In the March 2019 Open Source Update, an internal security review discovered Chinese hackers are exploiting critical vulnerabilities in the U.S. Navy’s and its security partners cyber networks. Additionally, an active duty Coast Guardsman plotting a terror attack was foiled by an insider threat detection program.
Transformative Leadership: N Chandrababu Naidu and TDP's Vision for Innovatio...
Rmc intelligence and analysis division open source update march 2019
1. www.RiskMitigationConsulting.com
Risk Mitigation Consulting Inc.
Intelligence and Analysis Division
OPEN SOURCE UPDATE
INTENT
This open source periodical is designed to provide an overview of relevant, publicly available
information on threat and hazard events and analysis of potential impacts to the interests of the
United States, both at home and abroad. This product is not intended to be a comprehensive
overview of all threat and hazard news and inclusion in this product does not constitute a
confirmation of credibility nor precedence by RMC.
March 2019
2. 1
www.RiskMitigationConsulting.com
Open Source Update
March 2019
Threats Page
Coast Guardsman Arrested for Plotting Attacks on Prominent
Political, Media Figures
Insider Threat
2
India and Pakistan Escalate Kashmir Conflict
Foreign Nation-State Military
2
Chinese Hackers Targeting U.S. Navy Secrets
Foreign Intelligence Entities / Cyber
3
Flaws in 4G/5G Networks Could Allow Hackers to Track
Smartphones’ Locations, Snoop on Phone Calls
Cyber
4
Massive Cocaine Shipment Seized in New York/New Jersey
Narcotics
5
Hazards Page
Ocean Heat Waves Triple in Frequency
Meteorological Hazards
7
39 Tornadoes Touch Down in 6 Hours
Meteorological Hazards
8
Travelers at LAX, Other Airports May Have Been Exposed to
Measles
Biological Hazards
8
Ebola Outbreak in Democratic Republic of the Congo
Biological Hazards
9
U.S. Joins Nations Restricting Boeing 737 Max 8, Max 9 Following
Crashes
Accidental Events
10
3. 2
www.RiskMitigationConsulting.com
Open Source Update
March 2019
Threats
Coast Guardsman Arrested for Plotting Attacks on Prominent
Political, Media Figures – Insider Threat
Excerpt: A 49-year-old Coast Guard lieutenant charged with stockpiling weapons and drugs is
being described as a "domestic terrorist" who was planning "to murder innocent civilians on a
scale rarely seen in this country," according to court documents filed in U.S. District Court in
Maryland.
Federal prosecutors say Christopher Paul Hasson, a self-described white nationalist living in Silver
Spring, MD, was amassing firearms since at least 2017, while cultivating plans to launch a
widespread attack on prominent Democratic lawmakers, including House Speaker Nancy Pelosi,
and several high-profile television anchors from MSNBC and CNN.
Analyst Comment: While Hasson has not yet been charged with any formal terrorism-related
charges, the available information suggests that the case fits the profile of domestic terrorism. An
investigation was reportedly initiated after a computer program used by the Coast Guard flagged
potentially malicious activity associated with his work devices. This fact highlights the importance
of a robust insider threat program, as his plot may not have been uncovered until later on, if it was
discovered at all. At the time of his arrest, Hasson was an active duty service member stationed at
the U.S. Coast Guard headquarters in Washington, D.C., and had also served in the U.S. Marine
Corps and the Army National Guard. Terrorism plots involving military personnel are of particular
concern, as they typically have specialized training (involving small arms, explosives, intelligence
gathering, etc…) that could be utilized in planning/carrying out attacks.
Source: https://www.npr.org/2019/02/20/696470366/arrested-coast-guard-officer-planned-mass-
terrorist-attack-on-a-scale-rarely-see
India and Pakistan Escalate Kashmir Conflict – Foreign Nation-State
Military
Excerpt: Tensions between nuclear rivals India and Pakistan flared up this week after both sides
carried out tit-for-tat air strikes and shot down each other's fighter jets, prompting global concerns
over a potential outbreak of war in South Asia. Pakistan said it also captured an Indian pilot who
was released as a gesture of peace towards New Delhi from Islamabad.
The mountainous region of Kashmir has been a source of conflict between the two countries since
their independence from British colonial rule in 1947.
Jammu and Kashmir was a former princely state where a large number of people were killed and
others were driven away by the violence during the partition. Since then, India and Pakistan have
fought multiple wars over the region — both countries claim the region in full but control only
parts of it. This has led to innumerable conflicts between the two countries.
4. 3
www.RiskMitigationConsulting.com
Open Source Update
March 2019
Analyst Comment: From 14 February to 01 March, India and Pakistan’s clash over Kashmir
began to escalate due to a series of attacks, retaliations, denials, and accusations. On 14 February,
a suicide bomber rammed a car into a bus carrying Indian paramilitary police in Kashmir, killing
more than 40. A Pakistan-based terror group, Jaish-e-Mohammed (JeM), claimed responsibility
for the attack.
Four days after the suicide bombing, nine people, including four Indian soldiers and a policeman,
were killed during a gun battle in India-controlled Kashmir. The operation was said to have
targeted a suspected hideout for militants. New Delhi then stepped up its crackdown in Kashmir
by detaining more than 160 separatists. Five people were killed as Indian security forces clashed
with members of a Pakistani militant group in the disputed region.
On 26 February, India said its air force conducted strikes against a JeM training base at Balakot in
Pakistan's Khyber Pakhtunkhwa province and that the attack killed a "very large number" of
terrorists, trainers and senior commanders. Pakistan’s military immediately disputed this account
and asserted that Pakistani aircraft scrambled and expelled the Indian jets, which were forced to
prematurely drop their payloads in random forests. Pakistani officials also denied the existence of
evidence tying JeM to the 14 February attack, though JeM had taken responsibility for it.
The following day, Pakistan then dispatched its own aircraft to hit “non-military targets” in Indian
territory. India claimed that it intercepted the Pakistani aircraft, after which a dogfight ensued.
Pakistan said it shot down two Indian planes after they entered Pakistani airspace, and that both
pilots were in Pakistani custody. Islamabad then revised its position, saying it shot down one plane
and captured its pilot. Indian media falsely claimed that this pilot was lynched when Pakistanis
mistook him for an Indian pilot. On 01 March, after tense discussions, Pakistan handed over the
pilot to India at the border crossing between the two countries
Verifying each nation’s claims is difficult. Their claims have frequently clashed, and evidence has
shown each nation is likely to have lied or exaggerated over the 2-week span. Multiple analysts
using commercial-satellite images have found little evidence of widespread damage to the Balakot
facility. There is no evidence of mass casualties, nor are there signs of the downed F-16 or its
allegedly lynched pilot. Some Indian media accounts even assert that New Delhi did not send 12
jets across the LOC, and that in fact they fired weapons from India’s side of the line.
In India, the ruling party and its followers have discredited any citizens asking for evidence as
“anti-nationals,” and denounced foreigners who question the official narrative as Pakistani
apologists. Pakistan also has an incentive to cover up its use of American-made F-16s to attack
India as doing so would likely violate the end-use agreements of the purchase. Kashmir itself will
continue to be a source of conflict between the two nations.
Source: https://www.cnbc.com/2019/03/01/india-pakistan-conflict-timeline.html
5. 4
www.RiskMitigationConsulting.com
Open Source Update
March 2019
Chinese Hackers Targeting U.S. Navy Secrets – Foreign Intelligence Entities
/ Cyber
Excerpt: An internal US Navy review concluded that the service and its various industry partners
are "under cyber siege" from Chinese hackers who are building Beijing's military capabilities while
eroding the US's advantage, The Wall Street Journal reported.
Chinese hackers have repeatedly hit the Navy, defense contractors, and even universities that
partner with the service.
"We are under siege," a senior Navy official told The Journal. "People think it's much like a deadly
virus — if we don't do anything, we could die."
Analyst Comment: The revelations regarding China’s activities come as part of an internal U.S.
Navy cyber security review, per open source media reporting. The report identified widespread
malicious cyber activity perpetrated by China, but also identified breaches associated with Russia
and Iran. Moreover, cybertheft attempts were not only directed toward U.S. Navy networks, but
also the cleared contractor base and academic entities engaged in dual-use research.
China has been repeatedly been accused of cyberespionage (against both U.S. government and
private sector targets) in recent years. In December 2018, the U.S. Department of Justice indicted
two Chinese state-affiliated hackers for breaching the computers of NASA’s Jet Propulsion Lab
and Goddard Space Center, as well as a number of corporate entities. The hackers also reportedly
gained access to the personal information of over 100,000 U.S. Navy personnel. In 2014, a Chinese
hacker was arrested for allegedly hacking into the networks of a number of defense contractors
and stealing information related to advanced weapons systems, to include the F-22 and F-35 fighter
jets.
Source: https://www.businessinsider.com/chinese-hackers-are-tearing-the-navy-and-its-industry-
partners-apart-2019-3
Flaws in 4G/5G Networks Could Allow Hackers to Track
Smartphones’ Locations, Snoop on Phone Calls – Cyber
Excerpt: Over the past 18 months, revelations about wireless carriers selling smartphone location
data to third parties have forced telecoms to promise reform. Worryingly, but perhaps not
surprisingly, these user protections have been slow to actually materialize. Even if carriers shape
up, though, an attacker can still track a smartphone's location and snoop on phone calls thanks to
newly discovered flaws in 4G and even 5G protocols.
A group of researchers from Purdue University and the University of Iowa will present their
findings at the Network and Distributed System Security Symposium in San Diego. They note that
their discoveries, first reported by TechCrunch, are particularly concerning since the 5G standard
was specifically developed to better protect against these types of attacks.
6. 5
www.RiskMitigationConsulting.com
Open Source Update
March 2019
"We were really surprised that though 5G promises enhanced security and privacy, it cannot
guarantee that level, because it inherits many security policies and subprotocols from the previous
generations, which are more error-prone," says Purdue's Syed Rafiul Hussain, one of the paper's
authors. "It opens the door for an adversary to exploit these weaknesses."
Analyst Comment: The vulnerabilities recently discovered in 4G/5G networks vary in nature, and
can be utilized for different types of malicious activities. One vulnerability identified could allow
malicious actors to block incoming communications to an individual’s device (causing the
individual to miss texts/calls). Additionally, the vulnerability could allow malicious actors to
create fraudulent alerts such as Amber Alerts. Another vulnerability could allow malicious actors
to devices’ IMSI numbers. IMSI numbers are a unique identifier, that, if identified, could be used
to track particular devices or could even be further exploited to intercept phone calls and text
messages. 4G and 5G networks are currently among the most technologically advanced networks
available, however, these and other security and privacy concerns remain.
Source: https://www.wired.com/story/torpedo-4g-5g-network-attack-stingray/
Massive Cocaine Shipment Seized in New York/New Jersey – Narcotics
Excerpt: Customs agents have seized the biggest shipment of cocaine recovered at the ports of
New York and New Jersey in 25 years.
U.S. Customs and Border Protection said 3,200 pounds of the drug in 60 packages were seized at
Port New York/Newark on 28 February. The street value is estimated at about $77 million.
It's the biggest cocaine seizure at the ports since 1994.
A customs spokesman said the container was recovered from a ship that originated in South
America.
Analyst Comment: Officials carried out an inspection of the shipment after they noticed
tampering of several containers on a large vessel traveling from Buenaventura, Colombia. The
shipment was intercepted when the vessel stopped over in New York/Newark on its way to
Antwerp, Belgium. It contained a legitimate shipment of dried fruit. It is unclear whether the drugs
were destined for the U.S., or meant to continue on to Europe.
Cocaine availability and use in the United States has risen in recent years. Increased availability
levels and concurrent lowered domestic prices will likely propel this trend through the near-term.
Historically, the majority of the cocaine seized and tested in the United States is of Colombian
origin. Record levels of coca cultivation and cocaine production in Colombia, the primary source
for cocaine seized and tested in the United States, has widened the cocaine market, leading to
increased domestic abuse. Colombian Transnational Criminal Organizations (TCOs) have
exported large cocaine shipments to Mexico, Central America, and the Caribbean, using a variety
7. 6
www.RiskMitigationConsulting.com
Open Source Update
March 2019
of maritime and aerial means to include speedboats, fishing vessels, private aircraft, semi-
submersibles, and commercial air and sea cargo.
On a national level, the volume of drugs seized at ports of entry and in the field has been
fluctuating. Officials at the borders seized 6,550 pounds of cocaine in 2018, down from 9,346
pounds in 2017, but up from 5,473 pounds in 2016.
Source: https://www.wdsu.com/article/agents-seize-dollar77-million-of-cocaine-at-new-york-
area-port/26786455
8. 7
www.RiskMitigationConsulting.com
Open Source Update
March 2019
Hazards
Ocean Heat Waves Triple in Frequency – Meteorological Hazards
Excerpt: Earth’s atmosphere has been getting warmer over the past century. Our oceans have also
shown signs of unprecedented warming, and they are killing alarming amounts of ocean life.
Scientists are calling the extreme ocean water temperature events “marine or ocean heatwaves”,
and they are becoming more frequent, prolonged, and intense with time. The most accepted
definition of a marine heatwave is ‘one in which seawater temperatures exceed a seasonally-
varying threshold (usually the 90th percentile) for at least five consecutive days.' Successive
heatwaves with gaps of two days or less are considered part of the same event.
Like a wildfire scorching thousands of acres of forested surface, ocean heatwaves kill large swaths
of sea life and transform entire ecosystems. But the presence of these warmer than usual pools of
water can also have a tremendous impact on human global population, which relies heavily on
oceans as a source of oxygen, carbon dioxide removal from the atmosphere, and food.
The research presented by Smale and others is the first systematic global analysis of ocean heat
waves. Overall warming of the planet is increasing average ocean temperatures, and the number
of heat wave days has tripled in the past couple of years of study. Looking further back in time is
just as concerning -- ocean heat wave days have increased more than 50 percent in the 30 years to
2016, compared to the period of 1925 to 1954.
Analyst Comment: Scientists estimate that the oceans have absorbed more than 90 percent of the
heat trapped by excess greenhouse gases since midcentury. This excess heat is increasing not only
baseline ocean temperatures but also the frequency and duration of marine heat waves. Globally,
marine heat waves have been amplified in most ocean basins in the past decade, and predictions
show that they will only increase in strength and frequency over time.
The most severe years tended to be El Niño years. Warmer ocean temperatures are one of the
characteristics of an El Niño pattern. The natural ocean cycle of El Niño is a key factor in pushing
up temperatures in some parts of the ocean, and the effect of global warming on the phenomenon
remains uncertain, but the gradual overall heating of the oceans means heat waves are worse when
they strike. There are some indicators that El Niños have been getting more extreme with climate
change, but regional marine heat waves can happen even without an El Niño. In the future, El
Niños’ side effects will probably become more severe.
Because ocean and atmosphere are so tightly linked - heat and moisture is transferred between
them - the warming of the seas drives a variety of predictable weather and climate patterns around
the world: countries in South Asia may experience higher temperatures, a wide swath of the
tropical Pacific sees increased rainfall, places like Australia may dry out, and in the United States,
the southern half of the country often sees an increase in storms and severe weather outbreaks.
These kinds of shifts mean certain locations around the world may become temporarily more prone
to events like droughts, floods, landslides, tornadoes, heat waves and other disasters.
9. 8
www.RiskMitigationConsulting.com
Open Source Update
March 2019
Source: https://www.theweathernetwork.com/ca/news/article/ocean-heatwaves-becoming-more-
frequent-severe-scientists-say-kelp-krill
39 Tornadoes Touch Down in 6 Hours – Meteorological Hazards
Excerpt: The violent, devastating tornado that roared through eastern Alabama was unusual for
its extreme size, strength and duration – all of which contributed to its high death toll of 23 people.
At one point as it tore across the countryside of rural Lee County, the twister stretched for nearly
a mile. That's a whopping four times wider than the average tornado, which typically measures
about 300-500 yards across.
With a wind speed estimated at 170 mph, it was also stronger than any twister that hit the U.S. all
of last year, the National Weather Service said.
Only a small fraction of tornadoes in the U.S. hit such extreme speeds. In fact, roughly 80 percent
of all U.S. tornadoes are weak EF-0 or EF-1 tornadoes, which have winds of 65 to 110 mph, the
Storm Prediction Center said.
The tornado was also on the ground for a total 70 miles – 26 in Alabama and 44 in Georgia. That's
an incredible 20 times as long-lasting as a typical tornado, which is on the ground for only about
3.5 miles.
Analyst Comment: On Sunday, March 3rd
, 39 tornadoes touched down across Alabama, Georgia,
South Carolina, and Florida within 6 hours. Alabama was the hardest hit, experiencing twelve
tornadoes. In Beauregard, AL, an EF4 tornado touched down, resulting in twenty-three deaths.
Over ninety more were injured. This was the deadliest tornado recorded in the U.S. since May
2013 when an EF-5 tornado killed 24 people in Moore, Oklahoma. In 2018, only 10 people were
killed by tornados, a record low.
Although tornadoes happen in many parts of the world, they occur most frequently in the United
States east of the Rocky Mountains during the spring and summer months. Tornadoes are common
this time of year in “Dixie alley,” the nickname given to the Southern states vulnerable to severe
weather. Roughly 8% of all tornadoes occur during winter, 43% in spring, 35% in summer, and
15% in fall. Currently, there is no clear link between tornados and climate change.
Source: https://www.usatoday.com/story/news/nation/2019/03/05/alabama-tornado-2019-twister-
usas-deadliest-strongest-years/3067339002/
10. 9
www.RiskMitigationConsulting.com
Open Source Update
March 2019
Travelers at LAX, Other Airports May Have Been Exposed to
Measles – Biological Hazards
Excerpt: People who traveled through Los Angeles International Airport last month might have
been infected with measles, the Los Angeles County Department of Public Health said.
A person with the highly contagious virus arrived at the airport on China Eastern Flight 583 at the
Tom Bradley International Airport Terminal B, Gate 133 on the morning of Feb. 21. The person
then had a layover before catching Delta Flight 5705 out of Terminal 3, Gate 32.
Health officials warned anyone who was at Terminal B and Delta Terminal 3 from 9 a.m. through
9 p.m. Feb. 21 that they could have been exposed to measles. The Los Angeles County Department
of Public Health is notifying specific travelers on Delta Flight 5705 of the possible contamination.
Analyst Comment: The potential measles exposure at LAX was just one of several reported
exposures at U.S. airports in recent months. In December 2018, a possible exposure was reported
by the New Jersey Department of Health after an individual with measles was identified to have
been at Newark Liberty International Airport during the busy holiday travel season. A similar
potential exposure was reported at Chicago’s Midway Airport for travelers present at the airport
on 22 February 2019.
These exposures are concerning because travelers could contract the disease and bring it with them
to their subsequent destinations. Additionally, airports (and airplanes) are environments in which
large numbers of people are gathered into relatively confined spaces, which is conducive to the
spreading of measles and other diseases. Per the CDC, measles is highly contagious and spreads
through coughing and sneezing. Symptoms include fever, runny nose, cough, red eyes, and sore
throat, followed by a rash that spreads over the body. The CDC also notes that the majority of
people who contract measles are unvaccinated.
Source: https://www.usatoday.com/story/news/health/2019/03/13/lax-measles-los-angeles-
health-officials-warn-delta-flyers-travelers/3148722002/
Ebola Outbreak in Democratic Republic of the Congo – Biological
Hazards
Excerpt: Seven months into the largest-ever Ebola outbreak in the Democratic Republic of the
Congo (DRC), the Ebola response is failing to bring the epidemic under control in a climate of
deepening community mistrust, Médecins Sans Frontières (MSF) said at a press conference in
Geneva.
Since the beginning of the year, more than 40 per cent of new cases are people who died of Ebola
in the communities. At the epicentre of the epidemic, in Katwa and Butembo in North Kivu
province, 43 per cent of patients in the last three weeks were still being infected without known
links to other cases.
11. 10
www.RiskMitigationConsulting.com
Open Source Update
March 2019
“We have a striking contradiction: on the one hand a rapid and large outbreak response with new
medical tools such as vaccines and treatments that show promising outcomes when people come
early – and on the other hand, people with Ebola are dying in their communities, and do not trust
the Ebola response enough to come forward,” said International President of MSF, Dr Joanne Liu.
Analyst Comment: MSF has stopped any Ebola activities in Katwa and Butembo, after two of
their treatment centers were attacked. These incidents follow an escalation of tensions around the
Ebola response. In February, dozens of security incidents occurred in opposition to the ebola
outbreak response.
A range of issues have led to these tensions: some people drew attention to the fact that there has
been a massive deployment of financial resources focusing only on Ebola, while more common
diseases, such and malaria, have been neglected. The region also had a long history of conflict,
violence and long-standing health needs. Political elections have been repeatedly postponed due
to the Ebola outbreak, raising suspicions that Ebola is a political ploy.
Furthermore, police and armed forces have attempted to compel people to comply with health
measures against Ebola. They have used coercion for activities such as safe burials, tracking of
contacts and admission into treatment centers. However, these methods have discouraged people
effected by Ebola from coming forward for assistance or treatment. This is exacerbating the
national outbreak and hindering the containment and treatment of the disease.
Source: https://www.msf.org/ebola-response-failing-gain-upper-hand-epidemic-democratic-
republic-congo
U.S. Joins Nations Restricting Boeing 737 Max 8, Max 9 Following
Crashes – Accidental Events
Excerpt: President Donald Trump says the U.S. is issuing an emergency order grounding all
Boeing 737 Max 8 and Max 9 aircraft in the wake of a crash of an Ethiopian Airliner that killed
157 people.
Many nations in the world had already barred the Boeing 737 Max 8 from its airspace, but until
now, the Federal Aviation Administration had been saying that it didn't have any data to show the
jets are unsafe.
Analyst Comment: Several countries and airlines around the world decided to ground the Boeing
737 MAX-series aircraft following two catastrophic crashes in the span of several months. In
October 2018, Lion Air Flight 610 crashed into the Java Sea shortly after takeoff, killing all 189
individuals onboard. In March 2019, Ethiopian Airlines Flight 302 also crashed in the minutes
following takeoff, killing all 157 individuals onboard. Concerns have been expressed regarding
design issues with the plane’s anti-stall sensors and software, which could result in the plane
12. 11
www.RiskMitigationConsulting.com
Open Source Update
March 2019
initiating a dive. If the dive is initiated by the automated system, the crew may not be prepared for
such a maneuver, and a crash could result.
The U.S. grounding of the 737 MAX series came in the wake of several groundings by other
countries, to include Ethiopia and Indonesia (the two countries from which the crashed flights
originated), as well as the United Kingdom, Canada and the entire European Union. Some of these
countries went so far as to ban the aircraft from entering/transiting their national airspace. Boeing
announced that it would be working on a flight control software upgrade within a matter of weeks
in order to remedy the issue that led to the crashes and subsequent groundings.
According to information provided by Boeing, as of February 2019, the USAF has twenty-eight
737 models and the USN has a total of 113 with another 26 orders unfulfilled. None of the
aforementioned models are the MAX variant.
Source: https://www.nbcchicago.com/news/national-international/Boeing-Jet-Ethiopia-Crash-
US-Investigation-507077091.html