Minnesota, United States CTR Trees down in our neighborhood. Power is out, streets flooding. @wcco pic.twitter.com/4oU4HVU1Ve Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Melissa Martz @melissakmartz Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 03.24.2009 Tweets 8,966 Followers 751 Wife North Dakota native @WCCO Photojournalist Dogs, sports, weather & wide open spaces http://disclaimify.com Area: Minnesota, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 90 07.05.2016 at 06:59 PM EDT Minnesota, United States Power out, some branches down in Golden Valley @kare11 @LauraBetker CTR JA @JAngaran VIEW ALERT Urgent 07.05.2016 at 06:53 PM EDT Minnesota, United States @kare11 @kare11wx being evacuated to lower level ofTarget Field CTR Deb @dam_326 VIEW ALERT 07.05.2016 at 06:53 PM EDT Minnesota, United States Big storm at #TargetField right now. Raining sideways! Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/SS0CC308I7 CTR Chris T. @TweeterAudioGuy VIEW ALERT Topics: Disasters and Weather - Natural Disasters Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 91 From: Sent: To: Subject: Dataminr Urgent Tuesday, July 05, 2016 3:50 PM tracy.frederickson@jric.org Full statement from Jared Kushner in response to this Observer article: https://t.co/GwAFkImdkm https://t.co/aX8UAqhgKr Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.05.2016 at 06:44 PM EDT New York, United States Full statement from Jared Kushner in response to this Observer article: observer.com/2016/07/an-ope… pic.twitter.com/aX8UAqhgKr Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Shushannah Walshe @shushwalshe Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 07.01.2009 Tweets 20,846 Followers 10,827 Deputy Political Director for ABC News and Co-Author of Sarah From Alaska RTs are not endorsements. Area: New York, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Politics and International Affairs - U.S. Politics Right-click here to download pictures. To 92 RPR Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 93 From: Sent: To: Subject: Dataminr Urgent Tuesday, July 05, 2016 3:13 PM tracy.frederickson@jric.org #BREAKING: Boston Grand Prix files for bankruptcy - after Boston Indy Car fiasco. Boston Grand Prix owes ticket holders $1.7 million #wcvb Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.05.2016 at 06:07 PM EDT Massachusetts, United States RPR #BREAKING: Boston Grand Prix files for bankruptcy after Boston Indy Car fiasco. Boston Grand Prix owes ticket holders $1.7 million #wcvb #BREAKING: Boston Grand Prix files for bankruptcy - after Boston Indy Car fiasco. Boston Grand Prix owes ticket holders $1.7 million #wcvb Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Karen Anderson @karenreports SOURCE VERIFICATION & EVENT AREA: Account Created: 03.09.2009 Tweets 6,240 Followers 7,797 Reporter for #5Investigates and WCVB. Boston sports fan. Opinions, links are my own. RTs ≠ endorsements Area: Massachusetts, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Business and Economics - Financial Markets Right-click here to download pictures. To 94 Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 95 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 2:54 PM tracy.frederickson@jric.org #BREAKING Paulding EMS tells @FOX5Atlanta 2 to 3 people shot in the Pine Valley Subdivision location of gunman unknown @fox5atl Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 05:52 PM EDT Georgia, United States LN #BREAKING Paulding EMS tells @FOX5Atlanta 2 to 3 people shot in the Pine Valley Subdivision location of gunman unknown @fox5atl Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download FOX 5 Atlanta @FOX5Atlanta SOURCE VERIFICATION & EVENT AREA: Account Created: 12.03.2008 Tweets 151,670 Followers 253,810 More local news than any other station in the Atlanta area. Home to @GoodDayAtlanta @FOX5StormTeam @FOX5Sports @SKYFOXTraffic and more! #fox5atl Area: Georgia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 96 07.05.2016 at 05:46 PM EDT Georgia, United States #BREAKING: Multiple people shot on Pine Valley Rd in Paulding County. Officials say suspect fired on officers, no officers injured. LN FOX 5 Atlanta @FOX5Atlanta VIEW ALERT 07.05.2016 at 05:34 PM EDT Georgia, United States @Jonathandrews89 Shooter at 55 Pine Valley Drive off Pine Valley Rd, Powder Springs. Male Victim in backyard. Female victim at 65 P.V. Dr. CTR Eric Truitt @TheEricTruitt VIEW ALERT 07.05.2016 at 05:34 PM EDT Georgia, United States Neighborhood being evacuated in Paulding Co. due to shooter, sources say -- We have a crew heading to the scene: 2wsb.tv/29mmCFI LN WSB-TV @wsbtv VIEW ALERT 07.05.2016 at 05:31 PM EDT Georgia, United States I just saw on the news that someone had shot a good bit off people and is shooting at cops off pine valley Rd @hunter_pair CTR Robert Williams @rob_willix VIEW ALERT 07.05.2016 at 05:26 PM EDT Georgia, United States Everyone please be safe! There are 2 shooters on pine valley rd.. CTR ≪Julie Wolfe≫ @juliewolfe33 VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 97 Dataminr is a real?time information discovery company. 98 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 2:23 PM tracy.frederickson@jric.org @WSBTVNewsdesk Active Shooting in Paulding County at a residence. Multiple Caualties reported over scanner. Shooter is shooting at PCSO Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 05:17 PM EDT Georgia, United States CTR @WSBTVNewsdesk Active Shooting in Paulding County at a residence. Multiple Caualties reported over scanner. Shooter is shooting at PCSO Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Eric Truitt @TheEricTruitt SOURCE VERIFICATION & EVENT AREA: Account Created: 06.21.2011 Tweets 20 Followers 13 Area: Georgia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event Urgent 07.05.2016 at 05:01 PM EDT 99 Georgia, United States Sitting at an intersection and just saw 23 cop cars and 3 K-9 units come from 3 directions all rushing to one place ๜ ྀ CTR sav @sxvxnnvh VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 100 From: Sent: To: Subject: Dataminr Urgent Tuesday, July 05, 2016 2:22 PM tracy.frederickson@jric.org #BREAKING: Coroner: Man shot by BRPD multiple times to chest and back >> https://t.co/xqNvbUzG8c Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.05.2016 at 05:09 PM EDT Louisiana, United States LN #BREAKING: Coroner: Man shot by BRPD multiple times to chest and back >> bit.ly/29hmkPB Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download WAFB @WAFB SOURCE VERIFICATION & EVENT AREA: Account Created: 04.29.2008 Tweets 67,893 Followers 98,983 WAFB Channel 9 in Baton Rouge IS Louisiana's News Channel. #1 news, weather and sports station in south Louisiana. Area: Louisiana, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Legal Action, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 101 102 From: Sent: To: Subject: Dataminr Urgent Tuesday, July 05, 2016 1:13 PM tracy.frederickson@jric.org There's a guy standing in the middle of route 11 with a gun.. Everyone heading towards Calcutta, route 11 is now closed.. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.05.2016 at 04:05 PM EDT Ohio, United States CTR There's a guy standing in the middle of route 11 with a gun.. Everyone heading towards Calcutta, route 11 is now closed.. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Kass @KassChestnut SOURCE VERIFICATION & EVENT AREA: Account Created: 01.05.2012 Tweets 28,577 Followers 1,027 @HimesZackary ❤ Area: Ohio, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Transportation - Traffic and Roadways, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 103 Dataminr is a real?time information discovery company. 104 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 9:40 AM tracy.frederickson@jric.org @EDVAnews: Former Army National Guard member arrested for attempting to provide material support to ISIL. @FBIWFO https://t.co/ACV6zJjV8b Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 12:31 PM EDT Virginia, United States GOV Former Army National Guard member arrested for attempting to provide material support to ISIL. @FBIWFO go.usa.gov/x3GTA Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download U.S. Attorney EDVA @EDVAnews SOURCE VERIFICATION & EVENT AREA: Account Created: 03.03.2010 Tweets 608 Followers 2,577 Led by U.S. Attorney Dana J. Boente. 120+ prosecutors, civil litigators in Alexandria, Richmond, Norfolk, Newport News. (Privacy Info: http://go.usa.gov/pVyG) Area: Virginia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 105 Urgent 07.05.2016 at 11:49 AM EDT Virginia, United States Former National Guardsman accused of plotting a domestic terror attack wapo.st/29fPAtK RPR Rachel Weiner @rachelweinerwp VIEW ALERT Topics: Crime - Legal Action, Conflicts and Violence Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 106 From: Sent: To: Subject: Dataminr Urgent Tuesday, July 05, 2016 9:06 AM tracy.frederickson@jric.org Former National Guardsman accused of plotting a domestic terror attack https://t.co/pabd6np3eG Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.05.2016 at 11:49 AM EDT Virginia, United States RPR Former National Guardsman accused of plotting a domestic terror attack wapo.st/29fPAtK Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Rachel Weiner @rachelweinerwp SOURCE VERIFICATION & EVENT AREA: Account Created: 08.12.2008 Tweets 9,550 Followers 9,766 Washington Post reporter, EDVA and Arlington/Alexandria cops and courts. rachel.weiner@washpost.com Area: Virginia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Legal Action, Conflicts and Violence Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 107 108 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 8:16 AM tracy.frederickson@jric.org Comey: No reasonable prosecutor would bring such a case Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 11:15 AM EDT District of Columbia, United States RPR Comey: No reasonable prosecutor would bring such a case Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Emily Stephenson @ewstephe SOURCE VERIFICATION & EVENT AREA: Account Created: 01.11.2009 Tweets 12,115 Followers 2,745 Reuters in Washington. Tar Heel, dancer, cardigan enthusiast. Make your free throws. Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event Urgent Update 07.05.2016 at 11:14 AM EDT District of Columbia, United States FBI: it is possible that "hostile actors" gained access to Clinton's email account 109 RPR Jamie Dupree @jamiedupree VIEW ALERT 07.05.2016 at 11:11 AM EDT District of Columbia, United States No clear evidence that Clinton intended to violate laws, but she and her team were "extremely careless" in handling classified info - Comey RPR Kyle Feldscher @Kyle_Feldscher VIEW ALERT 07.05.2016 at 11:11 AM EDT District of Columbia, United States No clear evidence that Clinton or others intended to violate law, but is evident they were "extremely careless" in handling classified info RPR Michael Tackett @tackettdc VIEW ALERT 07.05.2016 at 11:11 AM EDT District of Columbia, United States #BREAKING #FBI: reasonable confidence there was no intentional misconduct w/email sorting by lawyers investigating #HillaryClinton. RPR Kyla Campbell @KylaCampbellDC VIEW ALERT 07.05.2016 at 11:08 AM EDT District of Columbia, United States #FBI Director Comey: no evidence any additional work related emails were intentionally deleted @cbschicago RPR Lionel Moise @LionelMoise VIEW ALERT Topics: Crime - Legal Action, Cybersecurity, Politics and International Affairs - U.S. Politics Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 110 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 8:16 AM tracy.frederickson@jric.org FBI: it is possible that "hostile actors" gained access to Clinton's email account Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 11:14 AM EDT District of Columbia, United States RPR FBI: it is possible that "hostile actors" gained access to Clinton's email account Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Jamie Dupree @jamiedupree SOURCE VERIFICATION & EVENT AREA: Account Created: 03.31.2009 Tweets 32,889 Followers 115,451 Jamie Dupree is a reporter for Cox Radio, covering Congress, DC and the elections for WSB Atlanta, WDBO Orlando, WOKV Jacksonville, WHIO Dayton & KRMG Tulsa. Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 07.05.2016 at 11:11 AM EDT District of Columbia, United States 111 No clear evidence that Clinton intended to violate laws, but she and her team were "extremely careless" in handling classified info - Comey RPR Kyle Feldscher @Kyle_Feldscher VIEW ALERT 07.05.2016 at 11:11 AM EDT District of Columbia, United States No clear evidence that Clinton or others intended to violate law, but is evident they were "extremely careless" in handling classified info RPR Michael Tackett @tackettdc VIEW ALERT 07.05.2016 at 11:11 AM EDT District of Columbia, United States #BREAKING #FBI: reasonable confidence there was no intentional misconduct w/email sorting by lawyers investigating #HillaryClinton. RPR Kyla Campbell @KylaCampbellDC VIEW ALERT 07.05.2016 at 11:08 AM EDT District of Columbia, United States #FBI Director Comey: no evidence any additional work related emails were intentionally deleted @cbschicago RPR Lionel Moise @LionelMoise VIEW ALERT 07.05.2016 at 11:08 AM EDT District of Columbia, United States Comey: 3 emails not among those handed over by #HillaryClinton were classified. RPR Jon Williams @WilliamsJon VIEW ALERT Topics: Crime - Legal Action, Cybersecurity, Politics and International Affairs - U.S. Politics Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 112 From: Sent: To: Subject: Dataminr Urgent Update Tuesday, July 05, 2016 8:09 AM tracy.frederickson@jric.org Of 30,000 Clinton emails, 8 were top secret at the time they were sent, Comey says. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.05.2016 at 11:07 AM EDT District of Columbia, United States RPR Of 30,000 Clinton emails, 8 were top secret at the time they were sent, Comey says. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Gabriel Debenedetti @gdebenedetti SOURCE VERIFICATION & EVENT AREA: Account Created: 12.25.2010 Tweets 21,256 Followers 18,712 National political reporter for @politico, covering 2016's Democrats. gdebenedetti@politico.com Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event Urgent 07.05.2016 at 11:06 AM EDT District of Columbia, United States 113 Comey says 110 emails in 52 chains had classified info at the time Clinton sent them RPR Michael McAuliff @mmcauliff VIEW ALERT Topics: Crime - Legal Action, Cybersecurity, Politics and International Affairs - U.S. Politics Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 114 From: Sent: To: Subject: Dataminr Urgent Tuesday, July 05, 2016 8:08 AM tracy.frederickson@jric.org Comey says 110 emails in 52 chains had classified info at the time Clinton sent them Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.05.2016 at 11:06 AM EDT District of Columbia, United States RPR Comey says 110 emails in 52 chains had classified info at the time Clinton sent them Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Michael McAuliff @mmcauliff SOURCE VERIFICATION & EVENT AREA: Account Created: 09.21.2009 Tweets 18,570 Followers 4,888 Senior Congressional reporter for the Huffington Post, and Brooklyn expatriate. Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Legal Action, Cybersecurity, Politics and International Affairs - U.S. Politics Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 115 From: Sent: To: Subject: Dataminr Urgent Tuesday, July 05, 2016 6:52 AM tracy.frederickson@jric.org BREAKING: #RiceTrial, Lt. Brian Rice opts for a bench trial not a jury trial. Following lead of Ofc. Nero and Goodson Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.05.2016 at 09:46 AM EDT Maryland, United States RPR BREAKING: #RiceTrial, Lt. Brian Rice opts for a bench trial not a jury trial. Following lead of Ofc. Nero and Goodson Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Robert Lang @Reporterroblang SOURCE VERIFICATION & EVENT AREA: Account Created: 08.20.2009 Tweets 38,518 Followers 5,064 I'm a reporter and anchor at WBAL-AM with 30 years of experience in radio and television news. Retweets are not endorsements. Opinions are my own. Area: Maryland, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Legal Action Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 116 Dataminr is a real?time information discovery company. 117 From: Sent: To: Subject: Dataminr Urgent Monday, July 04, 2016 10:47 PM tracy.frederickson@jric.org Shooting investigation near 43rd Ave. & Southern. Phoenix Fire telling us there may be up to 6 patients. #newsalert Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.05.2016 at 01:45 AM EDT Arizona, United States CTR Shooting investigation near 43rd Ave. & Southern. Phoenix Fire telling us there may be up to 6 patients. #newsalert Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Juliana Marie @JMarie731 SOURCE VERIFICATION & EVENT AREA: Account Created: 03.06.2009 Tweets 1,392 Followers 706 I'm a news producer for FOX 10 in Phoenix, AZ. I wear many hats including mommy, news junkie & taco expert. And my heart will always be with my UA Wildcats! Area: Arizona, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 118 Dataminr is a real?time information discovery company. 119 From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 8:19 PM tracy.frederickson@jric.org American says nothing suspicious was found on the plane. That info came from an early report from another source. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 11:16 PM EDT Illinois, United States RPR American says nothing suspicious was found on the plane. That info came from an early report from another source. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Sam Unger @SamUngerWGN SOURCE VERIFICATION & EVENT AREA: Account Created: 03.22.2011 Tweets 15,559 Followers 3,583 News Assignment Editor at WGN-TV Area: Illinois, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 07.04.2016 at 10:56 PM EDT 120 Illinois, United States It's not clear what type of threat was received. The flight landed safely & passengers deplaned at the gate before police boarded the flight RPR Sam Unger @SamUngerWGN VIEW ALERT Urgent Update 07.04.2016 at 10:55 PM EDT Illinois, United States #BREAKING - American Airlines flight 91 from Heathrow is being searched by law enforcement at O'Hare due to threat Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/jDZWMIOODn RPR Sam Unger @SamUngerWGN VIEW ALERT 07.04.2016 at 09:21 PM EDT Illinois, United States @aliyumei310 there are even more police vehicles now Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/xOhDKJkdB1 CTR Jackie✨ @lllunacy_ VIEW ALERT Urgent 07.04.2016 at 09:14 PM EDT Illinois, United States @AmericanAir what's going on at ORD??? Lots of police/emergency vehicles surrounding a plane, no explanation Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/yiagwmSmIc CTR Jackie✨ @lllunacy_ VIEW ALERT Topics: Threats and Precautions, Transportation - Aviation Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 121 From: Sent: To: Subject: Dataminr Urgent Monday, July 04, 2016 8:09 PM tracy.frederickson@jric.org BREAKING NEWS... We're hearing as many as four people shot at 7th and Liberty downtown. Report gunman on loose. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.04.2016 at 10:53 PM EDT Pennsylvania, United States RPR BREAKING NEWS... We're hearing as many as four people shot at 7th and Liberty downtown. Report gunman on loose. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Amy Wadas @AmyWadas SOURCE VERIFICATION & EVENT AREA: Account Created: 05.25.2009 Tweets 6,219 Followers 2,090 Reporter @CBSPittsburgh. Formerly @WCPO, @WTRF7News, @Examinercom. Passionate about new media & future of journalism. Dreams big. Area: Pennsylvania, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 122 Dataminr is a real?time information discovery company. 123 From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 8:03 PM tracy.frederickson@jric.org #BREAKING - American Airlines flight 91 from Heathrow is being searched by law enforcement at O'Hare due to threat https://t.co/jDZWMIOODn Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 10:55 PM EDT Illinois, United States RPR #BREAKING - American Airlines flight 91 from Heathrow is being searched by law enforcement at O'Hare due to threat pic.twitter.com/jDZWMIOODn Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Sam Unger @SamUngerWGN Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 03.22.2011 Tweets 15,558 Followers 3,582 News Assignment Editor at WGN-TV Area: Illinois, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 124 at 10:56 PM EDT Illinois, United States It's not clear what type of threat was received. The flight landed safely & passengers deplaned at the gate before police boarded the flight RPR Sam Unger @SamUngerWGN VIEW ALERT 07.04.2016 at 09:21 PM EDT @aliyumei310 there are even more police vehicles now Illinois, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/xOhDKJkdB1 CTR Jackie✨ @lllunacy_ VIEW ALERT Urgent 07.04.2016 at 09:14 PM EDT @AmericanAir what's going on at ORD??? Lots of Illinois, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. police/emergency vehicles surrounding a plane, no explanation pic.twitter.com/yiagwmSmIc CTR Jackie✨ @lllunacy_ VIEW ALERT Topics: Transportation - Aviation, Crime - Criminal Activity Right-click here to download pictures. To Adjust topic importance by opening settings Dataminr is a real-time information discovery company. Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 8:00 PM tracy.frederickson@jric.org @MiamiPD: MiamiPD is working a scene @bayside where shots were fired w/ NO gunshot injuries as of now. We have a subject detained + a found firearm. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 10:55 PM EDT Florida, United States ER MiamiPD is working a scene @bayside where shots were fired w/ NO gunshot injuries as of now. We have a subject detained + a found firearm. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Miami PD @MiamiPD SOURCE VERIFICATION & EVENT AREA: Account Created: 08.27.2013 Tweets 1,658 Followers 8,624 Official account of the Miami Police Department Account is NOT monitored 24/7 For Emergencies call 911 Terms of Use: http://goo.gl/eObLVf Area: Florida, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 126 at 10:47 PM EDT Florida, United States UPDATE - Suspect reported in custody in Miami Bayside fireworks shooting. No confirmation on 2 wounded https://t.co/dev0lKqKLm RPR BreakingNewzman @BreakingNewzman VIEW ALERT 07.04.2016 at 10:47 PM EDT Florida, United States Miami Bayside Shooting....may not be resolved, scanner traffic indicates police still looking 4 shooter CTR Ross McLean @RossMcleanSec VIEW ALERT 07.04.2016 at 10:34 PM EDT Florida, United States Damn 5 people just got shot at Bayside, y'all be careful out there CTR BossZoeKingVersace @infamous_bossA1 VIEW ALERT Urgent Update 07.04.2016 at 10:31 PM EDT Florida, United States per Miami PD - shots fired in or around bayside - one person in custody - not clear if anybody was wounded. details as they come in @wsvn RPR Craig Stevens @cstevenson7 VIEW ALERT 07.04.2016 at 10:22 PM EDT This woman needed medical attention after thousands of people Florida, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. ran out of Bayside after hearing gunfire: pic.twitter.com/3CQmZsZ4Cs CTR Victor Oquendo @VictorLocal10 VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Adjust topic importance by opening settings Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Dataminr is a real?time information discovery company. 128 From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 7:39 PM tracy.frederickson@jric.org Fire on second barge... Responders handling situation... https://t.co/1uI3hyKRI8 Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 10:34 PM EDT Massachusetts, United States CTR Fire on second barge... Responders handling situation... twitter.com/frankmandocm/s… Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Plymouth Police Dept @Plymouth_Police SOURCE VERIFICATION & EVENT AREA: Account Created: 06.18.2016 Tweets 90 Followers 495 The Official twitter account of the Plymouth Mass Police Dept. Not Monitored 24/7. Dial 911 for emergencies. Area: Massachusetts, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 07.04.2016 at 10:29 PM EDT Plymouth, United Kingdom 129 Receiving reports of a second fire, on the second fireworks barge, Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. in Plymouth harbor tonight. pic.twitter.com/c4igRV8ecr CTR Frank Mand @frankmandOCM VIEW ALERT 07.04.2016 at 10:10 PM EDT Massachusetts, United States VIDEO: All the fireworks in Plymouth appear to have exploded at Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. once (Courtesy: Rob Moreau) #fox25 pic.twitter.com/fn5psqxK78 CTR Mike Saccone @mikesacconetv VIEW ALERT 07.04.2016 at 10:09 PM EDT Massachusetts, United States @WCVB Plymouth fireworks fail pic.twitter.com/xz1whuQSkH CTR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. KP @07FJR VIEW ALERT 07.04.2016 at 10:08 PM EDT Massachusetts, United States The Plymouth fireworks barge had a misfire and they all went off Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/ca1g51WdSn CTR John @J_Griff97 VIEW ALERT Urgent Update 07.04.2016 at 10:06 PM EDT Massachusetts, United States When the barge explodes and catches on fire Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/qiZQshIvvP CTR carley @tRYANtoohard VIEW ALERT Topics: Transportation - Maritime, Disasters and Weather - Structure Fires and Collapses Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 130 From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 7:36 PM tracy.frederickson@jric.org per Miami PD - shots fired in or around bayside - one person in custody - not clear if anybody was wounded. details as they come in @wsvn Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 10:31 PM EDT Florida, United States RPR per Miami PD - shots fired in or around bayside - one person in custody - not clear if anybody was wounded. details as they come in @wsvn Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Craig Stevens @cstevenson7 SOURCE VERIFICATION & EVENT AREA: Account Created: 07.29.2009 Tweets 5,255 Followers 6,613 Anchor 7NEWS 5, 6, 10 & 11pm weeknights at South Florida's FOX affiliate @WSVN. News. Tidbits & Musings. Tell me what YOU think. Area: Florida, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 131 at 10:22 PM EDT Florida, United States This woman needed medical attention after thousands of people ran out of Bayside after hearing gunfire: Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/3CQmZsZ4Cs CTR Victor Oquendo @VictorLocal10 VIEW ALERT 07.04.2016 at 10:20 PM EDT Florida, United States The beginning of the Bayside Shooting. pic.twitter.com/r1cY0sKD6u CTR Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Micheal Antonio @Ghastly_Spec VIEW ALERT Urgent Update 07.04.2016 at 10:20 PM EDT Florida, United States Miami Police confirm gunfire at Bayside, nobody hit. More on this breaking story tonight at 11. LN WPLG Local 10 News @WPLGLocal10 VIEW ALERT 07.04.2016 at 10:16 PM EDT Florida, United States #BREAKING: #Bayside Marketplace in downtown #Miami being evacuated for unknown situation per police. RPR Darcy Tannebaum @dt007 VIEW ALERT 07.04.2016 at 10:11 PM EDT Florida, United States I'm at bayside wit the fam tryna watch fireworks and 2 dudes pull out guns CTR AndrewRamsammy @AndrewRamsammy_ VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Adjust topic importance by opening settings Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Dataminr is a real?time information discovery company. 133 From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 7:23 PM tracy.frederickson@jric.org Miami Police confirm gunfire at Bayside, nobody hit. More on this breaking story tonight at 11. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 10:20 PM EDT Florida, United States LN Miami Police confirm gunfire at Bayside, nobody hit. More on this breaking story tonight at 11. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download WPLG Local 10 News @WPLGLocal10 SOURCE VERIFICATION & EVENT AREA: Account Created: 01.07.2009 Tweets 96,944 Followers 120,704 South Florida News, Weather, Entertainment, Sports from WPLG Local 10 Follow us on Instagram: http://instagram.com/loca... Area: Florida, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 07.04.2016 at 10:16 PM EDT Florida, United States 134 #BREAKING: #Bayside Marketplace in downtown #Miami being evacuated for unknown situation per police. RPR Darcy Tannebaum @dt007 VIEW ALERT 07.04.2016 at 10:11 PM EDT Florida, United States I'm at bayside wit the fam tryna watch fireworks and 2 dudes pull out guns CTR AndrewRamsammy @AndrewRamsammy_ VIEW ALERT 07.04.2016 at 10:08 PM EDT Florida, United States Apparently there's two active shooters in bayside.. people running everywhere, cops everywhere. WTF CTR ❀ izzy ❀ @isnavysperez VIEW ALERT 07.04.2016 at 10:07 PM EDT Florida, United States Holy shit shooting at bayside in front of the Hard Rock Cafe CTR ☽ @StephyRawCuh VIEW ALERT 07.04.2016 at 10:05 PM EDT Florida, United States Shooter at bayside holy shit I was right there when it happen holy fuck CTR Carlos™ @_PapiLightskin VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 135 From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 7:09 PM tracy.frederickson@jric.org Plymouth MA: Update- sounds like all members of the barge evacuated via the pontoon boat. Notifications to MSP & State Fire Marshall req Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 10:04 PM EDT Massachusetts, United States CTR Plymouth MA: Update- sounds like all members of the barge evacuated via the pontoon boat. Notifications to MSP & State Fire Marshall req Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Mike @NEFirebuff SOURCE VERIFICATION & EVENT AREA: Account Created: 08.21.2010 Tweets 95,680 Followers 8,465 #Newsjunkie. freelance photographer, Boston area #traffic guru Area: Massachusetts, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event Urgent Update 07.04.2016 at 09:57 PM EDT 136 Massachusetts, United States Reports out of Plymouth that all the fireworks exploded at once. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Photo courtesy: Julia Nittler @NBC10 pic.twitter.com/M6XKcm1mPp CTR Matt Reed @MattReedNews VIEW ALERT 07.04.2016 at 09:47 PM EDT Massachusetts, United States When there's a fire on the barge with fireworks in Plymouth Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Harbor... pic.twitter.com/1MCAzx08Xy CTR Matt @Mattymank123 VIEW ALERT 07.04.2016 at 09:46 PM EDT Massachusetts, United States @mjd877 big explosion of firwworks, looks like fire dept put it down. Scary. CTR Mike D. @mjd877 VIEW ALERT 07.04.2016 at 09:45 PM EDT Massachusetts, United States The dock is on fire and they are spraying it with water. Scary CTR Dylan DeBruyn @De_Bruynz VIEW ALERT 07.04.2016 at 09:43 PM EDT Massachusetts, United States Fire on the barge at the Plymouth fireworks. Yikes. CTR Stephanie Hack @brightesteyes VIEW ALERT Topics: Disasters and Weather - Structure Fires and Collapses Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 137 138 From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 7:05 PM tracy.frederickson@jric.org Reports out of Plymouth that all the fireworks exploded at once. Photo courtesy: Julia Nittler @NBC10 https://t.co/M6XKcm1mPp Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 09:57 PM EDT Massachusetts, United States CTR Reports out of Plymouth that all the fireworks exploded at once. Photo courtesy: Julia Nittler @NBC10 pic.twitter.com/M6XKcm1mPp Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Matt Reed @MattReedNews Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 06.04.2011 Tweets 5,023 Followers 1,601 Reporter @NBC10 • Former @Baylor Adjunct • @univmiami & @COMatBU alumnus • Personal Account • News Tweets: @NBC10_Matt Area: Massachusetts, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline 139 Recent notifications from ongoing event 07.04.2016 at 09:47 PM EDT Massachusetts, United States When there's a fire on the barge with fireworks in Plymouth Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Harbor... pic.twitter.com/1MCAzx08Xy CTR Matt @Mattymank123 VIEW ALERT 07.04.2016 at 09:46 PM EDT Massachusetts, United States @mjd877 big explosion of firwworks, looks like fire dept put it down. Scary. CTR Mike D. @mjd877 VIEW ALERT 07.04.2016 at 09:45 PM EDT Massachusetts, United States The dock is on fire and they are spraying it with water. Scary CTR Dylan DeBruyn @De_Bruynz VIEW ALERT 07.04.2016 at 09:43 PM EDT Massachusetts, United States Fire on the barge at the Plymouth fireworks. Yikes. CTR Stephanie Hack @brightesteyes VIEW ALERT Urgent 07.04.2016 at 09:27 PM EDT Massachusetts, United States I think the Plymouth fire works barge just blew up CTR Chris @C_Squared6 VIEW ALERT Topics: Disasters and Weather - Structure Fires and Collapses Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 140 Dataminr is a real?time information discovery company. 141 From: Sent: To: Subject: Dataminr Urgent Monday, July 04, 2016 6:56 PM tracy.frederickson@jric.org At Bayside in Miami and people are running and screaming and the police are everywhere???? Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.04.2016 at 09:51 PM EDT Florida, United States CTR At Bayside in Miami and people are running and screaming and the police are everywhere???? Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Matt Mayfield @_righteouskill_ SOURCE VERIFICATION & EVENT AREA: Account Created: 11.14.2015 Tweets 473 Followers 63 Hold Fast Piercing // Parade Of Flesh (if found please return to @TheRufflyOwl) Area: Florida, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 07.04.2016 at 09:53 PM EDT Florida, United States 142 Shooting at Bayside Miami RN #miami CTR Matt Mayfield @_righteouskill_ VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 143 From: Sent: To: Subject: Dataminr Urgent Monday, July 04, 2016 6:35 PM tracy.frederickson@jric.org @FOX13News Emergency crews for a Frontier Airplane at TIA https://t.co/cILF6ar0Tr Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.04.2016 at 09:24 PM EDT Florida, United States CTR @FOX13News Emergency crews for a Frontier Airplane at TIA pic.twitter.com/cILF6ar0Tr Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Andrew Nguyen @AndrewVunguyen Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 03.26.2012 Tweets 4,201 Followers 229 RN BSN. Ortho Trauma Nurse. DNP-FNP c/o 2019, FGCU. Area: Florida, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Transportation - Aviation Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 144 145 From: Sent: To: Subject: Dataminr Urgent Monday, July 04, 2016 6:17 PM tracy.frederickson@jric.org @AmericanAir what's going on at ORD??? Lots of police/emergency vehicles surrounding a plane, no explanation https://t.co/yiagwmSmIc Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.04.2016 at 09:14 PM EDT Illinois, United States CTR @AmericanAir what's going on at ORD??? Lots of police/emergency vehicles surrounding a plane, no explanation pic.twitter.com/yiagwmSmIc Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Jackie✨ @lllunacy_ Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 02.28.2010 Tweets 48,452 Followers 861 I'm a trust fund, baby, you can trust me. ♏ /♒ Area: Illinois, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Topics: Transportation - Aviation, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings 146 Dataminr is a real?time information discovery company. 147 From: Sent: To: Subject: Dataminr Urgent Monday, July 04, 2016 5:33 PM tracy.frederickson@jric.org @lacfd: @LACoScan It was reported at one of Space X facilities per dispatch. Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.04.2016 at 08:24 PM EDT California, United States ER @LACoScan It was reported at one of Space X facilities per dispatch. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download LAC Incident Alert @lacfd SOURCE VERIFICATION & EVENT AREA: Account Created: 06.10.2009 Tweets 17,430 Followers 24,418 Incident alerts in Los Angeles County (LACoFD Only). Owned & run by dedicated volunteers. **Not affiliated with, nor sanctioned by the LA County Fire Dept** Area: California, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 07.04.2016 at 08:24 PM EDT California, United States 148 *Commercial Bldg Fire* FS162 [Hawthorne] 3313 W Jack Northrop Ave. E161 O/S assuming "Hawthorne IC". Note corrected address. #LACoFD ER LAC Incident Alert @lacfd VIEW ALERT Topics: Business and Economics - Financial Markets, Transportation - Aviation, Disasters and Weather - Structure Fires and Collapses Right-click here to download pictures. To help protect y our priv ac Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 149 From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 4:44 PM tracy.frederickson@jric.org UPDATE: N. Chs police officer was struck in the abdomen in shooting. Suspect was shot by officers and transported to hospital #chsnews Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 07:38 PM EDT South Carolina, United States LN UPDATE: N. Chs police officer was struck in the abdomen in shooting. Suspect was shot by officers and transported to hospital #chsnews Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Live5News @Live5News SOURCE VERIFICATION & EVENT AREA: Account Created: 10.16.2008 Tweets 83,845 Followers 59,981 The Lowcountry's News Leader. Everywhere You Are. Area: South Carolina, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline See more notification(s) Recent notifications from ongoing event 07.04.2016 at 07:05 PM EDT 150 South Carolina, United States Scene of poss. @NCPD officer invol. shooting. waiting for details. Mult agencies on Waltham @ABCNews4 #chsnews #chs Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/xCxBEKKBY2 CTR Jason Tighe @jtighe08 VIEW ALERT 07.04.2016 at 06:59 PM EDT South Carolina, United States Video of the scene where officer was down. #chsnews Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/lenHXanLs2 RPR Hannah Moseley @HannahLive5 VIEW ALERT 07.04.2016 at 06:54 PM EDT South Carolina, United States Dozens of law enforcement lining Waltham Rd in North Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Charleston where an officer was shot. #chsnews @WCBD pic.twitter.com/YKh5LjgoLx CTR Travis Rice WCBD @traviscrice VIEW ALERT 07.04.2016 at 06:31 PM EDT South Carolina, United States **BREAKING** Report of officer down in N. Charleston. At least one outlet reporting bullet hit officer's vest. fb.me/6tM31feEc RPR Cody Alcorn @CodyAlcorn VIEW ALERT Urgent 07.04.2016 at 06:29 PM EDT South Carolina, United States BREAKING: Shots fired at officers in North Charleston - EMS responding abcnews4.com/news/crime-new… #chs LN ABC News 4 @ABCNews4 VIEW ALERT Topics: Transportation - Traffic and Roadways, Crime - Criminal Activity Right-click here to download pictures. To 151 Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 152 From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 4:30 PM tracy.frederickson@jric.org DC metro police have arrived with larger presence to scene of suspicious package in portable toilet near monument. https://t.co/wB3XEvXdhH Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 07:26 PM EDT District of Columbia, United States DC metro police have arrived with larger presence to scene of suspicious package in portable toilet near monument. pic.twitter.com/wB3XEvXdhH Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Van Applegate @VBagate Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 06.07.2008 Tweets 26,304 Followers 2,806 RT ≠ Endorsement. Photojournalist for @fox5dc. High frequency consumer of @DunkinDonuts. Potentially high volume of tweets during breaking news in the DC area. Area: District of Columbia, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline 153 RPR Recent notifications from ongoing event 07.04.2016 at 07:26 PM EDT District of Columbia, United States DC metro police have arrived with larger presence to scene of Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. suspicious package in portable toilet near monument. pic.twitter.com/wB3XEvXdhH RPR Van Applegate @VBagate VIEW ALERT 07.04.2016 at 07:25 PM EDT District of Columbia, United States Crime tape rolled out. More officers arriving to assist. Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. pic.twitter.com/QnGbZTdyHJ RPR David Culver @David_Culver VIEW ALERT Urgent 07.04.2016 at 07:23 PM EDT Virginia, United States JUST IN: Police on the #NationalMall setting up a perimeter to Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. search a set of portable toilets @nbcwashington pic.twitter.com/sOpmb0587N RPR David Culver @David_Culver VIEW ALERT Topics: Threats and Precautions, Infrastructure - Government, Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 154 From: Sent: To: Subject: Dataminr Urgent Update Monday, July 04, 2016 3:34 PM tracy.frederickson@jric.org Charleston County dispatch says call for officer down in North Charleston, off Waltham Rd. I'm headed to the scene. #chsnews Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent Update 07.04.2016 at 06:29 PM EDT South Carolina, United States RPR Charleston County dispatch says call for officer down in North Charleston, off Waltham Rd. I'm headed to the scene. #chsnews Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download Hannah Moseley @HannahLive5 SOURCE VERIFICATION & EVENT AREA: Account Created: 03.15.2011 Tweets 6,787 Followers 2,416 @live5news news reporter & anchor. Former @WLOX reporter. @uofsc grad. In love with the outdoors, living vicariously through myself. Area: South Carolina, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 155 Urgent 07.04.2016 at 06:29 PM EDT South Carolina, United States BREAKING: Shots fired at officers in North Charleston - EMS responding abcnews4.com/news/crime-new… #chs LN ABC News 4 @ABCNews4 VIEW ALERT Topics: Crime - Criminal Activity Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 156 From: Sent: To: Subject: Dataminr Urgent Monday, July 04, 2016 1:58 PM tracy.frederickson@jric.org Tornado went thru our town.. https://t.co/jyOWJvcUt5 Categories: YES-RESPONSIVE Right-click here to download pictures. To help protect y our priv acy , Outlo ok Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the In ternet. Urgent 07.04.2016 at 04:56 PM EDT Kentucky, United States CTR Tornado went thru our town.. pic.twitter.com/jyOWJvcUt5 Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download ༯࿋ୟ~Kells~❥❦❉ @KelliStiltner Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. SOURCE VERIFICATION & EVENT AREA: Account Created: 01.16.2015 Tweets 3,392 Followers 80 Dream without Fear.... Love without Limits! Love to Travel. TMK2❣ My heart and Love is the Beach.. Instagram @Kellistiltner FB @Kelli Webb Stiltner Area: Kentucky, United States Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. View Alert Track Story Event Timeline Recent notifications from ongoing event 07.04.2016 at 04:55 PM EDT Kentucky, United States 157 Tornado just came thru Louisa, heading towards Lincoln County! Right-click here to download pictures. To help protect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Tore up our Walmart, Hospital, and homes! pic.twitter.com/bewdo36XXF CTR ༯࿋ୟ~Kells~❥❦❉ @KelliStiltner VIEW ALERT Topics: Disasters and Weather - Natural Disasters Right-click here to download pictures. To Right-click here to download pictures. To help protect y our priv acy , Outlo ok prev ented auto matic download of this pictu re from the In ternet. Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 158 From: Sent: To: Subject: Tracy Frederickson Sunday, June 12, 2016 1:56 PM Kimber.Davis@jric.org Fwd: #Breaking Santa Monica Police confirm "Heavily Armed" man arrested is from Indiana. His name is James Howell. Follow Up Flag: Flag Status: Follow up Completed Categories: YES-RESPONSIVE Begin forwarded message: Resent-From: From: Dataminr Urgent Update Date: June 12, 2016 at 1:51:35 PM PDT To: Subject: #Breaking Santa Monica Police confirm "Heavily Armed" man arrested is from Indiana. His name is James Howell. Reply-To: Urgent Update 06.12.2016 at 04:44 PM EDT California, United States CTR #Breaking Santa Monica Police confirm "Heavily Armed" man arrested is from Indiana. His name is James Howell. Phil Sanchez @Phil_Sanchez SOURCE VERIFICATION & EVENT AREA: Account Created: 07.17.2009 Tweets 14,541 Followers 7,230 Anchor/Reporter @WISH_TV Indianapolis, IN Dad Baseball Fanatic Political Junkie Professional Storyteller Introvert at Heart #ProudAmerican Area: California, United States 159 View Alert Track Story Event Timeline See 2 more notification(s) Recent notifications from ongoing event Urgent Update 06.12.2016 at 02:09 PM EDT California, United States Developing: Evidence gathered at Santa Monica location where man was arrested with weapons before LA Pride. pic.twitter.com/6ALC08Go61 RPR Jeff Nguyen @jeffnguyen VIEW ALERT 06.12.2016 at 01:54 PM EDT California, United States We're ready to march! pic.twitter.com/vTR0SIt3aT ER LASD West Hollywood @WHDLASD VIEW ALERT 06.12.2016 at 01:09 PM EDT California, United States Scene in Santa Monica where suspect was arrested. Police say car was filled with weapons and explosives. pic.twitter.com/9Qxzlq1P9l RPR ★ Jennifer Wolfe ★ @TheeWolfe VIEW ALERT 06.12.2016 at 12:39 PM EDT California, United States @RobertFaturechi we are putting appropriate resources in place. The arrest was Santa Monica PD. The FBI is investigating CTR whd90c @90cwhd 160 VIEW ALERT 06.12.2016 at 12:32 PM EDT California, United States We're having a huge Pride parade here today. twitter.com/RobertFaturech… RPR Matt Pearce @mattdpearce VIEW ALERT Topics: Transportation - Traffic and Roadways, Crime - Criminal Activity, Conflicts and Violence Adjust topic importance by opening settings Dataminr is a real-time information discovery company. 161 From: Sent: To: Subject: SANS Institute Tuesday, May 10, 2016 12:17 PM Rouman Ebrahim SANS NewsBites Vol. 18 Num. 037 : FTC and FCC Launch Inquiries Into Mobile Device Update Issues; Misconfigured AV Scan Caused Medical Procedure Delay; Firefox 47 Ends Plugins Whitelist Categories: YES-RESPONSIVE -----BEGIN PGP SIGNED MESSAGE----Hash: SHA1 **************************************************************************** SANS NewsBites May 10, 2016 Vol. 18, Num. 037 **************************************************************************** TOP OF THE NEWS FTC and FCC Launch Inquiries Into Mobile Device Update Issues Misconfigured AV Scan Caused Medical Procedure Delay Firefox 47 Ends Plugins Whitelist THE REST OF THE WEEK'S NEWS Legislator Seeks Definition for Act of Cyberwar Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation Man Arrested for Breaking Into State Election Website Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies Virustotal Policy Change Equifax Website Data Breach Affects Kroger Employees FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center Bill Would Elevate CISO Position at US Dept. of Health and Human Services INTERNET STORM CENTER TECH CORNER ******************* Sponsored By Bracket AlienVault *********************** Trying to figure out where to start when it comes to Open Source Network Security Tools? Download a free beginner's guide to learn more: http://www.sans.org/info/185597 *************************************************************************** TRAINING UPDATE --SANS Baltimore Spring 2016 Baltimore, MD May 9-14 9 courses in IT security, cyber defense, incident handling, security management, and Windows forensics plus multiple SANS@Night talks. http://www.sans.org/u/gR7 --SANS Houston 2016 Houston, TX May 9-14 7 courses including the NEW Network Penetration Testing & Ethical Hacking course. http://www.sans.org/u/dzE --SANS Stockholm 2016 Stockholm, Sweden May 9-14 162 5 courses. SANS training in the Nordics, 5 courses including Mobile, Virtualisation, Defending Web Apps, and Reverse Engineering Malware. http://www.sans.org/u/ffh --Security Operations Center Summit & Training Crystal City, VA May 19-26, 2016 Sharing information to make cybersecurity work effectively. Two days of in-depth Summit talks, 4 SANS courses, networking, & more! http://www.sans.org/u/eQV --SANSFIRE 2016 Washington, DC June 11-18 Exclusive event powered by the Internet Storm Center 47 courses, bonus evening presentations, solutions expo, extraordinary networking opportunities, 2 nights of NetWars, industry receptions, and more! http://www.sans.org/u/gRr --DFIR Summit & Training Austin, TX June 23-30, 2016 DFIR Superheroes aren't born; they're made. Two days of indepth Summit talks, 9 SANS courses, DFIR Netwars, Night Out in Austin!, and @Night talks! http://www.sans.org/u/gBD --Can't travel? SANS offers LIVE online instruction. Day (Simulcast - http://www.sans.org/u/WF) and Evening (vLive - http://www.sans.org/u/WU) courses available! -- Multi-week Live SANS training Mentor - http://www.sans.org/u/X4 Contact mentor@sans.org --Looking for training in your own community? Community - http://www.sans.org/u/Xj --SANS OnDemand lets you train anytime, anywhere with four months of online access to your course. Learn more: http://www.sans.org/u/Xy Plus Prague, Berlin, Delhi, Vienna, and Portland all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/u/XI *************************************************************************** TOP OF THE NEWS --FTC and FCC Launch Inquiries Into Mobile Device Update Issues (May 9, 2016) The US Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have both launched inquiries into the patching of mobile devices. The inquiries are seeking information about how carriers and hardware vendors manage updates and patches. The inquiries were prompted by concerns that updates were not being made available quickly enough. http://www.zdnet.com/article/apple-google-face-questions-over-lingering-security-flaws/ http://www.theregister.co.uk/2016/05/09/fcc_ftc_android_updates/ http://www.computerworld.com/article/3067703/security/the-fcc-and-ftc-open-inquiries-into-smartphone-securityupdates.html [Editor's Note (Pescatore): This is a good example of the telecoms industry not being proactive and "self regulating." The root of the two inquiries is a good one - the carriers got into the business of essentially integrating software from multiple sources onto hardware (smart phones and tablets) and haven't seemed to define industry standard practices for keeping that all secure. Now there are multiple government agency investigation that will require generation of much paperwork and possible regulations that lead to higher levels of paperwork but not necessarily actual higher levels of security.] --Misconfigured AV Scan Caused Medical Procedure Delay (May 9, 2016) Improperly configured antivirus software caused a delay during a medical procedure, according to a US Food and Drug Administration (FDA) Adverse Event Report. A malware scan on a device that collects patient vital signs caused the monitor PC to lose communication with the client. http://www.theregister.co.uk/2016/05/09/malware_scan_stalled_misconfigured_med_software_midprocedure/ [Editor's Note (Assante): I had to flag this statement: "scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files". Please do tell how these certain files are bullet proof! I suspect it is more likely that the images and patient data files are changing so they are caught by the AV. Folder and file type exclusions have long been necessary in ICS deployments for the same reason. It is why AV solutions are certified by ICS suppliers with approved configurations to be implemented on ICS hosts. 163 (Pescatore): The FDA report points out that the AV function was set up against the instructions, so the root cause of the outage is admin error. The bigger issue: if whitelisting was in place on the device, the risk of operational interference can be moved out of operational windows. (Williams): Medical devices are notoriously sensitive in their implementations. When adding third party software (such as AV or whitelisting software) organizations must test extensively to ensure they won't cause inadvertent outages. Vulnerability scanning is also problematic for these devices. I generally recommend proactive net flow monitoring for life safety devices in lieu of periodic vulnerability scanning.] --Firefox 47 Ends Plugins Whitelist (May 6, 2016) In Firefox 47, Mozilla has ended white-listing for plugins, with the exception of Flash. Firefox 47 is currently in beta release and is scheduled to be moved to the stable channel on June 7, 2016. Mozilla plans to end support for Flash with Firefox 53, which is scheduled for release in 2017. http://www.theregister.co.uk/2016/05/06/firefox_47_beta_flash_not_blacklisted_yet/ ************************** SPONSORED LINKS ******************************** 1) Threat Advisor Free Download: Stop Ransomware Before It Starts: http://www.sans.org/info/185617 2) WEBCAST. May 10 @ 2pm ET. The Verizon Data Breach Investigations Report - A Defender's Perspective. http://www.sans.org/info/185622 3) Save Hundreds! Register Now! Enfuse 2016: Cybersecurity - Digital Investigations - E-Discovery. Use Code SANS2016 http://www.sans.org/info/185627 *************************************************************************** THE REST OF THE WEEK'S NEWS --Legislator Seeks Definition for Act of Cyberwar (May 9, 2016) US Senator Mike Rounds (R-South Dakota) has introduced a bill that would require the president to create a policy that defines when a cyberattack is an act of war. After the White House released a cyber deterrence policy late last year, members of the Senate Armed Services Committee said that it came up short. http://federalnewsradio.com/cybersecurity/2016/05/senator-wants-definition-cyber-act-war/ [Editor's Note (Pescatore): International agreement on how to define cyber attacks as equaling acts of war are needed but so far in the US these types of legislative initiatives (including this one) have seemed to be purely political - not likely to lead to anything meaningful.] --Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation (May 9, 2016) Officials at Bangladesh Central Bank said that the fraudulent transactions that cost the bank US $81 million were due to improperly installed software. They alleged that when the Society for Worldwide Interbank Financial telecommunication (SWIFT) installed real-time gross settlement software in the months before the attack, they introduced the vulnerabilities that the attackers exploited. SWIFT has rejected the allegations. http://www.darkreading.com/operations/reuters-police-say-swift-techs-made-bangladesh-bank-more-vulnerablebefore-heist/d/d-id/1325447? http://www.scmagazine.com/bangaldeshi-banking-officials-blame-81m-bank-heist-on-incorrectly-installedsoftware/article/495068/ --Man Arrested for Breaking Into State Election Website (May 9, 2016) A Florida man was arrested after accessing a state election website using an SQL injection attack. David Levin accessed the site without permission from the Lee County, Florida, elections office. Levin faces charges of unauthorized access to a computer, network, or electronic device; he has been released on bond. 164 http://arstechnica.com/security/2016/05/how-a-security-pros-ill-advised-hack-of-a-florida-elections-site-backfired/ http://www.theregister.co.uk/2016/05/09/researcher_arrested_after_reporting_pwnage_hole_in_elections_site/ http://www.zdnet.com/article/security-researcher-arrested-for-reporting-us-election-website-vulnerabilities/ [Editor's Note (Williams): Although this started innocently enough (checking for a SQL injection vulnerability), Levin undoubtedly crossed the line when he exploited the vulnerability to download voter data from the website. Even when the site is involved in a bug bounty program (this site was not), the line between a reward and a crime is very thinly defined by the bounty program rules. Read and understand those rules before engaging in any testing activity.] --Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies (May 9, 2016) Twitter has prohibited Dataminr, a company that conducts data analysis on Twitter's entire feed, from allowing US intelligence agencies to access the data. Twitter expressed concern about appearing to have a close relationship with intelligence. Twitter maintains that it has never allowed Dataminr to sell data to government or intelligence agencies for surveillance. http://www.cnet.com/news/twitter-yanks-dataminr-access-for-us-spy-agencies/ http://arstechnica.com/tech-policy/2016/05/twitter-tells-us-intel-agencies-to-do-their-own-data-mining/ http://www.computerworld.com/article/3067400/internet/twitter-blocks-access-to-analytics-of-its-data-to-usintelligence-agencies.html --Virustotal Policy Change May 9, 2016 Virustotal, one of the most effective tools in combating malware has announced a policy change. As of now all scanning companies must be part of the Virustotal engine. This eliminates the opportunity to create an anti-virus program without contributing anti-malware analysis to the greater community: http://www.csmonitor.com/World/Passcode/2016/0509/Google-shakes-up-antivirus-industry http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4 http://blog.virustotal.com/2016/05/maintaining-healthy-community.html?spref=tw (Northcutt): They are also establishing quality standards, new scanners will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO). This will make it much harder to float a reputable sounding adware, scareware, or malware "free" anti-virus solution. (Pescatore): There has been a flood of companies that seemed to be fueling their engines at the Virus Total free malware filling station and doing very little (if any) exploratory drilling/discovery of new malware or techniques. I'd rather see new investment dollars go to new approaches to fighting malware, rather than just to more repackagers of Virustotal data.] --Equifax Website Data Breach Affects Kroger Employees (May 6, 7, & 9, 2016) Kroger has notified current and former employees that thieves have stolen information from their W-2 tax forms. The data were stolen from Equifax W2Express, a website that offers downloadable W-2s for some companies. http://krebsonsecurity.com/2016/05/crooks-grab-w-2s-from-credit-bureau-equifax/ http://www.scmagazine.com/kroger-warns-past-present-employees-of-possible-compromise-after-equifax-w-2expressbreach/article/495023/ http://www.darkreading.com/vulnerabilities---threats/kroger-hit-by-w-2-data-breach-at-equifax/d/d-id/1325438? [Editor's Note (Williams): In the wake of breaches of vendors that are expected to have better security, it's a good time to reinforce the need for security assessments of your vendors. Also, we recommend that contract language require immediate notification in the event of a suspected breach. When attackers may be using your vendors as a pivot point into your network, it is imperative that you know of compromises immediately.] --FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence (May 9, 2016) According to a document obtained by Oklahoma Watch, a non-profit investigative journalism organization, the FBI told a local law enforcement agency that the technology used in stingrays, or cell-site locators, is so sensitive and controversial that evidence presented at trial needs to be reconstructed another way. In the Wired article, Kim Zetter provides a solid overview of cell-site simulator technology and details ways in which law enforcement has been evasive about their use of the technology. http://www.zdnet.com/article/fbi-wants-cops-to-recreate-evidence-because-stingray-cell-trackers-are-too-secret/ 165 https://www.wired.com/2016/05/hacker-lexicon-stingrays-spy-tool-government-tried-failed-hide/ --Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center (May 6, 2016) Lenovo has patched a flaw in its Lenovo Solution Center (LSC), a pre-installed application on many Lenovo devices that provides a number of useful functions, including checking firewall status, updating software, and making backups. The flaw could be exploited to execute code and take control of computers. LSC version 3.3.002 fixes the privilege elevation vulnerability. http://www.computerworld.com/article/3067279/security/lenovo-patches-serious-flaw-in-pre-installed-supporttool.html --Bill Would Elevate CISO Position at US Dept. of Health and Human Services (May 3, 2016) Proposed legislation in the US House of Representatives includes a provision that would elevate the position of CISO within the Department of Health and Human Services (HHS). The position would be independent from the office of HHS CIO. The change was prompted by an August 2015 House Energy and Commerce Committee report following a 2013 FDA breach. The report recommended the organizational change to give information security the necessary priority. http://www.govinfosecurity.com/proposed-legislation-aims-to-elevate-hhs-ciso-role-a-9080 INTERNET STORM CENTER TECH CORNER A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomwaredonate-earnings-charity/ Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/ *********************************************************************** The Editorial Board of SANS NewsBites John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service. 166 Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response. Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations. Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course. Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries. Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security. Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu. Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute. William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School. Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT. Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org). Tom Liston is member of the Cyber Network Defense team at UAE-based Dark Matter. He is a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded. Jake Williams is a SANS course author and the founder of Rendition Infosec, with experience securing DoD, healthcare, and ICS environments. Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting. Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world. David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute. Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and nonprofits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project. 167 Eric Cornelius is Director of Critical Infrastructure and ICS at Cylance, and earlier served as deputy director and chief technical analyst for the Control Systems Security Program at the US Department of Homeland Security. Alan Paller is director of research at the SANS Institute. Brian Honan is an independent security consultant based in Dublin, Ireland. David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites. Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/ -----BEGIN PGP SIGNATURE----iEYEARECAAYFAlcyFsUACgkQ+LUG5KFpTkbg4gCgmAa3XrdSy1fcmsTauZ3ezyp9 CHYAnR1p/wQLhu7Qwp0/g8tptzMlGUnX =k9yN -----END PGP SIGNATURE----- 168 From: Sent: To: Subject: SANS Institute Tuesday, May 10, 2016 11:45 AM Edgardo Labayna SANS NewsBites Vol. 18 Num. 037 : FTC and FCC Launch Inquiries Into Mobile Device Update Issues; Misconfigured AV Scan Caused Medical Procedure Delay; Firefox 47 Ends Plugins Whitelist Categories: YES-RESPONSIVE -----BEGIN PGP SIGNED MESSAGE----Hash: SHA1 **************************************************************************** SANS NewsBites May 10, 2016 Vol. 18, Num. 037 **************************************************************************** TOP OF THE NEWS FTC and FCC Launch Inquiries Into Mobile Device Update Issues Misconfigured AV Scan Caused Medical Procedure Delay Firefox 47 Ends Plugins Whitelist THE REST OF THE WEEK'S NEWS Legislator Seeks Definition for Act of Cyberwar Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation Man Arrested for Breaking Into State Election Website Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies Virustotal Policy Change Equifax Website Data Breach Affects Kroger Employees FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center Bill Would Elevate CISO Position at US Dept. of Health and Human Services INTERNET STORM CENTER TECH CORNER ******************* Sponsored By Bracket AlienVault *********************** Trying to figure out where to start when it comes to Open Source Network Security Tools? Download a free beginner's guide to learn more: http://www.sans.org/info/185597 *************************************************************************** TRAINING UPDATE --SANS Baltimore Spring 2016 Baltimore, MD May 9-14 9 courses in IT security, cyber defense, incident handling, security management, and Windows forensics plus multiple SANS@Night talks. http://www.sans.org/u/gR7 --SANS Houston 2016 Houston, TX May 9-14 7 courses including the NEW Network Penetration Testing & Ethical Hacking course. http://www.sans.org/u/dzE --SANS Stockholm 2016 Stockholm, Sweden May 9-14 169 5 courses. SANS training in the Nordics, 5 courses including Mobile, Virtualisation, Defending Web Apps, and Reverse Engineering Malware. http://www.sans.org/u/ffh --Security Operations Center Summit & Training Crystal City, VA May 19-26, 2016 Sharing information to make cybersecurity work effectively. Two days of in-depth Summit talks, 4 SANS courses, networking, & more! http://www.sans.org/u/eQV --SANSFIRE 2016 Washington, DC June 11-18 Exclusive event powered by the Internet Storm Center 47 courses, bonus evening presentations, solutions expo, extraordinary networking opportunities, 2 nights of NetWars, industry receptions, and more! http://www.sans.org/u/gRr --DFIR Summit & Training Austin, TX June 23-30, 2016 DFIR Superheroes aren't born; they're made. Two days of indepth Summit talks, 9 SANS courses, DFIR Netwars, Night Out in Austin!, and @Night talks! http://www.sans.org/u/gBD --Can't travel? SANS offers LIVE online instruction. Day (Simulcast - http://www.sans.org/u/WF) and Evening (vLive - http://www.sans.org/u/WU) courses available! -- Multi-week Live SANS training Mentor - http://www.sans.org/u/X4 Contact mentor@sans.org --Looking for training in your own community? Community - http://www.sans.org/u/Xj --SANS OnDemand lets you train anytime, anywhere with four months of online access to your course. Learn more: http://www.sans.org/u/Xy Plus Prague, Berlin, Delhi, Vienna, and Portland all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/u/XI *************************************************************************** TOP OF THE NEWS --FTC and FCC Launch Inquiries Into Mobile Device Update Issues (May 9, 2016) The US Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have both launched inquiries into the patching of mobile devices. The inquiries are seeking information about how carriers and hardware vendors manage updates and patches. The inquiries were prompted by concerns that updates were not being made available quickly enough. http://www.zdnet.com/article/apple-google-face-questions-over-lingering-security-flaws/ http://www.theregister.co.uk/2016/05/09/fcc_ftc_android_updates/ http://www.computerworld.com/article/3067703/security/the-fcc-and-ftc-open-inquiries-into-smartphone-securityupdates.html [Editor's Note (Pescatore): This is a good example of the telecoms industry not being proactive and "self regulating." The root of the two inquiries is a good one - the carriers got into the business of essentially integrating software from multiple sources onto hardware (smart phones and tablets) and haven't seemed to define industry standard practices for keeping that all secure. Now there are multiple government agency investigation that will require generation of much paperwork and possible regulations that lead to higher levels of paperwork but not necessarily actual higher levels of security.] --Misconfigured AV Scan Caused Medical Procedure Delay (May 9, 2016) Improperly configured antivirus software caused a delay during a medical procedure, according to a US Food and Drug Administration (FDA) Adverse Event Report. A malware scan on a device that collects patient vital signs caused the monitor PC to lose communication with the client. http://www.theregister.co.uk/2016/05/09/malware_scan_stalled_misconfigured_med_software_midprocedure/ [Editor's Note (Assante): I had to flag this statement: "scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files". Please do tell how these certain files are bullet proof! I suspect it is more likely that the images and patient data files are changing so they are caught by the AV. Folder and file type exclusions have long been necessary in ICS deployments for the same reason. It is why AV solutions are certified by ICS suppliers with approved configurations to be implemented on ICS hosts. 170 (Pescatore): The FDA report points out that the AV function was set up against the instructions, so the root cause of the outage is admin error. The bigger issue: if whitelisting was in place on the device, the risk of operational interference can be moved out of operational windows. (Williams): Medical devices are notoriously sensitive in their implementations. When adding third party software (such as AV or whitelisting software) organizations must test extensively to ensure they won't cause inadvertent outages. Vulnerability scanning is also problematic for these devices. I generally recommend proactive net flow monitoring for life safety devices in lieu of periodic vulnerability scanning.] --Firefox 47 Ends Plugins Whitelist (May 6, 2016) In Firefox 47, Mozilla has ended white-listing for plugins, with the exception of Flash. Firefox 47 is currently in beta release and is scheduled to be moved to the stable channel on June 7, 2016. Mozilla plans to end support for Flash with Firefox 53, which is scheduled for release in 2017. http://www.theregister.co.uk/2016/05/06/firefox_47_beta_flash_not_blacklisted_yet/ ************************** SPONSORED LINKS ******************************** 1) Threat Advisor Free Download: Stop Ransomware Before It Starts: http://www.sans.org/info/185617 2) WEBCAST. May 10 @ 2pm ET. The Verizon Data Breach Investigations Report - A Defender's Perspective. http://www.sans.org/info/185622 3) Save Hundreds! Register Now! Enfuse 2016: Cybersecurity - Digital Investigations - E-Discovery. Use Code SANS2016 http://www.sans.org/info/185627 *************************************************************************** THE REST OF THE WEEK'S NEWS --Legislator Seeks Definition for Act of Cyberwar (May 9, 2016) US Senator Mike Rounds (R-South Dakota) has introduced a bill that would require the president to create a policy that defines when a cyberattack is an act of war. After the White House released a cyber deterrence policy late last year, members of the Senate Armed Services Committee said that it came up short. http://federalnewsradio.com/cybersecurity/2016/05/senator-wants-definition-cyber-act-war/ [Editor's Note (Pescatore): International agreement on how to define cyber attacks as equaling acts of war are needed but so far in the US these types of legislative initiatives (including this one) have seemed to be purely political - not likely to lead to anything meaningful.] --Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation (May 9, 2016) Officials at Bangladesh Central Bank said that the fraudulent transactions that cost the bank US $81 million were due to improperly installed software. They alleged that when the Society for Worldwide Interbank Financial telecommunication (SWIFT) installed real-time gross settlement software in the months before the attack, they introduced the vulnerabilities that the attackers exploited. SWIFT has rejected the allegations. http://www.darkreading.com/operations/reuters-police-say-swift-techs-made-bangladesh-bank-more-vulnerablebefore-heist/d/d-id/1325447? http://www.scmagazine.com/bangaldeshi-banking-officials-blame-81m-bank-heist-on-incorrectly-installedsoftware/article/495068/ --Man Arrested for Breaking Into State Election Website (May 9, 2016) A Florida man was arrested after accessing a state election website using an SQL injection attack. David Levin accessed the site without permission from the Lee County, Florida, elections office. Levin faces charges of unauthorized access to a computer, network, or electronic device; he has been released on bond. 171 http://arstechnica.com/security/2016/05/how-a-security-pros-ill-advised-hack-of-a-florida-elections-site-backfired/ http://www.theregister.co.uk/2016/05/09/researcher_arrested_after_reporting_pwnage_hole_in_elections_site/ http://www.zdnet.com/article/security-researcher-arrested-for-reporting-us-election-website-vulnerabilities/ [Editor's Note (Williams): Although this started innocently enough (checking for a SQL injection vulnerability), Levin undoubtedly crossed the line when he exploited the vulnerability to download voter data from the website. Even when the site is involved in a bug bounty program (this site was not), the line between a reward and a crime is very thinly defined by the bounty program rules. Read and understand those rules before engaging in any testing activity.] --Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies (May 9, 2016) Twitter has prohibited Dataminr, a company that conducts data analysis on Twitter's entire feed, from allowing US intelligence agencies to access the data. Twitter expressed concern about appearing to have a close relationship with intelligence. Twitter maintains that it has never allowed Dataminr to sell data to government or intelligence agencies for surveillance. http://www.cnet.com/news/twitter-yanks-dataminr-access-for-us-spy-agencies/ http://arstechnica.com/tech-policy/2016/05/twitter-tells-us-intel-agencies-to-do-their-own-data-mining/ http://www.computerworld.com/article/3067400/internet/twitter-blocks-access-to-analytics-of-its-data-to-usintelligence-agencies.html --Virustotal Policy Change May 9, 2016 Virustotal, one of the most effective tools in combating malware has announced a policy change. As of now all scanning companies must be part of the Virustotal engine. This eliminates the opportunity to create an anti-virus program without contributing anti-malware analysis to the greater community: http://www.csmonitor.com/World/Passcode/2016/0509/Google-shakes-up-antivirus-industry http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4 http://blog.virustotal.com/2016/05/maintaining-healthy-community.html?spref=tw (Northcutt): They are also establishing quality standards, new scanners will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO). This will make it much harder to float a reputable sounding adware, scareware, or malware "free" anti-virus solution. (Pescatore): There has been a flood of companies that seemed to be fueling their engines at the Virus Total free malware filling station and doing very little (if any) exploratory drilling/discovery of new malware or techniques. I'd rather see new investment dollars go to new approaches to fighting malware, rather than just to more repackagers of Virustotal data.] --Equifax Website Data Breach Affects Kroger Employees (May 6, 7, & 9, 2016) Kroger has notified current and former employees that thieves have stolen information from their W-2 tax forms. The data were stolen from Equifax W2Express, a website that offers downloadable W-2s for some companies. http://krebsonsecurity.com/2016/05/crooks-grab-w-2s-from-credit-bureau-equifax/ http://www.scmagazine.com/kroger-warns-past-present-employees-of-possible-compromise-after-equifax-w-2expressbreach/article/495023/ http://www.darkreading.com/vulnerabilities---threats/kroger-hit-by-w-2-data-breach-at-equifax/d/d-id/1325438? [Editor's Note (Williams): In the wake of breaches of vendors that are expected to have better security, it's a good time to reinforce the need for security assessments of your vendors. Also, we recommend that contract language require immediate notification in the event of a suspected breach. When attackers may be using your vendors as a pivot point into your network, it is imperative that you know of compromises immediately.] --FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence (May 9, 2016) According to a document obtained by Oklahoma Watch, a non-profit investigative journalism organization, the FBI told a local law enforcement agency that the technology used in stingrays, or cell-site locators, is so sensitive and controversial that evidence presented at trial needs to be reconstructed another way. In the Wired article, Kim Zetter provides a solid overview of cell-site simulator technology and details ways in which law enforcement has been evasive about their use of the technology. http://www.zdnet.com/article/fbi-wants-cops-to-recreate-evidence-because-stingray-cell-trackers-are-too-secret/ 172 https://www.wired.com/2016/05/hacker-lexicon-stingrays-spy-tool-government-tried-failed-hide/ --Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center (May 6, 2016) Lenovo has patched a flaw in its Lenovo Solution Center (LSC), a pre-installed application on many Lenovo devices that provides a number of useful functions, including checking firewall status, updating software, and making backups. The flaw could be exploited to execute code and take control of computers. LSC version 3.3.002 fixes the privilege elevation vulnerability. http://www.computerworld.com/article/3067279/security/lenovo-patches-serious-flaw-in-pre-installed-supporttool.html --Bill Would Elevate CISO Position at US Dept. of Health and Human Services (May 3, 2016) Proposed legislation in the US House of Representatives includes a provision that would elevate the position of CISO within the Department of Health and Human Services (HHS). The position would be independent from the office of HHS CIO. The change was prompted by an August 2015 House Energy and Commerce Committee report following a 2013 FDA breach. The report recommended the organizational change to give information security the necessary priority. http://www.govinfosecurity.com/proposed-legislation-aims-to-elevate-hhs-ciso-role-a-9080 INTERNET STORM CENTER TECH CORNER A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomwaredonate-earnings-charity/ Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/ *********************************************************************** The Editorial Board of SANS NewsBites John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service. 173 Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response. Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations. Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course. Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries. Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security. Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu. Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute. William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School. Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT. Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org). Tom Liston is member of the Cyber Network Defense team at UAE-based Dark Matter. He is a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded. Jake Williams is a SANS course author and the founder of Rendition Infosec, with experience securing DoD, healthcare, and ICS environments. Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting. Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world. David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute. Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and nonprofits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project. 174 Eric Cornelius is Director of Critical Infrastructure and ICS at Cylance, and earlier served as deputy director and chief technical analyst for the Control Systems Security Program at the US Department of Homeland Security. Alan Paller is director of research at the SANS Institute. Brian Honan is an independent security consultant based in Dublin, Ireland. David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites. Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/ -----BEGIN PGP SIGNATURE----iEYEARECAAYFAlcyFsUACgkQ+LUG5KFpTkbg4gCgmAa3XrdSy1fcmsTauZ3ezyp9 CHYAnR1p/wQLhu7Qwp0/g8tptzMlGUnX =k9yN -----END PGP SIGNATURE----- 175 From: Sent: To: Subject: SANS Institute Tuesday, May 10, 2016 11:45 AM Robert Hyde SANS NewsBites Vol. 18 Num. 037 : FTC and FCC Launch Inquiries Into Mobile Device Update Issues; Misconfigured AV Scan Caused Medical Procedure Delay; Firefox 47 Ends Plugins Whitelist Categories: YES-RESPONSIVE -----BEGIN PGP SIGNED MESSAGE----Hash: SHA1 **************************************************************************** SANS NewsBites May 10, 2016 Vol. 18, Num. 037 **************************************************************************** TOP OF THE NEWS FTC and FCC Launch Inquiries Into Mobile Device Update Issues Misconfigured AV Scan Caused Medical Procedure Delay Firefox 47 Ends Plugins Whitelist THE REST OF THE WEEK'S NEWS Legislator Seeks Definition for Act of Cyberwar Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation Man Arrested for Breaking Into State Election Website Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies Virustotal Policy Change Equifax Website Data Breach Affects Kroger Employees FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center Bill Would Elevate CISO Position at US Dept. of Health and Human Services INTERNET STORM CENTER TECH CORNER ******************* Sponsored By Bracket AlienVault *********************** Trying to figure out where to start when it comes to Open Source Network Security Tools? Download a free beginner's guide to learn more: http://www.sans.org/info/185597 *************************************************************************** TRAINING UPDATE --SANS Baltimore Spring 2016 Baltimore, MD May 9-14 9 courses in IT security, cyber defense, incident handling, security management, and Windows forensics plus multiple SANS@Night talks. http://www.sans.org/u/gR7 --SANS Houston 2016 Houston, TX May 9-14 7 courses including the NEW Network Penetration Testing & Ethical Hacking course. http://www.sans.org/u/dzE --SANS Stockholm 2016 Stockholm, Sweden May 9-14 176 5 courses. SANS training in the Nordics, 5 courses including Mobile, Virtualisation, Defending Web Apps, and Reverse Engineering Malware. http://www.sans.org/u/ffh --Security Operations Center Summit & Training Crystal City, VA May 19-26, 2016 Sharing information to make cybersecurity work effectively. Two days of in-depth Summit talks, 4 SANS courses, networking, & more! http://www.sans.org/u/eQV --SANSFIRE 2016 Washington, DC June 11-18 Exclusive event powered by the Internet Storm Center 47 courses, bonus evening presentations, solutions expo, extraordinary networking opportunities, 2 nights of NetWars, industry receptions, and more! http://www.sans.org/u/gRr --DFIR Summit & Training Austin, TX June 23-30, 2016 DFIR Superheroes aren't born; they're made. Two days of indepth Summit talks, 9 SANS courses, DFIR Netwars, Night Out in Austin!, and @Night talks! http://www.sans.org/u/gBD --Can't travel? SANS offers LIVE online instruction. Day (Simulcast - http://www.sans.org/u/WF) and Evening (vLive - http://www.sans.org/u/WU) courses available! -- Multi-week Live SANS training Mentor - http://www.sans.org/u/X4 Contact mentor@sans.org --Looking for training in your own community? Community - http://www.sans.org/u/Xj --SANS OnDemand lets you train anytime, anywhere with four months of online access to your course. Learn more: http://www.sans.org/u/Xy Plus Prague, Berlin, Delhi, Vienna, and Portland all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/u/XI *************************************************************************** TOP OF THE NEWS --FTC and FCC Launch Inquiries Into Mobile Device Update Issues (May 9, 2016) The US Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have both launched inquiries into the patching of mobile devices. The inquiries are seeking information about how carriers and hardware vendors manage updates and patches. The inquiries were prompted by concerns that updates were not being made available quickly enough. http://www.zdnet.com/article/apple-google-face-questions-over-lingering-security-flaws/ http://www.theregister.co.uk/2016/05/09/fcc_ftc_android_updates/ http://www.computerworld.com/article/3067703/security/the-fcc-and-ftc-open-inquiries-into-smartphone-securityupdates.html [Editor's Note (Pescatore): This is a good example of the telecoms industry not being proactive and "self regulating." The root of the two inquiries is a good one - the carriers got into the business of essentially integrating software from multiple sources onto hardware (smart phones and tablets) and haven't seemed to define industry standard practices for keeping that all secure. Now there are multiple government agency investigation that will require generation of much paperwork and possible regulations that lead to higher levels of paperwork but not necessarily actual higher levels of security.] --Misconfigured AV Scan Caused Medical Procedure Delay (May 9, 2016) Improperly configured antivirus software caused a delay during a medical procedure, according to a US Food and Drug Administration (FDA) Adverse Event Report. A malware scan on a device that collects patient vital signs caused the monitor PC to lose communication with the client. http://www.theregister.co.uk/2016/05/09/malware_scan_stalled_misconfigured_med_software_midprocedure/ [Editor's Note (Assante): I had to flag this statement: "scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files". Please do tell how these certain files are bullet proof! I suspect it is more likely that the images and patient data files are changing so they are caught by the AV. Folder and file type exclusions have long been necessary in ICS deployments for the same reason. It is why AV solutions are certified by ICS suppliers with approved configurations to be implemented on ICS hosts. 177 (Pescatore): The FDA report points out that the AV function was set up against the instructions, so the root cause of the outage is admin error. The bigger issue: if whitelisting was in place on the device, the risk of operational interference can be moved out of operational windows. (Williams): Medical devices are notoriously sensitive in their implementations. When adding third party software (such as AV or whitelisting software) organizations must test extensively to ensure they won't cause inadvertent outages. Vulnerability scanning is also problematic for these devices. I generally recommend proactive net flow monitoring for life safety devices in lieu of periodic vulnerability scanning.] --Firefox 47 Ends Plugins Whitelist (May 6, 2016) In Firefox 47, Mozilla has ended white-listing for plugins, with the exception of Flash. Firefox 47 is currently in beta release and is scheduled to be moved to the stable channel on June 7, 2016. Mozilla plans to end support for Flash with Firefox 53, which is scheduled for release in 2017. http://www.theregister.co.uk/2016/05/06/firefox_47_beta_flash_not_blacklisted_yet/ ************************** SPONSORED LINKS ******************************** 1) Threat Advisor Free Download: Stop Ransomware Before It Starts: http://www.sans.org/info/185617 2) WEBCAST. May 10 @ 2pm ET. The Verizon Data Breach Investigations Report - A Defender's Perspective. http://www.sans.org/info/185622 3) Save Hundreds! Register Now! Enfuse 2016: Cybersecurity - Digital Investigations - E-Discovery. Use Code SANS2016 http://www.sans.org/info/185627 *************************************************************************** THE REST OF THE WEEK'S NEWS --Legislator Seeks Definition for Act of Cyberwar (May 9, 2016) US Senator Mike Rounds (R-South Dakota) has introduced a bill that would require the president to create a policy that defines when a cyberattack is an act of war. After the White House released a cyber deterrence policy late last year, members of the Senate Armed Services Committee said that it came up short. http://federalnewsradio.com/cybersecurity/2016/05/senator-wants-definition-cyber-act-war/ [Editor's Note (Pescatore): International agreement on how to define cyber attacks as equaling acts of war are needed but so far in the US these types of legislative initiatives (including this one) have seemed to be purely political - not likely to lead to anything meaningful.] --Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation (May 9, 2016) Officials at Bangladesh Central Bank said that the fraudulent transactions that cost the bank US $81 million were due to improperly installed software. They alleged that when the Society for Worldwide Interbank Financial telecommunication (SWIFT) installed real-time gross settlement software in the months before the attack, they introduced the vulnerabilities that the attackers exploited. SWIFT has rejected the allegations. http://www.darkreading.com/operations/reuters-police-say-swift-techs-made-bangladesh-bank-more-vulnerablebefore-heist/d/d-id/1325447? http://www.scmagazine.com/bangaldeshi-banking-officials-blame-81m-bank-heist-on-incorrectly-installedsoftware/article/495068/ --Man Arrested for Breaking Into State Election Website (May 9, 2016) A Florida man was arrested after accessing a state election website using an SQL injection attack. David Levin accessed the site without permission from the Lee County, Florida, elections office. Levin faces charges of unauthorized access to a computer, network, or electronic device; he has been released on bond. 178 http://arstechnica.com/security/2016/05/how-a-security-pros-ill-advised-hack-of-a-florida-elections-site-backfired/ http://www.theregister.co.uk/2016/05/09/researcher_arrested_after_reporting_pwnage_hole_in_elections_site/ http://www.zdnet.com/article/security-researcher-arrested-for-reporting-us-election-website-vulnerabilities/ [Editor's Note (Williams): Although this started innocently enough (checking for a SQL injection vulnerability), Levin undoubtedly crossed the line when he exploited the vulnerability to download voter data from the website. Even when the site is involved in a bug bounty program (this site was not), the line between a reward and a crime is very thinly defined by the bounty program rules. Read and understand those rules before engaging in any testing activity.] --Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies (May 9, 2016) Twitter has prohibited Dataminr, a company that conducts data analysis on Twitter's entire feed, from allowing US intelligence agencies to access the data. Twitter expressed concern about appearing to have a close relationship with intelligence. Twitter maintains that it has never allowed Dataminr to sell data to government or intelligence agencies for surveillance. http://www.cnet.com/news/twitter-yanks-dataminr-access-for-us-spy-agencies/ http://arstechnica.com/tech-policy/2016/05/twitter-tells-us-intel-agencies-to-do-their-own-data-mining/ http://www.computerworld.com/article/3067400/internet/twitter-blocks-access-to-analytics-of-its-data-to-usintelligence-agencies.html --Virustotal Policy Change May 9, 2016 Virustotal, one of the most effective tools in combating malware has announced a policy change. As of now all scanning companies must be part of the Virustotal engine. This eliminates the opportunity to create an anti-virus program without contributing anti-malware analysis to the greater community: http://www.csmonitor.com/World/Passcode/2016/0509/Google-shakes-up-antivirus-industry http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4 http://blog.virustotal.com/2016/05/maintaining-healthy-community.html?spref=tw (Northcutt): They are also establishing quality standards, new scanners will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO). This will make it much harder to float a reputable sounding adware, scareware, or malware "free" anti-virus solution. (Pescatore): There has been a flood of companies that seemed to be fueling their engines at the Virus Total free malware filling station and doing very little (if any) exploratory drilling/discovery of new malware or techniques. I'd rather see new investment dollars go to new approaches to fighting malware, rather than just to more repackagers of Virustotal data.] --Equifax Website Data Breach Affects Kroger Employees (May 6, 7, & 9, 2016) Kroger has notified current and former employees that thieves have stolen information from their W-2 tax forms. The data were stolen from Equifax W2Express, a website that offers downloadable W-2s for some companies. http://krebsonsecurity.com/2016/05/crooks-grab-w-2s-from-credit-bureau-equifax/ http://www.scmagazine.com/kroger-warns-past-present-employees-of-possible-compromise-after-equifax-w-2expressbreach/article/495023/ http://www.darkreading.com/vulnerabilities---threats/kroger-hit-by-w-2-data-breach-at-equifax/d/d-id/1325438? [Editor's Note (Williams): In the wake of breaches of vendors that are expected to have better security, it's a good time to reinforce the need for security assessments of your vendors. Also, we recommend that contract language require immediate notification in the event of a suspected breach. When attackers may be using your vendors as a pivot point into your network, it is imperative that you know of compromises immediately.] --FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence (May 9, 2016) According to a document obtained by Oklahoma Watch, a non-profit investigative journalism organization, the FBI told a local law enforcement agency that the technology used in stingrays, or cell-site locators, is so sensitive and controversial that evidence presented at trial needs to be reconstructed another way. In the Wired article, Kim Zetter provides a solid overview of cell-site simulator technology and details ways in which law enforcement has been evasive about their use of the technology. http://www.zdnet.com/article/fbi-wants-cops-to-recreate-evidence-because-stingray-cell-trackers-are-too-secret/ 179 https://www.wired.com/2016/05/hacker-lexicon-stingrays-spy-tool-government-tried-failed-hide/ --Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center (May 6, 2016) Lenovo has patched a flaw in its Lenovo Solution Center (LSC), a pre-installed application on many Lenovo devices that provides a number of useful functions, including checking firewall status, updating software, and making backups. The flaw could be exploited to execute code and take control of computers. LSC version 3.3.002 fixes the privilege elevation vulnerability. http://www.computerworld.com/article/3067279/security/lenovo-patches-serious-flaw-in-pre-installed-supporttool.html --Bill Would Elevate CISO Position at US Dept. of Health and Human Services (May 3, 2016) Proposed legislation in the US House of Representatives includes a provision that would elevate the position of CISO within the Department of Health and Human Services (HHS). The position would be independent from the office of HHS CIO. The change was prompted by an August 2015 House Energy and Commerce Committee report following a 2013 FDA breach. The report recommended the organizational change to give information security the necessary priority. http://www.govinfosecurity.com/proposed-legislation-aims-to-elevate-hhs-ciso-role-a-9080 INTERNET STORM CENTER TECH CORNER A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomwaredonate-earnings-charity/ Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/ *********************************************************************** The Editorial Board of SANS NewsBites John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service. 180 Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response. Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations. Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course. Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries. Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security. Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu. Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute. William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School. Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT. Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org). Tom Liston is member of the Cyber Network Defense team at UAE-based Dark Matter. He is a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded. Jake Williams is a SANS course author and the founder of Rendition Infosec, with experience securing DoD, healthcare, and ICS environments. Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting. Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world. David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute. Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and nonprofits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project. 181 Eric Cornelius is Director of Critical Infrastructure and ICS at Cylance, and earlier served as deputy director and chief technical analyst for the Control Systems Security Program at the US Department of Homeland Security. Alan Paller is director of research at the SANS Institute. Brian Honan is an independent security consultant based in Dublin, Ireland. David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites. Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/ -----BEGIN PGP SIGNATURE----iEYEARECAAYFAlcyFsUACgkQ+LUG5KFpTkbg4gCgmAa3XrdSy1fcmsTauZ3ezyp9 CHYAnR1p/wQLhu7Qwp0/g8tptzMlGUnX =k9yN -----END PGP SIGNATURE----- 182 From: Sent: To: Subject: SANS Institute Tuesday, May 10, 2016 11:45 AM Joel Grenier SANS NewsBites Vol. 18 Num. 037 : FTC and FCC Launch Inquiries Into Mobile Device Update Issues; Misconfigured AV Scan Caused Medical Procedure Delay; Firefox 47 Ends Plugins Whitelist Categories: YES-RESPONSIVE -----BEGIN PGP SIGNED MESSAGE----Hash: SHA1 **************************************************************************** SANS NewsBites May 10, 2016 Vol. 18, Num. 037 **************************************************************************** TOP OF THE NEWS FTC and FCC Launch Inquiries Into Mobile Device Update Issues Misconfigured AV Scan Caused Medical Procedure Delay Firefox 47 Ends Plugins Whitelist THE REST OF THE WEEK'S NEWS Legislator Seeks Definition for Act of Cyberwar Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation Man Arrested for Breaking Into State Election Website Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies Virustotal Policy Change Equifax Website Data Breach Affects Kroger Employees FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center Bill Would Elevate CISO Position at US Dept. of Health and Human Services INTERNET STORM CENTER TECH CORNER ******************* Sponsored By Bracket AlienVault *********************** Trying to figure out where to start when it comes to Open Source Network Security Tools? Download a free beginner's guide to learn more: http://www.sans.org/info/185597 *************************************************************************** TRAINING UPDATE --SANS Baltimore Spring 2016 Baltimore, MD May 9-14 9 courses in IT security, cyber defense, incident handling, security management, and Windows forensics plus multiple SANS@Night talks. http://www.sans.org/u/gR7 --SANS Houston 2016 Houston, TX May 9-14 7 courses including the NEW Network Penetration Testing & Ethical Hacking course. http://www.sans.org/u/dzE --SANS Stockholm 2016 Stockholm, Sweden May 9-14 183 5 courses. SANS training in the Nordics, 5 courses including Mobile, Virtualisation, Defending Web Apps, and Reverse Engineering Malware. http://www.sans.org/u/ffh --Security Operations Center Summit & Training Crystal City, VA May 19-26, 2016 Sharing information to make cybersecurity work effectively. Two days of in-depth Summit talks, 4 SANS courses, networking, & more! http://www.sans.org/u/eQV --SANSFIRE 2016 Washington, DC June 11-18 Exclusive event powered by the Internet Storm Center 47 courses, bonus evening presentations, solutions expo, extraordinary networking opportunities, 2 nights of NetWars, industry receptions, and more! http://www.sans.org/u/gRr --DFIR Summit & Training Austin, TX June 23-30, 2016 DFIR Superheroes aren't born; they're made. Two days of indepth Summit talks, 9 SANS courses, DFIR Netwars, Night Out in Austin!, and @Night talks! http://www.sans.org/u/gBD --Can't travel? SANS offers LIVE online instruction. Day (Simulcast - http://www.sans.org/u/WF) and Evening (vLive - http://www.sans.org/u/WU) courses available! -- Multi-week Live SANS training Mentor - http://www.sans.org/u/X4 Contact mentor@sans.org --Looking for training in your own community? Community - http://www.sans.org/u/Xj --SANS OnDemand lets you train anytime, anywhere with four months of online access to your course. Learn more: http://www.sans.org/u/Xy Plus Prague, Berlin, Delhi, Vienna, and Portland all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/u/XI *************************************************************************** TOP OF THE NEWS --FTC and FCC Launch Inquiries Into Mobile Device Update Issues (May 9, 2016) The US Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have both launched inquiries into the patching of mobile devices. The inquiries are seeking information about how carriers and hardware vendors manage updates and patches. The inquiries were prompted by concerns that updates were not being made available quickly enough. http://www.zdnet.com/article/apple-google-face-questions-over-lingering-security-flaws/ http://www.theregister.co.uk/2016/05/09/fcc_ftc_android_updates/ http://www.computerworld.com/article/3067703/security/the-fcc-and-ftc-open-inquiries-into-smartphone-securityupdates.html [Editor's Note (Pescatore): This is a good example of the telecoms industry not being proactive and "self regulating." The root of the two inquiries is a good one - the carriers got into the business of essentially integrating software from multiple sources onto hardware (smart phones and tablets) and haven't seemed to define industry standard practices for keeping that all secure. Now there are multiple government agency investigation that will require generation of much paperwork and possible regulations that lead to higher levels of paperwork but not necessarily actual higher levels of security.] --Misconfigured AV Scan Caused Medical Procedure Delay (May 9, 2016) Improperly configured antivirus software caused a delay during a medical procedure, according to a US Food and Drug Administration (FDA) Adverse Event Report. A malware scan on a device that collects patient vital signs caused the monitor PC to lose communication with the client. http://www.theregister.co.uk/2016/05/09/malware_scan_stalled_misconfigured_med_software_midprocedure/ [Editor's Note (Assante): I had to flag this statement: "scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files". Please do tell how these certain files are bullet proof! I suspect it is more likely that the images and patient data files are changing so they are caught by the AV. Folder and file type exclusions have long been necessary in ICS deployments for the same reason. It is why AV solutions are certified by ICS suppliers with approved configurations to be implemented on ICS hosts. 184 (Pescatore): The FDA report points out that the AV function was set up against the instructions, so the root cause of the outage is admin error. The bigger issue: if whitelisting was in place on the device, the risk of operational interference can be moved out of operational windows. (Williams): Medical devices are notoriously sensitive in their implementations. When adding third party software (such as AV or whitelisting software) organizations must test extensively to ensure they won't cause inadvertent outages. Vulnerability scanning is also problematic for these devices. I generally recommend proactive net flow monitoring for life safety devices in lieu of periodic vulnerability scanning.] --Firefox 47 Ends Plugins Whitelist (May 6, 2016) In Firefox 47, Mozilla has ended white-listing for plugins, with the exception of Flash. Firefox 47 is currently in beta release and is scheduled to be moved to the stable channel on June 7, 2016. Mozilla plans to end support for Flash with Firefox 53, which is scheduled for release in 2017. http://www.theregister.co.uk/2016/05/06/firefox_47_beta_flash_not_blacklisted_yet/ ************************** SPONSORED LINKS ******************************** 1) Threat Advisor Free Download: Stop Ransomware Before It Starts: http://www.sans.org/info/185617 2) WEBCAST. May 10 @ 2pm ET. The Verizon Data Breach Investigations Report - A Defender's Perspective. http://www.sans.org/info/185622 3) Save Hundreds! Register Now! Enfuse 2016: Cybersecurity - Digital Investigations - E-Discovery. Use Code SANS2016 http://www.sans.org/info/185627 *************************************************************************** THE REST OF THE WEEK'S NEWS --Legislator Seeks Definition for Act of Cyberwar (May 9, 2016) US Senator Mike Rounds (R-South Dakota) has introduced a bill that would require the president to create a policy that defines when a cyberattack is an act of war. After the White House released a cyber deterrence policy late last year, members of the Senate Armed Services Committee said that it came up short. http://federalnewsradio.com/cybersecurity/2016/05/senator-wants-definition-cyber-act-war/ [Editor's Note (Pescatore): International agreement on how to define cyber attacks as equaling acts of war are needed but so far in the US these types of legislative initiatives (including this one) have seemed to be purely political - not likely to lead to anything meaningful.] --Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation (May 9, 2016) Officials at Bangladesh Central Bank said that the fraudulent transactions that cost the bank US $81 million were due to improperly installed software. They alleged that when the Society for Worldwide Interbank Financial telecommunication (SWIFT) installed real-time gross settlement software in the months before the attack, they introduced the vulnerabilities that the attackers exploited. SWIFT has rejected the allegations. http://www.darkreading.com/operations/reuters-police-say-swift-techs-made-bangladesh-bank-more-vulnerablebefore-heist/d/d-id/1325447? http://www.scmagazine.com/bangaldeshi-banking-officials-blame-81m-bank-heist-on-incorrectly-installedsoftware/article/495068/ --Man Arrested for Breaking Into State Election Website (May 9, 2016) A Florida man was arrested after accessing a state election website using an SQL injection attack. David Levin accessed the site without permission from the Lee County, Florida, elections office. Levin faces charges of unauthorized access to a computer, network, or electronic device; he has been released on bond. 185 http://arstechnica.com/security/2016/05/how-a-security-pros-ill-advised-hack-of-a-florida-elections-site-backfired/ http://www.theregister.co.uk/2016/05/09/researcher_arrested_after_reporting_pwnage_hole_in_elections_site/ http://www.zdnet.com/article/security-researcher-arrested-for-reporting-us-election-website-vulnerabilities/ [Editor's Note (Williams): Although this started innocently enough (checking for a SQL injection vulnerability), Levin undoubtedly crossed the line when he exploited the vulnerability to download voter data from the website. Even when the site is involved in a bug bounty program (this site was not), the line between a reward and a crime is very thinly defined by the bounty program rules. Read and understand those rules before engaging in any testing activity.] --Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies (May 9, 2016) Twitter has prohibited Dataminr, a company that conducts data analysis on Twitter's entire feed, from allowing US intelligence agencies to access the data. Twitter expressed concern about appearing to have a close relationship with intelligence. Twitter maintains that it has never allowed Dataminr to sell data to government or intelligence agencies for surveillance. http://www.cnet.com/news/twitter-yanks-dataminr-access-for-us-spy-agencies/ http://arstechnica.com/tech-policy/2016/05/twitter-tells-us-intel-agencies-to-do-their-own-data-mining/ http://www.computerworld.com/article/3067400/internet/twitter-blocks-access-to-analytics-of-its-data-to-usintelligence-agencies.html --Virustotal Policy Change May 9, 2016 Virustotal, one of the most effective tools in combating malware has announced a policy change. As of now all scanning companies must be part of the Virustotal engine. This eliminates the opportunity to create an anti-virus program without contributing anti-malware analysis to the greater community: http://www.csmonitor.com/World/Passcode/2016/0509/Google-shakes-up-antivirus-industry http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4 http://blog.virustotal.com/2016/05/maintaining-healthy-community.html?spref=tw (Northcutt): They are also establishing quality standards, new scanners will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO). This will make it much harder to float a reputable sounding adware, scareware, or malware "free" anti-virus solution. (Pescatore): There has been a flood of companies that seemed to be fueling their engines at the Virus Total free malware filling station and doing very little (if any) exploratory drilling/discovery of new malware or techniques. I'd rather see new investment dollars go to new approaches to fighting malware, rather than just to more repackagers of Virustotal data.] --Equifax Website Data Breach Affects Kroger Employees (May 6, 7, & 9, 2016) Kroger has notified current and former employees that thieves have stolen information from their W-2 tax forms. The data were stolen from Equifax W2Express, a website that offers downloadable W-2s for some companies. http://krebsonsecurity.com/2016/05/crooks-grab-w-2s-from-credit-bureau-equifax/ http://www.scmagazine.com/kroger-warns-past-present-employees-of-possible-compromise-after-equifax-w-2expressbreach/article/495023/ http://www.darkreading.com/vulnerabilities---threats/kroger-hit-by-w-2-data-breach-at-equifax/d/d-id/1325438? [Editor's Note (Williams): In the wake of breaches of vendors that are expected to have better security, it's a good time to reinforce the need for security assessments of your vendors. Also, we recommend that contract language require immediate notification in the event of a suspected breach. When attackers may be using your vendors as a pivot point into your network, it is imperative that you know of compromises immediately.] --FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence (May 9, 2016) According to a document obtained by Oklahoma Watch, a non-profit investigative journalism organization, the FBI told a local law enforcement agency that the technology used in stingrays, or cell-site locators, is so sensitive and controversial that evidence presented at trial needs to be reconstructed another way. In the Wired article, Kim Zetter provides a solid overview of cell-site simulator technology and details ways in which law enforcement has been evasive about their use of the technology. http://www.zdnet.com/article/fbi-wants-cops-to-recreate-evidence-because-stingray-cell-trackers-are-too-secret/ 186 https://www.wired.com/2016/05/hacker-lexicon-stingrays-spy-tool-government-tried-failed-hide/ --Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center (May 6, 2016) Lenovo has patched a flaw in its Lenovo Solution Center (LSC), a pre-installed application on many Lenovo devices that provides a number of useful functions, including checking firewall status, updating software, and making backups. The flaw could be exploited to execute code and take control of computers. LSC version 3.3.002 fixes the privilege elevation vulnerability. http://www.computerworld.com/article/3067279/security/lenovo-patches-serious-flaw-in-pre-installed-supporttool.html --Bill Would Elevate CISO Position at US Dept. of Health and Human Services (May 3, 2016) Proposed legislation in the US House of Representatives includes a provision that would elevate the position of CISO within the Department of Health and Human Services (HHS). The position would be independent from the office of HHS CIO. The change was prompted by an August 2015 House Energy and Commerce Committee report following a 2013 FDA breach. The report recommended the organizational change to give information security the necessary priority. http://www.govinfosecurity.com/proposed-legislation-aims-to-elevate-hhs-ciso-role-a-9080 INTERNET STORM CENTER TECH CORNER A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomwaredonate-earnings-charity/ Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/ *********************************************************************** The Editorial Board of SANS NewsBites John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service. 187 Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response. Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations. Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course. Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries. Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security. Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu. Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute. William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School. Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT. Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org). Tom Liston is member of the Cyber Network Defense team at UAE-based Dark Matter. He is a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded. Jake Williams is a SANS course author and the founder of Rendition Infosec, with experience securing DoD, healthcare, and ICS environments. Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting. Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world. David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute. Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and nonprofits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project. 188 Eric Cornelius is Director of Critical Infrastructure and ICS at Cylance, and earlier served as deputy director and chief technical analyst for the Control Systems Security Program at the US Department of Homeland Security. Alan Paller is director of research at the SANS Institute. Brian Honan is an independent security consultant based in Dublin, Ireland. David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites. Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/ -----BEGIN PGP SIGNATURE----iEYEARECAAYFAlcyFsUACgkQ+LUG5KFpTkbg4gCgmAa3XrdSy1fcmsTauZ3ezyp9 CHYAnR1p/wQLhu7Qwp0/g8tptzMlGUnX =k9yN -----END PGP SIGNATURE----- 189 From: Sent: To: Subject: SANS Institute Tuesday, May 10, 2016 11:42 AM Michael Deck SANS NewsBites Vol. 18 Num. 037 : FTC and FCC Launch Inquiries Into Mobile Device Update Issues; Misconfigured AV Scan Caused Medical Procedure Delay; Firefox 47 Ends Plugins Whitelist Categories: YES-RESPONSIVE -----BEGIN PGP SIGNED MESSAGE----Hash: SHA1 **************************************************************************** SANS NewsBites May 10, 2016 Vol. 18, Num. 037 **************************************************************************** TOP OF THE NEWS FTC and FCC Launch Inquiries Into Mobile Device Update Issues Misconfigured AV Scan Caused Medical Procedure Delay Firefox 47 Ends Plugins Whitelist THE REST OF THE WEEK'S NEWS Legislator Seeks Definition for Act of Cyberwar Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation Man Arrested for Breaking Into State Election Website Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies Virustotal Policy Change Equifax Website Data Breach Affects Kroger Employees FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center Bill Would Elevate CISO Position at US Dept. of Health and Human Services INTERNET STORM CENTER TECH CORNER ******************* Sponsored By Bracket AlienVault *********************** Trying to figure out where to start when it comes to Open Source Network Security Tools? Download a free beginner's guide to learn more: http://www.sans.org/info/185597 *************************************************************************** TRAINING UPDATE --SANS Baltimore Spring 2016 Baltimore, MD May 9-14 9 courses in IT security, cyber defense, incident handling, security management, and Windows forensics plus multiple SANS@Night talks. http://www.sans.org/u/gR7 --SANS Houston 2016 Houston, TX May 9-14 7 courses including the NEW Network Penetration Testing & Ethical Hacking course. http://www.sans.org/u/dzE --SANS Stockholm 2016 Stockholm, Sweden May 9-14 190 5 courses. SANS training in the Nordics, 5 courses including Mobile, Virtualisation, Defending Web Apps, and Reverse Engineering Malware. http://www.sans.org/u/ffh --Security Operations Center Summit & Training Crystal City, VA May 19-26, 2016 Sharing information to make cybersecurity work effectively. Two days of in-depth Summit talks, 4 SANS courses, networking, & more! http://www.sans.org/u/eQV --SANSFIRE 2016 Washington, DC June 11-18 Exclusive event powered by the Internet Storm Center 47 courses, bonus evening presentations, solutions expo, extraordinary networking opportunities, 2 nights of NetWars, industry receptions, and more! http://www.sans.org/u/gRr --DFIR Summit & Training Austin, TX June 23-30, 2016 DFIR Superheroes aren't born; they're made. Two days of indepth Summit talks, 9 SANS courses, DFIR Netwars, Night Out in Austin!, and @Night talks! http://www.sans.org/u/gBD --Can't travel? SANS offers LIVE online instruction. Day (Simulcast - http://www.sans.org/u/WF) and Evening (vLive - http://www.sans.org/u/WU) courses available! -- Multi-week Live SANS training Mentor - http://www.sans.org/u/X4 Contact mentor@sans.org --Looking for training in your own community? Community - http://www.sans.org/u/Xj --SANS OnDemand lets you train anytime, anywhere with four months of online access to your course. Learn more: http://www.sans.org/u/Xy Plus Prague, Berlin, Delhi, Vienna, and Portland all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/u/XI *************************************************************************** TOP OF THE NEWS --FTC and FCC Launch Inquiries Into Mobile Device Update Issues (May 9, 2016) The US Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have both launched inquiries into the patching of mobile devices. The inquiries are seeking information about how carriers and hardware vendors manage updates and patches. The inquiries were prompted by concerns that updates were not being made available quickly enough. http://www.zdnet.com/article/apple-google-face-questions-over-lingering-security-flaws/ http://www.theregister.co.uk/2016/05/09/fcc_ftc_android_updates/ http://www.computerworld.com/article/3067703/security/the-fcc-and-ftc-open-inquiries-into-smartphone-securityupdates.html [Editor's Note (Pescatore): This is a good example of the telecoms industry not being proactive and "self regulating." The root of the two inquiries is a good one - the carriers got into the business of essentially integrating software from multiple sources onto hardware (smart phones and tablets) and haven't seemed to define industry standard practices for keeping that all secure. Now there are multiple government agency investigation that will require generation of much paperwork and possible regulations that lead to higher levels of paperwork but not necessarily actual higher levels of security.] --Misconfigured AV Scan Caused Medical Procedure Delay (May 9, 2016) Improperly configured antivirus software caused a delay during a medical procedure, according to a US Food and Drug Administration (FDA) Adverse Event Report. A malware scan on a device that collects patient vital signs caused the monitor PC to lose communication with the client. http://www.theregister.co.uk/2016/05/09/malware_scan_stalled_misconfigured_med_software_midprocedure/ [Editor's Note (Assante): I had to flag this statement: "scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files". Please do tell how these certain files are bullet proof! I suspect it is more likely that the images and patient data files are changing so they are caught by the AV. Folder and file type exclusions have long been necessary in ICS deployments for the same reason. It is why AV solutions are certified by ICS suppliers with approved configurations to be implemented on ICS hosts. 191 (Pescatore): The FDA report points out that the AV function was set up against the instructions, so the root cause of the outage is admin error. The bigger issue: if whitelisting was in place on the device, the risk of operational interference can be moved out of operational windows. (Williams): Medical devices are notoriously sensitive in their implementations. When adding third party software (such as AV or whitelisting software) organizations must test extensively to ensure they won't cause inadvertent outages. Vulnerability scanning is also problematic for these devices. I generally recommend proactive net flow monitoring for life safety devices in lieu of periodic vulnerability scanning.] --Firefox 47 Ends Plugins Whitelist (May 6, 2016) In Firefox 47, Mozilla has ended white-listing for plugins, with the exception of Flash. Firefox 47 is currently in beta release and is scheduled to be moved to the stable channel on June 7, 2016. Mozilla plans to end support for Flash with Firefox 53, which is scheduled for release in 2017. http://www.theregister.co.uk/2016/05/06/firefox_47_beta_flash_not_blacklisted_yet/ ************************** SPONSORED LINKS ******************************** 1) Threat Advisor Free Download: Stop Ransomware Before It Starts: http://www.sans.org/info/185617 2) WEBCAST. May 10 @ 2pm ET. The Verizon Data Breach Investigations Report - A Defender's Perspective. http://www.sans.org/info/185622 3) Save Hundreds! Register Now! Enfuse 2016: Cybersecurity - Digital Investigations - E-Discovery. Use Code SANS2016 http://www.sans.org/info/185627 *************************************************************************** THE REST OF THE WEEK'S NEWS --Legislator Seeks Definition for Act of Cyberwar (May 9, 2016) US Senator Mike Rounds (R-South Dakota) has introduced a bill that would require the president to create a policy that defines when a cyberattack is an act of war. After the White House released a cyber deterrence policy late last year, members of the Senate Armed Services Committee said that it came up short. http://federalnewsradio.com/cybersecurity/2016/05/senator-wants-definition-cyber-act-war/ [Editor's Note (Pescatore): International agreement on how to define cyber attacks as equaling acts of war are needed but so far in the US these types of legislative initiatives (including this one) have seemed to be purely political - not likely to lead to anything meaningful.] --Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation (May 9, 2016) Officials at Bangladesh Central Bank said that the fraudulent transactions that cost the bank US $81 million were due to improperly installed software. They alleged that when the Society for Worldwide Interbank Financial telecommunication (SWIFT) installed real-time gross settlement software in the months before the attack, they introduced the vulnerabilities that the attackers exploited. SWIFT has rejected the allegations. http://www.darkreading.com/operations/reuters-police-say-swift-techs-made-bangladesh-bank-more-vulnerablebefore-heist/d/d-id/1325447? http://www.scmagazine.com/bangaldeshi-banking-officials-blame-81m-bank-heist-on-incorrectly-installedsoftware/article/495068/ --Man Arrested for Breaking Into State Election Website (May 9, 2016) A Florida man was arrested after accessing a state election website using an SQL injection attack. David Levin accessed the site without permission from the Lee County, Florida, elections office. Levin faces charges of unauthorized access to a computer, network, or electronic device; he has been released on bond. 192 http://arstechnica.com/security/2016/05/how-a-security-pros-ill-advised-hack-of-a-florida-elections-site-backfired/ http://www.theregister.co.uk/2016/05/09/researcher_arrested_after_reporting_pwnage_hole_in_elections_site/ http://www.zdnet.com/article/security-researcher-arrested-for-reporting-us-election-website-vulnerabilities/ [Editor's Note (Williams): Although this started innocently enough (checking for a SQL injection vulnerability), Levin undoubtedly crossed the line when he exploited the vulnerability to download voter data from the website. Even when the site is involved in a bug bounty program (this site was not), the line between a reward and a crime is very thinly defined by the bounty program rules. Read and understand those rules before engaging in any testing activity.] --Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies (May 9, 2016) Twitter has prohibited Dataminr, a company that conducts data analysis on Twitter's entire feed, from allowing US intelligence agencies to access the data. Twitter expressed concern about appearing to have a close relationship with intelligence. Twitter maintains that it has never allowed Dataminr to sell data to government or intelligence agencies for surveillance. http://www.cnet.com/news/twitter-yanks-dataminr-access-for-us-spy-agencies/ http://arstechnica.com/tech-policy/2016/05/twitter-tells-us-intel-agencies-to-do-their-own-data-mining/ http://www.computerworld.com/article/3067400/internet/twitter-blocks-access-to-analytics-of-its-data-to-usintelligence-agencies.html --Virustotal Policy Change May 9, 2016 Virustotal, one of the most effective tools in combating malware has announced a policy change. As of now all scanning companies must be part of the Virustotal engine. This eliminates the opportunity to create an anti-virus program without contributing anti-malware analysis to the greater community: http://www.csmonitor.com/World/Passcode/2016/0509/Google-shakes-up-antivirus-industry http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4 http://blog.virustotal.com/2016/05/maintaining-healthy-community.html?spref=tw (Northcutt): They are also establishing quality standards, new scanners will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO). This will make it much harder to float a reputable sounding adware, scareware, or malware "free" anti-virus solution. (Pescatore): There has been a flood of companies that seemed to be fueling their engines at the Virus Total free malware filling station and doing very little (if any) exploratory drilling/discovery of new malware or techniques. I'd rather see new investment dollars go to new approaches to fighting malware, rather than just to more repackagers of Virustotal data.] --Equifax Website Data Breach Affects Kroger Employees (May 6, 7, & 9, 2016) Kroger has notified current and former employees that thieves have stolen information from their W-2 tax forms. The data were stolen from Equifax W2Express, a website that offers downloadable W-2s for some companies. http://krebsonsecurity.com/2016/05/crooks-grab-w-2s-from-credit-bureau-equifax/ http://www.scmagazine.com/kroger-warns-past-present-employees-of-possible-compromise-after-equifax-w-2expressbreach/article/495023/ http://www.darkreading.com/vulnerabilities---threats/kroger-hit-by-w-2-data-breach-at-equifax/d/d-id/1325438? [Editor's Note (Williams): In the wake of breaches of vendors that are expected to have better security, it's a good time to reinforce the need for security assessments of your vendors. Also, we recommend that contract language require immediate notification in the event of a suspected breach. When attackers may be using your vendors as a pivot point into your network, it is imperative that you know of compromises immediately.] --FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence (May 9, 2016) According to a document obtained by Oklahoma Watch, a non-profit investigative journalism organization, the FBI told a local law enforcement agency that the technology used in stingrays, or cell-site locators, is so sensitive and controversial that evidence presented at trial needs to be reconstructed another way. In the Wired article, Kim Zetter provides a solid overview of cell-site simulator technology and details ways in which law enforcement has been evasive about their use of the technology. http://www.zdnet.com/article/fbi-wants-cops-to-recreate-evidence-because-stingray-cell-trackers-are-too-secret/ 193 https://www.wired.com/2016/05/hacker-lexicon-stingrays-spy-tool-government-tried-failed-hide/ --Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center (May 6, 2016) Lenovo has patched a flaw in its Lenovo Solution Center (LSC), a pre-installed application on many Lenovo devices that provides a number of useful functions, including checking firewall status, updating software, and making backups. The flaw could be exploited to execute code and take control of computers. LSC version 3.3.002 fixes the privilege elevation vulnerability. http://www.computerworld.com/article/3067279/security/lenovo-patches-serious-flaw-in-pre-installed-supporttool.html --Bill Would Elevate CISO Position at US Dept. of Health and Human Services (May 3, 2016) Proposed legislation in the US House of Representatives includes a provision that would elevate the position of CISO within the Department of Health and Human Services (HHS). The position would be independent from the office of HHS CIO. The change was prompted by an August 2015 House Energy and Commerce Committee report following a 2013 FDA breach. The report recommended the organizational change to give information security the necessary priority. http://www.govinfosecurity.com/proposed-legislation-aims-to-elevate-hhs-ciso-role-a-9080 INTERNET STORM CENTER TECH CORNER A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomwaredonate-earnings-charity/ Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/ *********************************************************************** The Editorial Board of SANS NewsBites John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service. 194 Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response. Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations. Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course. Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries. Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security. Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu. Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute. William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School. Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT. Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org). Tom Liston is member of the Cyber Network Defense team at UAE-based Dark Matter. He is a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded. Jake Williams is a SANS course author and the founder of Rendition Infosec, with experience securing DoD, healthcare, and ICS environments. Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting. Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world. David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute. Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and nonprofits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project. 195 Eric Cornelius is Director of Critical Infrastructure and ICS at Cylance, and earlier served as deputy director and chief technical analyst for the Control Systems Security Program at the US Department of Homeland Security. Alan Paller is director of research at the SANS Institute. Brian Honan is an independent security consultant based in Dublin, Ireland. David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites. Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/ -----BEGIN PGP SIGNATURE----iEYEARECAAYFAlcyFsUACgkQ+LUG5KFpTkbg4gCgmAa3XrdSy1fcmsTauZ3ezyp9 CHYAnR1p/wQLhu7Qwp0/g8tptzMlGUnX =k9yN -----END PGP SIGNATURE----- 196 From: Sent: To: Subject: SANS Institute Tuesday, May 10, 2016 11:41 AM Clint Dragoo SANS NewsBites Vol. 18 Num. 037 : FTC and FCC Launch Inquiries Into Mobile Device Update Issues; Misconfigured AV Scan Caused Medical Procedure Delay; Firefox 47 Ends Plugins Whitelist Categories: YES-RESPONSIVE -----BEGIN PGP SIGNED MESSAGE----Hash: SHA1 **************************************************************************** SANS NewsBites May 10, 2016 Vol. 18, Num. 037 **************************************************************************** TOP OF THE NEWS FTC and FCC Launch Inquiries Into Mobile Device Update Issues Misconfigured AV Scan Caused Medical Procedure Delay Firefox 47 Ends Plugins Whitelist THE REST OF THE WEEK'S NEWS Legislator Seeks Definition for Act of Cyberwar Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation Man Arrested for Breaking Into State Election Website Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies Virustotal Policy Change Equifax Website Data Breach Affects Kroger Employees FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center Bill Would Elevate CISO Position at US Dept. of Health and Human Services INTERNET STORM CENTER TECH CORNER ******************* Sponsored By Bracket AlienVault *********************** Trying to figure out where to start when it comes to Open Source Network Security Tools? Download a free beginner's guide to learn more: http://www.sans.org/info/185597 *************************************************************************** TRAINING UPDATE --SANS Baltimore Spring 2016 Baltimore, MD May 9-14 9 courses in IT security, cyber defense, incident handling, security management, and Windows forensics plus multiple SANS@Night talks. http://www.sans.org/u/gR7 --SANS Houston 2016 Houston, TX May 9-14 7 courses including the NEW Network Penetration Testing & Ethical Hacking course. http://www.sans.org/u/dzE --SANS Stockholm 2016 Stockholm, Sweden May 9-14 197 5 courses. SANS training in the Nordics, 5 courses including Mobile, Virtualisation, Defending Web Apps, and Reverse Engineering Malware. http://www.sans.org/u/ffh --Security Operations Center Summit & Training Crystal City, VA May 19-26, 2016 Sharing information to make cybersecurity work effectively. Two days of in-depth Summit talks, 4 SANS courses, networking, & more! http://www.sans.org/u/eQV --SANSFIRE 2016 Washington, DC June 11-18 Exclusive event powered by the Internet Storm Center 47 courses, bonus evening presentations, solutions expo, extraordinary networking opportunities, 2 nights of NetWars, industry receptions, and more! http://www.sans.org/u/gRr --DFIR Summit & Training Austin, TX June 23-30, 2016 DFIR Superheroes aren't born; they're made. Two days of indepth Summit talks, 9 SANS courses, DFIR Netwars, Night Out in Austin!, and @Night talks! http://www.sans.org/u/gBD --Can't travel? SANS offers LIVE online instruction. Day (Simulcast - http://www.sans.org/u/WF) and Evening (vLive - http://www.sans.org/u/WU) courses available! -- Multi-week Live SANS training Mentor - http://www.sans.org/u/X4 Contact mentor@sans.org --Looking for training in your own community? Community - http://www.sans.org/u/Xj --SANS OnDemand lets you train anytime, anywhere with four months of online access to your course. Learn more: http://www.sans.org/u/Xy Plus Prague, Berlin, Delhi, Vienna, and Portland all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/u/XI *************************************************************************** TOP OF THE NEWS --FTC and FCC Launch Inquiries Into Mobile Device Update Issues (May 9, 2016) The US Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have both launched inquiries into the patching of mobile devices. The inquiries are seeking information about how carriers and hardware vendors manage updates and patches. The inquiries were prompted by concerns that updates were not being made available quickly enough. http://www.zdnet.com/article/apple-google-face-questions-over-lingering-security-flaws/ http://www.theregister.co.uk/2016/05/09/fcc_ftc_android_updates/ http://www.computerworld.com/article/3067703/security/the-fcc-and-ftc-open-inquiries-into-smartphone-securityupdates.html [Editor's Note (Pescatore): This is a good example of the telecoms industry not being proactive and "self regulating." The root of the two inquiries is a good one - the carriers got into the business of essentially integrating software from multiple sources onto hardware (smart phones and tablets) and haven't seemed to define industry standard practices for keeping that all secure. Now there are multiple government agency investigation that will require generation of much paperwork and possible regulations that lead to higher levels of paperwork but not necessarily actual higher levels of security.] --Misconfigured AV Scan Caused Medical Procedure Delay (May 9, 2016) Improperly configured antivirus software caused a delay during a medical procedure, according to a US Food and Drug Administration (FDA) Adverse Event Report. A malware scan on a device that collects patient vital signs caused the monitor PC to lose communication with the client. http://www.theregister.co.uk/2016/05/09/malware_scan_stalled_misconfigured_med_software_midprocedure/ [Editor's Note (Assante): I had to flag this statement: "scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files". Please do tell how these certain files are bullet proof! I suspect it is more likely that the images and patient data files are changing so they are caught by the AV. Folder and file type exclusions have long been necessary in ICS deployments for the same reason. It is why AV solutions are certified by ICS suppliers with approved configurations to be implemented on ICS hosts. 198 (Pescatore): The FDA report points out that the AV function was set up against the instructions, so the root cause of the outage is admin error. The bigger issue: if whitelisting was in place on the device, the risk of operational interference can be moved out of operational windows. (Williams): Medical devices are notoriously sensitive in their implementations. When adding third party software (such as AV or whitelisting software) organizations must test extensively to ensure they won't cause inadvertent outages. Vulnerability scanning is also problematic for these devices. I generally recommend proactive net flow monitoring for life safety devices in lieu of periodic vulnerability scanning.] --Firefox 47 Ends Plugins Whitelist (May 6, 2016) In Firefox 47, Mozilla has ended white-listing for plugins, with the exception of Flash. Firefox 47 is currently in beta release and is scheduled to be moved to the stable channel on June 7, 2016. Mozilla plans to end support for Flash with Firefox 53, which is scheduled for release in 2017. http://www.theregister.co.uk/2016/05/06/firefox_47_beta_flash_not_blacklisted_yet/ ************************** SPONSORED LINKS ******************************** 1) Threat Advisor Free Download: Stop Ransomware Before It Starts: http://www.sans.org/info/185617 2) WEBCAST. May 10 @ 2pm ET. The Verizon Data Breach Investigations Report - A Defender's Perspective. http://www.sans.org/info/185622 3) Save Hundreds! Register Now! Enfuse 2016: Cybersecurity - Digital Investigations - E-Discovery. Use Code SANS2016 http://www.sans.org/info/185627 *************************************************************************** THE REST OF THE WEEK'S NEWS --Legislator Seeks Definition for Act of Cyberwar (May 9, 2016) US Senator Mike Rounds (R-South Dakota) has introduced a bill that would require the president to create a policy that defines when a cyberattack is an act of war. After the White House released a cyber deterrence policy late last year, members of the Senate Armed Services Committee said that it came up short. http://federalnewsradio.com/cybersecurity/2016/05/senator-wants-definition-cyber-act-war/ [Editor's Note (Pescatore): International agreement on how to define cyber attacks as equaling acts of war are needed but so far in the US these types of legislative initiatives (including this one) have seemed to be purely political - not likely to lead to anything meaningful.] --Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation (May 9, 2016) Officials at Bangladesh Central Bank said that the fraudulent transactions that cost the bank US $81 million were due to improperly installed software. They alleged that when the Society for Worldwide Interbank Financial telecommunication (SWIFT) installed real-time gross settlement software in the months before the attack, they introduced the vulnerabilities that the attackers exploited. SWIFT has rejected the allegations. http://www.darkreading.com/operations/reuters-police-say-swift-techs-made-bangladesh-bank-more-vulnerablebefore-heist/d/d-id/1325447? http://www.scmagazine.com/bangaldeshi-banking-officials-blame-81m-bank-heist-on-incorrectly-installedsoftware/article/495068/ --Man Arrested for Breaking Into State Election Website (May 9, 2016) A Florida man was arrested after accessing a state election website using an SQL injection attack. David Levin accessed the site without permission from the Lee County, Florida, elections office. Levin faces charges of unauthorized access to a computer, network, or electronic device; he has been released on bond. 199 http://arstechnica.com/security/2016/05/how-a-security-pros-ill-advised-hack-of-a-florida-elections-site-backfired/ http://www.theregister.co.uk/2016/05/09/researcher_arrested_after_reporting_pwnage_hole_in_elections_site/ http://www.zdnet.com/article/security-researcher-arrested-for-reporting-us-election-website-vulnerabilities/ [Editor's Note (Williams): Although this started innocently enough (checking for a SQL injection vulnerability), Levin undoubtedly crossed the line when he exploited the vulnerability to download voter data from the website. Even when the site is involved in a bug bounty program (this site was not), the line between a reward and a crime is very thinly defined by the bounty program rules. Read and understand those rules before engaging in any testing activity.] --Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies (May 9, 2016) Twitter has prohibited Dataminr, a company that conducts data analysis on Twitter's entire feed, from allowing US intelligence agencies to access the data. Twitter expressed concern about appearing to have a close relationship with intelligence. Twitter maintains that it has never allowed Dataminr to sell data to government or intelligence agencies for surveillance. http://www.cnet.com/news/twitter-yanks-dataminr-access-for-us-spy-agencies/ http://arstechnica.com/tech-policy/2016/05/twitter-tells-us-intel-agencies-to-do-their-own-data-mining/ http://www.computerworld.com/article/3067400/internet/twitter-blocks-access-to-analytics-of-its-data-to-usintelligence-agencies.html --Virustotal Policy Change May 9, 2016 Virustotal, one of the most effective tools in combating malware has announced a policy change. As of now all scanning companies must be part of the Virustotal engine. This eliminates the opportunity to create an anti-virus program without contributing anti-malware analysis to the greater community: http://www.csmonitor.com/World/Passcode/2016/0509/Google-shakes-up-antivirus-industry http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4 http://blog.virustotal.com/2016/05/maintaining-healthy-community.html?spref=tw (Northcutt): They are also establishing quality standards, new scanners will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO). This will make it much harder to float a reputable sounding adware, scareware, or malware "free" anti-virus solution. (Pescatore): There has been a flood of companies that seemed to be fueling their engines at the Virus Total free malware filling station and doing very little (if any) exploratory drilling/discovery of new malware or techniques. I'd rather see new investment dollars go to new approaches to fighting malware, rather than just to more repackagers of Virustotal data.] --Equifax Website Data Breach Affects Kroger Employees (May 6, 7, & 9, 2016) Kroger has notified current and former employees that thieves have stolen information from their W-2 tax forms. The data were stolen from Equifax W2Express, a website that offers downloadable W-2s for some companies. http://krebsonsecurity.com/2016/05/crooks-grab-w-2s-from-credit-bureau-equifax/ http://www.scmagazine.com/kroger-warns-past-present-employees-of-possible-compromise-after-equifax-w-2expressbreach/article/495023/ http://www.darkreading.com/vulnerabilities---threats/kroger-hit-by-w-2-data-breach-at-equifax/d/d-id/1325438? [Editor's Note (Williams): In the wake of breaches of vendors that are expected to have better security, it's a good time to reinforce the need for security assessments of your vendors. Also, we recommend that contract language require immediate notification in the event of a suspected breach. When attackers may be using your vendors as a pivot point into your network, it is imperative that you know of compromises immediately.] --FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence (May 9, 2016) According to a document obtained by Oklahoma Watch, a non-profit investigative journalism organization, the FBI told a local law enforcement agency that the technology used in stingrays, or cell-site locators, is so sensitive and controversial that evidence presented at trial needs to be reconstructed another way. In the Wired article, Kim Zetter provides a solid overview of cell-site simulator technology and details ways in which law enforcement has been evasive about their use of the technology. http://www.zdnet.com/article/fbi-wants-cops-to-recreate-evidence-because-stingray-cell-trackers-are-too-secret/ 200 https://www.wired.com/2016/05/hacker-lexicon-stingrays-spy-tool-government-tried-failed-hide/ --Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center (May 6, 2016) Lenovo has patched a flaw in its Lenovo Solution Center (LSC), a pre-installed application on many Lenovo devices that provides a number of useful functions, including checking firewall status, updating software, and making backups. The flaw could be exploited to execute code and take control of computers. LSC version 3.3.002 fixes the privilege elevation vulnerability. http://www.computerworld.com/article/3067279/security/lenovo-patches-serious-flaw-in-pre-installed-supporttool.html --Bill Would Elevate CISO Position at US Dept. of Health and Human Services (May 3, 2016) Proposed legislation in the US House of Representatives includes a provision that would elevate the position of CISO within the Department of Health and Human Services (HHS). The position would be independent from the office of HHS CIO. The change was prompted by an August 2015 House Energy and Commerce Committee report following a 2013 FDA breach. The report recommended the organizational change to give information security the necessary priority. http://www.govinfosecurity.com/proposed-legislation-aims-to-elevate-hhs-ciso-role-a-9080 INTERNET STORM CENTER TECH CORNER A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomwaredonate-earnings-charity/ Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/ *********************************************************************** The Editorial Board of SANS NewsBites John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service. 201 Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response. Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations. Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course. Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries. Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security. Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu. Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute. William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School. Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT. Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org). Tom Liston is member of the Cyber Network Defense team at UAE-based Dark Matter. He is a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded. Jake Williams is a SANS course author and the founder of Rendition Infosec, with experience securing DoD, healthcare, and ICS environments. Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting. Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world. David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute. Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and nonprofits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project. 202 Eric Cornelius is Director of Critical Infrastructure and ICS at Cylance, and earlier served as deputy director and chief technical analyst for the Control Systems Security Program at the US Department of Homeland Security. Alan Paller is director of research at the SANS Institute. Brian Honan is an independent security consultant based in Dublin, Ireland. David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites. Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/ -----BEGIN PGP SIGNATURE----iEYEARECAAYFAlcyFsUACgkQ+LUG5KFpTkbg4gCgmAa3XrdSy1fcmsTauZ3ezyp9 CHYAnR1p/wQLhu7Qwp0/g8tptzMlGUnX =k9yN -----END PGP SIGNATURE----- 203 From: Sent: To: Subject: SANS Institute Tuesday, May 10, 2016 11:29 AM Justin Feffer SANS NewsBites Vol. 18 Num. 037 : FTC and FCC Launch Inquiries Into Mobile Device Update Issues; Misconfigured AV Scan Caused Medical Procedure Delay; Firefox 47 Ends Plugins Whitelist Categories: YES-RESPONSIVE -----BEGIN PGP SIGNED MESSAGE----Hash: SHA1 **************************************************************************** SANS NewsBites May 10, 2016 Vol. 18, Num. 037 **************************************************************************** TOP OF THE NEWS FTC and FCC Launch Inquiries Into Mobile Device Update Issues Misconfigured AV Scan Caused Medical Procedure Delay Firefox 47 Ends Plugins Whitelist THE REST OF THE WEEK'S NEWS Legislator Seeks Definition for Act of Cyberwar Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation Man Arrested for Breaking Into State Election Website Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies Virustotal Policy Change Equifax Website Data Breach Affects Kroger Employees FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center Bill Would Elevate CISO Position at US Dept. of Health and Human Services INTERNET STORM CENTER TECH CORNER ******************* Sponsored By Bracket AlienVault *********************** Trying to figure out where to start when it comes to Open Source Network Security Tools? Download a free beginner's guide to learn more: http://www.sans.org/info/185597 *************************************************************************** TRAINING UPDATE --SANS Baltimore Spring 2016 Baltimore, MD May 9-14 9 courses in IT security, cyber defense, incident handling, security management, and Windows forensics plus multiple SANS@Night talks. http://www.sans.org/u/gR7 --SANS Houston 2016 Houston, TX May 9-14 7 courses including the NEW Network Penetration Testing & Ethical Hacking course. http://www.sans.org/u/dzE --SANS Stockholm 2016 Stockholm, Sweden May 9-14 204 5 courses. SANS training in the Nordics, 5 courses including Mobile, Virtualisation, Defending Web Apps, and Reverse Engineering Malware. http://www.sans.org/u/ffh --Security Operations Center Summit & Training Crystal City, VA May 19-26, 2016 Sharing information to make cybersecurity work effectively. Two days of in-depth Summit talks, 4 SANS courses, networking, & more! http://www.sans.org/u/eQV --SANSFIRE 2016 Washington, DC June 11-18 Exclusive event powered by the Internet Storm Center 47 courses, bonus evening presentations, solutions expo, extraordinary networking opportunities, 2 nights of NetWars, industry receptions, and more! http://www.sans.org/u/gRr --DFIR Summit & Training Austin, TX June 23-30, 2016 DFIR Superheroes aren't born; they're made. Two days of indepth Summit talks, 9 SANS courses, DFIR Netwars, Night Out in Austin!, and @Night talks! http://www.sans.org/u/gBD --Can't travel? SANS offers LIVE online instruction. Day (Simulcast - http://www.sans.org/u/WF) and Evening (vLive - http://www.sans.org/u/WU) courses available! -- Multi-week Live SANS training Mentor - http://www.sans.org/u/X4 Contact mentor@sans.org --Looking for training in your own community? Community - http://www.sans.org/u/Xj --SANS OnDemand lets you train anytime, anywhere with four months of online access to your course. Learn more: http://www.sans.org/u/Xy Plus Prague, Berlin, Delhi, Vienna, and Portland all in the next 90 days. For a list of all upcoming events, on-line and live: http://www.sans.org/u/XI *************************************************************************** TOP OF THE NEWS --FTC and FCC Launch Inquiries Into Mobile Device Update Issues (May 9, 2016) The US Federal Trade Commission (FTC) and Federal Communications Commission (FCC) have both launched inquiries into the patching of mobile devices. The inquiries are seeking information about how carriers and hardware vendors manage updates and patches. The inquiries were prompted by concerns that updates were not being made available quickly enough. http://www.zdnet.com/article/apple-google-face-questions-over-lingering-security-flaws/ http://www.theregister.co.uk/2016/05/09/fcc_ftc_android_updates/ http://www.computerworld.com/article/3067703/security/the-fcc-and-ftc-open-inquiries-into-smartphone-securityupdates.html [Editor's Note (Pescatore): This is a good example of the telecoms industry not being proactive and "self regulating." The root of the two inquiries is a good one - the carriers got into the business of essentially integrating software from multiple sources onto hardware (smart phones and tablets) and haven't seemed to define industry standard practices for keeping that all secure. Now there are multiple government agency investigation that will require generation of much paperwork and possible regulations that lead to higher levels of paperwork but not necessarily actual higher levels of security.] --Misconfigured AV Scan Caused Medical Procedure Delay (May 9, 2016) Improperly configured antivirus software caused a delay during a medical procedure, according to a US Food and Drug Administration (FDA) Adverse Event Report. A malware scan on a device that collects patient vital signs caused the monitor PC to lose communication with the client. http://www.theregister.co.uk/2016/05/09/malware_scan_stalled_misconfigured_med_software_midprocedure/ [Editor's Note (Assante): I had to flag this statement: "scan only the potentially vulnerable files on the system, while skipping the medical images and patient data files". Please do tell how these certain files are bullet proof! I suspect it is more likely that the images and patient data files are changing so they are caught by the AV. Folder and file type exclusions have long been necessary in ICS deployments for the same reason. It is why AV solutions are certified by ICS suppliers with approved configurations to be implemented on ICS hosts. 205 (Pescatore): The FDA report points out that the AV function was set up against the instructions, so the root cause of the outage is admin error. The bigger issue: if whitelisting was in place on the device, the risk of operational interference can be moved out of operational windows. (Williams): Medical devices are notoriously sensitive in their implementations. When adding third party software (such as AV or whitelisting software) organizations must test extensively to ensure they won't cause inadvertent outages. Vulnerability scanning is also problematic for these devices. I generally recommend proactive net flow monitoring for life safety devices in lieu of periodic vulnerability scanning.] --Firefox 47 Ends Plugins Whitelist (May 6, 2016) In Firefox 47, Mozilla has ended white-listing for plugins, with the exception of Flash. Firefox 47 is currently in beta release and is scheduled to be moved to the stable channel on June 7, 2016. Mozilla plans to end support for Flash with Firefox 53, which is scheduled for release in 2017. http://www.theregister.co.uk/2016/05/06/firefox_47_beta_flash_not_blacklisted_yet/ ************************** SPONSORED LINKS ******************************** 1) Threat Advisor Free Download: Stop Ransomware Before It Starts: http://www.sans.org/info/185617 2) WEBCAST. May 10 @ 2pm ET. The Verizon Data Breach Investigations Report - A Defender's Perspective. http://www.sans.org/info/185622 3) Save Hundreds! Register Now! Enfuse 2016: Cybersecurity - Digital Investigations - E-Discovery. Use Code SANS2016 http://www.sans.org/info/185627 *************************************************************************** THE REST OF THE WEEK'S NEWS --Legislator Seeks Definition for Act of Cyberwar (May 9, 2016) US Senator Mike Rounds (R-South Dakota) has introduced a bill that would require the president to create a policy that defines when a cyberattack is an act of war. After the White House released a cyber deterrence policy late last year, members of the Senate Armed Services Committee said that it came up short. http://federalnewsradio.com/cybersecurity/2016/05/senator-wants-definition-cyber-act-war/ [Editor's Note (Pescatore): International agreement on how to define cyber attacks as equaling acts of war are needed but so far in the US these types of legislative initiatives (including this one) have seemed to be purely political - not likely to lead to anything meaningful.] --Bangladesh Bank Says Cyberheist Caused by Faulty Software Installation (May 9, 2016) Officials at Bangladesh Central Bank said that the fraudulent transactions that cost the bank US $81 million were due to improperly installed software. They alleged that when the Society for Worldwide Interbank Financial telecommunication (SWIFT) installed real-time gross settlement software in the months before the attack, they introduced the vulnerabilities that the attackers exploited. SWIFT has rejected the allegations. http://www.darkreading.com/operations/reuters-police-say-swift-techs-made-bangladesh-bank-more-vulnerablebefore-heist/d/d-id/1325447? http://www.scmagazine.com/bangaldeshi-banking-officials-blame-81m-bank-heist-on-incorrectly-installedsoftware/article/495068/ --Man Arrested for Breaking Into State Election Website (May 9, 2016) A Florida man was arrested after accessing a state election website using an SQL injection attack. David Levin accessed the site without permission from the Lee County, Florida, elections office. Levin faces charges of unauthorized access to a computer, network, or electronic device; he has been released on bond. 206 http://arstechnica.com/security/2016/05/how-a-security-pros-ill-advised-hack-of-a-florida-elections-site-backfired/ http://www.theregister.co.uk/2016/05/09/researcher_arrested_after_reporting_pwnage_hole_in_elections_site/ http://www.zdnet.com/article/security-researcher-arrested-for-reporting-us-election-website-vulnerabilities/ [Editor's Note (Williams): Although this started innocently enough (checking for a SQL injection vulnerability), Levin undoubtedly crossed the line when he exploited the vulnerability to download voter data from the website. Even when the site is involved in a bug bounty program (this site was not), the line between a reward and a crime is very thinly defined by the bounty program rules. Read and understand those rules before engaging in any testing activity.] --Twitter Prohibits Dataminr From Selling Analytics to Intelligence Agencies (May 9, 2016) Twitter has prohibited Dataminr, a company that conducts data analysis on Twitter's entire feed, from allowing US intelligence agencies to access the data. Twitter expressed concern about appearing to have a close relationship with intelligence. Twitter maintains that it has never allowed Dataminr to sell data to government or intelligence agencies for surveillance. http://www.cnet.com/news/twitter-yanks-dataminr-access-for-us-spy-agencies/ http://arstechnica.com/tech-policy/2016/05/twitter-tells-us-intel-agencies-to-do-their-own-data-mining/ http://www.computerworld.com/article/3067400/internet/twitter-blocks-access-to-analytics-of-its-data-to-usintelligence-agencies.html --Virustotal Policy Change May 9, 2016 Virustotal, one of the most effective tools in combating malware has announced a policy change. As of now all scanning companies must be part of the Virustotal engine. This eliminates the opportunity to create an anti-virus program without contributing anti-malware analysis to the greater community: http://www.csmonitor.com/World/Passcode/2016/0509/Google-shakes-up-antivirus-industry http://www.reuters.com/article/us-cybersecurity-sharing-virustotal-anal-idUSKCN0XY0R4 http://blog.virustotal.com/2016/05/maintaining-healthy-community.html?spref=tw (Northcutt): They are also establishing quality standards, new scanners will need to prove a certification and/or independent reviews from security testers according to best practices of Anti-Malware Testing Standards Organization (AMTSO). This will make it much harder to float a reputable sounding adware, scareware, or malware "free" anti-virus solution. (Pescatore): There has been a flood of companies that seemed to be fueling their engines at the Virus Total free malware filling station and doing very little (if any) exploratory drilling/discovery of new malware or techniques. I'd rather see new investment dollars go to new approaches to fighting malware, rather than just to more repackagers of Virustotal data.] --Equifax Website Data Breach Affects Kroger Employees (May 6, 7, & 9, 2016) Kroger has notified current and former employees that thieves have stolen information from their W-2 tax forms. The data were stolen from Equifax W2Express, a website that offers downloadable W-2s for some companies. http://krebsonsecurity.com/2016/05/crooks-grab-w-2s-from-credit-bureau-equifax/ http://www.scmagazine.com/kroger-warns-past-present-employees-of-possible-compromise-after-equifax-w-2expressbreach/article/495023/ http://www.darkreading.com/vulnerabilities---threats/kroger-hit-by-w-2-data-breach-at-equifax/d/d-id/1325438? [Editor's Note (Williams): In the wake of breaches of vendors that are expected to have better security, it's a good time to reinforce the need for security assessments of your vendors. Also, we recommend that contract language require immediate notification in the event of a suspected breach. When attackers may be using your vendors as a pivot point into your network, it is imperative that you know of compromises immediately.] --FBI Told Law Enforcement to Recreate Stingray-Gathered Evidence (May 9, 2016) According to a document obtained by Oklahoma Watch, a non-profit investigative journalism organization, the FBI told a local law enforcement agency that the technology used in stingrays, or cell-site locators, is so sensitive and controversial that evidence presented at trial needs to be reconstructed another way. In the Wired article, Kim Zetter provides a solid overview of cell-site simulator technology and details ways in which law enforcement has been evasive about their use of the technology. http://www.zdnet.com/article/fbi-wants-cops-to-recreate-evidence-because-stingray-cell-trackers-are-too-secret/ 207 https://www.wired.com/2016/05/hacker-lexicon-stingrays-spy-tool-government-tried-failed-hide/ --Lenovo Fixes Privilege Elevation Flaw in Lenovo Solution Center (May 6, 2016) Lenovo has patched a flaw in its Lenovo Solution Center (LSC), a pre-installed application on many Lenovo devices that provides a number of useful functions, including checking firewall status, updating software, and making backups. The flaw could be exploited to execute code and take control of computers. LSC version 3.3.002 fixes the privilege elevation vulnerability. http://www.computerworld.com/article/3067279/security/lenovo-patches-serious-flaw-in-pre-installed-supporttool.html --Bill Would Elevate CISO Position at US Dept. of Health and Human Services (May 3, 2016) Proposed legislation in the US House of Representatives includes a provision that would elevate the position of CISO within the Department of Health and Human Services (HHS). The position would be independent from the office of HHS CIO. The change was prompted by an August 2015 House Energy and Commerce Committee report following a 2013 FDA breach. The report recommended the organizational change to give information security the necessary priority. http://www.govinfosecurity.com/proposed-legislation-aims-to-elevate-hhs-ciso-role-a-9080 INTERNET STORM CENTER TECH CORNER A Quick Introduction To Linux Capabilities https://isc.sans.edu/forums/diary/Guest+Diary+Linux+Capabilities+A+friend+and+foe/21031/ Review of TLS Proxy Security Issues http://users.encs.concordia.ca/~mmannan/publications/ssl-interception-ndss2016.pdf Ransomware Claims to Donate Proceeds To Charity https://heimdalsecurity.com/blog/security-alert-new-ransomwaredonate-earnings-charity/ Network Forensics With DShell https://isc.sans.edu/forums/diary/Performing+network+forensics+with+Dshell+Part+1+Basic+usage/21035/ Aruba Vulnerabilities (and Patches) http://seclists.org/fulldisclosure/2016/May/19 Allwinner Android Device Debug Backdoor http://forum.armbian.com/index.php/topic/1108-security-alert-for-allwinner-sun8i-h3a83th8/ ImageTragick Flaw Being Exploited https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/ Attacking JSON Web Tokens https://www.notsosecure.com/crafting-way-json-web-tokens/ ASUS UEFI Red Screen Of Death Workaround https://www.asus.com/support/FAQ/1016356/ *********************************************************************** The Editorial Board of SANS NewsBites John Pescatore was Vice President at Gartner Inc. for fourteen years. He became a director of the SANS Institute in 2013. He has worked in computer and network security since 1978 including time at the NSA and the U.S. Secret Service. 208 Shawn Henry is president of CrowdStrike Services. He retired as FBI Executive Assistant Director responsible for all criminal and cyber programs and investigations worldwide, as well as international operations and the FBI's critical incident response. Suzanne Vautrinot was Commander of the 24th Air Force (AF Cyber) and now sits on the board of directors of Wells Fargo and several other major organizations. Ed Skoudis is co-founder of CounterHack, the nation's top producer of cyber ranges, simulations, and competitive challenges, now used from high schools to the Air Force. He is also author and lead instructor of the SANS Hacker Exploits and Incident Handling course, and Penetration Testing course. Michael Assante was Vice President and Chief Security Officer at NERC, led a key control systems group at Idaho National Labs, and was American Electric Power's CSO. He now leads the global cyber skills development program at SANS for power, oil & gas and other critical infrastructure industries. Mark Weatherford is Chief Cybersecurity Strategist at vArmour and the former Deputy Under Secretary of Cybersecurity at the US Department of Homeland Security. Stephen Northcutt teaches advanced courses in cyber security management; he founded the GIAC certification and was the founding President of STI, the premier skills-based cyber security graduate school, www.sans.edu. Dr. Johannes Ullrich is Chief Technology Officer of the Internet Storm Center and Dean of the Faculty of the graduate school at the SANS Technology Institute. William Hugh Murray is an executive consultant and trainer in Information Assurance and Associate Professor at the Naval Postgraduate School. Sean McBride is Director of Analysis and co-founder of Critical Intelligence, and, while at Idaho National Laboratory, he initiated the situational awareness effort that became the ICS-CERT. Rob Lee is the SANS Institute's top forensics instructor and director of the digital forensics and incident response research and education program at SANS (computer-forensics.sans.org). Tom Liston is member of the Cyber Network Defense team at UAE-based Dark Matter. He is a Handler for the SANS Institute's Internet Storm Center and co-author of the book Counter Hack Reloaded. Jake Williams is a SANS course author and the founder of Rendition Infosec, with experience securing DoD, healthcare, and ICS environments. Dr. Eric Cole is an instructor, author and fellow with The SANS Institute. He has written five books, including Insider Threat and he is a founder with Secure Anchor Consulting. Mason Brown is one of a very small number of people in the information security field who have held a top management position in a Fortune 50 company (Alcoa). He leads SANS' efforts to raise the bar in cybersecurity education around the world. David Hoelzer is the director of research & principal examiner for Enclave Forensics and a senior fellow with the SANS Technology Institute. Gal Shpantzer is a trusted advisor to CSOs of large corporations, technology startups, Ivy League universities and nonprofits specializing in critical infrastructure protection. Gal created the Security Outliers project in 2009, focusing on the role of culture in risk management outcomes and contributes to the Infosec Burnout project. 209 Eric Cornelius is Director of Critical Infrastructure and ICS at Cylance, and earlier served as deputy director and chief technical analyst for the Control Systems Security Program at the US Department of Homeland Security. Alan Paller is director of research at the SANS Institute. Brian Honan is an independent security consultant based in Dublin, Ireland. David Turley is SANS operations manager and serves as production manager and final editor on SANS NewsBites. Please feel free to share this with interested parties via email, but no posting is allowed on web sites. For a free subscription, (and for free posters) or to update a current subscription, visit http://portal.sans.org/ -----BEGIN PGP SIGNATURE----iEYEARECAAYFAlcyFsUACgkQ+LUG5KFpTkbg4gCgmAa3XrdSy1fcmsTauZ3ezyp9 CHYAnR1p/wQLhu7Qwp0/g8tptzMlGUnX =k9yN -----END PGP SIGNATURE----- 210 From: Sent: To: Subject: LEIU Daily Tuesday, May 10, 2016 4:45 AM Gregory Frum May 10, 2016: US Military Preparing For Potential War In Space Categories: YES-RESPONSIVE If you are unable to see the message or images below, click here to view Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Please add us to y our address book Good morning Greg Frum Tuesday, May 10, 2016 CRIMINAL INTELLIGENCE FBI Memo Urges Police To Recreate Evidence Gathered With Stingrays. ZDNet (5/9) reports on a recently disclosed FBI document urging a local police department to recreate evidence gathered using Stingray technology by some other means before presenting it at trial. Departments that use Stingrays are bound by a non-disclosure agreement required by the device’s manufacture. “Disclosing the use of stingrays would violate the non-disclosure agreement. Many cases have been dropped to prevent disclosing the use of the technology,” ZDNet says. DEA Agent: Synthetic Opiods May Be Next Epidemic. DEA Special Agent in Charge James Shroba tells AOL (5/9) that synthetic opioids “is the next front,” and “says agents are tracking the beginnings of drug traffickers tweaking the chemical compounds of Fentanyl.” Shroba warns synthetic opioids are “hundreds, if not thousands of times more potent than heroin, or other opioids.” AOL says synthetic Cathinones or cannabinoids, which are available in some stores, may make “new users out of people who might not normally try drugs.” Twitter Downplays Dataminr Move. The Wall Street Journal report saying that Twitter plans to cut off access to Dataminr for US intelligence agencies generated significant second-day coverage. Ars Technica (5/9, Kravets) reports that in a statement, Twitter “downplayed the development.” saying, “Dataminr uses public Tweets to sell breaking news alerts to media organizations such as Dow Jones and government agencies such as the World Health Organization, for non-surveillance purposes. We have never authorized Dataminr or any third party to sell data to a government or intelligence agency for surveillance purposes. This is a longstanding Twitter policy, not a new development.” 211 Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. LEIU From Head er We hope you are enjoying the LEIU Daily and you are deriving a great deal of value from this report. It provides you with the latest law enforcement news and include timely coverage of issues involving organized crime, terrorism, gambling, and legal news that may impact you. You can count on LEIU Daily for comprehensive coverage. I am glad we can share this member benefit with you as I believe it will help us all stay abreast of rapidly developing stories, issues, and regulations in our field. On another note --Your LEIU Executive Board believes this Daily Briefing is also beneficial to others in your department and encourage you to share with your colleagues, subordinates, and management. Please take the time to invite your unit members to receive the LEIU Daily each morning via the “Invite a colleague” button at the bottom of your briefing. Sharing this briefing with your team is one of the benefits of your LEIU membership. The more people who can benefit from this Daily Briefing the more effective we become. Bob Morehouse, Executive Director LEIU LEGAL ISSUES Immigration Court Backlog Seen As Draw For More Illegal Immigration. Fox News (5/9) says the surge of Central American migrants into the US is “worse – as Border Patrol agents apprehend even more Honduran, Guatemalan and Salvadoran immigrants claiming asylum. But due to a backlog in the courts, there is even less of a chance they’ll be deported.” Former CBP deputy commissioner David Aguilar is quoted saying, “Where the backflow and choke point is occurring is in the immigration judge docket system – 800,000 on the dockets right now. ... So, that backlog, that inability to basically send these people back, remove them back to their countries of origin, is causing a draw of more of these people coming into the country.” ODNI Pushes Back Against Wyden Demands Over Surveillance. The Hill (5/9, Williams) reports that the intel community is “pushing back on a Harvard report that has become a touchstone in the Capitol Hill debate over encryption.” In a letter to Sen. Ron Wyden, ODNI’s Deirdre Walsh wrote, “The public debate about the appropriate scope of lawful access to encrypted communications ... must be informed by recognition that the increased use of encryption represents a significant impediment to our efforts to protect the nation.” Wyden “had demanded feedback on the report, produced by Harvard’s Berkman Center, during a February hearing on the topic. Titled ‘Don’t Panic,’ the study suggests that law enforcement will be able to turn to alternative data streams in order to conduct needed surveillance.” Wyden Prepping Bill To Block DOJ Revisions To Rule 41. The Hill (5/9, Williams) reports that Sen. Ron Wyden is “moving to prevent a controversial expansion of the federal government’s hacking powers.” This week, he is “expected to unveil legislation blocking a Justice 212 Department request to allow judges to grant a single warrant for electronic searches in multiple locations – even when investigators don’t know the physical location of a device.” The DOJ, “which has been working for years on getting the change, insists the revision to what’s known as Rule 41 is a necessary update to match the realities of modern digital investigations.” TECHNOLOGY US Military Preparing For Potential War In Space. The Washington Post (5/9, A1, Davenport) reports that faced with the prospect of hostilities in space, US defense officials are “developing ways to protect exposed satellites floating in orbit and to keep apprised of what an enemy is doing hundreds, if not thousands, of miles above Earth’s surface. They are making satellites more resilient, enabling them to withstand jamming efforts.” India Claims To Have Developed Tool To Defeat IPhone Encryption. CNET News (5/9) reports India’s communications and IT minister Ravi Shankar Prasad claims the country has developed a tool that can defeat encryption for smartphones, including the iPhone. CNET News says that “Prasad didn’t reveal details about how the tool works.” DOJ Creating Body Camera Catalog to Aid Law Enforcement. FierceGovernmentIT (5/9, Richman) reports DOJ is creating a catalog of body camera devices “to help local law enforcement agencies compare and choose between them.” FierceGovernmentIT says the DOJ guide will also include information about the data security and hacking susceptibility of the individual devices. FierceGovernmentIT adds that DOJ plans to make the guide available by the end of 2016. MONDAY'S LEAD STORIES • Twitter Cuts Off Intelligence Agencies’ Access To Full Stream Of Tweets. • States, Congress Seek Rules For Stingray Use. • Security Expert Gives Tips On Protecting Computer From Ransomware. Subscriber Tools • • • • • • Change Email Address Send Feedback Unsubscribe Email Help Archives Invite a Colleague Advertise with Bulletin Media: Reach key professionals every morning LEIU Daily is a digest of the most important law enforcement news as selected from thousands of sources by the analysts of Bulletin Media. The presence of advertising does not endorse, nor imply endorsement of, any products or services by LEIU. This complimentary copy was sent to gfrum@da.lacounty.gov as part of your Association of Law Enforcement Intelligence Units membership. View Bulletin Media’s privacy policy. Neither Bulletin Media nor LEIU is liable for the use of or reliance on any information contained in this briefing. 213 For more information about the Association of Law Enforcement Intelligence Units please visit our association website. LEIU's Central Coordinating Agency, 1825 Bell Street - Suite 205, Sacramento, CA 95825 Copyright © 2016 by Bulletin Media 11190 Sunrise Valley Drive, Suite 20 Reston, VA 20191 214 From: Sent: To: Subject: LEIU Daily Monday, May 09, 2016 4:46 AM Gregory Frum May 9, 2016: Twitter Cuts Off Intelligence Agencies' Access To Full Stream Of Tweets Categories: YES-RESPONSIVE If you are unable to see the message or images below, click here to view Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. Please add us to y our address book Good morning Greg Frum Monday, May 9, 2016 CRIMINAL INTELLIGENCE Twitter Cuts Off Intelligence Agencies’ Access To Full Stream Of Tweets. The Wall Street Journal (5/8, A1, Stewart, Maremont, Subscription Publication) reports Twitter has cut off US intelligence agencies’ access to a service that shows its entire livestream of public tweets. The service is provided by Dataminr, the only company Twitter authorizes to access the full stream and sell it to clients. Twitter does not own Dataminr, but owns a small stake in it. The rescinding of access has not been publicly announced, but was confirmed to the Journal by an intelligence official and others. DHS To Release “Harmless Particle Materials” In New York City Subway. The New York Daily News (5/6, Sommerfeldt) reports that DHS “will release ‘harmless particle materials’ ‘in the city’s subway system next week” to study “where hazardous material would travel in the event of a biological terrorist attack.” DHS program manager Dr. Donald Bansleben is quoted saying, “This is important information to help local authorities to enhance their emergency preparedness.” Increased “Spice” Use Imposing High Cost On Communities. The Tampa Bay (FL) Times (5/6, Sullivan) reports on a growing number of complaints and costly medical calls for people using spice, or “synthetic cannabinoids.” The Times says Spice can “be 100 times more potent than pot,” and difficult to legislate because “manufacturers can make small changes to the chemicals so that what they’re selling is legal again.” Right-click here to download pictures. To help p ro tect y our priv acy , Outlook prev ented automatic download of this picture from the Internet. LEIU From Head er 215 We hope you are enjoying the LEIU Daily and you are deriving a great deal of value from this report. It provides you with the latest law enforcement news and include timely coverage of issues involving organized crime, terrorism, gambling, and legal news that may impact you. You can count on LEIU Daily for comprehensive coverage. I am glad we can share this member benefit with you as I believe it will help us all stay abreast of rapidly developing stories, issues, and regulations in our field. On another note --Your LEIU Executive Board believes this Daily Briefing is also beneficial to others in your department and encourage you to share with your colleagues, subordinates, and management. Please take the time to invite your unit members to receive the LEIU Daily each morning via the “Invite a colleague” button at the bottom of your briefing. Sharing this briefing with your team is one of the benefits of your LEIU membership. The more people who can benefit from this Daily Briefing the more effective we become. Bob Morehouse, Executive Director LEIU LEGAL ISSUES States, Congress Seek Rules For Stingray Use. The AP (5/8) reports that law enforcement use of cell-site simulators, also known as Stingrays, is “raising privacy concerns and inspiring legislation to restrict how police can use the technology in criminal investigations,” and “states around the country [are] trying to set rules” for their use, as well as Congress. The AP adds, “Amid the heightened scrutiny, authorities have cited instances in which the cell-tracking devices have been helpful. For example, Homeland Security Assistant Secretary Seth M. Stodder told a congressional committee in October that immigration officials used a Stingray to locate a 6-year-old girl who was being held hostage by smugglers in Arizona.” Law Enforcement And Tech Companies At Impasse Over Encryption Legislation. The New York Times (5/8, Kang, Subscription Publication) reports on an escalating fight in Congress between law enforcement and tech companies over encryption legislation proposed by Sens. Richard Burr and Diane Feinstein that “would require tech companies to give access to encrypted data with court orders.” The Times interviews IACP President Terrence Cunningham who says “there’s no question our relationship with the tech industry has gotten worse, and now it seems like the tech industry is taking every opportunity they have to put up obstacles in our way, including trying to derail legislative efforts that would give law enforcement what they need to keep people safe.” The Times says “Chief Cunningham and other members of the police chiefs’ group have talked with Mr. Burr and Ms. Feinstein, given opinions during the drafting of the legislation and hosted panels on encryption for House and Senate lawmakers.” TECHNOLOGY 216 Security Expert Gives Tips On Protecting Computer From Ransomware. In an piece for USA Today (5/7) , Steve Weisman, “one of the country’s leading experts in scams and identity theft,” gives four tips to combat the increasing threat of ransomware. Weisman says to avoid clicking on links “regardless of how legitimate they may appear until you have confirmed that the email is legitimate,” ensuring security software programs “are constantly updated,” the use of “application ‘whitelisting’” so that “only specific programs [will] run on your computer,” and regular data back-up. University Of North Texas Students Create Drug-Sniffing Vehicle. Digital Trends (5/6, Hard) reports a group of students at the University of North Texas (UNT) created a “portable mass spectrometer” attached to a Ford Fusion that can be used “to sniff out drug labs even better than a bloodhound.” Digital Trends says the technology “can sniff out unique chemical signatures up to a quarter-mile away and determine their point of origin within 15 feet...with complete discretion.” Drones Being Used To Find Cause Of Canadian Wildfire. Reuters (5/7, Nickel) reports the government in Alberta, Canada will utilize drones to find the cause of a wildfire that has displaced around 88,000 people. Reuters says the drones will use various cameras to pinpoint the hottest part of the fire and trace its source in a process called fire-mapping. FRIDAY'S LEAD STORIES • Russian Hacker Tried To Sell 272 Million Stolen Email Accounts. • UK Tourists Without Biometric Passports Risk Being Refused Travel. • Genetically Modified Mosquitoes Released In Cayman Islands To Fight Zika Virus. Subscriber Tools • • • • • • Change Email Address Send Feedback Unsubscribe Email Help Archives Invite a Colleague Advertise with Bulletin Media: Reach key professionals every morning LEIU Daily is a digest of the most important law enforcement news as selected from thousands of sources by the analysts of Bulletin Media. The presence of advertising does not endorse, nor imply endorsement of, any products or services by LEIU. This complimentary copy was sent to gfrum@da.lacounty.gov as part of your Association of Law Enforcement Intelligence Units membership. View Bulletin Media’s privacy policy. Neither Bulletin Media nor LEIU is liable for the use of or reliance on any information contained in this briefing. For more information about the Association of Law Enforcement Intelligence Units please visit our association website. LEIU's Central Coordinating Agency, 1825 Bell Street - Suite 205, Sacramento, CA 95825 217 Copyright © 2016 by Bulletin Media 11190 Sunrise Valley Drive, Suite 20 Reston, VA 20191 218 From: Sent: To: Cc: Subject: Sires, Linda D. (LA) (FBI) on behalf of FBI_LA_OCC Saturday, April 16, 2016 8:51 AM Woolery, Stephen S. (LA) (FBI) FBI_LA_OCC;Neff, Patricia A. (LA) (FBI);Silapie, Annie (LA) (FBI) CT Watch Overnight News - April 16, 2016 Categories: YES-RESPONSIVE The following information is being sent to you at the request of FBI SAC Stephen S. Woolery, Counterterrorism Division, Los Angeles Field Office ***The Following Information is Preliminary in Nature and currently HAS NOT BEEN VERIFIED Through FBI Sources. *** CT WATCH compiled the following list of overnight CT related news articles that are intended for information only, and not intended as official CTD opinion: CONUS 1. CIA Invests in Instagram and Twitter Surveillance Firms [Digital Trends]      The CIA is investing in several tech companies that focus on social media data mining and surveillance. The companies, which provide unique tools to mine data on Instagram and Twitter, are receiving funds through the CIA’s venture capital firm, In-Q-Tel, according to a document obtained by The Intercept. These specialist tech companies include Dataminr, Geofeedia, PATHAR, and TransVoyant. The CIA is working to integrate the tools created by those firms into its agencywide intelligence capabilities as it seeks to target extremists and radicals, including accounts tied to ISIS, on social media. Dataminr, like its counterparts, uses Twitter data to visualize and track trends for law enforcement agencies and hedge funds. Geofeedia similarly works with local authorities, and other clients, to monitor breaking news events in real-time via geotagged social media messages on Twitter and Instagram. PATHAR’s Dunami tool is currently being used by the FBI to track Facebook and the aforementioned platforms for potential signs of radicalization, networks of association, and centers of influence. TransVoyant, which previosusly worked with the U.S. military in 219 Afghanistan, provides a comparable service that mines Twitter data to pinpoint supposed decision-makers. The firm claims it can monitor social media to spot “gang incidents” and threats to journalists. 2. The San Bernardino case is already changing Apple’s arguments over another locked iPhone [Washington Post]    Apple on Friday argued that the government has “utterly failed” to show that the tech giant is the only party that can crack a drug dealer’s locked iPhone in a closely watched legal battle in Brooklyn. In a new filing, Apple invoked the Justice Department’s handling of the high-profile San Benardino, Calif., case, in which prosecutors initially insisted that only Apple could help the FBI access a phone used by one of the shooters. In the Brooklyn case, prosecutors have similarly asserted that Apple is the “only entity” that can pull data from the iPhone, the firm’s lawyers said in their brief. But the tech firm said “the government has failed to demonstrate it has conducted an ‘exhaustive search’ for alternative option.” 3. Saudis Warn of Economic Fallout if Congress passes 9/11 Bill [New York Times]     Saudi Arabia has told the Obama administration and members of Congress that it will sell off hundreds of billions of dollars’ worth of American assets held by the kingdom if Congress passes a bill that would allow the Saudi government to be held responsible in American courts for any role in the Sept. 11, 2001, attacks. The Obama administration has lobbied Congress to block the bill’s passage, according to administration officials and congressional aides from both parties, and the Saudi threats have been the subject of intense discussions in recent weeks between lawmakers and officials from the State Department and the Pentagon. The officials have warned senators of diplomatic and economic fallout from the legislation. Adel al-Jubeir, the Saudi foreign minister, delivered the kingdom’s message personally last month during a trip to Washington, telling lawmakers that Saudi Arabia would be forced to sell up to $750 billion in treasury securities and other assets in the United States before they could be in danger of being frozen by American courts. Several outside economists are skeptical that the Saudis will follow through, saying that such a sell-off would be difficult to execute and would end up crippling the kingdom’s economy. But the threat is another sign of the escalating tensions between Saudi Arabia and the United States. 4. Hub remembers bombing victims during One Boston Day [Boston Herald]  The runup to Monday’s Boston Marathon continues today with the Boston Athletic Association’s annual 5K and relay race — a day after city officials joined bombing survivors near the finish line to commemorate the third anniversary of the attack and to celebrate the spirit of One Boston Day, which encourages people to perform acts of kindness and service. 5. Radiation detecting helicopters fly over Boston Marathon route as 'precautionary measure' in lead up to Monday's race [Daily Mail – UK] 220      Radiation-detecting helicopter flew over the Boston Marathon route to test for abnormal levels Billed as a 'precautionary measure' but should detect any bombs that are radiological in nature Nearly 5,000 local, state and federal law enforcement officers will be stationed along the 26.2mile Boston Marathon course Spectators are being asked to leave backpacks and other large bags at home and to carry only clear plastic bags People are also being asked to refrain from flying drones over any part of the marathon route 6. 2 Bundys, 3 Others Balk at Pleas in Nevada Standoff Case [ABC]     Two sons of Nevada rancher Cliven Bundy and three other men refused to enter pleas in federal court in Las Vegas to charges in an armed confrontation with government agents two years ago. Magistrate Judge George Foley Jr. entered not guilty pleas on behalf of each man during a sometimes contentious arraignment that featured cat-calls and cheers from about 30 Bundy backers and defendants' family members, under watchful eyes of about a dozen U.S. marshals. "We don't need any outbursts," Foley warned from the U.S. District Court bench Friday. Twice he told the restive audience, "This is not a show." Before balking at entering his plea, Ammon Bundy alleged he had been mistreated in custody to Nevada from Oregon, where he and the others have been held since their arrests in the occupation of a U.S. wildlife refuge this year. He said he'd been handcuffed for 23 hours during the move, including 11 hours to a bench, and that jailers once passed him by when other inmates were fed. He said he got a meal after he complained. His brother and co-defendant, Ryan Bundy, professed to understand his rights but not the charges against him. He also said he wants to serve as his own lawyer. 7. Critic of Psychologists’ Role in Interrogation Is Asked to Reconsider [New York Times]     The American Psychological Association has asked the Chicago lawyer who issued a scathing report about the organization’s involvement with government interrogation programs to review information that came to light after his findings were released and determine whether he should alter his conclusions. The lawyer, David Hoffman, said in his report in July that some officials at the association had collaborated with Pentagon officials during the Bush administration to keep the group’s ethics policies in line with the Defense Department’s interrogation policies. The association’s council of representatives voted overwhelmingly in August to impose strict ethics rules banning psychologists from involvement in national security interrogations. In December, the military sharply curtailed the use of psychologists at the detention facility in Guantánamo Bay, Cuba, in response to the group’s new stance. But current and former military psychologists have disputed the findings of Mr. Hoffman’s investigation, which was conducted at the request of the group’s board. 8. Court told Australian accused of recruiting for Islamic State is a threat to the US [9News – Australia]   An Australian accused of recruiting foreign fighters for the Islamic State terror group is at the centre of a US constitutional battle in a Texas court. US prosecutors have charged Mohamed Zuhbi with terrorism offences despite the 25-year-old former Sydney resident not stepping foot in the US. 221   An arrest warrant has been issued by US authorities for Zuhbi, who is believed to be living "somewhere along the border of Turkey and Syria", prosecutors told the US District Court in Houston on Friday. He is accused of helping 21-year-old US citizen and former Australian resident Asher Khan attempt to join IS. Khan flew from Sydney to Turkey on February 24, 2014, after allegedly communicating with Zubhi on Facebook. 9. Islamic State threatens Muslim congressman, Clinton aide [MSN via Washington Post]     The Islamic State is urging readers of its propaganda magazine to target U.S. and European Muslim leaders who endorse Western values — Rep. Keith Ellison (D-Minn.) and Huma Abedin, a prominent aide to Hillary Clinton. In the most recent issue of Dabiq, the terrorist group’s English-language periodical, the Islamic State mentions Abedin and Ellison by name at the end of a lengthy article headlined “Kill the Imams of Kufr in the West.” The article also names several imams living in the United States and Europe who have been outspoken against the Islamic State and tells readers to “make an example of them, as all of them are valid — rather, obligatory — targets.” “How can Muslims living in the West who claim to have surrendered themselves to Allah, completely accepting His rule alone, stand idly as these imams of kufr continue to spread their poison from atop their pulpits?” the article says. Kufr is a term that refers to those who do not believe in Islam. The FBI said in a statement it “takes all threats to American citizens seriously and will continue to work in concert with our federal, state, and local partners to address them.” 10. Attorney: Feds used women to entice alleged ISIS backer [Detroit News]    A federal defender representing an alleged Islamic State supporter from Dearborn Heights is accusing the government of “double-teaming” his client with two fictitious Islamic women who posed as potential wives for the 21-year-old while he was under FBI surveillance. Khalil Abu-Rayyan, who was being watched by the government for allegedly making violent threats about committing acts of terror and martyrdom in Metro Detroit, was the victim of a “disturbingly crafted seduction and manipulation ... through the inducement of love,” attorney Todd Shanker wrote in a motion filed Friday in U.S. District Court in Detroit in a second attempt to get bond for his client. Rayyan never met the two women he knew online only as “Jannah” and “Ghadda.” The FBI created the phony identities to communicate with Rayyan via text message and Twitter as part of a federal investigation. 11. NYC synagogue bomb plotter in coma after suicide attempt [Fox via AP]   A man who admitted plotting to bomb New York City synagogues has tried to kill himself in prison after guards tormented him because of his terror case, his lawyers said. Ahmed Ferhani, who is halfway through a 10-year sentence in a rare state-level terror case, is in a medically induced coma after trying to hang himself in New York's Attica prison, according to his lawyers. OCONUS 222 1. Five arrested in UK after inquiry linked to attacks on Brussels and Paris [Guardian – UK]      Five people have been arrested in the UK over suspected British links to the terrorists who attacked Paris in November 2015 and Brussels earlier this year. Four people were arrested in Birmingham, which British counter-terrorism officials believe one member of the European terror cell visited months before the massacre in Paris that killed 130. A fifth arrest was made at Gatwick airport in Sussex. All five were detained on suspicion of preparing terrorist acts and British police said the arrests followed an investigation involving Belgian and French authorities. Police said there was “no information to suggest an attack in the UK was being planned”. A West Midlands police spokesman said: “During a search of an address in connection with the counter-terrorism arrests in Birmingham, a suspicious substance was found. One of the raids in Birmingham was on the house of a taxi-driver in the Small Heath area. Neighbours said a bomb disposal squad was also at the house. A 40-year-old father of four was arrested at the house at about 8pm on Thursday. Three other people – two men aged 26 and 59, and a 29-year-old woman – were arrested in Birmingham on Thursday night and a 26-year-old man was arrested at Gatwick in the early hours of Friday. 2. Belgium sets May 9 trial date over foiled Islamic State plot [Reuters]     Belgian judges on Friday set a May 9 trial date for three men accused of plotting Islamic State attacks that were foiled by a police raid in the town of Verviers last year in which two men died in a gunbattle. A further 13 people will be tried for their involvement in what officials said at the time of the raid in January last year was a plan to kidnap and kill Belgian policemen. Nine of the 13 are believed still to be fighting in Syria's civil war. Among others indicted but now dead were Abdelhamid Abaaoud, accused of being the leader of the cell broken up in Verviers and of being an organizer of the Nov. 13 shooting and bombing rampage by Islamic State militants in Paris attacks. He was killed in a clash with police four days after those attacks. The Belgian government has referred to its success against the Verviers group in rejecting criticism of its security forces since it became clear that the Islamic State attacks on Paris in November and last month in Brussels were organized from Belgium. 3. Belgian transportation minister resigns amid criticism about airport security     Belgium’s transportation minister resigned Friday in the wake of revelations that she failed to act on a secret report that had warned of inadequate security measures at Brussels Airport a year before last month’s suicide bombings there. The report, prepared by European Union airport security inspectors last April, found serious deficiencies in the way surveillance, passenger and luggage screening and other safety checks were conducted at airports across Belgium. Belgium opposition parties leaked it to the media this week, intensifying criticism that the country has done too little to prevent terrorism. The transportation minister, Jacqueline Galant, at first said she had not seen the report and claimed she was being made a victim of a “media crusade.” But at a news conference Friday, Prime Minister Charles Michel contradicted her. 223 4. Spanish police arrest couple with links to Islamic State, son put in care [Reuters]     A Moroccan man and a Spanish woman with links to Islamic State were arrested in the southern Spanish port of Algeciras on Saturday as they were trying to leave for Morocco with their young son, the interior ministry said. The couple were part of a group that supported and recruited Islamic State fighters, including individuals that had carried out suicide bomb attacks in Syria, a ministry statement said. The man's brother had recently died in a suicide bomb attack and that was why the couple were traveling to Morocco in a hurry, the ministry said without giving further details. Authorities are searching the couple's house in Granada and the investigation remains open. 5. Airlines in EU nations to share passenger data [CNN]     Airlines flying in and out of Europe Union countries will now share passenger data with authorities -- part of new efforts to thwart terror on the continent. The so-called Passenger Name Record plan first came up five years ago before the European Parliament. But it's only been acted upon now on the heels of large-scale terror attacks in Europe. In November, 130 people died in bombings and shootings in Paris. And on March 22, terror blasts in Brussels, Belgium, killed 32 people. There are limits to what data airlines must pass on. The measure specifies that passenger details can only be shared for the express purpose of "preventing, directing, investigating or prosecuting terrorist offenses or serious crime." European security agencies can keep this information for five years. But, after six months, all records will be stripped of any details that identify specific passengers. The measure applies to all flights that come into or leave EU nations. It's up to the 28 member states whether it also affects "intra-UE" flights -- namely, those trips that start and end within the union -- if the EU Commission is notified. 6. At summit, Islamic leaders condemn ISIS, Iran's support of terror [CBS]     A two-day summit bringing together leaders of the Islamic world concluded in the Turkish city of Istanbul with a pledge to combat terrorism and overcome sectarian divide. The final declaration Friday expressed strong condemnation of the Islamic State of Iraq and Syria (ISIS) group and the role of Iran and its proxies in regional conflicts. Turkish President Recep Tayyip Erdogan, who chaired the final session of the Organization of the Islamic Cooperation (OIC) summit, lamented the fact that Muslim countries who are "the heirs of a civilization that was built on columns of peace and justice are being remembered more for wars, armed conflict, sectarianism and terrorism." Erdogan also said the establishment of an international arbitration body in Istanbul is part of the OIC 2025 action plan and welcomed a decision reached a day earlier to create a Turkeybased police coordination center aimed at increasing cooperation against terrorism. 7. Kerry tells Russia to press Assad to comply with Syria ceasefire [Reuters]  There is an "urgent need" for the government of Syrian President Bashar al-Assad to stop violating the ceasefire in Syria, U.S. Secretary of State John Kerry said on Friday, and called on Russia to help, the State Department said. 224    It said Kerry, in a telephone call with his Russian counterpart Sergei Lavrov, said "The United States expected Russia to urge the regime to comply with the cessation and that we would work with the opposition to do the same." The United States knows that some of the Syrian government actions in and around the city of Aleppo are being backed by Russian air strikes, State Depart spokesman John Kirby said at a news briefing. He said Kerry made clear to Lavrov that the United States was concerned about credible reports of violation in and around Aleppo, "and to the degree that they are aided and abetted by Russian air strikes - yes that's a matter of concern for us." 8. Exclusive: U.S. considers supporting new U.A.E. push against al Qaeda in Yemen [Reuters]     The United States is considering a request from the United Arab Emirates for military support to assist a new offensive in Yemen against al Qaeda's most dangerous affiliate, U.S. officials tell Reuters. A U.S.-backed military push by the Gulf ally could allow the administration of President Barack Obama to help strike a fresh blow against a group that has plotted to down U.S. airliners and claimed responsibility for last year's attacks on the office of Charlie Hebdo magazine in Paris. Al Qaeda in the Arabian Peninsula (AQAP) has exploited the chaos of Yemen's year-old civil war to become more powerful than any time in its history, and now controls a swathe of the country. The UAE has asked for U.S. help on medical evacuation and combat search and rescue as part of a broad request for American air power, intelligence and logistics support, the U.S. officials said. It was unclear whether U.S. special operations forces - already stretched thin by the conflicts in Iraq, Syria and Afghanistan - were part of the request. 9. Gulf-backed Yemeni forces seize city from al Qaeda: military source [Reuters]      Yemeni forces backed by Apache helicopters from a Saudi-led coalition wrested the city of Houta from al Qaeda fighters after a gun battle on Friday morning, a local military official said. Hours later, a car bomb detonated outside the foreign ministry in the southern Yemeni city of Aden, causing no casualties, another local official said. Islamic State claimed responsibility in a posting on its al-Amaq news agency website. The recapture of Houta, regional capital of southern Lahj province which has been held by the militants since last summer, is one of the embattled Yemeni government's most important inroads yet against al Qaeda forces who have taken advantage of more than a year of war to seize territory. Analyst Comment: From Al Araby – UK: The car bomb exploded nearby a local foreign ministry office in the Remy area of the Mansoura district. A man was seen parking a car and fleeing shortly before detonating the device, local media reports. On Tuesday, at least five Yemeni soldiers were killed when a suicide bomber belonging to the Islamic State group detonated an explosive belt among army recruits in Aden on the second day of the country's ceasefire. 10. EU preparing to deploy security mission in Libya, if requested: draft [Reuters] 225     The European Union are expected to consider moving security personnel into Libya to help to stabilize the chaotic country if requested by a new United Nations-backed Libyan government, according to a draft statement seen by Reuters. Impetus for the move comes in part from fears of an uncontrolled new tide of migrants into Italy from Libya unless law and order can be rebuilt soon in the North African state. EU foreign and defense ministers will hold a special dinner in Luxembourg on Monday, when they are expected to agree to look into police and border training missions for Libya. Any such support would initially be in Tripoli, where the new government is trying to establish itself. Analyst Comment: From Libya Prospect: The Chief of the Presidential Council (PC) of the Government of National Accord (GNA), Fayez Al-Sarraj, asserted his refusal to any military intervention in Libya to fight against the Islamic State group (IS). “Ending the IS in Libya is an essential matter within a national project that stipulates uprooting IS by Libyan hands,” he stated in his speech in front of the Islamic Summit conference in Istanbul. 11. Al Qaeda re-emerges as challenge for U.S., NATO in Afghanistan [Reuters]     Leadership turmoil within the Taliban since the death of the militant group's founder has fueled closer links with foreign groups like al Qaeda, the new commander of international forces in Afghanistan said, complicating counter-terrorism efforts. In an interview with Reuters, General John Nicholson pointed to what U.S. officials saw as a shift in the Taliban's relationship with groups that Washington considers terrorist organizations. That could influence his assessment of plans to cut U.S. troop numbers next year, because if al Qaeda, which carried out the Sept. 11, 2001 attacks on the United States, can operate in Afghanistan with increasing freedom, it may pose a greater security threat inside the country and beyond. Prompted by the need to win support in a leadership battle that broke out after Omar's death was announced last year, Nicholson said Mansour had been forced closer to groups like al Qaeda and the Haqqani network, blamed for a series of high-profile suicide attacks in Kabul. "When Mullah Omar was alive, he maintained a public distance from al Qaeda that his successor Mullah Mansour has not," he said. "I think this is in part because Mansour lacks the legitimacy of Omar." 12. Pakistan dismisses claims of ties to 2009 suicide bombing targeting CIA officers [Guardian – UK]    A declassified US diplomatic cable claiming Pakistani spies funded the suicide bombing of a CIA base in Afghanistan in 2009 were dismissed by Islamabad as “preposterous” on Friday. The country’s foreign ministry said Pakistan had been “shocked and deeply saddened when precious American lives” were lost at Forward Operating Base Chapman, a CIA listening post in eastern Afghanistan, on 30 December 2009. The bomber, Humam Khalil Muhammed Abu Mulal al Balawi, killed seven CIA officers and guards after detonating his device inside the perimeter of the base where he had been expected for a meeting with agents who believed he was an informant working for them. 13. A nuclear terrorism threat made in Belgium? [Deutsche Welle – Germany]  Belgium has many foreign fighters and several nuclear reactors. So far, these sites have been considered insecure for other reasons, but now there is concern terrorists might attempt to get access to nuclear materials. 226 14. Police profiling passengers at Charles de Gaulle airport [The Local – France]     Police have admitted they are profiling passengers at Charles de Gaulle airport looking for "abnormal behaviour" as the country remains on high alert for terror attacks. Profilers have been operating at Paris's Charles de Gaulle airport since the attacks on Brussels airport, its operators revealed on Thursday. They have been watching for "abnormal behaviour" at France's biggest airport, Aeroports de Paris (ADP) said. Among other extra security measures, a facial recognition system will be tested in the next few months. Instead of passengers having to place their finger on a screen to be identified, the system will immediately recognize their face. He said Paris airport authorities were working with police to double the number of automatic security checks of passengers in the next three years. 15. French Youths Learn To Resist Jihadi 'Sellers Of Dreams' [Breitbart via AFP]     The first time jihadi recruiters approached 16-year-old Yacine outside his mosque in a rundown Paris suburb, they got right to the point. “We started talking about Syria right off the bat,” he said, recounting how they talked about “the holy war and how you should die a martyr and go to paradise, it was the best way to die.” The following Friday, he tried to leave the mosque before the end of prayers, but they cornered him, again pressuring him with their “precise, well-honed pitch”, but he managed to get away. Now Yacine, who assumes he was targeted because he is a devout Muslim, has started going to a different mosque. But he does not hang around afterwards: “I pray and I leave.” 16. Dramatic day in Copenhagen terror trial [The Local – Denmark]  One of the four men facing terror charges for allegedly helping the gunman in last year’s Copenhagen shootings said that Swedish artist Lars Vilks “deserved to die”. 17. Copenhagen gunman shot 29 times by police [The Local – Denmark]      The Danish Security and Intelligence Service (PET) has revealed new information about the February 14-15 twin shootings in Copenhagen that left two innocent men and the perpetrator dead. In a written statement provided to parliament, PET said that it was the Copenhagen Police’s Special Intervention Unit (Politiets Aktionsstyrke) that killed gunman Omar El-Hussein in a shoot-out shortly after El-Hussein had murdered a volunteer security guard at Copenhagen’s Great Synagogue. The statement also revealed for the first time how many shots were fired by police officers. “PET can further inform that according to crime scene investigations in the case, there were 35 shots fired at Omar El-Hussein, of which 29 connected,” the statement said. El-Hussein, a Danish citizen of Palestinian origin, carried out two shootings that were seemingly inspired by the Charlie Hebdo attacks in Paris a month earlier. The 22-year-old first fired at least 30 shots at a free speech event, killing one, and then killed a volunteer security guard outside of Copenhagen’s Great Synagogue. 18. Swedish man goes on trial for 'planning terror bombing' [Deutsche Welle – Germany] 227     A 20-year-old self-radicalized Swede accused of trying to build a bomb to carry out a terror attack went on trial on Friday, months after his mother reported him to intelligence services. Prosecutors accuse Sevigin Aydin of buying bomb-making materials similar to those used in the 2013 Boston Marathon bombings in the US state of Massachusetts. Testifying on Friday, an expert from the Swedish Defense Research Agency said the six bottles of acetone, matches, steel balls, a pressure cooker, electric wire and batteries found during a police raid could have been used to make a firebomb or shrapnel bomb, Swedish Radio reported. But the expert said the bomb would have lacked gunpowder to make a pressure cooker bomb similar to that used in Boston. Prosecutor Ewamari Haggkvist told the Attunda District Court, near the capital of Stockholm, that Aydin wanted to engage in jihad in Sweden and become a martyr. 19. Hizbullah's threats to Israel are primarily intended to deter, but risk of war through miscalculation has increased [IHS Jane’s 360 snippet view]     EVENT: Twice in recent weeks, Hizbullah Secretary-General Hassan Nasrallah has openly threatened Israel with wide-scale destruction, declaring that his Lebanese Shia militia has the ability to launch missiles at targets all across the country. Key Points: Although not an empty threat, given the magnitude of the increase in size and capabilities of Hizbullah's rocket and missile stockpile, Nasrallah's comments are likely intended primarily to reinforce the group's deterrence strategy against Israel. A new conflict is unlikely to develop in the next six months; however, Hizbullah's territorial gains in Syria increase the likelihood of war via an unintended escalation. The next Israel-Hizbullah conflict will be significantly more destructive than the 2006 war, due to the much-increased size and qualitative improvements of Hizbullah's rocket stockpile, and the high likelihood that war would involve an extensive Israeli ground/air campaign deep into Lebanon, targeting the Lebanese state, as well as Hizbullah. 20. "Our intelligence on Hamas has "improved significantly," senor security source says [Jerusalem Post – Apr 14]  IDF carefully watching Hamas's 25 battalions; source adds that military wing is gradually growing in power at expense of its political wing. 21. Hamas doubles border security in Gaza to reassure Cairo [Al Araby – The New Arab – UK via AFP]      Hamas is deploying additional forces on the Gaza border with Egypt in an apparent effort to ease Cairo's concerns about security. "National security forces started to increase the number of its troops and double the security bases along all the southern border with Egypt to be able to control the border better," spokesman Iyad al-Bazm told AFP. "This is a message that we are concerned with border security and stability," Bazm said, adding nobody would be allowed "to touch the security of Egypt". Cairo regularly accuses Hamas of supporting attacks in Egypt and has largely kept its border with Gaza closed since 2013. It has also destroyed hundreds of Palestinian tunnels used to smuggle commercial goods, cash, people and, allegedly, weapons. 228 22. Islamic State advances near Turkish border and east of Aleppo [Reuters]  Islamic State seized a hilly area southeast of the Syrian city of Aleppo, the militant group and monitors said on Friday, and made further advances near the border with Turkey in fighting that the United Nations said forced inhabitants to flee. 23. On ground in Syria, scant evidence of draw down trumpeted by Kremlin [Reuters]    A month since Vladimir Putin announced the withdrawal of most Russian forces from Syria, his military contingent there is as strong as ever, with fewer jets but many more attack helicopters able to provide closer combat support to government troops. A Reuters analysis of publicly available tracking data shows no letup in supply missions: the Russian military has maintained regular cargo flights to its Hmeimim airbase in western Syria since Putin's declaration on March 14. Supply runs have also continued via the "Syrian Express" shipping route, Russian engineering troops have been deployed to the ancient city of Palmyra and further information has surfaced about Russian special forces operating in Syria - suggesting the Kremlin is more deeply embroiled in the conflict than it previously acknowledged. 24. Peshmerga troops running on empty in fight against ISIS [Fox]    Kurdish Peshmerga forces – arguably the most effective ground troops battling the Islamic State terror group in Iraq – have been fighting for the past three months without a paycheck, according to experts and a top official from the region. “Unless we get direct [financial] support, we will not be able to continue the way we are currently doing so,” Qubad Talabani, Deputy Prime Minister for the Kurdistan Regional Government (KRG), said at a forum held by the Foundation for Defense of Democracies (FDD) in Washington on Wednesday. A lack of direct financial support isn’t the only problem, according to Talabani. The Kurdishcontrolled area of Northern Iraq also has been forced to absorb a loss of more than $100 million a month in declining oil revenues and diminished support from the central Iraqi government in Baghdad. 25. U.S. Marines and Tunisian Special Forces Joint Training to Counter Terror Threats [Strategic Intelligence Service – Kenya]     U.S. and Tunisian Special Forces have jointly embarked on a training exercise aimed at sharing tactics and skills in combating terror. U.S. Marines with Special-Purpose Marine Air-Ground Task Force Crisis Response-Africa were engaged in extensive training of their counterpart, Tunisia’s Groupement des Forces (GFS). The training exercises involved vehicle maintenance and convoy operations, making this the first training engagement between the two military units. U.S. Marines arrived in Tunisia at the request of the host nation government in coordination with the U.S. Embassy in Tunis. 26. IS drone films Benghazi suicide slaying of four soldiers [Libya Herald – UK] 229    An IS drone seems to have recorded the death of four soldiers and the wounding of some ten others, two of them critically, in a triple suicide attack in Benghazi’s Hawari district today. The incident, which the so-called Islamic State says it carried out, happened early this afternoon near the new cemetery in Hawari. For what appears to be the first time, IS issued an aerial picture of what it claimed to be today’s suicide bombing. It was apparently taken from a drone several hundred feet above the ground. It has not been possible to verify the images. However, in recent months, it has been established that IS has been using done technology to reconnoitre army positions and the movement of troops. This is, however, the first time that it appears they have used a drone camera to record an attack. According to army sources, three vehicles approached troops near the cemetery which the army yesterday said it had secured. The drivers of two of the vehicles were shot before they could reach the army’s position, but still managed to blow themselves up, though causing no other injuries of fatalities. However in the third, reportedly an armoured vehicle, two soldiers were killed instantly and two others later died of their wounds. There are fears for the lives of two other injured soldiers who were reported to be in a critical condition. 27. Kenyan sentenced to death for killing Muslim cleric [Reuters]    A Kenyan man was sentenced to death on Friday for killing a Muslim cleric who had campaigned against radical interpretations of Islam. Sudi Mohamed Sudi, 44, was convicted of shooting dead Mohammed Idris in 2014 in the port city of Mombasa, a popular tourist destination which officials say has also become a recruiting ground for ultra-hardline preachers. Kenya has suffered a spate of Islamist attacks in the past two years, usually claimed by the al Qaeda-aligned Somali Islamist militant group al Shabaab. 28. Analysis: Shabaab video raises questions over AMISOM's base defence [IHS Jane’s 360 – snippet view]    A video released by the Somali militant group Harakat al-Shabaab al-Mujahideen on 9 April depicting an attack on an African Union Mission in Somalia (AMISOM) base suggests the Kenyan defenders were well-armed yet put up little resistance. The 48-minute high-resolution video showed militants overrunning the AMISOM base at ElAdde (Ceel Cadde) on 15 January. The Kenyan authorities have acknowledged the attack took place, but have refused to disclose how many soldiers were killed or captured. A spokesman for the Kenya Defence Forces (KDF) has dismissed claims that nearly 200 died. The Shabaab video gave no precise death toll, but showed many dead Kenyan soldiers, saying more than 100 had been killed. 29. Taliban launch major push to retake northern Afghan city [Reuters]   Hundreds of Taliban insurgents have launched an offensive to seize the northern Afghan city of Kunduz, which they captured and held for several days last year, provincial officials said on Friday. The offensive around Kunduz began only days after the Islamist group announced their annual spring offensive, vowing to launch large-scale attacks using suicide bombers and guerilla fighters to drive the Western-backed government from power. 230   Fighting broke out on Thursday in six districts in Kunduz province, a crucial northern stronghold close to the Tajikistan border, as well as around the provincial capital, with Afghan security forces battling militants through the night. Analyst Comment: From Khaama Press – Afghanistan: General Mohammad Qasim Jangalbagh, the Kunduz provincial police chief, told the Associated Press news agency that 40 Taliban fighters were killed and eight wounded. Four members of the Afghan security forces also died and six were wounded in battle. Abdul Wasay Basil, spokesman for the provincial governor, told AP more than 60 Taliban fighters were wounded and clashes were still ongoing. 30. Taliban shadow governor for restive Ghazni arrested by Afghan intelligence [Khaama Press – Afghanistan]     The Afghan intelligence operatives have arrested the Taliban shadow governor for the restive Ghazni province in southeastern Afghanistan. According to a statement by National Directorate of Security (NDS), the shadow Taliban governor Qari Yousuf was arrested during a military operation in Sheikh Amir village, Gurbaz district, Khost province. The statement further added that Qari Yousuf was planning to carry out coordinated attack o government institutions before he was arrested. He was held as he had disguised in women’s dress in a bid to escape the operation, the stateemnt added. 31. AAF flew 83 missions in past 24 hours as A-29s play key role [Khaama Press – Afghanistan]     The Afghan Air Force (AAF) flew 83 missions in the past 24 hours with the newly added A-29 Super Tucanos playing a key role in providing close-air support to the Afghan Forces. The Ministry of Defense (MoD) spokesman Dawlat Waziri said the air campaigns incurred heavy losses to the anti-government armed militants during the past 24 hours. He said at least 34 militants were killed and 7 others were wounded in the airstrikes carried out in the areas falling under the control of 209th Shaheen Corps of the Afghan National Army. He said at least 34 militants were killed and 7 others were wounded in the airstrikes carried out in the areas falling under the control of 209th Shaheen Corps of the Afghan National Army. According to Waziri, a commander of the militants identified as Abdul Qahar was among those killed in the raids. 32. 3 female Chechen militants among 10 killed in Logar operations [Khaama Press – Afghanistan]     At least seven Chechen militants including three women were killed during an operation in central Logar province of Afghanistan. According to the local security officials, the women were killed during an operation that triggered gun battle in Kharwar district. Provincial governor’s spokesman Salim Saleh said three commanders of the militants were also killed along with 7 militants from Chechnya. Foreign insurgents fighting the Afghan forces is not new as scores of militants from Chechnya and other countries are routinely reported killed during the fight with the Afghan forces. 33. Can Pakistan’s F-16s fight terror? [Dawn – Pakistan OpEd by Pervez Hoodbhoy] 231        Pakistan says it desperately wants Lockheed-Martin Block-V F-16 fighter-bombers at $87 million apiece for fighting terrorists in tribal badlands such as North Waziristan. An order for eight jets has already been placed. The US Senate is sympathetic; a move to ban the sale was massively rejected by majority vote. Lockheed-Martin, which peddles its deadly wares to all who can pay, has already sold 4,500 F-16s to 25 countries. It must be pleased at this small, but tidy, deal of $700m. But thoughtful Pakistanis should be worried. Waging an aerial war against your own population is not a good idea. Even if you have to, shouldn’t much cheaper weaponised drones be preferred over advanced fighter aircraft whose real job is to shoot down other planes? A drone, technically known as UAV, is far more precise than any fighter because it can loiter undetected over a target, capture and collect information better, and reduce — though never eliminate — damage to innocents. India is currently negotiating with the US for buying 40 Predator drones. More importantly, F-16s or drones can’t even dent the enemy’s real armour — his ideology. The Taliban are fighting to forcibly transform Pakistan into a state run by Sharia law. In the last two to three decades millions of Pakistanis have come to share enthusiasm for Sharia. Even while fighting the Taliban, many of our soldiers have agreed with their goal while disagreeing with their method. Hundreds, perhaps thousands, have died believing they are fighting agents of a foreign hand rather than religiously inspired fellow Muslims. Military force, though sometimes indispensable, cannot eliminate those who live only to die. Pakistan has learned insufficiently from mighty America’s multiple failures in Afghanistan. No amount of aerial bombing, precision artillery, or even scorched-earth operations can daunt those who imagine they have been commanded by God to reform society. Faith, if strong enough, trumps fear. To destroy terrorism will require a massive change of public attitudes and a complete repudiation of Pakistan’s current policy. This uses two hoses to fight a terrible fire. One pours water to douse the flames. But the other hose spews petrol, subtracting from the gains made by the first. The petrol is in the form of incendiary television evening talk shows that justify or implicitly condone terrorism. Some hidden hand — India, Afghanistan, Israel, or America — is held to be responsible for all acts of terror. Today’s television anchors and their guests are mostly those who had once claimed that Pakistan’s war on terror is “not our war”. Under army pressure they have stepped back recently, but only somewhat. More than F-16s, Pakistan needs better intelligence. This could have prevented the Army Public School slaughter, and countless other atrocities. But, although budgets allocated to our multiple intelligence organisations are said to be generous, their professionalism mysteriously crashes when it comes to surveilling militant jihadist organisations. 34. Indonesia Moves Jailed Cleric Amid Inhumane Treatment Claim [ABC]    Indonesian authorities on Saturday moved the jailed spiritual leader of the 2002 Bali bombers from a notorious prison island amid demands by his lawyer to end his "inhumane" treatment. The ailing 77-year-old Abu Bakar Bashir was confined to a tiny isolation cell on Nusa Kambangan in the wake of the Jan. 14 suicide bombings in the Indonesian capital Jakarta to prevent him from radicalizing other prisoners and to cut him off from extremist networks. Hendra Eka Putra, the chief warden, said Bashir was moved to Gunung Sindur prison, about 50 kilometers (30 miles) southeast of Jakarta. He was transported in an armored car from Jakarta to the prison in an operation involving more than 230 officers. 232   Bashir's lawyer Mohammad Mahendradatta said Thursday that the condition of Bashir's 2 square meter (22 square foot) cell was "simply shocking and inhumane treatment against him is causing his health to deteriorate." Bashir, known as the spiritual leader of al-Qaida-linked militants behind the Bali bombings that killed 202 people, was sentenced to 15 years in prison in 2011. 35. 4 Indonesians Kidnapped by Pirates, Vessels Hijacked [ABC]     Indonesia says four of its nationals have been kidnapped and another shot in the hijacking of a tugboat and barge in the waters near the border with Malaysia and the Philippines. The Indonesian Foreign Ministry says in a statement Saturday that the gunshot victim and five other crew members escaped the hijackers and are now in Malaysia. The ministry says the incident happened early on Friday evening. It comes after the kidnapping in March of the 10-member crew of an Indonesian tugboat and barge in the often insecure border region between the southern Philippines and Indonesia. In that case, the owner of the hijacked tug boat received telephone calls, purportedly from the militant group Abu Sayyaf, demanding a ransom. 36. Islamist militants in Philippines set deadline to execute foreign captives [Reuters]     Islamist militants in the Philippines on Friday announced a new deadline of April 25 for the execution of three foreign captives and a Filipino, but scaled back their ransom demand in a video posted on social media. The captives - two Canadian men, a Norwegian man and a Filipino woman - were kidnapped from a beach resort on a southern island last September. They are believed to be held in the jungle on Jolo island, a stronghold of the Abu Sayyaf group, which is known for bombings, beheadings and kidnappings. In the video, the captives, with machetes held to their necks, asked their families and governments to pay a ransom of 300 million pesos ($6.51 million) each, down from the figure of a billion pesos each that the militants demanded last year. 37. Caught between Italy and Austria, South Tyrol braces for border checks [Reuters]     Almost a century after World War One's victors made it part of Italy, the mainly Germanspeaking province of Alto Adige, or South Tyrol, is bracing for controls at what some still call the "unjust border" separating it from Austria. People in this picturesque part of the Alps, many of whom want an ever closer union with Austrian Tyrol, are used to crossing into Austria unhindered to shop, work and study, thanks the Schengen agreement on open borders in the European Union. But, with hundreds of thousands of migrants expected to cross the Mediterranean to Italy from Africa in the coming months, Austria has said it will introduce border checks at the busy Brenner Pass if the northward flow of people requires it. Much will depend on whether Italy lets the migrants landing in the south travel toward Germany. That, in turn, depends on whether the EU can arrange for them to be taken back to countries like Libya or be redistributed within the bloc. 38. German spies imply Snowden leaked files for Russia [The Local – Germany] 233     NSA whistleblower Edward Snowden could have been acting under the influence of the Russian government, the heads of Germany's foreign and domestic intelligence agencies said on Friday. “It's very remarkable that he exclusively published files about the work of the NSA with the BND [Germany's foreign intelligence service] or the British secret service GCHQ,” BND head Gerhard Schindler told Focus magazine. “Leaking the secret service files is an attempt to drive a wedge between western Europe and the USA – the biggest since the Second World War,” Hans-Georg Maaßen, head of Germany's domestic intelligence agency (Verfassungsschutz), told Focus in the double interview. “It's remarkable that there were no publications about countries like China or Russia, which are main targets for intelligence work by the NSA,” said Maaßen. Stephen S. Woolery Special Agent in Charge Counterterrorism Division Los Angeles Field Office (310) Desk (202) Cell 234 From: Sent: To: Subject: William Kane Tuesday, March 15, 2016 7:50 AM stephen.chen@jric.org;Joe jric;louie.schwartz@jric.org;stoney.sakamoto@jric.org;phillip.perez@jric.org;amy.ochoa@ jric.org;Elizabeth Nguyen;loraine.rodas@jric.org;Kimber Davis;tracy.frederickson@jric.org;Alison Adamo;michelle.sosa@jric.org;michelle.yohannes@jric.org Dataminr - Enhanced Geospatial Analysis Tool Categories: YES-RESPONSIVE Good morning, Dataminr is excited to announce the release of our Geospatial Analysis Application. Users can visualize real-time and historical events across the entire public Twitter dataset through our enhanced geospatial capability. The Geospatial Analysis Tool will be available in your account by midnight on March 16th. Please find a brief description of our new application attached below. Don't hesitate to reach out if I can provide a product demonstration or answer any immediate product questions. Please email me if I can be of any assistance, wkane@dataminr.com. We are looking forward to hearing your feedback. Will -Will Kane Dataminr dataminr.com 6 East 32nd Street, 2nd Floor New York, NY 10016 mobile will@dataminr.com 235 Subject: Location: Dataminr Advanced Training Training Room Start: End: Show Time As: Thu 03/03/2016 1:00 PM Thu 03/03/2016 2:00 PM Tentative Recurrence: (none) Meeting Status: Not yet responded Organizer: Elizabeth Nguyen Categories: YES-RESPONSIVE Howdy! Many of you expressed interest in advanced training, so the reps will be here on Thursday afternoon to show us "rules based alerting". 236 W/B HIDTA Investigative Support Center Report of Information (ROI) ID: 1206 Ref: Create PDF PreparedBy: Natalia Butler Send via Email Report Date: 5/20/2016 Information Date: 5/8/2016 Source Rating: Reliable CaseNumber: Information Type: Non-Drug Information Rating: Probable Distribution: Analyst Round Table, HIDTAs, Participating Agencies, W/B HIDTA ISC, W/B HIDTA LE Initiatives Subject: Twitter Has Barred Dataminr from Providing Its Information to US Intelligence Agencies Source: Wall Street Journal, The Verge, www.dataminr.com, WIRED, EPIC.org Synopsis: Twitter put a stop to the partnership between US intelligence agencies and Dataminr, an analytical service provider that transforms the Twitter stream and other public dataset into applicable products. Details: At Twitter’s behest, US intelligence agencies have lost access to Dataminr, a company that turns social media data into an advanced notification system. Dataminr transforms the Twitter stream and other public datasets into actionable signals, discovering relevant high-priority information in real-time for clients in Finance, the Public Sector, News, Corporate Security and Crisis Management. In other words, Dataminr instantly analyzes all public tweets and other publicly available data to deliver the earliest signals for breaking news, real-world events, off the radar context and perspective, and emerging trends. Dataminr, in which Twitter owns a 5% stake, is the only company Twitter allows to see a real-time feed of every tweet on its network and sell that information on to clients. The agencies had reportedly used Dataminr’s service for two years before Twitter put a stop to this partnership, stating that it never authorized Dataminr or any third party to sell data to a government or intelligence agency for surveillance purposes. ANALYST NOTE: According to several media sources, Twitter’s move to distance itself from the US intelligence community could be largely explained by the company’s concern about appearing too close to the government. Considering other communication companies’ hesitance to cooperate with both US intelligence and US law enforcement agencies, Twitter’s decision could be indicative of a larger trend. For example, Apple refused to cooperate with a federal investigation and Facebook implemented stricter policies on undercover profiles. In a similar vein, Electronic Privacy Information Center forced the Government Services Administration to release several contracts between the federal government and web 2.0 companies, including agreements with Blip.tv, Blist, Google (YouTube), Yahoo (Flickr), and MySpace. This new trend among social media companies to promote the image of safe-guarding public privacy and distancing themselves from the public safety sector may have a ripple effect on law enforcement investigations both in W/B HIDTA AOR and nationwide. Please contact Intelligence Analyst Natalia Butler with any additional information at nbutler@wb.hidta.org. Drug Related Information: Non-drug Related Information: Financial Information: Terrorism Related Information: ApprovedBy: Kevin Welkner Approved: 5/22/2016 Final Approval: Kevin Welkner Final Approval Date: 5/22/2016 Disseminated: 5/23/2016 Disseminated By: Holly Hardesty Classification: Attachment: Filed Social Media for Safety and Security Dr. Thomas Austin Security Systems Specialist thomas.r.austin@gmail.com (U) Warning: This document contains UNCLASSIFIED//FOR OFFICIAL USE ONLY (U//FOUO) controlled data. It contains information that may be exempt from public release under the Freedom of Information Act (5 U.S.C. 552). It is to be controlled, stored, handled, transmitted, distributed, and disposed of in accordance with DHS policy relating to FOUO information and is not to be released to the public, the media, or other personnel who do not have a valid need to know without prior approval of an authorized DHS official. State and local homeland security officials may share this document with authorized critical infrastructure and key resource personnel and private sector security officials without further approval from DHS. © 2016 University of Southern California. Confidential and Proprietary Information. http://www.wired.com/2013/09/gangs-of-social-media/ © 2016 University of Southern California. Confidential and Proprietary Information. • Chicago “Black Disciples” gang rapper Chief Keef insulted local “Tooka” gang on song uploaded to YouTube • Lil JoJo “Tooka” gang rapper threatened to shoot “Black Disciples” gang member on his YouTube song • Ignited online war of taunts and threats on Twitter and Instagram • Lil JoJo was shot and killed • Chief Keef (1M+ followers) allegedly posted these messages on Twitter and Instagram and has denied involvement in Lil JoJo’s murder • Sparked more gang murders, continued war of words in social media “Shots Fired” on Twitter can pull Triggers on the Streets © 2016 University of Southern California. Confidential and Proprietary Information. Outline • Introduction • Use  Categories  Platforms • Operational View • Safety and Security Applications • Adversary, Criminal and Terrorist Exploitation • Demonstration  Public Monitoring  Expanded Monitoring © 2016 University of Southern California. Confidential and Proprietary Information. Executive Summary Internet, Social Media and Smartphones Easy, Accessible, Affordable, Universal © 2016 University of Southern California. Confidential and Proprietary Information. Preface • “We live in a world rapidly changing from the mental constructs created by Western Civilization three centuries ago” • “We are in a Long War with global and domestic extremism, and a range of ideologies, that could last 100+ years, and that could transcend all boundaries” • “Seen in this context the Internet and Social Media are key centers of gravity for this Long War” • Historical precedent: Gutenberg’s printing press and Reformation • “Because Violent Extremism spreads through the Internet and Social Media it will require strategies and institutional relationships which have domestic and foreign operating capabilities” Reference: National Defense University speech by Newt Gingrich, Dec. 1, 2015 © 2016 University of Southern California. Confidential and Proprietary Information. Definition • Social Media is the use of Internet and telecommunications device based applications employing highly interactive, computermediated tools by individuals and groups to create, publish and share their information, ideas, opinions and emotions through text, photo or video documents and interact through discussions and relationships across various local and global networks. © 2016 University of Southern California. Confidential and Proprietary Information. Definition • Social Media is the use of Internet and telecommunications device based applications employing highly interactive, computer-mediated tools by individuals and groups to create, publish and share their information, ideas and opinions through text, photo or video documents and interact through discussions and relationships across various local and global networks  Engage privately one-on-one or with faceless billions worldwide  Facilitate social functions of identity, conversation, sharing, presence, relationships, collaboration, reputation, groups  Connectedness, participation, openness, community © 2016 University of Southern California. Confidential and Proprietary Information. Social Media is … • Changing and evolving environment • MySpace  Facebook • “Mass Interpersonal Persuasion”: Multiple sites, different applications used at different times • Encrypted communications: Privacy vs Security Threat • Smartphones: new dominant platform  Emergence of Assisted Artificial Intelligence? • Twitter, Facebook, etc: “new Street Corner” • Used by many in their everyday lives and social networking is the top online activity Social sharing is a major behavioral shift © 2016 University of Southern California. Confidential and Proprietary Information. Social Media is … • Different from traditional media • • • • Immediate and timely Interactive, engaging and selectable Audience diverse personal/local/global Rapidly scalable capabilities • Helpful to: • Safety and Security organizations & stakeholders • Adversaries, Criminals and Terrorists Most impactful development of the 21st century to date © 2016 University of Southern California. Confidential and Proprietary Information. Behavioral Insight • Social Media presents opportunities for understanding behavior, observing and interacting with individuals or groups within their social contexts • Social Media process may be characterized by the ObserveOrient-Decide-Act (OODA) Loop Cycle © 2016 University of Southern California. Confidential and Proprietary Information. Behavioral Insight • Social Media presents opportunities for understanding behavior, observing and interacting with individuals or groups within their social contexts • Observation  Display risky, aggressive or violent behavior  Behavioral patterns: clues to susceptibility to extremism, violence, etc  Displays of individuals within peer groups  Displays of public opinion, discourses, sentiment of groups at population level © 2016 University of Southern California. Confidential and Proprietary Information. Behavioral Insight • Social Media presents opportunities for understanding behavior, observing and interacting with individuals or groups within their social contexts • Association  Online vs Offline behavior  Hostile / Criminal / Violent / Terrorist Intent or Capability? © 2016 University of Southern California. Confidential and Proprietary Information. Behavioral Insight • Social Media presents opportunities for understanding behavior, observing and interacting with individuals or groups within their social contexts • Influence  Comparisons ~mild~  Identifications ~strong~  Connections ~powerful~ © 2016 University of Southern California. Confidential and Proprietary Information. Human Behavior Insight • Social Media presents opportunities for understanding behavior, observing and interacting with individuals or groups within their social contexts • Intervention and Action  Counter negative exploitation of Social Media  Reach out and Help  Offer Truth & Trust; Don’t judge; Increased Coverage; Targeted messaging © 2016 University of Southern California. Confidential and Proprietary Information. Outline • Introduction • Use  Categories  Platforms • Operational View • Safety and Security Applications • Adversary, Criminal and Terrorist Exploitation • Demonstration  Public Monitoring  Expanded Monitoring © 2016 University of Southern California. Confidential and Proprietary Information. USCPrice Safe C0772772mzz't2'65 Institute VINTAGE SOCIAL NETWORKING Linkedfn PiMeres?I YouTube 2015 Global Use http://wearesocial.net/blog/2015/01/digital-social-mobile-worldwide-2015/ © 2016 University of Southern California. Confidential and Proprietary Information. 2016 Global Use since Jan 2015 since Jan 2015 +229 M +283 M The world becoming increasingly connected through affordable mobile phones and data connections http://wearesocial.com/uk/special-reports/digital-in-2016 © 2016 University of Southern California. Confidential and Proprietary Information. 2015 Platform Use http://wearesocial.net/blog/2015/01/digital-social-mobile-worldwide-2015/ © 2016 University of Southern California. Confidential and Proprietary Information. 2016 Platform Use Digital social behavior converging around mobile devices http://wearesocial.com/uk/special-reports/digital-in-2016 © 2016 University of Southern California. Confidential and Proprietary Information. 2015 Country Use http://wearesocial.net/blog/2015/01/digital-social-mobile-worldwide-2015/ © 2016 University of Southern California. Confidential and Proprietary Information. 2016 Country Use GlobalWebIndex found average social media user spends 2 hours and 25 minutes per day using social networks and microblogs Majority of U.S. population is active in social media http://wearesocial.com/uk/special-reports/digital-in-2016 © 2016 University of Southern California. Confidential and Proprietary Information. Blogs & Forums: Reddit, Topix, Mashable, 4chan Categories Professional Networking: LinkedIn Wikis: Wikipedia RSS News Feeds Multimedia Sharing, Podcasting, etc: YouTube Reviews: Yelp Media Sharing: Snapchat, Instagram, Flickr, Pinterest, Periscope Social Bookmarking: Digg, Reddit, Delicious, StumbleUpon Microblogging: Twitter, Tumblr Direct Messaging: KiK, Yik Yak, Broadcasting: WhatsApp, Viber, Telegram, Wechat Skype, Ustream Facebook Messenger Social © 2016 University of Southern California. Confidential and Proprietary Information. / Relationship Networking: Facebook 2015 Top Global Platforms http://wearesocial.net/blog/2015/01/digital-social-mobile-worldwide-2015/ © 2016 University of Southern California. Confidential and Proprietary Information. 2016 Top Global Platforms Facebook continues to be leading platform WhatsApp increased 50%  privacy issues Majority of global social platforms are instant messenger services and chat apps http://wearesocial.com/uk/special-reports/digital-in-2016 © 2016 University of Southern California. Confidential and Proprietary Information. 2016 Top U.S. Platforms Facebook leading platform Twitter, Pinterest, Instagram equally popular http://wearesocial.com/uk/special-reports/digital-in-2016 © 2016 University of Southern California. Confidential and Proprietary Information. 2013 Global Use World Economic Forum Facebook leading platform http://reports.weforum.org/global-risks-2013/risk-case-1/digital-wildfires-in-a-hyperconnected-world/ © 2016 University of Southern California. Confidential and Proprietary Information. Facebook 2016 #1 Popularity with 80% of U.S. teens One of Top 3 websites visited by Teens popular social network in world 67% of U.S. users have Facebook accounts Extremists exploit Facebook because perceived as “normal social media site” visited by adults and parents Account setup: http://smileconference.com/wpcontent/uploads/2014/10/FacebookSignUpHowTo.pdf 2015 © 2016 University of Southern California. Confidential and Proprietary Information. Twitter 2016 35+ Languages About 15% of Internet users are on Twitter • Equal usage by gender and race • 62% are between ages of 18-49 • Used by 26% of Internet users aged 18-29 far exceeds next closest demographic Make declarations Express emotions Share ideas and info “Twitter is not a technology. It’s a conversation” one person can inform another anywhere in world 50% of Twitter users get news from Twitter 2015 © 2016 University of Southern California. Confidential and Proprietary Information. Account Setup: http://smileconference.com/wpcontent/uploads/2014/10/TwitterSignUpHowTo.pdf Instagram 2016 Like Twitter but with enhanced photography and vido capability Like SnapChat but with permanent record of life Popularity #3 with U.S. teens Objective: Increase self popularity and self worth Share with other social networks: Facebook, Twitter, Foursquare, Tumblr, Flickr, etc But more millennials spending more time on Instagram than Twitter 2015 © 2016 University of Southern California. Confidential and Proprietary Information. Messaging Apps • Enable fast communications with individuals or groups • Some offer secure communications that cannot be monitored • Encrypted messages not easily accessed forensically: iPhone! • Some exploit anonymity and some erase message data • All cannot be monitored real-time • All operate globally • Almost all are free to acquire and operate • All available on almost all mobile smartphone devices • Some available on tablet and computer devices • Few associated with mobile phone accounts • Most share text, photo, video media data • Some offer voice • Most operate on multiple networks: cellular, wi-fi, satellite, Bluetooth • Some based outside US and immune to official data requests © 2016 University of Southern California. Confidential and Proprietary Information. o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o Facebook Messenger WhatsApp Kik FireChat Dstrux LINE Instagram Twitter Ogle Snapchat Vin Viber Telegram Skype WeChat Hike Yik Yak ooVoo Chatsecure Pixelknot Surespot Whisper YouNow After School Burnbook Omegle gliph Sicher Threma Secret StreetChat Nimbuzz Zumbl 6Rounds Jitsi RedPhone OkHello Glide Xabber Chatroulette Wickr Telegram Messaging App • Non-US company created by founders of Russian VK, more secure than other apps • Offers “2-way opt-in”, send many types of documents, does not require sharing mobile number, available on PC, Mac and Unix desktop platforms http://news.sky.com/story/1607225/is-using-twitter-to-crowdsource-terrorism © 2016 University of Southern California. Confidential and Proprietary Information.http://www.vocativ.com/251826/isis-followers-flock-to-a-new-foolproof-messaging-app/ Encryption • Encryption applies advanced mathematical codes to enhance data privacy • More communications and stored data use commercially available stronger encryption • Prevents monitoring and detection by law enforcement or intelligence agencies • Encrypted accounts help create “Free Zones” for criminals and terrorists • Encrypting messages in Web-based email using browser extension (Secure Mail by Streak, etc) • ProtonMail (Switzerland, proxied by Israel, protonmail.com) offers secure end-to-end encrypted email accounts – used by ISIS, some journalists, some free speech movements, etc • Cryptocat secure encrypted direct messaging • Telegram (Germany, www.telegram.org) secure, fast, direct messaging app with advanced cryptography and end-to-end encryption – Very popular in most countries - and with ISIS • Secure Internet browsing and searches enabled by Tor Browser from Mozilla • Providers unable and unwilling to unlock encrypted data even under court order • Laws unable to keep pace with accelerating developments in IT • Automatic switching between cellular, wi-fi, radio and Bluetooth communication methods • Switching between multiple Direct Messaging software applications • Transmitting attached photos of visible or invisible messages instead of plain text • Paris and San Bernardino ISIS Attacks underscore need for new updated laws for government access to end-to-end encrypted data from private providers http://www.cnn.com/2015/12/17/politics/paris-attacks-terrorists-encryption/ © 2016 University of Southern California. Confidential and Proprietary Information. Encrypted Voice Apps • Voice Over IP (VoIP) phone calls (e.g. Skype, Google Voice) better protected from surveillance than traditional landline communication • Law enforcement may listen to VoIP calls without warrant on mobile & sat phones • 2008 FISA Amendments Act permits USG to collect phone calls with at least one foreign non-US target (+1B/day) including some real-time monitoring of text, email, voice and voice chat (source: Computerworld and The Guardian) • Telecoms can access phone conversations • Apr. 2016: “60 Minutes” reported a method for sophisticated hackers to access mobile phone and access all data, monitor calls and track movements • Lookout app scans mobile phones for vulnerabilities (https://www.lookout.com/) • Numerous mobile phone apps that enable secure, end-to-end encrypted telephone voice calls • Android and iOS apps: Ostel, Silent Phone (FIPS 140-2), RedPhone, Secure Mobile, WhatsApp, Cellcrypt, Chatsecure, TrustCall, CSipSimple, Linphone, Seecrypt, Simlar, Zoiper, CoverMe, CryptTalk • Mobile phone hardware: Blackphone © 2016 University of Southern California. Confidential and Proprietary Information. USCPrice Dark Web Safe Communities Institute 'k -- Tor PM. i :1 2016 University of Southern California. Confidential and Proprietary Information. Dark Web • Dark Web is World Wide Web content that exists on “Darknets” in public Internet  Not indexed nor directly accessible by standard search engines (Explorer, Firefox, etc)  Accessible through anonymous encrypted software : The Onion Router (www.torproject.org/projects/torbrowser.html.en), i2p Anonymous Network (geti2p.net/) or Freenet (freenetproject.org)  Associated with illegal activity, services, data, items, materials and taboo topics and media • Anonymous Social networking exists on Dark Web through Tor-equipped browsers  Tor network anonymizes users by routing internet traffic through several circuitous locations where encryption added at each location along the route (www.torproject.org/projects/torbrowser.html.en)  Allows users to visit normal websites anonymously  Tor Anonymous Instant Messenger App provides encrypted data sharing • Facebook now offers Tor-secure address (facebookcorewwwi.onion) • Protect location of users • Enable access to places where the social network is illegal or blocked • Enable Facebook access to users from countries that block access (China, Iran, North Korea, Cuba, Iraq) • Prevents external surveillance of personal Internet connections or detection of visited sites, prevents visited sites learning user’s physical location, and all communication in /out of Facebook account remains within the anonymous Tor network • Facebook can still monitor users’ activities © 2016 University of Southern California. Confidential and Proprietary Information. U.S. Teen Usage • 2015 Pew Research Center Teens & Social Media Study • Largest growth in Social Media usage is by Teens on mobile platforms  75% have smartphone access  85% African-American  71% Hispanic  71% White  24% “almost constantly online”  34% African-American  32% Hispanic  19% White  68% on social media at least daily  94% on social media from mobile devices at least daily  >50% log in several times each day © 2016 University of Southern California. Confidential and Proprietary Information. U.S. Teen Usage • 2015 Pew Research Center Teens & Social Media Study • 85% of US teens have Social Media accounts  47% have public Facebook accounts  88% text, 55% text daily; average ~60/day  40% of teens & young adults have texted on Kik  38% of Facebook users under 13, 25% under 10  Teens post real age, photos, city, school, videos of friends or themselves, their phone number, or their exact location Affordable smartphones have erased “digital divide” © 2016 University of Southern California. Confidential and Proprietary Information. Platform Capabilities • Social Media sites and applications offer multiple types of capabilities © 2016 University of Southern California. Confidential and Proprietary Information. Emerging Future Trend? Convergence of Social Media and Wearable Devices • Emojis, Photos … • Movement, Location, Heartbeats and Health • Voyeurism (Being app, Follower app) • Shared Emotions  Shared Physical Contact  Influenced or Controlled Emotions and Controlled Actions? http://wearesocial.com/uk/special-reports/we-are-social-curiosity-stop-10 © 2016 University of Southern California. Confidential and Proprietary Information. Outline • Introduction • Use  Categories  Platforms • Operational View • Safety and Security Applications • Adversary, Criminal and Terrorist Exploitation • Demonstration  Public Monitoring  Expanded Monitoring © 2016 University of Southern California. Confidential and Proprietary Information. Operational View (OV) Safety and Security Organizations Community: Local  Global Adversarial, Criminal and Terrorist Organizations © 2016 University of Southern California. Confidential and Proprietary Information. Operational View (OV) Layer 1: Engage Layer 2: Investigate Layer 3: Protect Private Citizens Layer 3: Attack Layer 2: Prepare Layer 1: Influence © 2016 University of Southern California. Confidential and Proprietary Information. OV Layer 3 Community: Local  Global STAKEHOLDERS Continuous Community • Intelligence Community Engagement and Information • Military Sharing • Law Enforcement • Probation Investigate Persons and Organizations of Interest • Fire • Corrections and Monitor to Prevent, Rehabilitation Protect and Respond • Education INCIDENT people infrastructure • Mental Health Perpetrate Crime, • Public Health Violence or Attack • Homeless Services • Adversary • Criminal • Terrorist Plan and Prepare Criminal or Violent Activities Inspire, Influence, Connect, Recruit and Threaten Community: Local  Global © 2016 University of Southern California. Confidential and Proprietary Information. Outline • Introduction • Use  Categories  Platforms • Operational View • Safety and Security Applications • Adversary, Criminal and Terrorist Exploitation • Demonstration  Public Monitoring  Expanded Monitoring © 2016 University of Southern California. Confidential and Proprietary Information. Safety & Security Usage • Safety and Security Organizations (1) Continuous Community Engagement and Information Sharing (2) Investigate Persons and Organizations of Interest (3) Monitor to Prevent, Protect and Respond • Adversarial, Criminal and Terrorist Organizations (1) Inspire, Influence, Connect, Recruit and Threaten (2) Plan and Prepare Criminal or Violent Activities (3) Perpetrate Crime, Violence or Execute Attack © 2016 University of Southern California. Confidential and Proprietary Information. Safety and Security Use • Almost all US law enforcement agencies (96%) use social media in some capacity (source: International Association of Chiefs of Police 2014)  Primary use (89%): Criminal investigations  86% report social media has helped solve crimes in their jurisdiction  Frequently used platforms Facebook (94%), Twitter (71%), YouTube (40%); also use Nixle and Nextdoor (neighborhood social networking)  66% use Twitter  First police department use of Twitter in 2007; 772 departments by 2013  74% not currently using social media are considering its adoption  78% have social media policy; 12% in process of developing policy  83% state social media has improved police-community relations  2015 National Gang Intelligence Center reports 54% of law enforcement agencies integrating social media into gang investigations past two years  Example: Cincinnati Police Department solves majority of crimes posted on their Facebook page through voluntary public information Source: http://www.iacpsocialmedia.org/Resources/Publications/2014SurveyResults.aspx © 2016 University of Southern California. Confidential and Proprietary Information. Safety and Security Use • Increased use of social media throughout US law enforcement agencies and projected to rise even further in the coming years (source: Social Media Use in Law Enforcement, LexisNexis 2014)  Daily use (25%): typically criminal investigation and crime anticipation  Use of social media as probable cause for search warrant never been challenged (76%)  Special event monitoring (40%)  Notify public of crimes (34%)  Notify public of emergencies or disasters (34%)  Frequently used platforms Facebook (93%), Twitter (50%), YouTube (67%)  Support of social media use by agency command staff (56%)  Perceived information credibility (43%)  Planning to increase use next year (78%)  Employ formal process for using social media in investigations (48%) https://www.lexisnexis.com/risk/downloads/whitepaper/2014-social-media-use-in-law-enforcement.pdf © 2016 University of Southern California. Confidential and Proprietary Information. Safety & Security Organizations Community 1) Engage (1) Continuous Community Engagement and Information Sharing  Objective: Active Conversations with the Community  Information Sharing with Community “Digital Neighborhood Watch”  Community Outreach, Engagement and Crowdsource Concerns (2) Investigate Persons and Organizations of Interest (3) Monitor to Prevent, Protect and Respond © 2016 University of Southern California. Confidential and Proprietary Information. (1) Continuous Community Engagement & Info Sharing Community 1) Engage k  Objective: Active Conversations with the Community • Increased access to audiences • Informed and connected communities feel better prepared and are more resilient • Improve engagement with citizens, partners, organizations and stakeholders • Direct access to local and global communities to counter crime and terrorism • Develop and build trusted relationships and confidence, sense of community • Show human side of policing • Reduce community tensions, Improve relations, Support positive reputation and good will, Counter inaccurate press coverage © 2016 University of Southern California. Confidential and Proprietary Information. (1) Continuous Community Engagement & Info Sharing Community 1) Engage k  Objective: Active Conversations with the Community • Interactive, visible and transparent two-way communications • Inform public of local safety, crime and security issues • Promote valuable public safety and security information and education • Help solve investigations quickly • People are Customers, tired of crime and want to help • Online “Lost-And-Found” of recovered stolen items (Pinterest) • Applications: Twitter, Instagram (largest growing platform; also for students) and Facebook (for adults), Nextdoor, www.AlertID.com, Spotcrime.com, CrimeReports.com, RaidsOnline.com, MyLocalCrime.com, etc © 2016 University of Southern California. Confidential and Proprietary Information. (1) Continuous Community Engagement & Info Sharing  Examples: Los Angeles Police Department and Los Angeles County Sheriffs Dept use of Facebook, Twitter, Instagram, Pinterest and YouTube social media sites © 2016 University of Southern California. Confidential and Proprietary Information. Community 1) Engage k (1) Continuous Community Engagement & Info Sharing Community 1) Engage  Information Sharing with Community “Digital Neighborhood Watch” • Police blotter blogs with timely updates o Police activity and event updates (Facebook) o Amber Alerts (Twitter) o BOLOs (Twitter) o Crime or disaster emergency alerts (Twitter) o Most wanted posters, missing persons & runaways, people in distress (Pinterest) • Seattle Police Dept “Tweets-by-Beat” posts specific crimes in near real-time, http://www.seattle.gov/police/tweets/feeds.htm • http://www.lapdonline.org/our_communities • Investigation updates, Recent arrest locations, Registered sex offender locations, Log of everyday activities • Homeless conditions; educate public of the human side • Crime prevention, safety tips and emergency preparedness information • Significant traffic accident alerts, transportation delays and road condition updates - but not a traffic service • Extremely severe weather alerts - but not a weather service © 2016 University of Southern California. Confidential and Proprietary Information. (1) Continuous Community Engagement & Info Sharing Community 1) Engage  Community Outreach, Engagement and Crowdsource Concerns • Forum to solicit information from the public o Tips about Unsolved Crimes to generate potential leads, expand witness pools and help solve crimes (example: NYPD Ideascale) o Suggestions o Concerns and complaints o Questions and provide timely answers • Increase speed of public feedback and input • Reply regularly with community members to understand their issues and encourage 2-way dialog o Virtual Ride-along “Tweet-along” (Twitter) o Philadelphia PD embed reporters who have contributed for enhanced credibility • Promote awareness of community events involving safety agencies o Volunteering activities (LAPD @Badgeofheart); Citizen’s academy; Visit community centers and churches; Coffee with the Cops; Solicit and distribute donations o Welcome new officers, announce awards and retirement events o Inform public of employees terminated with accompanying explanation (Dallas Police Dept) © 2016 University of Southern California. Confidential and Proprietary Information. (1) Continuous Community Engagement & Info Sharing Community 1) Engage  Community Outreach, Engagement and Crowdsource Concerns • Promote awareness and needs of homeless and supporting organizations • Promote inmate community service projects • Focus on video, images, include humor where possible, avoid police jargon, codes • Promote recruitment by appealing to the Social Media connected next generation and consider offering Social Media internships • Awareness of potential mistakes in personal Social Media posts and how they interact with online criticism; take care with posting inflammatory comments o Personal officer accounts not treated as private citizen accounts: “you never Tweet off duty” o Maintain separate official and private accounts with different usernames, password, mode of logging in, device (if mobile), consider using a proxy to prevent traceback • Behind-The-Scenes officer training videos; especially canine and horse teams • Cross-promote blogs and accounts with Twitter, Facebook, Pinterest, etc • Awareness of online social justice activity: new database of cyberbullies compiled by Social Autopsy (http://socialautopsy.com/) • Mar 2016: Huntsville, AL schools plan to track students’ social media accounts © 2016 University of Southern California. Confidential and Proprietary Information. (1) Continuous Community Engagement & Info Sharing Community 1) Engage  Community Outreach, Engagement and Crowdsource Concerns • Analysis of police department Twitter accounts in the 30 largest cities showed 45% related to crime or incident information and reports of police investigations (2010) “Twitter for City Police Department Information Sharing” Proceedings of the American Society for Information Science and Technology, Nov. 2010 © 2016 University of Southern California. Confidential and Proprietary Information. Safety & Security Organizations Community 2) Investigate (1) Continuous Community Engagement and Information Sharing (2) Investigate Persons and Organizations of Interest  Collect and Analyze Social Media Information  Undercover Communications  Focused Messaging to Counter Violence  Identify and Address Violent Social Media Accounts (3) Monitor to Prevent, Protect and Respond © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Collect and Analyze Social Media Information • Threat Likelihood is dependent upon hostile intent, motivation and capability • People’s Social Media behavior illustrate Threat Likelihood through posts and photo/video attachments displaying sentiment, emotion and statements • Collect “Digital Dossier” data on the “Digital Footprints” of Persons or Organizations of Interest (example: CIA Open Source Center: www.opensource.gov) • Criminal activity analysis more objective; Terrorist activity requires more context © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Collect and Analyze Social Media Information • Exploit information for evidence to help support, build or prosecute cases o Known or suspected criminals or terrorists; and victims or witnesses o Reveal timeline of information and activities o Characterize unique behaviors, relationships, rivalries, locations and activities o Match collected data to government data o Identify, tag and track names to faces; facial recognition where available; track location and transmit to field personnel as required; GIS mapping software (Google Maps, etc) o Statement, photo, video associations with people, places, times, objects offer critical tips and insights into violence, crimes or attacks • Some criminal gangs do little to hide their digital identities • Chicago Police Department monitors “hot people” likely to be involved in a homicide as victims or offenders instead of “hot spots” © 2016 University of Southern California. Confidential and Proprietary Information.  Detection and correct interpretation of digital online behaviors may improve capabilities of safety and security organizations © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Collect and Analyze Social Media Information • Exploit information for evidence to help support, build or prosecute cases o Monitor potentially incriminating messages, photos or videos • Compliance with Restraining orders • Criminal/gang/terrorist association: bragging, tattoos, gang signs, iconography • Displays of substance abuse or drug possession • Displays of bragging of unexplained assets, money or weapons • Sex crime related Internet restriction violations: school proximity, accessing dating sites, etc • Employment violations, unauthorized leave • Parole and probation violations or non-compliance • Questionable online behavior: association with specific sites © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Collect and Analyze Social Media Information • Exploit information for evidence to help support, build or prosecute cases o Monitor potentially incriminating messages, photos or videos (continued) • Violent activities: street or school fights • Illicit activities: large parties with drugs, underage attendees • Incriminating online statements or musical lyrics • Number and types of individuals or groups liked, followed or following • Shifts in online behavior: switching public accounts to private accounts: “going dark” o Decipher bragging versus demonstrated capabilities and proven illegal activities o State Department screen visa applicants’ social media activities o Apr 2016: Office of Personnel Management preparing pilot program to track public social media postings of people applying for security clearances © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Collect and Analyze Social Media Information • Modes of Data and Accessibility o Monitor and analyze “data in motion”: email, live chat, messaging, broadcasting, document attachments o Search, filter and analyze “data at rest”: stored data in accounts: draft and sent email messages, stored texts, photos and videos, purchases, browsing histories o Manual data monitoring and search methods resource intensive, slow but accurate • Actively monitor each Social Media public account: Facebook, Twitter, etc • Tweetdeck (multiple Twitter feeds and active searches in live dashboard display) • Twilert (active Twitter searches sent to email) o Automated continuous data surveillance with tailored searches offer increased data volume • Twitter Gnip public data feeds from Twitter, Facebook, Instagram, Tumblr, Reddit, Wordpress, VK, Flickr, etc (https://gnip.com/realtime/) © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Collect and Analyze Social Media Information • Geo-locatable data issues o Very limited data available (~1% of Twitter data) o Associate content of text, image or video data (demeanor, statements, activities, descriptions, images, times) to persons, organizations, locations, landmarks (USGS database), events o Infer location through mobile phone cellular tower data • Fusion of actionable Social Media data with other open source data and government collected intelligence provides improved situational awareness © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Collect and Analyze Social Media Information • Data privacy protection issues o Significant amount of public accounts available and accessible o Private account data accessible to government agents permitted under specific laws and conditions: subpoena, court order, search warrant, national security provision from Foreign Intelligence Surveillance Court, life-threatening emergencies • User of account under investigation may be notified by some providers (Twitter) • US Companies (Apple, Facebook, Instagram, KiK, LinkedIn, MySpace, Pinterest, Tumblr, Twitter, etc) divided between protecting user data (Stored Communications Act) and cooperating with government requests • Subpoena Guide: associatesmind.com/2015/01/26/social-media-subpoenaguide-2015-edition/ • Twitter, Yahoo, Facebook and Google pushing back on Senate legislation requiring alerting federal authorities of any terrorist activity: nearly identical to current child pornography reporting laws • Exploring advanced encryption and auto-destructing data methods to increase user protection: unintended consequence of permitting secure communications prevents government access • Some public Internet sites archived (archive.org/web/) and archive.is © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Collect and Analyze Social Media Information • Data privacy protection issues • Apr. 27, 2016: House unanimously passed Email Privacy Act requiring federal agencies (few exceptions) to obtain warrant (instead of subpoena) before searching archived digital communications stored by service providers  Gives electronic documents same Fourth Amendment protection as paper mail, reforms Electronic Communications Privacy Act of 1986 to protect consumer  Does not affect existing electronic surveillance permitted by Foreign Intelligence Surveillance Act of 1978 involving “foreign powers and their agents” • May 1, 2016: Belgian Police and European CT officials requested access to US accounts; Pushback: suspect first notified, given police contact info  Islamic State supporter boasted of another forthcoming terrorist attack in Belgium after the March 2016 Brussels bombings  Officials could not comply due to potential compromise of investigation and officer endangerment  US DOJ ultimately persuaded US company to assist Belgian officials © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Collect and Analyze Social Media Information • Language translation accuracy and automation issues o Capabilities: Google, SDL, Babylon, Power Translator, Babelfish, rttmobile.com, etc o Bing provides manual translation of individual Twitter Tweets • Human language translation most accurate method to date (source: private communication with US intelligence sources) © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Undercover Communications • Communicate with persons of interest to understand behaviors, relationships, concerns, identify emotional cues, and over time befriend, dissuade, intervene, disrupt or interdict (example: CPDSI France invokes childhood memories) • Skilled expertise, capable of digitally acting undercover, possessing social, cultural, linguistic, and adversary organizational and operational knowledge • Use concealed identities, appealing online profiles and fictitious aliases (example: flirtatious attractive young person) • Use anonymous tools, such as proxy servers or website anonymizers (www.anonymouse.org/anonwww.html) to help conceal digital identity • Secure cooperating witnesses to grant access to information • Help to anticipate or predict illegal, hostile, or violent behavior © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Focused Messaging to Counter Violence • Publish educational messaging to counter affiliation or recruitment by criminal, violent extremist, terrorist ideologies • Solicit, collaborate with and support community leaders and organizations • Amplify the stories of disillusioned militants (Peter Bergen) • Identify the victims with human stories • Post counter-narratives influenced by religious leaders, non-governmental organizations, and family and friends to diminish appeal of extremist message • Provide online articles, references, literature to assist with understanding and guidance o Example: “Romance of Violence” by Christian Picciolini © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Identify and Address Violent Social Media Accounts • Solicit public support for identifying and reporting abusive content o Thailand Police charged 8 people with sedition crimes over critical Facebook comments regarding military’s political influence (Apr 2016) • Assist Social Media providers to identify, suspend, lock or delete abusive or offensive accounts displaying “threats of violence against others or promoting violence against others” o Twitter is not a public space and legal freedom of speech violations are not at risk and it has right to stop abusive and harmful content o Difficult to regenerate adversary network if account suspensions continue at consistent pace o Limited effect because additional new accounts easily established o Allowing some accounts to continue operating enables some intelligence collection © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Identify and Address Violent Social Media Accounts • Inform public of procedures to flag abusive content for removal • Private hacking groups (example: Anonymous, Ghost Security Group, etc) are identifying, interdicting (Tunisia plot), leaking, attacking (Twitter accounts, Bitcoin accounts, etc), sharing information with government agencies and taking down thousands of extremist accounts and sites used by or followers of ISIS o Telegram shut down 78 ISIS Channels in 2015 o Anonymous took down 149 ISIS websites; exposed 100,000 Twitter accounts and 5,900 propaganda videos in 2015 © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Identify and Address Violent Social Media Accounts • Air strikes no effect on ISIS’ social media safe haven – and State Department outreach into social media having limited effect, too • State Department’s ineffective “Think Again Turn Away” social media campaign on YouTube, Facebook, Tumblr and Twitter trying to engage potential jihadist recruits –not ISIS– in childish discussions to win them over with critical portrayals of poor conditions under ISIS leadership • http://www.theguardian.com/world/2014/sep/22/us-battle-counter-isispropaganda-online-officials-warn © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  DHS Field Analysis Report, Dec. 22, 2015. (For Official Use Only) • Terrorist and criminal use of first-person video (FPV) and live streaming platforms • FPV captures events from first-person perspective to share their viewpoint as acted within their environment • Captured footage provides useful forensic assistance to terrorist and criminal investigations • Law enforcement should be trained to o Identify possible terrorist or criminal use of FPV technology to enable accurate suspicious activity reporting o Maintain covert undercover access to live streaming video platforms with active accounts on most popular apps including Facebook, Twitter, Periscope, Meerkat, YouTube o Be prepared to respond to live streaming or posting of recorded attacks and criminal activity, including shutting down live streaming account during event • Opportunity for senior government officials to develop appropriate public messaging prior to terrorist or criminal use of live streaming video during an incident © 2016 University of Southern California. Confidential and Proprietary Information.  Video surveillance by private individuals in unexpected locations potential threat indicator © 2016 University of Southern California. Confidential and Proprietary Information. (2) Investigate Persons / Organizations of Interest Community 2) Investigate  Open source article warning public of potential false social media accounts used by law enforcement • Article referenced “Social Media and Tactical Considerations for Law Enforcement” guide published by DOJ with instructions on creating fraudulent profiles o http://americanintelligencereport.com/police-are-creating-fake-accounts-on-facebook-sothey-can-monitor-you-how-to-identify-a-fake-account o http://www.policeforum.org/assets/docs/Free_Online_Documents/Technology/social%20med ia%20and%20tactical%20considerations%20for%20law%20enforcement%202013.pdf © 2016 University of Southern California. Confidential and Proprietary Information. Safety & Security Organizations Community 3) Protect (1) Continuous Community Engagement and Information Sharing (2) Investigate Persons and Organizations of Interest (3) Monitor to Prevent, Protect and Respond  Data Monitoring and Information Sharing with agencies, community, and media before and during incidents, events & crises  Detect potential indicators, warnings, threats, communications or activities prior to actual incidents or events to support proactive response  Situational Awareness to Detect breaking events or emerging incidents or provide updated actionable information about ongoing incidents or cascading events © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Data Monitoring and Information Sharing with agencies, community, and media before and during incidents, events & crises • Increase in mass shootings, civil unrest and other mass casualty incidents driving need for advanced tools and technologies that provide enhanced situational awareness for faster, more effective response to prevent or mitigate consequences • At no time is communication more essential than during a crisis • Inform government agency stakeholders, news media and empower public with releasable information (photos, videos, press releases) on imminent or current incidents, events, operations, emergencies, etc © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Data Monitoring and Information Sharing with agencies, community, media before and during incidents, events and crises • Risk communication of hazards, manhunts, accidents, crimes, arrests, road closures, curfew, quarantine, all clear, etc helps prevent or mitigate consequences and dispel rumors • Dissemination via Social Media reaches more people faster than traditional media o Broward Sheriff’s Office CyberVisor: http://sheriff.org/apps/ealerts/ • Messaging employ clear, concise, proper grammar; limited shorthand and abbreviation to insure accuracy and professionalism • Request tips on suspicious activity (text, photos, videos) via anonymous “E-Tipsters” (www.tip411.com) © 2016 University of Southern California. Confidential and Proprietary Information. Community (3) Monitor to Prevent, Protect and Respond 3) Protect  Twitter has been called the “new police scanner” INCIDENT +1 HOUR +2 HOURS +3 HOURS +4 HOURS +5 HOURS + 00:04 + 00:17 + 00:27 Philadelphia Amtrak Train Derailment (5/12/2015)  23 min + 00:09 + 00:04 + 00:05 + 00:20 + 03:12 Seattle Arctic Drilling Rig Protest (5/12/2015) 3 hr 8 min Kathmandu, Nepal 7.4 Earthquake (5/12/2015) 22 min + 00:05 + 00:10 + 00:15 + 00:30 + 00:01 + 00:02 + 00:04 + 00:25 Seattle Power Outage (5/14/2015) 2 hr 59 min Ofunato, Japan Magnitude 6.7 Earthquake (5/12/2015) 15 min + 00:02+ 00:11 + 00:24 + 00:05 + 03:08 + 01:59 Saudi Airstrike on Yemen (5/21/2015) 1 hr 54 min + 01:48 Bombing Government Offices in Cagliari, Italy (5/21/2015) 1 hr 33 min + 02:30 Colombian forces arrest Cartel leader in Bogota (5/21/2015) 2 hr 0 min + 04:37 Roadside Bombing in Quetta, Pakistan (5/21/2015) 4 hr 36 min Tianjin, China Port Explosion (8/12/2015) 20 min + 00:05+ 00:10 Chattanooga, Terrorist Lone Wolf Shooting (7/16/2015) 5 min + 00:05 + 00:52 Long Beach, Criminal Multiple Shootings (8/10/2015) 47 min Private Tweet News Tweet Commercial Data Commercial data sources include NC4 and ANVIL Twitter offers situational awareness minutes to hours before commercial alerts © 2016 University of Southern California. Confidential and Proprietary Information.  Fastest and accurate news sources currently are Twitter and BreakingNews.com © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Data Monitoring and Information Sharing with agencies, community, media before and during incidents, events and crises • Digital stakeouts: monitor primarily Twitter & Instagram and RSS news feed sites o Local and global news organizations and media bloggers (BreakingNews.com) o National government weather and meteorological agencies (NWS, USGS, etc) o Persons and organizations of interest (adversarial, criminal, terrorist) o Private citizens © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Data Monitoring and Information Sharing with agencies, community, media before and during incidents, events and crises • Search accounts and sites with specific keyword search patterns characterizing sentiment, activities, places, organizations, names to detect actionable information o Detect data (messages, Tweets, photos, videos, blogs, reports, etc) related to potentially imminent or current events or incidents for increased situational awareness • Public safety threats (protest plans, threats of violence, etc) • Criminal activity (flashmob coordination) • Manmade incidents (mass shooting, explosion, etc) • Infrastructure accidents (explosion, bridge collapse, hazardous materials leak, etc) • Natural disasters (earthquake, tornado, wildfire, etc) o Geographic Information Systems mapping tools o Identify & evaluate location, persons, sentiment, activities, relationships and objects • Example: Apparently threatening video against law enforcement on Instagram led to firearms arrest © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  NYPD, Detroit, other departments using predictive analytical software to police local neighborhoods based on social networking posts  Software (e.g. PredPol, HunchLab, Mark43) computes neighborhood risk score geospatially fusing street intelligence, historical crimes and predictive analysis of posts published by emotionally upset people • Scores may include friends and relationships, political postings, arguments, etc • Establish fake profiles, claim young attractive personas, pose as community members on Facebook, Instagram, YouTube and Twitter, build relationships, monitor event invites, follow “criminal crew members”, listen to rap lyrics, question people in field about posts and friends • Tool may help predict and prosecute gang violence and crime • http://www.predpol.com/ • https://www.hunchlab.com/ • https://www.mark43.com/ • https://www.hds.com/en-us/products-solutions/industrysolutions/government.html • http://www.nytimes.com/2013/09/19/nyregion/friskingtactic-yields-to-a-focus-on-youthgangs.html?ref=todayspaper&pagewanted=all&_r=1 • http://mic.com/articles/128299/how-police-use-twitterand-facebook-to-predict-crime#.WIeJlMDCE © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Data Monitoring and Information Sharing with agencies, community, media before and during incidents, events & crises • One of Sinaloa Cartel's leaders arrested at Amsterdam Airport based on near real-time analysis of 28 Instagram pictures and postings (Jan 2014) o http://mic.com/articles/79841/these-28-instagram-pictures-just-busted-one-of-the-biggestmexican-drug-lords#.FxWaj1e69 • Mar. 14, 2016: Turkey suspended all Facebook and Twitter accounts after major suicide bombing in Ankara that killed 34 to limit tragic imagery of victims and limit communications by Kurdish militants and sympathizers o http://worldnewsviews.com/world/turkey-blocks-facebook-twitter-deadly-ankara-blast/ • May 2, 2016: Brazil suspended accounts for 100M users of Facebook’s WhatsApp service nationwide for 72 hours as punishment for refusal to assist Piaui Police investigation of several pedophilia cases in 2013. Similar 48 hour blackout in 2014 allegedly resulted in creation of 1M new Telegram accounts o http://www.theverge.com/2016/5/2/11567358/brazil-whatsapp-blackout-court-orderencryption © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Example list of news, weather and government agency Twitter Handles providing timely and credible information © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Natural Disasters Accidents Manmade  Example list of high level incident and event category types • Advisory – BOLOs, terrorist alerts, planned events, protests, strikes; travel advisories; emergency alerts • Unrest – riot, civil unrest, labor protest, labor strike, demonstration • Criminal Activity – hostage, kidnapping, violent crime, cargo theft, murder • Shooting – criminal, terrorist, military individual and mass shootings • Bombing & Explosion – criminal, accidental, terrorist, military threats, bombings and explosions • Security Operations – terrorist attack, police operations, lockdown, arrests • Military Operations – siege, tribal/ethnic clashes, insurgency, military operations, coup, war • Infrastructure – power, communications & water outage, fuel disruption, building, tunnel & bridge collapse • Surface Transportation – roadway/railway transport delays, disruptions, closures, accidents, destruction • Maritime – port delays, disruptions, accidents, closures, attacks, piracy, boat & ship accidents, losses • Aviation – flight and airport delays, disruptions, accidents, crashes, emergencies, closures & attacks • Chemical – industrial chemical, fuel, oil & hazardous substance accidents, spills & chemical terrorist attacks • Radiation – radioactive accidents, leaks and radiological & nuclear terrorist attacks • Disease – people, animals & plants natural disease outbreaks, pandemics, biological terrorist attacks • Wildfire – wildfires, forest fires & smoke • Urban Fire – urban structural fires, chemical facility fires & smoke (unknown contaminants) • Severe Weather – ice storm, blizzard, evacuation • Flooding – flooding, storm surge • Tsunami – tsunami, tidal wave • Tornado – tornado • Hurricane – typhoon, cyclone, tropical storm, hurricane • Landslide – landslide, avalanche, lahar, mud slide • Volcano – volcano Earthquake – earthquake © 2016 University •of Southern California. Confidential and Proprietary Information. Community 3) Protect (3) Monitor to Prevent, Protect and Respond  Example list of Twitter Keyword Search Detection Queries © 2016 University of Southern California. Confidential and Proprietary Information. Community 3) Protect (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Example list of Twitter Selection and Rejection Pattern rule sets © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Example list of Twitter Selection and Rejection Pattern rule sets Useful references for colloquial and slang social media words and phrases: http://www.urbandictionary.com/ http://onlineslangdictionary.com/ http://www.noslang.com/dictionary/ http://www.netlingo.com/acronyms.php © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Data Monitoring and Information Sharing with agencies, community, media before and during incidents, events and crises • Search accounts and sites with specific keyword search patterns characterizing sentiment, activities, places, organizations, names to detect actionable information o Assess and Validate detected data for • Credibility – Source authenticity, trustworthiness, competency, and Information content believability (text, photos, videos, weblinks); reference law enforcement and intelligence human intelligence Reliability Scoring Tables Source © 2016 University of Southern California. Confidential and Proprietary Information. Information (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Data Monitoring and Information Sharing with agencies, community, media before and during incidents, events and crises • Search accounts and sites with specific keyword search patterns characterizing sentiment, activities, places, organizations, names to detect actionable information o Assess and Validate detected data for • Credibility • Severity - description of impact and consequences and accompanying photos, videos, weblinks; reference commercial Severity Tables © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Data Monitoring and Information Sharing with agencies, community, media before and during incidents, events and crises • Search accounts and sites with specific keyword search patterns characterizing sentiment, activities, places, organizations, names to detect actionable information o Assess and Validate detected data for • Credibility • Severity • Proximity - Source of data, description of data and accompanying photos, videos, weblinks; reference Incident Tables 19.219290, 72.845766 © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Example table of impact proximity distances by incident category type Incident Category Advisory Unrest Criminal Activity Shooting Bombing & Explosion Security Operations Military Operations Infrastructure Surface Transportation Maritime Aviation Chemical Radiation Disease Urban Fire WildFire Flooding Tsunami Severe Weather Tornado Hurricane Landslide Volcano Earthquake © 2016 University of Southern California. Confidential and Proprietary Information. Proximity Distance D < 50 km or 31 mi D < 150 km or 94 mi D < 2.5 km or 1.6 mi D < 25 km or 16 mi D < 25 km or 16 mi D < 50 km or 31 mi D < 750 km or 469 mi D < 25 km or 16 mi D < 15 km or 9 mi D < 20 km or 12 mi D < 25 km or 16 mi D < 50 km or 31 mi D < 250 km or 156 mi D < 500 km or 312 mi D < 25 km or 16 mi D < 50 km or 31 mi D < 25 km or 15 mi D < 250 km or 156 mi D < 50 km or 31 mi D < 25 km or 16 mi D < 250 km or 156 mi D < 100 km or 60 mi D < 250 km or 156 mi D < 500 km or 300 mi (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Data Monitoring and Information Sharing with agencies, community, media before and during incidents, events and crises • Search accounts and sites with specific keyword search patterns characterizing sentiment, activities, places, organizations, names to detect actionable information o Correlate social media information with other government agency alerts, commercial social media data feeds (e.g. NC4, ANVIL, GEOCOP, Geo Listening, Social Sentinel) and other open source data and share actionable data to officers on scene and inform community • Recommended sources: • Twitter, Instagram, Facebook, YouTube • RSS News Feeds (Feedly - feedly.com: BBC, Reuters, CNN, NWS, USGS, etc) • Google Alerts, News blogs (e.g. www.breakingnews.com) • Manage, process and analyze large amounts of data formats and sources (YouTube videos, Twitter Tweets, RSS news feeds, Instagram photos, etc) © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Detect potential indicators, warnings, threats, communications or activities prior to actual incidents or events to support proactive response • Anticipate manmade incidents and cascading natural disasters • Prevent crime, attacks or mitigate or reduce casualties or damage • Share information with relevant safety and security agency stakeholders • Guide deployment to areas of suspected or imminent criminal or terrorist activity • Support correlation of field resources with available equipment (surveillance cameras, security checkpoints, etc) in areas of concern © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Detect potential indicators, warnings, threats, communications or activities prior to actual incidents or events to support proactive response • Monitor or engage persons of interest online o Short-circuit flare-ups between criminal organizations o Monitor and raid suspected safehouse or residence of known or suspected criminals o Recent London bomb plot revealed and interdicted during online chat with undercover investigator o Monitor Facebook and Twitter data for imminent civil unrest or labor actions o Collect information on types of firearms weapons in possession before raid o Monitor discussions related to protest planning & coordination activities o Uncover criminal or terrorist activity (surveillance, bomb making, tactics training) o Detect threats by Oregon Community College shooter on www.4chan.org © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Situational Awareness to Detect breaking events or emerging incidents or provide updated actionable information about ongoing incidents, special events or cascading events • People in proximity to local scenes of violence, disasters and emergency situations may share their experience in social media • Connect community during and after emergency to enhance resilience o Virtual Emergency Management Association - http://www.virtualema.org/ o “DHS Lessons Learned: Social Media and Hurricane Sandy” https://communities.firstresponder.gov/DHS_VSMWG_Lessons_Learned_Social_Media_an d_Hurricane_Sandy_Formatted_June_2013_FINAL.pdf o DHS Virtual Social Media Working Group and First Responders Group http://www.firstresponder.gov/TechnologyDocuments/Virtual%20Social%20Media%20Worki ng%20Group%20VSMWG%20Social%20Media%20Strategy.pdf • Monitor real-time feeds of public social media posts during terrorist attacks, protests, riots, response to manhunts, etc during operations and transmit data to personnel on scene for enhanced situational awareness • Assess Scale of Incident area of impact, number of participants • Assess Severity of Incident: casualties, disruption, damage, destruction © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Social media used as emergency response tool during crisis  Facebook Safety Check; Google Person Finder; Red Cross Safe & Well  Readily-available platform for eyewitness accounts and real-time info  Apr 2016 “Social Media & Crisis Response” benchmarking survey of 270 companies by Department of State Overseas Security Advisory Council  70% use social media during an emergency  79% say its best for news and information updates  68% identify social media as a secondary resource  67% do not use crisis response tools offered by social network sites  Kenyan Red Cross response to 2013 Westgate Mall terrorist attacks  Pioneered use of Twitter to identify incidents requiring first responders, dispatching ambulances, coordinating largest blood drive in Kenya’s history  French police disseminated pictures of attackers on Twitter during Nov 2015 Paris attacks  Belgian Dep PM requested public switch to social media during Mar 2016 Brussels attacks © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond  Community 3) Protect Social Media Crisis Communications: Best Practices identified by Department of State OSAC  Establish responsibilities in advance  Provide training  Use pre-approved language  Delete regularly scheduled posts  Post quickly and regularly  Put the main message in the tweet  Know hashtags, keywords and official accounts  Avoid abbreviations  Correct, don’t delete  Share questions  Avoid trolls https://www.osac.gov/Pages/ContentReportDetails.aspx?cid=19563 https://www.facebook-studio.com/fbassets/media/753/FacebookSocialMediaCrisisGuidelines.pdf © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Situational Awareness to Detect breaking events or emerging incidents or provide updated actionable information about ongoing incidents, special events or cascading events • Monitor unsourced and unsubstantiated messages using melodramatic language or excessive use of ALL CAPITAL LETTERS or exclamation points!!!!! circulated via forwarded emails, texts, and social media warnings of “more attacks” o example: “IT IS NOT OVER” in reference to 2015 San Bernardino mass shooting • Control publicly shared information to mitigate potential counterintelligence collection © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Situational Awareness to Detect breaking events or emerging incidents or provide updated actionable information about ongoing incidents, special events or cascading events • Warn and request public not post information regarding tactical or operational details before or during an event or incident (example: Brussels ISIS manhunt) • Support decisions affecting telecommunications o Determine limited information from public adversary social media postings o Potential to disable certain users from posting online by blocking device ID or account name o Temporarily suspend local cellular service if potential for imminent life threatening danger exists • Help coordinate response efforts by volunteers, organizations, agencies by posting updated information, including condition of survivors, avoidance zones, staging locations, means of donating © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Situational Awareness to Detect breaking events or emerging incidents or provide updated actionable information about ongoing incidents, special events or cascading events • Social media evidence is new frontier of criminal proceedings o Courts and The Stored Communications Act determine Social Media data governance o Social media content usually holds up in court when used as probable cause for a search warrant o Subject to same rules of evidence as paper documents or other electronically stored information, but unique nature and ease with which it can be manipulated or falsified creates hurdles to admissibility not faced with other evidence o Fourth Amendment protects people's right “to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures” – but when applied to information stored online its protections are potentially far weaker o Criminal defense attorneys have challenged credibility and biases of police officers because of statements found on social network website (2009 LASD advisory bulletin “Newsletter No. 09-07” 5/27/2009 http://www.aele.org/law/2010all04/lasd-0907.pdf ) © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Situational Awareness example: Boston Marathon Bombing Twitter Feeds • Tweets of “explod*”, “explos*” and “bomb*” within 35 mile radius of bombings • Many of the observed messages were from immediate vicinity of the finish line • Public health officials alerted regional emergency departments via the HHAN • Reports from news stations WCVB, Associated Press and CNN followed shortly after Reference: “Twitter as a Sentinel in Emergency Situations: Lessons from the Boston Marathon Explosions” PLOS July 2, 2013 © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Government access to encrypted mobile phone data: Safety vs Privacy • End-to-end (E2E) encryption technology restricts data access to intended user and hides their communications from government agencies and hosting service • Incidents involving U.S. law enforcement denied access to seized terrorist mobile phones in 2015 due to advanced encryption technology • FBI director told Senate Judiciary Committee one of (ISIS inspired) attackers “exchanged 109 messages with an overseas terrorist” morning of the (Garland, TX) shooting” o “We have no idea what he said because those messages were encrypted” o “Use of encryption is at the center of terrorist trade craft” • Apr 2016: FBI contracted Israeli cybersecurity company Cellebrite to crack San Bernardino terrorist iPhone © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect  Government access to encrypted mobile phone data: Safety vs Privacy • FBI requesting updated laws for “back door” method to circumvent commercial encryption technology and provide investigators access under court order • Apple, Facebook, Twitter, Google, others refuse to support on principle of customer privacy • BlackBerry supports all lawful access requests • http://www.nytimes.com/2015/12/10/us/politics/fbi-chief-says-texas-gunmanused-encryption-to-textoverseas-terrorist.html • Apr 2016: Microsoft suing USG for right to inform customers when their email is read • Apr 2016: Senate drafting bill requiring companies to support court ordered access to protected data © 2016 University of Southern California. Confidential and Proprietary Information. (3) Monitor to Prevent, Protect and Respond Community 3) Protect Safety and Security Tools • Twitter Gnip – Continuous stream of all Twitter Tweet data from all global public accounts • Nixle – secure communications and info sharing platform - agency.nixle.com/faqs/ • Bluejay (brightplanet.com/bluejay/ ) – Law enforcement crime scanner (through Twitter Gnip Firehose) • Dataminr – transforms Twitter stream and other public datasets into actionable signals • TweetDeck – Twitter management tool to monitor multiple searches with live updates • Hootsuite – Social Media Management Tool to monitor multiple applications (Twitter, Facebook, etc) • GeoChirp – Search for people Tweeting in specific area • WhoTalking - http://twitter.whotalking.com/ - Search social media for conversations and topics • Whostalkin - Search social media for conversations and topics • Watchthatpage - Automatic information collection from websites • Trendsmap – Map view of trending Twitter discussions • Twitterfall – View latest Tweets and upcoming trends • SocioSpyder – Mines open source data from multiple social media sites • TalkWalker Alerts - http://www.talkwalker.com/alerts • Trackur – Monitoring Internet articles and news • Socialpointer – Track and monitor social media content • Twilert – Twitter management tool searches on multiple subjects and send notification via email • GoogleEarth, Bing Maps – Geographical information system (GIS) mapping software • Create anonymous email account (www.gmx.com, www.mail.com, etc): http://www.pcmag.com/article2/0,2817,2476288,00.asp © 2016 University of Southern California. Confidential and Proprietary Information. Challenges • Legal challenges  Protected by Freedom of Speech to some degree  Policies for collection and retention: California law requires schools involved in social media monitoring to inform students, parents, guardians, and destroy data within one year of student leaving school or within one year of student turning 18 • Behavioral challenges  Older individuals more cautious with public sharing and use of private accounts and direct messaging more than younger individuals; but older members can be found and understood through family, spouses, friends  Anonymous communication; Aliases and false identities issues used  Potential copycat effect of viral videos and ability to influence many viewers  Issues with deciphering colloquial ‘street talk’ (varies by gang, prison and city), Slang, abbreviations, and foreign languages (e.g. Arabic, Spanish, Russian, etc) o Chicago: gun may be a thumper or a cannon. In Houston, a burner, chopper, pump or gat. In New York, a flamingo, drum set, clickety, biscuit, shotty, rachet or ratty • Technical challenges  Use of advanced end-to-end encrypted apps limits authorized government access to protected private account data © 2016 University of Southern California. Confidential and Proprietary Information.  Safety – Privacy issue regarding lawful access to encrypted personal data is the most important social media issue © 2016 University of Southern California. Confidential and Proprietary Information. Outline • Introduction • Use  Categories  Platforms • Operational View • Safety and Security Applications • Adversary, Criminal and Terrorist Exploitation • Demonstration  Public Monitoring  Expanded Monitoring © 2016 University of Southern California. Confidential and Proprietary Information. Safety & Security Usage • Safety and Security Organizations (1) Continuous Community Engagement and Information Sharing (2) Investigate Persons and Organizations of Interest (3) Monitor to Prevent, Protect and Respond • Adversarial, Criminal and Terrorist Organizations (1) Inspire, Influence, Connect, Recruit and Threaten (2) Plan and Prepare Criminal or Violent Activities (3) Perpetrate Crime, Violence or Execute Attack © 2016 University of Southern California. Confidential and Proprietary Information. Adversarial, Criminal, Terrorist Organizations 1) Influence Community (1) Inspire, Influence, Connect, Recruit and Threaten  Broadcast presence and promote message or ideology  Connect with community and recruit members  Threaten, intimidate and challenge rivals © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Broadcast presence and promote message or ideology • Conduct online discussions and debates to call attention to critical issues and to amplify protests and organize and coordinate physical demonstrations, mass gatherings, rallies, unrest, civil disobedience, violence and riots • Applications: Facebook, Twitter, Diaspora, Instagram, Telegram, FireChat, Secret, Snapchat, Kik, Chirp, Pinterest Secret Boards, YouTube, Vimeo, Vine, Diaspora, MySpace, PlayStation4, Xbox, public & private forums, encrypted email, www.TheHoodup.com, www.worldstarhiphop.com, YouTube search: “killa”, “nbk”, “187”, “CPDK”, etc © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Broadcast presence and promote message or ideology ISIS has major global social media presence (numbers as of Jun 2015) o ~3,000 Hardcore propagandists on Internet o 50,000+ Followers o 200,000+ Receive message • Attract attention to the Cause, promote organization using Electronic Graffiti in social media messages, photos and videos and inspire followers o Reach mass audience with unique “Brand” to inspire mobilization, galvanize vanguard o Project and disseminate ideological propaganda and utopian promises primarily through video clips and movie tie-ins (“300”, “Kingdom of Heaven”, “Straight Outta Compton”, pop culture/rap/jihadist videos, user/follower-generated-content, etc) © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Broadcast presence and promote message or ideology • Rapid Social Media exploitation by ISIS: Number of accounts created by year: 92 (2009), 182 (2010), 1,064 (2011), 2,380 (2012), 4,378 (2013), 11,902 (2014) • Brookings Institute estimates ISIS following 46,000 Twitter accounts by Dec 2014 • White House estimates 90,000 Twitter accounts following ISIS by end of 2015 • ISIS employs activists who flood the Internet with content at a very high pace • Simon Wiesenthal Center's Digital Hate and Terrorism Project identified over 10,000 hate and terrorist websites, hate games, and other postings © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Broadcast presence and promote message or ideology • Attract attention to the Cause, promote organization using “Electronic Graffiti” in social media messages, photos and videos and inspire followers • Boast criminal or terrorist exploits for Street Cred: streets of South Central LA or Fallujah … o Valorization of achievements and popularization of members, fighters, ideologues and preachers as ultimate role models o Violent imagery: rap songs, lyrical dissing, shoutouts to murdered members, beatings, flashing gang signs and guns, fights, initiations, murders, memorials to martyrs o Lavish lifestyle, bigger-than-life image of high living, bragging, exaggerations, flaunting cash, drugs, guns, women, power; Normalcy of Islamic State governance o Ideological decrees, terrorist attacks, beheadings, executions, IED explosions, etc © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Broadcast presence and promote message or ideology • Attract attention to the Cause, promote organization using “Electronic Graffiti” in social media messages, photos and videos and inspire followers • Promote violent extremist ideology and worldview using unique iconography and issuing narratives and counter-narratives against rivals and governments o Display grievances and framing of “injustice” o Al-Qa’ida narratives involve interviews providing ideological guidance o ISIS demonstrates graphic videos applying ideological guidance to the real world: punishments, battlefield victories o Jihadist media analyzed by jihadology.net/ and www.jihadica.com/ © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Broadcast presence and promote message or ideology • Attract attention to the Cause, promote organization using “Electronic Graffiti” in social media messages, photos and videos and inspire followers • ISIS attack claims published in Arabic, English and other languages on Telegram accounts and distributed via its supporters on Twitter in multiple languages and audio recordings (celebrating recent Russian airliner bombing, Beirut bombing, Paris mass shooting attacks) • Disseminate professionally looking digital magazines, newsletters, Hollywood style posters and music videos (Inspire, Dabiq, etc) • Encourage, Incite Violence, Strike fear, Calls for Attacks/Crimes on specific Targets/People/Groups o FBI Director Comey described the phenomenon as "the devil on your shoulder all day long, saying, 'Kill, kill, kill’; inform and celebrate anniversaries of significant events o ISIS does something al-Qaida would never imagine: they test people by tasking them: “Kill somebody and we'll see if you are really a believer.” o US officials say female suspect in San Bernardino California shooting used alias to post Facebook message of support to Islamic State on day of attack - @NBCNews, @AP © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Broadcast presence and promote message or ideology • Attract attention to the Cause, promote organization using “Electronic Graffiti” in social media messages, photos and videos and inspire followers • Inform organization members • Warn of possible snitches within organization (e.g. early jail release) • Identify suspected undercover agents, compromised Social Media sites, channels, accounts • Share intelligence on rivals • Honor virtual monuments for heroes and martyrs using photo/video media imagery © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Broadcast presence and promote message or ideology • Use of Swarm, Reconfigure and Adapt techniques in Twitter • Disseminate messages through use of decentralized multiple accounts • Consistent use of specific hashtags (Arabic Twitter account @ActiveHashtags) and organized hashtag promote reputation campaigns with thousands of followers that repeat Tweets at spaced out intervals to prevent Twitter’s spam detection algorithms • Undisrupted flow of content and information to indoctrinate and initiate • ISIS operates 24/7 IT Jihadist Help Desk to support encrypted secure communication capabilities and provide YouTube training • Protection against hackers: use Virtual Private Networks (hidemyass.com) and change device IP number (www.changeiponline.com) regularly • Insure #username and #email different © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Broadcast presence and promote message or ideology • Exploit news media who rebroadcast and amplify if content sufficiently “newsworthy” (i.e. violent, extreme, etc) • Gang members use social media at ~80% rate, consistent with general population, ~20% have websites or social media pages, ~1/3 of pages are password protected (2013 Midwest Gang Investigators Association study) • Criminals exhibit false sense of security hiding among crowd with youth invincibility © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Broadcast presence and promote message or ideology • ISIS uses social media to activate sense of “apocalyptic time” among supporters and rapidly spread its ideological contagion worldwide to recruit foreign fighters  Sense of time acceleration from rapid high volume postings  Imminent arrival of end-times scenarios  Leverage dynamics of social contagion and remote intimacy enabling safer – albeit virtual – contact between the violent and curious  Beliefs have inherent viral appeal • Social media is vehicle for committed supporters outside its territories to immerse themselves in highly idealized version of its millenarian project – the caliphate • ISIS first group to employ these amplifying tactics globally with social media • http://www.terrorismanalysts.com/pt/index.php/pot/article/view/444/html © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Connect with community and recruit members • Raise funds • Build relationships with other gangs, groups, organizations, leaders, individuals to promote ideology, organization and make them feel they belong • Listen and Respond to isolated individuals o Alienated, separated from traditional bonds and culture o Homesick, lonely, marginalized & excluded from society o Seek new friends who claim sympathy o Seek to join gangs/organizations/ideologies for companionship, sense of adventure • Answer questions, send information (propaganda, rituals, documents to read), entertainment (music), gifts, money • Provide encouragement to join • ISIS and AQ using Telegram, Twitter, WhatsApp and other secure messaging apps to disseminate encrypted messages to a wide audience • ISIS broadcasts in Arabic, English, French, German, Indonesian, Bosnian, Turkish, Kurdi, Urdu, Russian, and Bengali languages © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Connect with community and recruit members • Extremist Islamist Web Forums, Twitter, Dawn of Glad Tidings, Telegram • Muslim Social Media sites: MyMFB, Ummaland, Muslim Social, AlWahy, SalamYou • Disseminate, discuss extremist messaging, meet fellow minded supporters (U) Reference Aid: Foreign Terrorist Organizations’ Official Media Arms and Violent Extremist Web Forums (U) Prepared by the DHS Office of Intelligence and Analysis (I&A), 15 OCT 2015 © 2016 University of Southern California. Confidential and Proprietary Information. UNCLASSIFIED (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Connect with community and recruit members • Recruit members through Twitter and Facebook: Membership increasingly more important than Territory • Review larger numbers of applicants faster online and recruit anywhere • Communicate, inspire, groom and radicalize individuals to exploit sense of belonging, reinforce existing beliefs and motivations (e.g. find ‘school skipper’ hangouts for gang recruitment) • Communications with new promising recruits begin in public Twitter then shift to encrypted messaging apps o Discovery – ISIS discovers potential recruit, or potential recruit discovers ISIS o Create Digital Micro-Community – Supporters surround potential recruit with social input o Isolation – Cut ties with mainstream influences, families, friends, local religious communities o Shift to Private – Take conversations about into private encrypted messaging o Identify and Encourage Action – Probe to figure out what target is most likely to do (travel to join ISIS, or attack at home), encourage target to take action © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Connect with community and recruit members • Recruit members through Twitter and Facebook: Membership increasingly more important than Territory • Conduct public relations: Narco cartels boast of humanitarian aid to areas affected by natural disasters or crime • Some street gangs not directly recruiting members through social networking sites o Visitors to gang sites are not manipulated into becoming gang members o Visitors show curiosity and signs of support • Monitor to gather intelligence and ambush off-duty government agents through compromise of careless posts on Facebook, Twitter, LinkedIn and dating websites • (U//FOUO) Social media enabling a small, but increasing, number of lowerlevel known or suspected terrorists from Western countries to fabricate stories of their deaths in an attempt to evade security scrutiny by Western Intelligence UNCLASSIFIED // FOR OFFICIAL USE ONLY © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Connect with community and recruit members • Recruit members through Twitter and Facebook: Membership increasingly more important than Territory • “From Teenage Colorado Girls to Islamic State Recruits: Case Study in Radicalization via Social Media (Nov. 11, 2014)” • Three US teenage girls from Denver of Sudanese and Somali descent became radicalized in one year by following jihadist supporters through intense social media activity on Ask.fm, Twitter, Tumblr and YouTube o Camaraderie, good morale o Purposeful activity and sense of heroism • Social Media based radicalization is a long-term process of subliminal indoctrination of individuals who “lack sense of belonging” and are “looking for something”: Significance and Identity o “Realized purpose in life” and embraced radical ideology o Lied to parents, stole money, planned to sever ties with families, friends and West o Planned to start new life by joining the Islamic State in Syria o German authorities intercepted the girls and returned to US • http://news.siteintelgroup.com/blog/index.php/entry/309-from-teenage-colorado-girls-to-islamic-staterecruits-a-case-study-in-radicalization-via-social-media UNCLASSIFIED // FOR OFFICIAL USE ONLY © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Threaten, intimidate and challenge rivals • Collect online information on Persons or Organizations of Interest from Social Media accounts • State exaggerations, idle boasts, false statements, or hoaxes • Establish presence: challenge, swagger, declare vengeful statements, disrespect, threaten and provoke rivals - ‘gangbang from your living room’ • Announce claimed territory and challenge competitors • Conduct cyberbullying, taunting, dissing, harassing, sexual/identity harassment, revenge porn, etc • Quickest way to let people know you aren't afraid to fight • Harassing, offensive, threatening comments – including rape/death (gender, ethnicity, religion) using anonymous social media applications such as Yik Yak, www.4chan.org – issues with First Amendment protection of speech © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Threaten, intimidate and challenge rivals • Two rival Omaha gangs, N.I.K.E. and Jordan, use social media for promotion • Members are young gangbangers who rap together and go back and forth bad-mouthing and threatening each other in rap videos posted on YouTube • Gang members monitor Twitter for information on party attendees, location and find out where enemy gangs hang out so they can show up for a fight https://www.youtube.com/w atch?v=7jmHtyRlpSE https://www.youtube.com/watc h?v=hdO5wev_-t0 © 2016 University of Southern California. Confidential and Proprietary Information. https://www.youtube.com/watc h?v=EoErbBJWBGU (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Threaten, intimidate and challenge rivals • Child exploitation and human trafficking • Publish and communicate focused or widespread generalized or targeted real threats or demands (ransom, extortion, violence, injury, murder, mass murder) containing text, audio, images, video o Online gangbanger War of Words – “Facebook Driller” o ISIS threatened Twitter CEO and company o Use of Hate speech o In Chicago two-thirds of school-related violence spawned on social-media sites o Example Oregon Umpqua College mass shooting threats on www.4chan.org anonymous message board o Activities online are sparking violence offline © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Threaten, intimidate and challenge rivals • Intimidate and coerce private citizens, informants or government agencies – post threatening and violent images and videos, torturing / executing informants • Badge of honor: Jihadists compare Social Media site suspension to the trials of the prophet Muhammad; similar to jail time for criminals © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Threaten, intimidate and challenge rivals • Jihadists Intensify Twitter Campaign Warning U.S. Against Iraq Intervention (Jun. 29, 2015) • Jihadists launched social media on Twitter to direct threats against the U.S. for intervening in Iraq against the Islamic State, suggesting targets and inciting Muslims to act • “Friday of Warning to the American People” and #CalamityWillBefallUS http://news.siteintelgroup.com/blog/index.php/categories/jihad/entry/194jihadists-intensify-twitter-campaign-warning-u-s-against-iraq-intervention © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Threaten, intimidate and challenge rivals • Sang shooting boasts – “Taking the W” http://twitter.com/Smokeyyy1_/statuses/686659948156194817 © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community National Gang Intelligence Center 2015 National Gang Report • All jurisdictions report gang member use of social media technology • Increased use of social media by gangs to secure increased power o o o o o o Post rap videos for promotion, enticement, recruitment “electronic graffiti walls” and incite violence Lure girls into sex trafficking (“BMS” California gang) Facilitate communication target rivals and plan criminal activities Threaten and thwart law enforcement efforts (Detroit gang member openly threatened Detroit Police Chief in social media in 2014) o Extortion (gangs text pictures of allegedly tortured prisoners to their families) o Network with other gangs and Mexican Transnational Criminal Organizations • Use multiple apps and methods similar to extremist organizations New Weapon of Choice © 2016 University of Southern California. Confidential and Proprietary Information. https://www.fbi.gov/statsservices/publications/national -gang-report-2015.pdf  Possession of two or more mobile phones potential suspicion indicator © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community • The National Gang Intelligence Center 2015 National Gang Report identifies enhanced criminal operations among street gangs, prison gangs and between prison gangs and street gangs through use of smartphones with social media for secure communications and coordination • 90% of prison gang inmates use at least one social media platform • Social media apps: Facebook, YouTube, Instagram, Twitter, Snapchat, KiK, etc • Unique social media apps used by gang members • • • • Mobile Patrol – free public safety app receives crime related news and alerts Rounds – free video chat allows YouTube viewing, shares whiteboards and photos Glide – free chat app shares streaming video in almost real-time OkHello – free video chat creates and shares virtual rooms, shares photos & videos © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community Right Wing Extremist use of Social Media • Imitate most social media methods used by Jihadist Extremists • Primarily use Forums and some of the social media sites exploited by Jihadist Extremists (Facebook, LiveJournal, Twitter, YouTube, and Pastebin) to promote image and extremist agendas for political influence and new member recruitment • Post personal views, scheduled events, disseminate propaganda and profile enemies on private Twitter, Facebook and Google+ accounts, individual websites, topic-related websites and forums (www.altermedia.info/, hwww.infoportal24.org/, www.kkknights,com) • Forums mostly closed, but websites typically open to encourage visitors • Offer some online training on protected communications and encryption • Post hidden content on public platforms via PicBadge electronic tags and Quick Response Codes digital codes to reveal ideological affinity stickers and posters • Many social media accounts closed by operators (Twitter, Facebook, etc) and some hijacked by hacker organizations (e.g. Anonymous twitter.com/yourkkkcentral) • German police have raided private homes of individuals posting hate speech on social media with 196 investigations in 2014 and 289 investigations in 2015 Berlin police: “the internet is not above the law” Glasgow Police: “#thinkbeforeyoupost” • http://freebeacon.com/issues/justice-department-studying-far-right-social-media-use/ • http://www.breitbart.com/london/2016/04/07/police-raid-social-media-posts/ • https://www.verfassungsschutz.de/download/publication-2013-08-right-wing-extremists-and-their-internet-presence.pdf © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community Right Wing Extremist use of Social Media • Anders Breivik, Norwegian Lone Wolf Right Wing Extremist terrorist • Posted 1,518 page manifesto on Facebook and Twitter and a video compendium on YouTube just 5 days before conducting terrorist attack in Oslo, Norway that killed 77, Jul. 22, 2011 • Employed very limited one-way use of social media to declare his message • Member of Swedish neo-Nazi internet forum, Nordisk: http://www.nordifront.se/ • http://www.bbc.com/news/world-europe-14259989 © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community Left Wing Extremist use of Social Media • Antifa and affiliated groups, global Left Wing Extremist, Anarchist and AntiFascist organizations • Use websites and Twitter to post ideologies, schedule protests, disseminate information and warnings and profile on public Twitter, Facebook accounts, and topic-related websites • Far less use of violent or aggressive language than Right Wing or Jihadist Extremists • https://nycantifa.wordpress.com/ Websites                        Abc No Rio Action Antifasciste Paris-Banlieue Affect Alarm! Anti-Fascist Network Anti-Fascist News Anti-Racist Action Antifa Bogota Antifa Canada Antifa Friedrichshain Antifa Hardcore Antifa Odessa Antifa Russia Antifa Russia International Antifa Sacramento Antifa Speaking Tour 2013 Antifa Street Art Antifa Ukraine Antifascist Archive Antifascist Darkwave Aristeri Kinisi – NY Arizona Antifa Defense Autonomous Action Russia                        Bay Area Antifa Bay Of Rage Book Thug Nation Brooklyn Base Central PA Antifa Chtodelat News Combustion Books Datacide Death To Capitalism Cinema Автономное Действие EastRev Fútbol Rebelde Fire To The Prisons Fools of Vineland FTP NYC Global Antifa Green Is The New Red Hoosier Anti-Racist Movement Huasipungo Idavox Institute For Experimental Freedom Interference Archive It's Going Down © 2016 University of Southern California. Confidential and Proprietary Information.                        Αthensantifa19jan Jerry Resists Khimki Battle Libcom Liberty Lamp London Antifascists Love Music Hate Fascism Machinedesiring Sound System Magic Muscle Media Medellín Antifascista Midwest Straight Edge Antifa Mundo Redskin Mysterious Rabbit Puppet Army New Jersey Socialist Party New Significance NYC Anarchist Black Cross NYC Indymedia Occupied London Occupy Everything Occupy Wall Street One Peoples Project Partisans Philly Antifa                        Post-Third Position Fascism Problems of Whiteness Red Metal Redskins Russia Redstar 73 Restoring the Honor Rose City Antifa Sare Antifaxista Slackbastard South Side ARA Spe-lunk-ing Street Voice Uk Strike Everywhere Strike Is A Verb Tahrir-ICN Tattoo Circus Berlin Tempest Library Tinley Park Five Torch Vegan Antifa Voider We Are Brothers Who Makes The Nazis (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community Exploitation of social media to inspire & recruit foreign fighters • Constantly evolving methods • Popular, multilingual, free technologies DHS HSSI Report “American Foreign Fighters: Implications for Homeland Security,” Aug. 31, 2015 • Persistent, cohesive, outsized presence • Dispersed resilient presence increases global audience over physical contact limitations • Shift in messaging and mass communication strategies • Past: “Command & Control” audio and video press releases from al-Qa’ida senior leadership • AQI leader Zarqawi understood multifaceted role images, audio messages, and videos play in psychological warfare and recruitment • Present: Real-time, peer-to-peer sharing involving members across all levels, supporters and recruits to quickly, easily communicate, connect, crowdsource • Fluid, dispersed, constantly reorganizing, networks; ~5K Core members, 1M+ supporters © 2016 University of Southern California. Confidential and Proprietary Information. http://www.anser.org/docs/reports/American_Foreign_ Fighters_Implications_for_Homeland_Security_Final_ Report_Task_14-01.03.11_508.pdf (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community Exploitation of social media to inspire & recruit foreign fighters • Wide range of ever expanding social media platforms flow influence everywhere • Twitter, Facebook, YouTube, KiK, WhatsApp, Tumblr, Ask.fm, Telegram … • Cross-linked multimedia (text, audio, video, live broadcast, encryption) documents across multiple languages, platforms, file sharing sites (justpaste.it, archive.org), servers, countries • Display powerful ideological imagery enhanced with computer special effects • first-person shooter video games attract recruits: “Grand Theft Auto: Sound of Swords” • Information uploaded, copied and reposted millions of times and locations • Employ wide range of apps, bots and spam-like services • Limits impact of account suspensions and closures • Unaffected by air strikes © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community Exploitation of social media to inspire & recruit foreign fighters • “iTerrorist” • Brought jihadi community into the mainstream of the Internet • Connect at personal level, share, ask questions empathize with individuals and organizations • Online supporters reach out, screen and engage potential recruits • Share operational successes, ‘atrocities’, or mundane aspects of daily life • Allow potential foreign fighters to self-radicalize or make direct contact • Personalized guidance and encouragement, “If I can do it, you can, too!” http://news.siteintelgroup.com/blog/index.php/entry/192-follow-isis-on-twitter-a-special-report-on-the-use-of-social-media-by-jihadists © 2016 University of Southern California. Confidential and Proprietary Information. (1) Inspire, Influence, Connect, Recruit and Threaten 1) Influence Community  Islamic State terrorist issued ominous blog posts three days before attacking U.S. soldiers at Naval Reserve Center in Chattanooga, TN • Explanation for his actions and expressed desire to reach paradise • Inspiration to others  Attacker has since become a figure of praise for many jihadists • Martyrdom celebrated repeatedly on numerous IS supported Twitter accounts • Users gave tribute to Abdulazeez by setting their profile pictures to his photo http://news.siteintelgroup.com/blog/index.php/categories/jihad/entry/389-muhammad-youssefabdulazeez-made-ominous-blog-posts-days-before-attack © 2016 University of Southern California. Confidential and Proprietary Information. Adversarial, Criminal, Terrorist Organizations 2) Prepare Community (1) Inspire, Influence, Connect, Recruit and Threaten (2) Plan and Prepare Criminal or Violent Activities  Attack planning, weapon selection and target selection activities  Target surveillance, weapon preparation, tactical training (3) Perpetrate Crime, Violence or Execute Attack © 2016 University of Southern California. Confidential and Proprietary Information. (2) Plan and Prepare Criminal or Violent Activities 2) Prepare Community  Attack planning, weapon selection and target selection activities • Acquire guidance, solicit advice, discuss and coordinate acquisition of information regarding weapon selection, target selection and attack plan development • Plan and coordinate flash mob, protest, unrest, riot, etc • Arrange Sale of illicit materials: weapons, drugs, people, etc • Broadcast intent to commit violence o Montasser AlDe’emeh phone vibrated with a WhatsApp message audio recording from a Belgian jihadist in the same ISIS unit as Abdelhamid Abaaoud: “This is a message for the Belgian government from the mujahedeen of ISIS, It’s not a threat or a stupid thing, or just talk. This is a declaration of war. We have the plans.” • Applications: Facebook, Twitter, Instagram, WhatsApp, Telegram, Snapchat, Kik, Chirp, YouTube, LiveLeak, YouTube, Vine, MySpace, forums, etc • ISIS attack teams in France bought (with cash) cheap “burner” (prepaid) phones discarded after each use to avoid detection • Burner app for Android and iOS creates and deletes multiple numbers on mobile phone © 2016 University of Southern California. Confidential and Proprietary Information. (2) Plan and Prepare Criminal or Violent Activities • al-Qa’ida-linked fighters used Facebook to buy and sell weapons  Feb 2016: Syrian rebel Facebook page: ‘The First Weapons Market in Idlib Countryside’  Weapons include US and Russian made heavy artillery, ammunition, rocket launchers, thermal cameras, MANPADS  Active users included AQ and ISIS groups  Transactions handled via WhatsApp  Facebook removed the page http://www.washingtontimes.com/news/2016/feb/24/alqaeda-linked-fighters-using-facebook-to-buy-and/ © 2016 University of Southern California. Confidential and Proprietary Information. 2) Prepare (2) Plan and Prepare Criminal or Violent Activities 2) Prepare Community  Target surveillance, weapon preparation, tactical training • Coordinate surveillance and share information on target (person or infrastructure) and security, acquire weapons manufacture and tactical operational knowledge • Learn manufacture of homemade explosives from online recipes and videos • Tactics and techniques instructions and training videos for kidnapping, surveillance, ambush, delivering and activating explosives, secure communications procedures using social media tools, etc • Befriending to support human trafficking and prostitution • Training in Cyber methods for hacking, evading firewalls, phishing, financial theft, stalking, surveillance & information gathering • Stalking, predatory surveillance (befriend, assault, theft, etc), pre-attack reconnaissance • Track cartel detractors and monitor the activities of armed militias • Child predators prowl for bored, vulnerable, bullied, or low self-esteem kids online © 2016 University of Southern California. Confidential and Proprietary Information. (2) Plan and Prepare Criminal or Violent Activities 2) Prepare Community • ISIS instructs Western followers how to avoid detection by police • “Safety & Security Guidelines for Lone Wolf Mujahideen and small cells” • “Chapter 4 Online security – Encryption” provides guidelines for online security to avoid detection by intelligence and law enforcement and recommended resources • “Your mobile phone is a government spy with you on your pocket” • “Use encrypted Instant Messaging apps: Chatsecure” • “Some apps have been compromised like Kik or Surespot” • “Encrypt sensitive storage devices: TrueCrypt, VeraCrypt” • “Avoid Gmail, Facebook and iOS” • “Never use iOS, as it’s compromised” • “Always browse the web anonymously, use tools like TOR Browser or Orbot” • “read about PGP (encryption) protocol” • “consider using VPN, but HIGHLY suggest Talis Operating System” https://tails.boum.org/ • “DeepToWeb contains some excellent tutorials” https://www.deepdotweb.com/ • “(read) Jolly Roger’s Security Guide for Beginners” https://www.deepdotweb.com/jolly-rogers-security-guide-for-beginners/ http://www.homelandsecuritynewswire.com/dr20160111-isis-instructs-western-followers-on-how-to-avoid-detection-by-police © 2016 University of Southern California. Confidential and Proprietary Information. (2) Plan and Prepare Criminal or Violent Activities 2) Prepare Community • ISIS publishes Lone Wolf Terrorism for Dummies handbook • Teach aspiring terrorists how to strike using interactive e-book format • Reviews Sharia law and jihad and motivation for attacks • Step-by-step how-to guide for explosives preparation and TTPs • Available on ISIS Telegram channels • Mimics popular For Dummies self-help franchise http://www.vocativ.com/293479/isis-fans-present-lone-wolf-terrorism-for-dummies/ • Additional instructions and weapons training available to ISIS users on other Telegram channels (http://tchannels.me/) • “Lone wolves, my turn is next” http://www.vocativ.com/242396/telegram-group-becomes-treasure-trove-of-tips-for-lone-attackers/ © 2016 University of Southern California. Confidential and Proprietary Information. (2) Plan and Prepare Criminal or Violent Activities 2) Prepare Community  Many mobile phone apps masquerading as normal productive apps actually covertly password protect hide texts, documents, photos, videos, secret web browsers (without history)  2016 study (Kaspersky Lab) found 57% US teens hide online activity from parents • Private Photo (Calculator%, Calculator+) • Photo & Video Calculator • Private Photo Vault • Best Secret Photo • KeepSafe • PhotoVault Android • Gallery Lock Lite • KYMS • … iOS • Vaulty https://www.buzzfeed.com/morganshanahan/look-alive-parents-this-smartphone-app-is-helping-yourkids?utm_term=.hfBdqeqEK#.cuojRLRBv © 2016 University of Southern California. Confidential and Proprietary Information.  Existence of one or more calculator ‘ghost apps’ potential suspicion indicator © 2016 University of Southern California. Confidential and Proprietary Information. (2) Plan and Prepare Criminal or Violent Activities 2) Prepare  Jihadist Internet users converging on Telegram mobile phone app to exploit secure end-to-end encrypted messaging  Used by Islamic State (IS) terrorists to coordinate Paris attacks in Nov 2015  Used by IS for online training in  Kinetic missions – Explosives preparation, use of edge weapons and firearms, lone wolf attacks  Cyber missions – computer programming, secure communications methods and encryption, cyber warfare to target and hack computer networks  Includes links to non-terrorist sites (e.g. www.pentesteracademy.com)  Material has been judged to not currently provide expert knowledge  Al-Qa’ida now also creating own channels on Telegram  Telegram recently removed 78 public channels used by 100,000+ supporters of IS  But is growing rapidly at allegedly 350,000 new users per day http://www.vocativ.com/251826/isis-followers-flock-to-a-new-foolproof-messaging-app/ http://www.vocativ.com/news/264640/isis-hackers-sharpen-skills-used-for-cyber-terror-in-secret-forum/ http://www.thedailybeast.com/articles/2015/11/16/this-is-isis-new-favorite-app-for-secret-messages.html © 2016 University of Southern California. Confidential and Proprietary Information. (2) Plan and Prepare Criminal or Violent Activities 2) Prepare Community  ISIS published a list of safest communications tools to evade surveillance  Posted by ISIS “technical expert”, Nov. 18, 2015  Five ‘Safest’ all made by non-US companies where US court orders not enforceable  http://www.wsj.com/articles/islamic-state-teaches-tech-savvy-1447720824/?mod=mktw user sophistication © 2016 University of Southern California. Confidential and Proprietary Information. (2) Plan and Prepare Criminal or Violent Activities 2) Prepare Community  Electronic Frontier Foundation published Secure Messaging Scorecard  Recognized and respected computer technology resource  Preliminary evaluation (Dec 2015)  Scorecard: https://www.eff.org/secure-messaging-scorecard  Tips, Tools and How-tos for Safer Online Communications: https://ssd.eff.org/  ChatSecure + Orbot (US)  Off-The-Record Messaging for Windows/Pidgin (Canada)  Signal (US)  Silent Phone (Switz)  Telegram (Saint Kitts & Nevis)  Threema (Switz)  WhatsApp (US)  Jitsi + Ostel (France)  Wickr (US) © 2016 University of Southern California. Confidential and Proprietary Information.  Existence of one or more end-to-end encrypted messaging, voice, or email apps on mobile phones potential suspicion indicator © 2016 University of Southern California. Confidential and Proprietary Information. (2) Plan and Prepare Criminal or Violent Activities 2) Prepare Community  Social Media Targeting examples • DHS FBI Roll Call Release Mar. 24, 2016 (For Official Use Only) • ISIS compromise of law enforcement personal data for possible targeting • ISIS supporters: Caliphate Cyber Army, Islamic State Hacking Division and others • “Doxxing”: Posting Personally Identifiable Information on US military, Minnesota law enforcement, State Department personnel and NYC residents to Islamic State-affiliated Telegram accounts and the Dark Web in 2015 and 2016 • Harass targeted individuals and provide “Kill List” targeting information © 2016 University of Southern California. Confidential and Proprietary Information. (2) Plan and Prepare Criminal or Violent Activities 2) Prepare Community  Social Media Targeting examples • DHS Computer Emergency Readiness Team (US-CERT) Best Practices to Avoid Data Compromises • Limit the amount of personal information you post. • Remember that the Internet is a public resource. • Be wary of strangers or persons out of the norm contacting you on social media and requesting personal information. • Evaluate your settings and limit access to your information. • Use strong passwords on all accounts. • Check privacy policies and limit options for individuals viewing your social media account. • Resources: • “Staying Safe on Social Networking Sites” (https://www.uscert.gov/ncas/tips/ST06-003) • “Socializing Securely: Using Social Networking Services” (https://www.uscert.gov/securitypublications/socializing-securely-using-social-networking-services) © 2016 University of Southern California. Confidential and Proprietary Information. Adversarial, Criminal, Terrorist Organizations 3) Attack Community (1) Inspire, Influence, Connect, Recruit and Threaten (2) Plan and Prepare Criminal or Violent Activities (3) Perpetrate Crime, Violence or Execute Attack  Cyber Crime and Attacks  Physical Crime and Attacks © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community • Cybercrimes that exploit Social Media are a persistent threat • Criminal entities increasingly using Social Media to increase advantage to perpetrate crimes, including identity theft and cyberstalking  20% of people have been victim of online crime  80% of crimes committed online involve usage of Social Media  78% of burglars admit using Facebook, Twitter, Foursquare, Google Street View, etc to Select Victim’s Properties • 66% of Facebook users do not know about privacy settings • 15% of adults have never checked their Social Media privacy account settings  54% of burglars state posting status, whereabouts on Social Media common mistake  39% of social networking users were victims of profile hacking, scams or fake links  Sex crimes are most common Social Media related offense with 33% instigated through Social Media sites  Young children who use Social Media sites can become victims of sex crimes, offenders obtained information or pictures of victim through victim’s social networks in 50% of sex crimes against a minor  The financial cost of Cyber Crime is LARGER than the Black Market for cocaine, heroin and marijuana combined © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community  Cyber Crime and Cyber Attacks • Hack Accounts: Commit Cyber crime (illegal computer or network access, identity theft, financial theft; hack into social media sites - Snapchat); Hack Facebook accounts through malware or phishing (with relevant social information) then rent captured accounts to spammers (www.4chan.org; Dark Web; www.NeighborHoodHacker.com; www.hackerslist.com) • Commandeer Accounts: impersonate real user to commit fraudulent financial scam • Profile Cloning: impersonate real user on Facebook and connect/friend with real user’s contacts to extract information • Phishing: hacker posing as respected individual or organization asking for personal data via wall post or direct message • Spearphishing: targets user through their individual interests • Fake Facebook: users tricked to a fake Facebook page and enter username and password which are then sold • Mining unprotected information: emails, phone numbers, addresses, birth dates, names of family members, schools, home town, etc • Clickjacking: hack personal account and trick user into clicking on an unintended button or link which sends them to a different page such as an advertisement but is actually financial account © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community  Cyber Crime and Cyber Attacks • Hacker groups (e.g. Lizard Squad) offer swatting and account hacking services for sale by communicating through Twitter • Compromise and deface accounts (example: CyberCaliphate attacks on USCENTCOM and several US media companies) • Malicious cyber actors have used compromised social media accounts to spread disinformation about alleged emergencies and attacks usually through Twitter © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community Use of Social Media to assist plotting terrorist attacks • Dec 2015: A UK couple was convicted of using social media to crowdsource and solicit recommendations of targets to bomb in London • Authorities noticed extremist posts on a public Twitter account asking for advice about what sites in London to bomb • “Westfield shopping centre or London underground? Any advice would be appreciated greatly” • included link to al-Qa’ida statement on the July 7, 2005, terror attacks in London • Other tweets included extremist rhetoric, instructions and images of IEDs • Police search uncovered bomb-making materiel http://edition.cnn.com/2015/12/29/europe/uk -couple-convicted-terror-charges/index.html © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community  Physical Crime and Attacks • Support execution of criminal or terrorist activities - Conspire, Coordinate Criminal or Terrorist Operational Activities - Twitter, Facebook, Instagram, YouTube, Flickr – smartphone geolocation • Gang members go online to monitor the movements of police officers and warn one another or give an "all clear" when officers depart • Facebook is the new home for human trafficking and home to countless pedophiles • Cyberstalking, Identity Theft, Virtual Surveillance (Zillow.com), hacking into Facebook & Twitter accounts to retrieve personal data for Information Gathering (“on vacation,” “at movies”) and Theft (photos, video), Financial theft, physical theft o Identity Theft to steal money from financial accounts; to enable extortion via Virtual Kidnapping (fake hostage-taking and ransom demand) using WhatsApp o Phishing Schemes o Fraud o Data Mining • Child predators communicate, arrange to meet with bored, vulnerable, bullied, or low self-esteem children • Coordinate pre-attack meeting locations • “Flocking” - type of flash mob in which gang members text one another to show up at specific place to commit crime, typically involves theft from home or business © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community  Physical Crime and Attacks • Weapons Activation Timing • Execution of Crime or Attack: flash mob Flocking • Monitor response by law enforcement, fire, emergency, military, etc and share tactical response information o Social media sites o Police scanner broadcasts – example @Broadcastify, www.broadcastify.com o On scene observations • Execute Second Wave of Attacks against responders • Broadcast attack or criminal activity o al-Shabab live tweeted 2013 Kenya Westgate shopping mall massacre, opening up new Twitter feeds even after others shut down o Twitter Periscope live broadcasting:  Display handgun, announce someone and drive to target residence  Drunk driving incident  Teens live streamed rape of a friend © 2016 University of Southern California. Confidential and Proprietary Information. intent to murder (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community  DHS Report “Terrorists and criminals using first-person video (FPV) and live streaming platforms” Dec. 22, 2015. FOR OFFICIAL USE ONLY • Use off-the-shelf technology (GoPro cameras, Samsung and Apple smartphones, button-hole cameras, to record explicit details of attacks using first-person perspective • Two principal requirements for video dissemination of an illegal act are video camera and Internet based video hosting or live streaming platform (e.g. Twitter Periscope, Facebook, Meerkat, YouTube, SnapChat, Livestream, Ustream, Onyx, etc) • Popularity of live streaming video technology increasing rapidly and more apps are integrating video capabilities • Five incidents in US, France and Belgium in 2015 where terrorists or criminals used or sought to use action cameras or FPV equipment to record their assaults • Violent extremists recorded their attacks using FPV in earlier incidents (2012 & 2014) © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community  DHS Report “Terrorists and criminals using first-person video (FPV) and live streaming platforms” Dec. 22, 2015 • One criminal actor recently gained widespread notoriety by posting FPV recordings made on his mobile phone to his Twitter and Facebook accounts of his murderous acts during a live broadcast in Virginia © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community  Physical Crime and Attacks • Coordinate attack: After phone taps uncovered the Verviers, Belgium plot, ISIS terrorist Abaaoud began using encryption technology on Telegram and WhatsApp messenger apps on multiple “burner” (prepaid) mobile phones to conceal attack plotting communications with his Paris team o (UNCLASSIFIED//FOR OFFICIAL USE ONLY) “Operational Security: French authorities located a cellphone outside the Bataclan concert venue likely belonging to one of the operatives containing encrypted applications, likely intended to make it difficult for security services to exploit the contents. … French authorities also claimed the phone linked to the Bataclan cell contained a map of the music venue, indicating the operatives probably familiarized themselves with the layout of the venue and conducted some sort of pre-operational surveillance prior to launching the attack, according to our analysis of open sources. The phone also contained a text message that included the phrase “let’s go, we’re starting,” highlighting phones were the probable method used for coordinating the assault, either at the theater or amongst all the attackers.” UNCLASSIFIED // FOR OFFICIAL USE ONLY © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community  Physical Crime and Attacks • Hostages were sending messages and a few mobile phone generated videos through social media during the 2015 Paris attacks to Twitter and Facebook • “They Are Slaughtering Everyone… One by One” • http://heavy.com/news/2015/11/bataclan-theatre-paris-terror-attack-shootings-gunmen-victims-deadconcert-hall-explosions-photos-video-eagles-of-death-metal-band-americans-facebook-twitter/ • Reuters and other news sources issuing near real-time alerts on Twitter • http://live.reuters.com/Event/Paris_attacks_2?Page=0 © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack 3) Attack Community Adversary Operational Exploitation of Social Media Left Wing Extremist Animal Rights Extremist Environmental Extremist Lone Wolf (all ideologies) (1) Inspire, Influence, Connect, Recruit and Threaten (2) Plan and Prepare Criminal or Violent Activities © 2016 University of Southern California. Confidential and Proprietary Information. (3) Perpetrate Crime, Violence or Execute Attack Outline • Introduction • Use  Categories  Platforms • Operational View • Safety and Security Applications • Adversary, Criminal and Terrorist Exploitation • Demonstration  Public Monitoring  Expanded Monitoring © 2016 University of Southern California. Confidential and Proprietary Information. Twitter Search • Standard Twitter Account  Free service  Past data up to thee present time only  Limited Access to 1% of all Twitter data  Manual Surveillance on tens to hundreds of Tweets daily  Multiple Windows  Simple Search  Advanced Detailed Search  Export to Office document (Word, Excel)  Limited analysis Only 1% of Tweets from public accounts accessible via Twitter © 2016 University of Southern California. Confidential and Proprietary Information. Twitter Search Twitter Basic Search: https://twitter.com/ Search: shooting Search: "homeless arrest" Search: shooting OR shots Search: shooting -shots Search: (shooting OR shooter) -shots Search: (shooting OR shooter) AND (police OR officer) Search: (narcóticos OR drogas) lang:es Search: near:"Long Beach" within:5mi © 2016 University of Southern California. Confidential and Proprietary Information. Twitter Search Twitter Basic Search: https://twitter.com/ Search: shooting Search: "homeless arrest" Search: shooting OR shots Search: shooting -shots Search: (shooting OR shooter) -shots Search: (shooting OR shooter) AND (police OR officer) Search: (narcóticos OR drogas) lang:es Search: near:"Long Beach" within:5mi Search: geocode:33.763700,-118.350372,5km © 2016 University of Southern California. Confidential and Proprietary Information. Twitter Advanced Search Twitter Basic Search: https://twitter.com/search-advanced © 2016 University of Southern California. Confidential and Proprietary Information. TweetDeck Surveillance • Standard Twitter Tweetdeck Account  Free service and application or browser add-on  Past, present and new streaming data  Limited Access to 1% of all Twitter data  Manual Surveillance on hundreds to thousands of Tweets daily  Multiple Windows  Multiple Advanced Search Patterns  Export to Office document (Word, Excel)  Limited analysis © 2016 University of Southern California. Confidential and Proprietary Information. TweetDeck Surveillance TweetDeck Dashboard: https://tweetdeck.twitter.com/ © 2016 University of Southern California. Confidential and Proprietary Information. Twitter Streaming Data • Twitter Gnip Account  Paid service  Present and new data  Access to all 100% of all Twitter data  Automated Surveillance on millions of Tweets daily  Multiple Advanced Search Pattern Filters  Export Filtered Data to Database document (Access, SQL)  Require Data Analytics tools for Additional Processing Tweets from All Twitter public accounts available via Gnip Data Feed © 2016 University of Southern California. Confidential and Proprietary Information. Twitter Streaming Data Twitter Gnip Data Feed: console.gnip.com (general info: gnip.com/,) Billions of Tweets Per Day © 2016 University of Southern California. Confidential and Proprietary Information. Twitter Demonstration Twitter Gnip Data Feed: console.gnip.com © 2016 University of Southern California. Confidential and Proprietary Information. Twitter Demonstration Example of data analytics applied to process collected Twitter data feed © 2016 University of Southern California. Confidential and Proprietary Information. Social Media Search • Google customized search engines to keyword search social networking sites, including:  Facebook https://cse.google.com/cse/home?cx=003390515112872459514:tuv0s6zg5lg&hl=en  MySpace  Google+  Tribe.net  LinkedIn  Meetme  Twitter https://www.social-searcher.com/google-social-search/  Pinterest © 2016 University of Southern California. Confidential and Proprietary Information. References: International Association of Chiefs of Police http://www.iacpsocialmedia.org/GettingStarted.aspx © 2016 University of Southern California. Confidential and Proprietary Information. References: International Association of Chiefs of Police http://www.iacpsocialmedia.org/Technologies.aspx © 2016 University of Southern California. Confidential and Proprietary Information. References: International Association of Chiefs of Police http://www.iacpsocialmedia.org/Resources/ToolsTutorials.aspx © 2016 University of Southern California. Confidential and Proprietary Information. References: International Association of Chiefs of Police http://www.iacpsocialmedia.org/Resources/ToolsTutorials/ViewTutorial.aspx?termid=16&cmsid=5520 © 2016 University of Southern California. Confidential and Proprietary Information. References: International Association of Chiefs of Police http://www.iacpsocialmedia.org/Resources/ToolsTutorials/ViewTutorial.aspx?termid=16&cmsid=5520 © 2016 University of Southern California. Confidential and Proprietary Information. References • “How to Use Twitter: A Guide for Law Enforcement”, Grogan, Billy J. (2015)  http://www.amazon.com/How-Use-Twitter-Guide-Enforcement-ebook/dp/B011HI28O4 • “Using Social Media for Global Security”, Gupta, Ravi and Brooks, Hugh (2013)  http://www.amazon.com/Using-Social-Media-Global-Security/dp/1118442318 • “Social Media Investigation for Law Enforcement”, Brunty, Joshua and Helenek, Katherine (2012)  http://www.amazon.com/Investigation-Enforcement-Forensic-StudiesCriminal/dp/1455731358/ref=pd_sim_14_4?ie=UTF8&dpID=41iZ9PP3zqL&dpSrc=sims&preST=_AC_UL1 60_SR107%2C160_&refRID=06CAY28HAKSFDZ9FD1R9 • International Social Media In Law Enforcement (SMILE) Conference  http://smileconference.com/  http://connectedcops.net/  VizSAFE mobile app for public to share info with first responders • Facebook Law Enforcement Training  www.facebook.com/lawenforcementsocialmediatraining • San Gabriel Valley Law Enforcement Social Media Group  http://sgvlesm.com/ • Los Angeles Police Department Blog  http://www.lapdblog.org/ • Connected COPS  http://connectedcops.net/ © 2016 University of Southern California. Confidential and Proprietary Information. References • LAwS Communications  Lauri Stevens, consultant @LawsComm  http://lawscommunications.com/lawsacademy • Toronto Police Service  http://www.torontopolice.on.ca/socialmedia/ • Project Eyewatch  http://www.police.nsw.gov.au/about_us/structure/operations_command/major_events_and_incidents_gr oup/project_eyewatch  http://connectedcops.net/why-police-should-be-on-facebook-lessons-from-the-nsw-police-forces-projecteyewatch-strategy/ • The SecDev Foundation  working with California law enforcement to map out relationships between gangs and cartels  http://new.secdev-foundation.org/ • Twelve Sixty Six  http://www.twelvesixtysix.com • Safe, Smart & Social  https://safesmartsocial.com/ • CyberWise  http://www.cyberwise.org/ • Social Media 4 Emergency Management • http://www.sm4em.org/ • Virtual Operations Support Teams • http://vosg.us/ © 2016 University of Southern California. Confidential and Proprietary Information. Open Source Info • Many websites provide information, tools and training to help users better secure online activity from surveillance • MyShadow - https://myshadow.org/ • Sells information on online anonymity and preventing electronic and financial surveillance • The Guardian Project - https://guardianproject.info/ • Information sharing site about methods and tutorials for safeguarding smartphones and access to secure apps and encryption tools • HowToVanish - https://www.howtovanish.com/ • Sells information on online anonymity and preventing electronic and financial surveillance • Deep.Dot.Web – https://www.deepdotweb.com/ • Information sharing site about methods for anonymous access and use of the Dark Net (accessible, non-indexed Internet) and Dark Web (restricted, non-indexed Internet); reviews of secure apps and VPNs © 2016 University of Southern California. Confidential and Proprietary Information. Definitions • Web 2.0 - second generation of the World Wide Web focused on shareable, user-generated content, rather than static Web pages. Some use this term interchangeably with social media. • Social media - category of Internet-based resources that integrate user-generated content and user participation. This includes, but is not limited to, social networking sites (Facebook, MySpace), microblogging sites (Twitter), photo- and video-sharing sites (Flickr, YouTube), wikis (Wikipedia), blogs, and news sites (Digg, Reddit) • Blog - self-published diary or commentary on a particular topic that may allow visitors to post responses, reactions, or comments. The term is short for “Web log.” • Microblog - service that allows users to send short messages out to a network of followers; examples include Twitter and Nixle. • Wiki - Webpage(s) that can be edited collaboratively • Podcast - a Web-based audio broadcast usually available by some form of subscription. Comes from the combination of the acronym POD, play on demand, and broadcast • Direct Message - on Twitter, a private tweet sent to a specific user. • Platform - a hardware (PC, Mac, iPhone) and/or software (Windows, Mac, Linux, Android) architecture that serves as a base. • Profile - information that users provide about themselves on a social networking site • Algorithm - process or set of rules used to perform a task; algorithms are used to generate online search results and other online procedures. © 2016 University of Southern California. Confidential and Proprietary Information. Definitions • Geolocation/Geotagging - incorporation of location data used on social media platforms to notify people where a user is at a given time • Trending - a word, phrase, or topic that is popular at a given moment, particularly on Twitter • Monitoring - continuous conduct of searches for any discussions, posts, videos, blogs, online conversations, etc. of your department with the purpose of discovering what is being said about you and being able to correct false information or rumors • Subscribe - to authorize to receive or access updates or messages • Feed - a list of a user’s recent updates; the feed can be posted on other sites • Post - content, in any format, placed on a website or the act of publishing content on a website • Tweet - a post or status update on Twitter • Retweet - abbreviated RT; sending out a tweet to your followers that was generated by another user • RSS - short for Real Simple Syndication or Rich Site Summary; format sites can use to indicate they have been updated, people can then subscribe to receive the stream of updates via an RSS reader • Hacktivist - hackers who commit a computer crime to communicate a socially or politically motivated message • Viral - term used to describe online content that has become increasingly popular across the Web See more at International Association of Chiefs of Police website: http://www.iacpsocialmedia.org/Technologies/Parent/Platform.aspx © 2016 University of Southern California. Confidential and Proprietary Information. Categories • Social Networks / Relationship Networks – Like Facebook (social) and LinkedIn (professional), which allow web users to make virtual social connections with others. You can set up your own profile on these networks, use the different features of the network to connect and share with others and interact in a host of other ways. A social network site is a social media site that allows users to connect and share with people who have similar interests and backgrounds. • News – Like Reddit and Digg where users share external links to news items • Mircoblogging – Users post short posts, as opposed to journal-style posts, for quick updates and distributing content via mobile devices with people subscribed to them. Notable microblogging sites include Twitter and Tumblr. Social networks such as Facebook, Google+, LinkedIn and MySpace also have microblogging features. • Audio/Video Media Sharing – Like YouTube, Flickr and Instagram, which allow users to share their content (images, videos and the like) with other users and also interact with them through social media profiles, messages and comments. Popular image sharing sites include Flickr and Pinterest, whereas Viddler and Vimeo are video sharing sites popularly used. • Web Blogs / Forums – Like Blogger, where users can make posts (ask questions, solicit opinions and the like) and interact with other users of the forum. In the context of blog comments, which are nothing but comments made by the audience at the end of a blog post, the interactions tend to focus on the topic of the post in question. Blogs are often viewed as online journals that order content chronologically, or by date, month, year and category. © 2016 University of Southern California. Confidential and Proprietary Information. Categories • Messaging – mobile smartphone apps and computer web-based sites enable realtime exchange of text, photo, video data. • Social Bookmarking – Like StumbleUpon and Delicious, where users can “tag” or bookmark different webpages and sites they like, for future use. Such media provide different features to organize and manage multiple links, also share them publicly. • Content Communities – Users on content communities organize, share and comment on different types of content, including images and videos. YouTube, Flickr and scribd are examples of content communities. • Wikis – Wiki websites allow a community of people to add and edit content in a community-based database, Wikipedia. • Podcasts – Audio and video files available through subscription services such as Apple iTunes. The term "podcast" is a neologism derived from "broadcast" and "pod" (as in "iPod"), since Podcasts are often listened to on portable media players. • Rating & Review sites – Crowdsourced reviews about local business. Yelp • Virtual Worlds – Computer-based simulated environments populated by users who explore virtual worlds and participate in its activities. Second Life, World of Warcraft • Personal broadcasting tools – Broadcast streaming audio and video content. BlogTalkRadio, Ustream, Livestream © 2016 University of Southern California. Confidential and Proprietary Information. Messaging Apps • Short Message Service (SMS) – primary chat app included on all smartphones, chat with other mobile phones, account connected to personal mobile phone number; over mobile cellular network; cost: mobile phone data plan • Facebook Messenger (US: Facebook) – free chat app on all smartphones & tablets, chat, voice, video with Facebook users; messages go over Internet and bypass cellular network; photos, videos, money attachments; cost: free • WhatsApp (US: Facebook) – free chat, voice and video calls app on all smartphones and Windows computers with WhatsApp users or any phone number, private & group messaging, photo & video attachments; account connected to personal mobile phone number; works over WiFi connection or 3G/4G cellular data plan; Free first year • Kik (Canada)– free chat app on all smartphones, chat with Kik users; popular with teens; photo & video attachments; notifications; recognizes Facebook and Twitter social contacts; account connected to personal email address; documented use by child predators; cost: free over WiFi connection or cellular data plan • FireChat (US) – free chat app on all smartphones, tables, laptops and desktop computers, chat with FireChat users; end-to-end encryption; photo attachments; documented use by protestors; cost: free over WiFi connection, cellular data plan or ad hoc networks through Bluetooth (actively switching) • Dstrux (US) – free chat app on all smartphones, chat with Dstrux users; messages and social media posts expiration time; prevents screenshots, does not allow saving data nor printing data; cost: free over WiFi connection, cellular data plan or ad hoc networks through Bluetooth (actively switching) • LINE (Japan), Google Hangouts (US: Google) – free chat, voice and video calls app on all smartphones to any phone number, private & group messaging, photo & video attachments; content can set to disappear; account connected to personal mobile phone number; free over WiFi connection or 3G/4G cellular data plan • Instagram Direct (US: Facebook) – free chat app on all smartphones, chat with Instagram users; popular with teens; photo & video attachments; notifications; cost: free over WiFi connection or cellular data plan • Twitter Direct Messenger (US) – free chat app on all smartphones, chat with Twitter users; photo & video attachments; cost: free over WiFi connection or cellular data plan • Periscope (US: Twitter) – free live video broadcasting and video chat app on all smartphones and tablets, share with Periscope users; cost: free over WiFi connection or cellular data plan • Snapchat (US) – free photo or video chat app on all smartphones, chat with Snapchat users; VERY popular with teens and young adults; content disappears in 10 seconds (but screenshots allowed) or 24 hours if attached to a Snapchat Story; photos, videos, money attachments; cost: free over WiFi connection or cellular data plan • Vine (US: Twitter) – free video chat app on all smartphones, chat with Vine users; popular with teens; cost: free over WiFi connection or cellular data plan • Viber (Cyprus, Israel) – free chat app on all smartphones with Viber users (use ViberOut to any telephone number); private & group messaging; works over WiFi connection or 3G cellular data plan; cost: free © 2016 University of Southern California. Confidential and Proprietary Information. Messaging Apps • Telegram (VK – Russia / Germany) – free chat app on all smartphones, tablets, laptops and desktop computers with Telegram users; very secure End-to-End, AES 256 Bit Hard Encryption; very fast service; Secret Chat content disappears <1 minute; private & group messaging (200 users); works over WiFi connection or 3G cellular data plan; cost: free • Skype (U.S. Microsoft) – free chat, phone, video all smartphones and computers with Skype users and all mobile and landline phones; photo & video attachments; cost: free (Skype users), fee (non-Skype phone numbers) - Skype Translate translates spoken words instantly into another language • WeChat (China) - free chat, phone, video app all smartphones and computers with WeChat users; talk in walkie-talkie half-duplex mode; private & group (up to 40) messaging; cost: free over WiFi connection or cellular data plan - “Look Around” social feature (recruitment?) • Yik Yak (US) – free chat, voice and video calls app on all smartphones with Yik Yak users, anonymous or private messaging; documented arrests for bullying, sexting, threats, etc; works over WiFi connection or cellular data plan; schools offer to geofence and block on campus; cost: free • ooVoo (US) – free chat, voice and video calls app on all smartphones, tablets, laptops and desktop computers with ooVoo users, private & group messaging, photo & video attachments; recognizes Facebook, Twitter, Gmail, etc social contacts; facial recognition; documented use by pedophiles; works over WiFi connection or 3G/4G/LTE cellular data plan; • Whisper (US) - free chat app on all smartphones with Whisper users; anonymous or private messaging; cost: free over WiFi connection or cellular data plan • YouNow (US) – free live video broadcast on all smartphones or computer with anonymous viewers; works over Internet connection or cellular data plan; cost: free • After School (US)– free chat app on all smartphones, chat with After School users (students of specific middle or high school on user’s Facebook page); documented bullying, sexting, pornography, threats, etc; photo & video attachments; cost: free over WiFi connection or cellular data plan • Burnbook (US)– free anonymous commentary on all smartphones, chat with Burnbook users (students of elementary to college schools); documented arrests due to bullying, sexting, pornography, threats, etc; photo & video attachments; cost: free over WiFi connection or cellular data plan • Omegle (US), Secret (US), StreetChat (US), Nimbuzz (Netherlands), Zumbl (India), 6Rounds (Israel), Chatroulette (Russia), Tinychat(US) – free text or video chat app on all smartphones with respective app users; private or anonymous chat; unmoderated; documented sexual assault (Omegle); works over WiFi connection or 3G cellular data plan; cost: $0.99 purchase • Ask.fm (US) – free anonymous questioning/commentary app on all smartphones, tablets, laptops and desktop computers, chat with Ask.fm users; documented suicides due to bullying, sexting, threats, hate speech, etc; Third party Ask.fm tracker apps; cost: free over Internet connection or cellular data plan © 2016 University of Southern California. Confidential and Proprietary Information. Smartphone Apps © 2016 University of Southern California. Confidential and Proprietary Information. Smartphone Apps © 2016 University of Southern California. Confidential and Proprietary Information. Recommendations • Detection and correct interpretation of digital online behaviors may improve capabilities of safety and security organizations • Video surveillance by private individuals in unexpected locations potential threat indicator • Fastest and accurate news sources currently are Twitter and BreakingNews.com • Safety – Privacy issue regarding lawful access to encrypted personal data is the most important social media issue • Possession of two or more mobile phones potential suspicion indicator • Existence of one or more calculator ‘ghost apps’ potential suspicion indicator • Existence of one or more end-to-end encrypted messaging, voice, or email apps on mobile phones potential suspicion indicator © 2016 University of Southern California. Confidential and Proprietary Information. Executive Summary Internet, Social Media and Smartphones Easy, Accessible, Affordable, Universal © 2016 University of Southern California. Confidential and Proprietary Information. DATAMINR FOR PUBLIC SECTOR Product Update We are excited to announce the release of the Geospatial Analysis application. This new product will be automatically available within Dataminr. GEOSPATIAL ANALYSIS APPLICATION The new Geospatial Analysis application will provide users with enhanced mapping tools to visualize real-time and historical events through on-the-ground social media activity. Powered by Dataminr’s geoprediction capability, the new Geospatial Analysis application displays geographic estimation for over 50% of the public Twitter dataset. 3 1 2 Example Use Case: During a student demonstration at the University of Cape Town in South Africa, the Geospatial Analysis application was leveraged to simultaneously monitor official protest hashtags, as well as keywords relevant to the location and event. 1. Conduct up to three comparative Boolean queries or simply monitor raw Twitter activity within a custom geofence. 2. Access every unique post matching your query from a given location in reverse chronological order, or get a high-level summary of top trending messages. 3. Analyze message volume for your selected region over a 24 hour window and drill down into critical peaks and declines in activity. support@dataminr.com Layer complex search filters in the Geospatial Analysis application using advanced components to segment social activity and gain greater on-the-ground context: • Search Term(s) or boolean query combinations • Time and Date Range across a 30 day archive of all public Twitter data • Geographic Area of Interest easily searchable in a Google Maps-satellite view, including terrain and street view zoom options • Retweets toggled on/off between unique, original Twitter activity and all activity including retweeted messages • Language filters for on-the-ground analysis across 76 language-specific processing models • Source Types algorithmically classified by Dataminr (such as Major News, NGO, etc.), as well as Twitter Verified accounts • Social Type for messages containing links to Facebook, Instagram, etc. • Image and other media content embedded in Tweets • Location Type including user-reported and Dataminr predicted coordinates Save searches within the application for easy future access, and share with other Dataminr users via URL or email. You can access the Geospatial Analysis application from the menu bar on the Dataminr Dashboard or from an expanded search window. After saving a search, click the star button above the query builder to view and share saved searches. QUESTIONS? Contact us at support@dataminr.com if you have questions about the application or your account’s permissions. As always, we welcome your questions and feedback. support@dataminr.com