OFFICIAL USE ONLY ASSOCIATION OF AMERICAN RAILROADS RAIL AWARENESS DAILY ANALYTIC REPORT (RADAR) November 6 - 12, 2018 ~hho- II ?f fig:ug'i. OFFICIAL USE ONLY Worldwide: Weekly Incident Map OFFICIAL USE ONLY OFFICIAL USE ONLY RADAR Map November 5 9, 2018 New York: Green Patty Candidate for Go Canada: Suspect Charged in Connectron Germany: Soccer Team Bomb'ng was pa . United ngdom Man Pleads Gnilty to PI New York Crty Hate Crlmes on the Rise i Environmental Actwists Disr, Singapore SGCUMY Heightenec at Ratl 9 United ngdorr? Pic-(pocket Theft (V Africa Po ice Arrest 14 Prasa E'n . <9 Germany: Anti-Coal Activists Dispute Re Flor'da Yoga Shooter Branded as ?lncei_ . Ma'ylanc Researcher Fincs ?Three Nece United K-ngdom Passen . Indonesia Twlte' Suspencs Over a Milh Netherlands Report Exammes Remal of. United Kngdon? Man Accused of Plottin I Spa-n Grenade-Shaped Be't Buckle Spar Spam. GrathI Vroiently Assauit France: SIX Suspectec Far-Right Extremi OFFICIAL USE ONLY Summary of Content \Veeklv Incident I\Iap Opposition to Fossil Fuels - Germany: Anti-Coal Activists Dispute Reported Details of Train Blockade 03? An environmental activist group posted claims on an anarchist website asserting that a train engineer is responsible for a near miss of direct actionists blockading track as part of a campaign opposing destruction of Germany?s Hambach Forest for a coal mining project. - New York: Green Partv Candidate for Governor Speaks Out Against ?Bomb Trains? During the recent election campaign for Governor of New York, the Green Party?s nominee decried the continued operations of ?bomb trains? transporting crude oil in the state and alleged that requirements for inspections, response plans and information sharing have gone ignored. The candidate polled substantially less than 2% of the vote on election day, November 6. - New York: Activists in Buffalo to Discuss ?Fight? Against ?Bomb Trains? 02? On Thursday, November 1, activists opposing fossil fuels held a meeting at a public library in Buffalo on the continued ??ght? against operations of oil trains and pipelines in upstate New York. No indications are noted of plans or calls for direct actions against rail. - Environmental Activists Disrupt Morgan Stanlev Recruiting Event 03? On Tuesday, October 30, direct actionists with L?eau Est La Vie (?Water Is Life?) Camp disrupted a Morgan Stanley recruiting event at Carnegie Mellon University in Pittsburgh. This group has previously organized protest camps and resistance activities against the Bayou Bridge pipeline in Louisiana. In Pittsburgh, participants demanded Morgan Stanley divest all ?nancial investment in the project. Rail Security - Spain: Grenade-Shaped Belt Buckle Sparks Securitv Alert at Spain?s Rail Stations 03? On Wednesday, November 7, police evacuated main railway stations in Barcelona and Madrid during rush hour after a belt buckle in the shape of a hand grenade triggered a security alert. The incident highlighted the heightened security measure of screening of passengers? bags for high speed trains operating in Spain. - Singapore: Heightened Securitv Bag and Passenger Screening at Rail Stations As of Monday, November 12, commuters at six rail stations in Singapore are required to submit their carried bags and other belongings for security screening. They must also walk through a metal detection system before retrieving items and moving to the train platforms. OFFICIAL USE ONLY Summary of Content Rail Security (cont?d) - Spain: Graf?ti Artists Assault Passengers in Six Attacks Over Holiday Weekend 0 0.0 Over All Saint?s Day weekend (beginning on Thursday, November 1), organized gangs of graf?ti ?artists? vandalized trains in subways in Barcelona and Madrid, Spain, in a series of incidents speci?cally intended to intimidate security of?cers and passengers. Security Awareness - Florida: Yoga Shooter Branded as ?Incel,? Posted hlisogvnistic Views on YouTube 02? On Friday, November 2, a 40-year-old man shot and killed two women at a yoga studio in Tallahassee and then killed himself. His apparent posting of dozens of misogynistic videos and songs to YouTube and SoundCloud, and supportive comments on a past shooting attack, have raised the prospect of his involvement in the ?incel? movement for ?involuntarily celibate? with blame focused on attractive women. ?Incels? perpetrated a mass shooting in Isla Vista, California, in 2014 and a vehicle ramming in Toronto in 2017. Terrorism - l\Iarvland: Researcher Finds ?Three Necessary Ingredients? for Radicalization Arie Kruglanski, a research at the University of Maryland, has published an analysis ?nding that any form of radicalization - whether it be neo-Nazism or Islamist extremism - requires ?three necessary ingredients?: a need for signi?cance in life; a ?narrative? that excuses violent behavior; and a community of like-minded individuals who validate the narrative and violence. - Australia: Homeless Hero Helped Thwart hlelbourne Attacker Tens of thousands of dollars have been raised for a homeless man in Melbourne, Australia, after a video showed his attempt to help police of?cers during a violent attack on Friday, November 9, by running towards a knife-wielding man with a shopping cart. Melbourne resident Michael Rogers, 46, has been widely praised in the media, for his heroic acts, earning the nickname ?Trolley Man.? - Britain: RIan Pleads Guiltv to Plotting Vehicle-Ramming Attack in London 02? On Friday, November 2, Muslim-convert Lewis Ludlow, 26, reportedly pled guilty to a terrorist plot to drive a van into shoppers outside a Disney store on Oxford Street in London, aiming to kill at least 100 people. Ludlow admitted to having pledged allegiance to the Islamic State of Iraq and Syria (ISIS). A joint operation involving police and the M15 security service disrupted the plot. OFFICIAL USE ONLY OFFICIAL USE ONLY Summary of Content Cyber - Canada: Suspect Charged in Connection with Identity Theft, Cargo Redirection Police in Toronto are reportedly searching for a cache of stolen goods believed to be hidden in public storage lockers somewhere in the city. In August of this year, police started an investigation, dubbed ?Project Groundhog,? into a cargo redirection scheme involving gold, jewelry and electronics. According to Toronto Police, commercial shipping accounts were hacked and goods redirected from the intended location. - vaer: New Report Finds USB Poses Significant Threat to Industrial Facilities 02? According to a new report released by Honeywell Cyber Security, an analysis of USB usage and behavior data extracted from 50 industrial facilities - including Oil Gas, Energy, Chemical Manufacturing, Pulp Paper, and other manufacturing facilities - found that exploitation of these small devices remains one of the top threat vectors impacting industrial control systems. Honeywell?s report offers several recommendations to help industrial facilities mitigate the threat of USB security gaps. Report Details Improperlv Routed Internet Traf?c Through China Telecom On Monday, November 5, a security expert?s blog posting alerted that China Telecom - the large international communications carrier with close ties to the Chinese government misdirected high volumes of internet data passing among various providers? backbones for a two?and-a-half year period. Although certainly suspicious, as yet it remains unclear whether the misdirection of data was merely accidental - or marked intentional hijackings of the Internet?s Border Gateway Protocol (BGP). Researchers Discover Method l\[alware via Embedded Videos in Word Researchers at the Israeli security ?rm Cymulate have reportedly tested and confirmed a new method by which attackers could potentially deliver malware via embedded videos in NIicrosoft Word documents. The team?s analysis, published on October 25, 2018, explains that Word?s embedding feature creates an HTML script behind the video image, which is executed by Internet Explorer when the thumbnail inside the document is clicked. It is therefore possible for malicious actors to edit that HTML code to point to malware, instead of to an actual video. OFFICIAL USE ONLY OFFICIAL USE ONLY Germany: Anti-Coal Activists Dispute Reported Details of Train Blockade On Monday, November 4, 2018, the Ende Gelande activist group, which opposes destruction of portions of Germany?s Hambach Forest for a coal mine expansion project sponsored by German energy sector company, RVVE, shared a message on the anarchist website, Enough is noug?, regarding a railway blockade staged on October 28. Reports at the time indicated that a coal train approaching the blockade was forced to execute an emergency stop just 10 meters shy of hitting the protesters, with the train driver subsequently claiming to have suffered from shock due to the incident; however. in its message, the activist group alleges that police intentionally misconstrued the facts in a way that would negatively portray the actions of its members and supporters. Ende Gelande asserts that a person with a red signal ?are had given the international stop signal to the train while it was still 300 meters away from the blockade. According to its posted message, crew members on the train noticed the flare, as well as a banner reading, ?People on the track,? and noti?ed the engineer. However, the group contends, the engineer chose to ignore the warning. Rather, Ende Gelande maintains the engineer did not slow down until people came running from the blockade toward the train in an effort to cause a halt that it ?nally came to a standstill 20 meters The Ende Gelande posting concludes by placing blame on the engineer, for purportedly ignoring the international stop signal RWE and thereby endangering the lives of the protesters. A link to the ?Declaration? of the blockaders, posted on October 28, is also provided. i, before the blockadeelecting to disregard lawful protest methods and protocols, ?direct action? activists Emugm . r'l continually produce unsafe conditions that escalate safety risk to rail workers and the public .. .1 1-. in the areas affected by their train blockades. A forced halt of a train on mainline track also 2021 Earlier tonight activists blocked an WM . train with lock-on. Cops cleared. Cops were has a cascading effect, causmg stoppages of trains elsewhere 1n the network. In some peepte tn the train that were instances, dangerous conditions result. The most severe is the effective splitting of a community because a grade crossing for detained after COPS Geared 'aS? ?00 Peop'e din blockade of 2! coal a main roadway is blocked by a train forced to halt due to a blockade or blockage action elsewhere. This disruption can, and tracks, t, Image by at times does, prevent local law enforcement and other first responders from meeting calls for assistance in a timely manner escalating the risk of harm to those affected by the accident, ?re, medical condition, or other type of emergency. OFFICIAL USE ONLY New York: Green Party Candidate for Governor Speaks Out Against ?Bomb Trains? On Wednesday, October 31, 2018, Howie Hawkins, the Green Party candidate for Governor of New York, spoke out against the ?dangers posed by oil bomb trains? traveling through the state. According to a post on his campaign website, he called for the State Department of Transportation to publish information on the track and tank car inspection program that started in 2014. Mr. Hawkins, who polled signi?cantly less than 2% of the vote on election day (November 6), contended that no information about the inspections has been released since 2017. His campaign?s online post further asserted, ?Emergency response plans should also be updated and ?rst responders need to be noti?ed when hazardous substances are being transported by train through their communities.? Without directly quoting Hawkins, his gubernatorial campaign website goes on to assert: ?Once again, trains carrying massive volumes of explosive crude oil are traveling on CSX-owned tracks through New York State. Such trains are called ?bomb trains? following the tragic rail disaster ?ve years ago in Lac Megantic Quebec where 47 people lost their lives on July 6, 2013. Faced with the Lac Megantic disaster and subsequent derailments of bomb trains in the US and Canada, Gov. Cuomo initiated a track and tanker inspection program in 2014. Last week, many local volunteers worked eight three-hour shifts during a 24-hour trainspotting effort at the Amtrak Depew Station on Dick Rd. They observed two bomb trains (100+ tankers each carrying explosive Bakken crude oil from North Dakota) traveling through Depew on CSX tracks.? This post concludes by detailing Hawkins? campaign promise to transition the state of New York to 100% clean renewable energy by 2030 and deriding the Trump Administration?s recent rollback of a United States Department of Transportation (US DOT) safety regulation requiring new braking systems on trains transporting high volumes of crude oil and other ?ammable liquids. The use of the term ?bomb trains? is mimicked across groups that oppose rail transportation of crude oil speci?cally to generate opposition and action not only with members and supporters, but also and more importantly among the public generally. Through words and images, the activists strive to create an indelible impression that these trains are inherently unsafe. The industry?s track record in safe operations is ignored as is the voluntary action by railroads to ensure that emergency responders have the information they need, and often training through exercises and outreach, for preparedness to mitigate effects should a derailment or other adverse incident occur. On Thursday, November 1, 2018, at 18:00 LT, environmental activists in Buffalo, New York, associated with Western NY Drilling Defense held a public meeting- located at to discuss their continued ?fight? against oil trains (referred to as ?bomb trains?) traveling throughout upstate New York. The meeting also focused on opposition to the Northern Access pipeline proj ect, led by National Fuel Gas Supply Corporation. The planned 24-inch pipeline would traverse some 100 miles, linking McKean County, with Erie ounty, New York. i Organized through Meetup to #Resist: Buffalo, a site frequently used to organize environmental meetings and protests in the Buffalo area, the meeting apparently occurred as scheduled without any activity disruptive to railroad operations or pipeline construction work in the Buffalo area. Of note, the Meetup to #Resist: Buffalo site has organized demonstrations opposing the transport of nuclear waste over the Peace Bridge that links Buffalo with Fort Erie in Ontario, Canada. On its Facebook page, Western NY Drilling Defense describes itself as ?community members united to prevent fracking through education, action, and policy. We are a group of water defenders, gas and oil resisters, environmental justice activists-- and a front against fracking!? The group has staged numerous protest actions in the past, such as a held outside of New York Governor Andrew Cuomo?s office in September to demand a ban on fracking. Its members often meet at the Crane Library to discuss or present on the topic of ?bomb trains? carrying Bakken crude oil through upstate New York. At present, there are no indications that the group has scheduled or called for direct actions targeting the railroad industry. 5, OFFICIAL USE ONLY OFFICIAL USE ONLY New York: Activists in Buffalo to Discuss ?Fight? Against ?Bomb Trains? Fight "Bomb Trains" and the Northern Access 2016 Pipeline Details I . in . . "110.19" L'sstaie Ec?ialol. We wiil also be strategy In n.1' wrtm..v 1? izll-II'I hath-m . pwmv? v.'1i Tie" cp agar-3 Cou?nty 1.3 (1.mic! p025": 3 cur waterways b"d teneti: ?a but Canada ?Jaticea' Fuel 11'2? i'ww. ?law. ll'r- YI-"rlnr . it]; i I'I?liv Iccl is go r?g OFFICIAL USE ONLY .Environmental Activists Disrupt Morgan Stanley Recruiting Event On Tuesday, October 30, 2018, environmental activists associated with L?eau Est La Vie (French for ?Water Is Life?) Camp disrupted a Morgan Stanley recruiting event at Carnegie Mellon University in Pittsburgh, The L'eau Est La Vie Camp - No Bayou Bridge is an active environmental movement that has previously organized protest camps and resistance activities against the Bayou Bridge pipeline '1 in Louisiana. Activists continue to call on Morgan Stanley to completely divest from the Bayou Bridge pipeline in Louisiana. Campus recruitment events for Goldman Sachs, Wells Fargo and Bank of America were also disrupted by the group and their supporters. From October through December 2018, banks funding the Bayou Bridge Pipeline and Energy Transfer Partners (ETP) are holding recruitment events at college campuses across the United States. L?eau Est La Vie Camp has called on environmental activists to protest the banks at these events. The group has urged that protests may an include ?a disruption, a banner drop or simply handing out flyers outside of the event.? The call for support has proven effective. In February 2018, the Collective,? an activist group that has repeatedly employed direct action tactics 1n organizing multiple Blockades at and disruptions to BREAKING Morgan Stanley facilities and events, posted a video on a disruption at .. POLICE INTENTIONALLY Brown University. In May 2018, three FANG Collective protesters were 2:31;; arrested after sitting on the road at the entrance to impede traffic mm THE HATER attending a Morgan Stanley Shareholders' meeting in Purchase, New York. 8, 9 IE3 Separately, as of November 3, 2018, the L?eau Est La Vie Camp has published a notification on .. earth?rstiournal.org requesting assistance to replace watercraft and supplies that were allegedly ?intentionally swamped and Energy Transfer Partners workers in the presence of the forcing many of us to $525595? swim through snake and alligator filled waters to get to shore and then walk.? - . OFFICIAL USE ONLY Spain: Grenade-Shaped Belt Buckle Sparks Security Alert at Spain?s Rail Stations On Wednesday, November 7, 2018, police evacuated the main railway stations in Barcelona and Madrid during the height of rush hour after a belt buckle in the shape of a hand grenade triggered a security alert. Acting on a telephonic report made by railway workers, the Catalan regional police force dispatched an explosives response unit to the high-speed rail tracks at central Sants station in Barcelona. Authorities later declared the incident a false alarm, believed to have been caused by a woman carrying the belt buckle inside a suitcase on board a train from Barcelona to Madrid. The alarm was reportedly triggered after security of?cers saw an object ?with the shape of a possible explosive device? on their scanners. When asked why the suspicious case was allowed on the train, the company that manages Spain?s railway infrastructure and supervises train station security, ADIF, responded that it had opened an internal investigation and would be revising its security protocols. Although in this instance the security alert proved false, the signi?cance of this incident is the demonstration of a heightened security measure for high speed trains. Spain suffered the most severe attack against a rail system in Europe on March 11, 2004, when explosives in bags behind by terrorists on four trains traveling on the same route into Madrid detonated within a few minutes of each other during the morning rush hour. This coordinated Al Qaeda operations, timed speci?cally to in?uence national elections held just a few days later, killed more than 180 people and wounded or injured over 2,000 others a level of impact in casualties that is proportionally equivalent to those suffered in the United States on 9/11. In France, military security patrols have expanded on high speed trains and at stations in the network as a result of the attempted mass shooting attack on August 21, 2015, by a lone gunman on board a Thalys high speed train en route to Paris from Brussels. The attacker reportedly acted under the in?uence of the Islamic State of Iraq and Syria (ISIS). Three passengers suffered injuries. Actions to approach, tackle, and subdue the gunman by three Americans, a Briton, and a Frenchman prevented in?iction of more serious harm. In the United States, Amtrak employs random bag checks, security patrols, and unannounced security surges at stations, buttressed by a well-trained workforce, in a concerted effort to maintain layers of security for deterrence and detection. u, E, OFFICIAL USE ONLY Singapore: Heightened Security Bag and Passenger Screening at Rail Stations On Monday, November 5. 2018. Singapore's Land Transport Authority announced that security will be increased at six transit stations across the republic. - As of Monday. November 12. commuters are required to submit their carried bags and other belongings for security screening through x?ray machines. Each passenger will walk through metal detectors as well before retrieving their items and accessing platforms to board their respective trains. - The new security measure will be enforced at least for an initial evaluation period of six months. The objective of these enhanced security measures is to assess, and optimize, ef?ciency in passenger screening and coordination among security and law enforcement of?cers. especially on actions to address identi?ed threats and objects of public safety concern. The increase in security at Singapore's transit stations is part of a broader effort by government of?cials to assess and test the preparedness of ?rst responders and law enforcement of?cers to various types of emergency situations, including acts of terrorism and serious crime. Authorities have emphasized that, at present, there is no known speci?c or credible security threat to transit stations and passenger rail operations in Singapore. As part of these efforts, a readiness exercise will be held on Wednesday, December 5, at Hougang station in the commuter rail system. Of particular signi?cance is the use of security screening of passengers and their belongings as they enter stations. Israel Railways has employed the same types of security measures since the early 2000s to combat the threat of suicide bombers entering trains and stations. In the United States, Amtrak conducts random checks of passengers bags, often employing explosive detection systems and canine teams in the effort. Across the country, commuter rail and rail transit systems in multiple metropolitan areas have implemented similar programs for random screening of passengers? bags notably, in New York City, Buffalo, Chicago, and Los Angeles. E, OFFICIAL USE ONLY Spain: Graf?ti Artists Assault Passengers in Six Attacks Over Holiday Weekend Over All Saint?s Day weekend (beginning on Thursday, November 1, 2018), organized gangs of graffiti ?artists? vandalized trains and violently harassed customers in five separate incidents across subway systems in Madrid and Barcelona. - Thursday, November 1: A group of graf?ti artists forced a train conductor on Line 12 in Madrid to move the train to a more visible area so they could do a ?better? job with their graffiti. The engineer reportedly suffered an anxiety attack as a result of the stress in?icted. Friday, November 2: A security guard noticed a group of individuals spray-painting the Casa de Campo station on Line 5 in Madrid. When the guard tried to record the perpetrators in the act of committing their crimes, they sprayed him in the face with paint. Friday, November 2: A group of 50 individuals were caught by security guards spray-painting across train . . cars situated at Las Rosas station on Line 2 in Madrid. The National Police were called and, while attempting to corner the culprits, two of?cers were sprayed in the face. Only one man, a 20-year-old of Pakistani origin, was arrested. Police reportedly seized more than 250 cans of spray paint. Sunday, November 4: Graf?ti artists spray-painted 18 meters across one of the trains at Hospital del Henares station on Line 7 in Madrid. Sunday, November 4: On Line 4 of Barcelona?s underground Metro system, a group of 34 people intentionally activated a train?s emergency brake and then exited and spray-painted one of the passenger rail cars. A pregnant woman who attempted to confront the vandals was sprayed in the face with paint and hospitalized. Two other passengers suffered paint spray to their faces. Only one of these vandals was caught by police. The resulting damages to the train cost more than ?10,000 (more than $11,230 US). According to Ricardo Ortega, the head of security and civil protection at TMB, the public transportation system for Barcelona, graf?ti artists targeting Spain?s subway trains have become increasingly violent, with some even coming to the task prepared with steel bars in case of confrontation. In 2017, there were 531 reported acts of vandalism in Barcelona?s Metro network. Since the beginning of 2018, that ?gure is already 465. Likewise, damages from graf?ti vandalism between 2015 and 2016 have cost ?63 million (nearly $73 million US). Irish Rail?s DART system has notably faced similar problems dealing with graf?ti vandals. In May of this year, a dozen graf?ti artists stormed a DART train in northern Dublin brandishing wood blocks and knives. No injuries were in?icted in the attack, but some passengers stated that they were shaken up by the traumatic ordeal. Damages from the incident cost an estimated ?4,000 (approximately $4,500 US). E, 1_7 OFFICIAL USE ONLY Florida: Yoga Shooter Branded as ?Incel,? Posted Misogynistic Views on YouTube On Friday, November 2, 2018, a 40-year-old man, identified as Scott Beierle, shot and killed two women at a yoga studio in Tallahassee, Florida, before turning his gun on himself. Beierle appeared to have posted dozens of misogynistic and racist videos and songs to YouTube and SoundCloud prior to the attack. On one of these accounts. he reportedly posted several grainy, dimly lighted Videos four years ago, which show him discussing his beliefs, including that interracial couples stem from mental illness and that women who are promiscuous should be cruci?ed. In another posted Video, Beierle reportedly mentioned Elliot Rodger, a 22-year-old self-described virgin who killed six people in Isla Vista, California in 2014. Rodger is often referred to as an ?incel,? which is shorthand for ?involuntarily celibate,? in online message boards. ?Incels? express animosity toward attractive women and men, whom they blame for their inability to have intimate relationships with women gene rally. Beierle reportedly stated in the Video that he had a similar outlook to Rodger when he was at the latter?s younger age. On message boards and forums for incels, users reportedly argued over Beierle?s status speci?cally, whether he was actually a ?Chad,? the term used in the incel community to refer to men who are presumed to sleep with many women, or was too conventionally attractive to be a true incel. Regardless of these perceptions, following the Tallahassee attack, self-described ?incels? reportedly celebrated Beierle?s actions online, blaming the murdered women for the incident. Beierle reportedly had a history of harassing women. He was arrested twice, in 2012 and again in 2016, on charges of battery. However, prosecutors ultimately dropped charges in these cases. Beierle?s former roommates have stated publicly that they felt uncomfortable with his odd, angry behavior, and ?the way he lurked and followed girls.? Adherents of the ?incel? movement are responsible for two other serious attacks in the past 4 years Elliott Rodger? mass shooting cited above, which occurred on May 23, 2014, and the vehicle? ?ramming attack that occurred on York City Centre business district, deliberately targeting pedestrians. He killed 10 and injured 16 others, some critically. Potential indicators of involvement in the ?incel? movement include: incidents of prior sexual harassment, groping, and . .. sexual assault; posted comments disparaging women, especially for perceived personal slights; and accusations of sexual . I . assault. The latter may further serve to motivate an ?incel? adherent to violence. 1_8, 1_9 I OFFICIAL USE ONLY Maryland: Researcher Finds ?Three Necessary Ingredients? for Radicalization On Sunday, November 4, 2018, the Winston-Salem Journal published an article detailing the work of Arie Kruglanski, a research at the University of Maryland who has been studying the common factors that play into radicalization. According to Kruglanski, any form of radicalization - whether it be neo-Nazism or Islamist extremism - requires ?three necessary ingredients?: a need for signi?cance in one?s life, a ?narrative? that excuses violent behavior, and a community of like-minded individuals who validate the narrative and violence. In his analysis, Arie Kruglanski speci?cally noted Robert Bowers, the attacker who recently shot and killed 11 Jewish congregants at a synagogue in Pittsburgh, as an example of an extremist who possessed all ?three pillars? of radicalization. Kruglanski highlighted that before the attack, Bowers had ?very little signi?cance,? a poor education, and few known friends or family. However, as a white male, Bowers held an attribute that secured for him a perceived advantage as a member of the white majority. The caravan of immigrants bound for the United States from Central America, according to Kruglanski, presented an apparent threat to Bowers? de?nition of his signi?cance his white majority status. Escalating his frustration were reports that George Soros, a Jewish investor, high pro?le supporter of the Democratic Party and its causes, and Holocaust survivor, had encouraged, organized, and funded the caravan. The prospect of someone or something trying to take away his signi?cance, Kruglanski?s research suggested, is what made Bowers ready to sacri?ce all other considerations and engage in an act of lethal violence. Tony McAleer, a former skinhead and organizer for the White Aryan Resistance, has fully agreed with Kruglanski?s model and further explained that once someone is radicalized, it becomes signi?cantly more dif?cult to reason with the person. At that point, he said, ideology and identity are intertwined. If you attack the ideology, you are attacking the person. McAleer expressed his belief that a person must ?rst disengage from the community before deradicalization is possible, citing his own experience as an example. Deradicalization, he added, requires ?exposing? those imbued with the radical ideology and experience ?to a different, more pro-social narrative, and particularly getting them attracted to alternative networks that give them respect.? Shutting down extremist websites and attempting to isolate a group?s members, he lastly pointed out, will merely allow them to ?stew in their own narrative.? OFFICIAL USE ONLY Australia: Homeless Hero Helped Thwart Melbourne Attacker Tens of thousands of dollars have been raised for a homeless man in Melbourne, Australia, after a video showed his attempt to help police of?cers during a violent attack last week by running towards a knife-wielding man with a shopping cart. The man, who has been identi?ed as Melbourne resident lVIichael Rogers, 46, has been widely praised in the media, earning the nickname "Trolley Man." On Friday, November 9, starting at approximately 4:10 pm local time, Shire Ali, 30, allegedly drove his pickup truck onto the sidewalk at Bourke Street in the crowded central business district of Melbourne, set the vehicle on ?re, and disembarked and stabbed three people, one fatally. Rogers intervened by pushing a shopping cart towards the suspect, who was then shot by police. Ali later died in hospital. Authorities have described the attack as an ?act of terrorism.? The next day Saturday, November 10 Donna Stolzenberg, the founder and managing director for the Melbourne Homeless Collective charity, set up a GoFundMe page for Rogers with the aim of raising $45,000 Australian dollars ($32,406 in US dollars). In recent days, a ?urry of donations has nearly tripled that goal. Over $120,000 Australian dollars ($86,500 US. dollars) has been raised as of Monday, November 12, and payments are still ?ooding in. Stolzenberg wrote on the page, subtitled ?Thank you Trolleyman,? that Rogers? efforts ?deserve a reward? and all donated funds from GoFundMe would go directly to Rogers to help ?get him back on his feet.? She added, ?He risked his own life that day for nothing in return and you can?t put a price on that.? 2_l . . II . Recorded footage posted on social media by an Instagram user shows Rogers charging towards the knife-wielding man Akita, ?33111.- using a supermarket cart, called a trolley in Australia. In a news media interview, Rogers revealed that he is homeless for a number of reasons, including a history of drug abuse and prison time for criminal offenses. just wanted to help and do something right for the first time in me life,? he said. ?It was a spur of the moment.? As of Monday, November 12, the GoFundMe page has been updated to indicate the charity will meet with Rogers later this week to give him the donated money. Rogers? actions, while certainly heroic, placed him at great risk. In this vein, it is important to reinforce what authorities expect of private sector employees and the public in security awareness; that is, to be attentive to their surroundings, especially for activities, behaviors, and objects that depart from the norm of experience in an area, and to report what they have seen or heard as thoroughly as the observation or encounter allows. The public certainly met that standard in the incident in Melbourne. Multiple emergency calls resulted in of?cers reaching the scene within one minute of the initial report of a vehicle ?re. As a result, trained and experienced law enforcement of?cers were present to engage the suspect and prevent further harm. OFFICIAL USE ONLY Britain: Man Pleads Guilty to Plotting Vehicle-Ramming Attack in London On Friday, November 2, 2018, Muslim-convert Lewis Ludlow, 26, reportedly pled guilty to a terrorist plot to drive a van into shoppers outside a Disney store on Oxford Street in London, with the aim of killing at least 100 people. Ludlow admitted to having pledged allegiance to the Islamic State of Iraq and Syria (ISIS). He had been identi?ed and investigated in a joint operation involving police and of?cials with the M15 security service. According to published reports, Ludlow formulated his plan after being stopped by police at Heathrow International Airport in February of this year as he attempted to board a ?ight to the Philippines. It is alleged he also set up a Facebook account called Antique Collections as a front to send money to south?east Asia to support terrorism. In posted communications online, he reportedly referred to himself as ?The Eagle? and ?The Ghost.? Prosecutors told the court that Ludlow first came to the attention of police in 2010 when he attended a demonstration led by radical preacher Anjem Choudary and his banned Al-Muhajiroun (ALNI) When stopped at the airport as he attempted travel to the Philippines, he claimed he was going as a sex tourist. However, the subsequent search of his home later revealed he had been in communication with a man named Abu Yaqeen in an area of the Philippines with a signi?cant ISIS presence. Police also recovered torn-up scraps of paper from Ludlow?s bin detailing his plans. These shreds reportedly listed ?potential attack sites? including Madame Tussaud?s Wax Museum, Oxford Street, St. Paul?s Cathedral and a ?Shia temple in Romford.? Tactics for an attack on Oxford Street were described as well the use of a van to mount the pavement would ?maximize death,? given the lack of safety barriers. On April 13, 2018, Ludlow?s mobile phone was reportedly recovered from a storm drain and found to have videos of him swearing allegiance to ISIS. Images maintained on the smart phone included pictures of crowded public areas, assessed as evidence of ?hostile reconnaissance.? Undercover of?cers then engaged Ludlow?s contact, Yaqeen, in online chat, where he allegedly called for ?lone wolf? attacks and funds to be sent to the Philippines. In fact, Yaqeen unwittingly connected an undercover of?cer to Ludlow, implying they could work together on an attack in Britain. g, a OFFICIAL USE ONLY OFFICIAL USE ONLY Canada: Suspect Charged in Connection with Identity Theft, Cargo Redirection Police in Toronto are reportedly searching for a cache of stolen goods believed to be hidden in public storage lockers somewhere in the city. - In August of this year, police started an investigation, dubbed ?Project Groundhog,? into a cargo redirection scheme involving gold, jewelry and electronics. - According to Detective Sergeant Ian Nichol of the Toronto Police, commercial shipping accounts were hacked and goods redirected from the intended location. Authorities further allege that at least one male suspect perpetrated an identity theft scheme by applying for and obtaining credits using identities of numerous unwitting victims. - The identi?cation cards were reportedly ordered to the victims? actual addresses. - Then, a cyber breach enabled redirection to addresses controlled by the suspected offenderOFFICIAL USE ONLY Toronto Police Detective Sergeant Ian Nichol has stated publicly that the known losses associated with both schemes exceeds $500,000 over a three-month period, affecting at least 38 known victims. On Wednesday, October 24, officers executed search warrants at a condominium in Yorkville and an of?ce at a separate Toronto location in connection with Project Groundhog. They reportedly seized a number of items, including a stolen Hublot watch valued at $36,000 dollars, 38 credit cards, multiple smart phones and electronic devices, and a number of forged documents, including certi?cates of citizenship, drivers? licenses and social insurance cards. On Wednesday, October 31, police arrested a male suspect identi?ed as 32-year-old erahmeil Selvyn Wilson. He has since been charged with 17 offenses, including impersonation with intent, theft of over $5,000, and possession of a credit card obtained by crime. Selvyn is further accused of using multiple aliases to rent lockers to store the redirected shipments. Detective Sergeant Nichol maintains that investigators believe there are more people involved in these fraud schemes. 5, According to a new report released by Honeywell Cyber Security, an analysis of USB usage and behavior data extracted from 50 industrial facilities - including Oil Gas, Energy, Chemical Manufacturing, Pulp Paper, and other manufacturing facilities - found that exploitation of these small devices remains one of the top threat vectors impacting industrial control systems. The analysis speci?cally showed that nearly half (44 percent) of the facilities? systems detected and blocked at least one ?le with a security issue. This report further revealed that 26 percent of the detected threats were capable of signi?cant disruption by causing operators to lose visibility or control of their operations. About one in six reportedly targeted industrial control systems or Internet of Things devices. The data was collected using Honeywell?s Secure Media Exchange (SMX) technology, which is speci?cally designed to scan and control removable media, including USB drives. Among the threats detected were high-pro?le malware, such as TRITON and Mirai, as well as variants of Stuxnet, an attack type previously leveraged by nation?states to disrupt industrial operations. In comparative tests, up to 11 percent of threats discovered were not reliably detected by more traditional anti-malware technology. Researchers note that, unlike IT networks. industrial networks lack traditional monitoring and security controls. Additionally, most devices do not require Honeywell Honeywell Industrial USB Threat Report Universal Serial Bus (USB) throm vector fronds. and u?npl cations for Industrial operators authentication, making it dif?cult to prevent unauthorized access or changes to controllers. OFFICIAL USE ONLY Cyber: New Report Finds USB Poses Signi?cant Threat to Industrial Facilities Honeywell?s report offers several recommendations to help industrial facilities mitigate the threat of USB security gaps: USB security should include technical controls and enforcement, rather than relying on policy updates and people training. Outbound network connectivity from process control networks should be closely monitored and managed. Such restrictions should be enforced by network switches, routers and ?rewalls. Anti-virus software should be maintained up-to-date at all times. End nodes should be patched and hardened. Personnel should receive additional cyber security education for proper handling and use of removable storage. Maintaining regular backups and having a tested recovery process in place can prevent potential ?nancial losses from ransomware attacks. Likewise, ransomware demands should never be paid, as doing so will not guarantee the restoral of infected systems. g1, _2_2 OFFICIAL USE ONLY Cyber: Report Details Improperly Routed Internet Traf?c Through China Telecom Route of misdirected Internet traf?c from the US to China that On Monday, November 5, 2018, security expert Doug Madory posted a blog alerting occurred over on e-week period in 201 7 that China Telecom - the large international communications carrier with close ties to the Chinese government - misdirected high volumes of internet data passing China Talecom's Internet Traf?c iSdiTECtion among various providers? backbones for a two?and-a-half year period. Although It??ikst?ni 1mm: CNN certainly suspicious, as yet it remains unclear whether the misdirection of data was merely accidental - or marked intentional hijackings of the Internet?s Border Gateway Protocol (BGP). h? DC as mg on, For almost a week last year, the improper routing reportedly caused some domestic internet communications in the United States to be diverted to China before reaching their destination. A trace route provided by Madory, dated from December 3, 2017, shows traf?c originating in Los Angeles ?rst passing through a Los Angeles" CA China Telecom facility in Hangzhou, China, before reaching its ?nal stop in 0 Washington, DC. Eastern Asia According to Madory, the entire misdirection - starting in 2015 - was the result of AS4134, the autonomous system belonging to China Telecom, incorrectly handling the routing announcements of AS703, Verizon?s Asia-Paci?c AS. The mishandled routing announcements reportedly caused several international carriers - including Telia?s Tata?s AS6453, AS3257, and Vodafone?s ASI273 - to send data destined for Verizon Asia-Paci?c through China Telecom, rather A related article published by Ars echnica highlights the inherent than using the normal multinational telecoms. For the next 30 months or so, a ?fragility? of the Border Gateway Protocol (BGP), described as the large amount 0f traf?c that used Verizon?s AS703 improperly passed through ?underpinning of the Internet?s global routing system.? This article AS4134 in China ?l?St- highlights past examples of malicious actors hijacking internet traf?c for their own purposes, including an attack in April of this OFFICIAL USE ONLY Cyber: Report Details Improperly OFFICIAL USE ONLY Routed Internet Traf?c Through China Telecom Trace route from December 3, 201 7, showing traffic originating from Los Angeles ?rst being directed through Hangzhou, hina before reaching its ?nal destination in Washington, DC: traceroute from California to Washington DC (Verizon) or Dec 03. 201/ 1 2 x.x.x 3 x.x.x 4 5 x.x x.x 6 x.x x.x Los Angeles United States 7 x.x x.x Los Angeles Un?ted States 8 218.30.53.49 Chinanet POP in American Los Angeles Un?ted States 9 202 97.90.149 CHINANEI backbone network Los Angeles Un ted States 10 202 97.63.21 CHINANEI backbone network Hangzhou Ch na 1] 202 97.63.? CHINANEI backbone network Hong Kong Hong Kong 12 202 97.121.174 CHINANET Hongkong network Hong Kong Hong Kong 13 14 210.80.3 117 Verizon Asia Pte Limited Hong Kong Hong Kong 15 210 80.48.234 Verizon Asia Pte Limited Los Angeles United States 16 17 18 137.39.4.199 Verizon Business Washingtor United States raceroute from May 1, 201 7, showing traffic that used Verizon ?s AS 703 being first improperly passed through AS4134 in Chinaraceroute from Loncor x.x.x.x 80.91.248.217 62.115.135.94 62.115.137.88 80.91.248.151 218.30.53.53 202.97.49.229 202.97.52.189 202.97.63.12? 210.80. 210.80. 210.80. . 3.121 49.53 32.98 203.6.76.1 Teiia International Carrie' letia Company AB Teiia Company AB Interrational Carrier Crinanet POP in American CHINANET backbone network CHINANET backbone network CHINANEI backbone network Limited Limited Limited Verizon Asza Pte Verizon Asia Pte Verizon Asra Pte nactmail.defence.gov.au to Australian Goverrment on May 01. London london New York Chicago Ashburn Restor Los Angeies Shanghai Hong Kong Hong Kong Sydney Sydney Sydney 201} United United United United United United Uriited China Hong Kong Kingdom Kingdom States States States States States Hong Kong Australia Austral?d Australia year in which unknown attackers rerouted traf?c destined for Amazon?s Route 53 domain-resolution service to an imposter eWallet site. The perpetrators, who reportedly stole about $150,000 in digital coins from unwitting victims, were reportedly able to bypass the data roadblock by first prompting victims to click a fake message warning of a self?signed certi?cate. Also meriting attention are two occasions in 2017 when traf?c from major American companies was suspiciously routed through Russian service providers. Traf?c for Visa, MasterCard, and Symantec among others - was reportedly rerouted in the ?rst incident in April, while Google, Facebook, Apple, and Microsoft traf?c was affected in a separate BGP event about eight months later. By routing traf?c through networks controlled by the attacker, the article warns, BGP manipulation allows the adversary to monitor, corrupt, or modify any data that is not Some attackers have even reportedly managed to get around the issue either by employing their own methods or tricking targets into dropping their defenses, such as in the eWallet scheme outlined above. Madory concludes by endorsing a proposed standard known as RPKI?based AS path veri?cation, asserting its use would have likely prevented the incidents. These insights come two weeks after researchers at the IS Naval \Var College and Tel Aviv University published a similar report accusing the Chinese government of using China Telecom to intentionally divert huge amounts of traf?c to China?controlled networks before delivery to ?nal destinations. The report named four speci?c routes - Canada to South Korea, United States to Italy, Scandinavia to Japan, and Italy to Thailand - believed to have been manipulated between 2015 and 2017. E, Q, Researchers at the Israeli security ?rm Cymulate have reportedly Home a Covet Page . Blank Page tested and con?rmed a new method by which attackers could potentially deliver malware via embedded videos in lVIicrosoft Word documents. The team?s analysis, which was published on w. Design Layout table Pictutes Online Shapes SmaItAIt Chatt Screenshot ?My/?ddrim Wtkipedta Online Comment Text Pndures Video OFFICIAL USE ONLY Cyber: Researchers Discover Method Malware via Embedded Videos in Word References Mailings Review Wew Help 9 me what you want to do I I a Link Heddel I Bookmalk Footer w. . . .. Qunck Parts 5' Get Add ms 4 Cross rofmonre Page Number Box Ile'aiic's Add-Hts Media Lulu Con-went; deade? a. Footy Thursday, October 25, 2018, explains that Word?s embedding feature creates an HTNEL script behind the video image, which is executed by Internet Explorer when the thumbnail inside the document is clicked. It is therefore possible for malicious actors to edit that HTML code to point to malware, instead of to an actual video. Moreover, Microsoft 0rd does not warn users attempting to watch embedded videos by ?rst displaying an alert or message requesting consent. Cymulate researchers fabricated a proof-of-concept attack to illustrate the viability of the tactical approach outlined above, speci?cally using NIicrosoft Word and YouTube videos. As of yet, the researchers report they have not tested any other Microsoft Of?ce applications or online video platforms. The demonstration began with the researchers embedding a YouTube video inside a Word document, which is done by clicking Insert> Online Video and then providing a link to the video URL. The Word document was then saved as a .docx ?le and unpacked, exposing a default XLM ?le OFFICIAL USE ONLY 4 BACK TO SITES YouTube . I nu?t Embedded video by clicking Insert> Online Video OFFICIAL USE ONLY Cyber: Researchers Discover Method Malware via Embedded Videos in Word called ?document/xml,? which could be extracted and edited. The embedded video con?guration available within the ?le - with a parameter called and an iFrame for the YouTube video - was then replaced by the researchers with their own HTML. The replacement HTML used in the contained a Base64?encoded malware binary that opened the download manager for Internet Explorer, which installed the malware. The demonstration by the Cymulate researchers ultimately veri?ed that the embedded video would appear to be completely legitimate to the user as the malware silently unpacked and began to infect the affected computer in the background. According to Avihai Ben-Yossef, CTO at Cymulate, ?successful exploitation can allow any code execution - ransomware, a trojan.? He added that the attack has the potential to impact all users with Of?ce 2016 and older versions, and detection by antivirus software would depend on the speci?c payload?s other evasion features. Organizations can mitigate the identi?ed threat by blocking Word documents containing embedded videos (?embeddedHTNIL?) and by making sure antivirus software is up-to-date in order to catch the hostile payload. Q, g, Docx ?le can be edited after unpacking Word document: file contains embedded HTML parameter, which can be replaced: .i azvt-xrlet .-.. .. . . lam." . - ezex: azi?x: k5?" ?ll-1,2,1? If hi2).