Amdall Gallery

As in the past, you will be able to choose from several Department of State RSS feeds to get the latest news from the Department delivered directly to your desktop via an RSS reader or news aggregator. Or sign up to get updates via our email subscription service.

As in the past, you will be able to choose from several Department of State RSS feeds to get the latest news from the Department delivered directly to your desktop via an RSS reader or news aggregator. Or sign up to get updates via our email subscription service.

As in the past, you will be able to choose from several Department of State RSS feeds to get the latest news from the Department delivered directly to your desktop via an RSS reader or news aggregator. Or sign up to get updates via our email subscription service.

Original release date: June 17, 2019SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this Activity Alert to provide information on a vulnerability, known as “BlueKeep,” that exists in the following Microsoft Windows Operating Systems (OSs), including both 32- and 64-bit versions, as well as all Service Pack versions:Windows 2000Windows VistaWindows XPWindows 7Windows Server 2003Windows Server 2003 R2Windows Server 2008Windows Server 2008 R2An attacker can exploit this vulnerability to take control of an affected system.     Technical DetailsBlueKeep (CVE-2019-0708) exists within the Remote Desktop Protocol (RDP) used by the Microsoft Windows OSs listed above. An attacker can exploit this vulnerability to perform remote code execution on an unprotected system. According to Microsoft, an attacker can send specially crafted packets to one of these operating systems that has RDP enabled.[1] After successfully sending the […]

Original release date: May 2, 2019 | Last revised: May 3, 2019SummaryThe Cybersecurity and Infrastructure Security Agency (CISA) is issuing this activity alert in response to recently disclosed exploits that target unsecure configurations of SAP components. [1]Technical DetailsA presentation at the April 2019 Operation for Community Development and Empowerment (OPCDE) cybersecurity conference describes SAP systems with unsecure configurations exposed to the internet. Typically, SAP systems are not intended to be exposed to the internet as it is an untrusted network. Malicious cyber actors can attack and compromise these unsecure systems with publicly available exploit tools, termed “10KBLAZE.” The presentation details the new exploit tools and reports on systems exposed to the internet.SAP Gateway ACLThe SAP Gateway allows non-SAP applications to communicate with SAP applications. If SAP Gateway access control lists (ACLs) are not configured properly (e.g., gw/acl_mode = […]

Original release date: January 24, 2019 | Last revised: February 13, 2019SummaryThe National Cybersecurity and Communications Integration Center (NCCIC), part of the Cybersecurity and Infrastructure Security Agency (CISA), is aware of a global Domain Name System (DNS) infrastructure hijacking campaign. Using compromised credentials, an attacker can modify the location to which an organization’s domain name resources resolve. This enables the attacker to redirect user traffic to attacker-controlled infrastructure and obtain valid encryption certificates for an organization’s domain names, enabling man-in-the-middle attacks.See the following links for downloadable copies of open-source indicators of compromise (IOCs) from the sources listed in the References section below:IOCs (.csv)IOCs (.stix)Note: these files were last updated February 13, 2019, to remove the following three non-malicious IP addresses:107.161.23.204192.161.187.200209.141.38.71Technical […]

Original release date: December 3, 2018SummaryThe Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC) and the Federal Bureau of Investigation (FBI) are issuing this activity alert to inform computer network defenders about SamSam ransomware, also known as MSIL/Samas.A. Specifically, this product shares analysis of vulnerabilities that cyber actors exploited to deploy this ransomware. In addition, this report provides recommendations for prevention and mitigation.The SamSam actors targeted multiple industries, including some within critical infrastructure. Victims were located predominately in the United States, but also internationally. Network-wide infections against organizations are far more likely to garner large ransom payments than infections of individual systems. Organizations that provide essential functions have a critical need to resume operations quickly and are more likely to pay larger ransoms.The actors exploit […]

Original release date: November 27, 2018Systems AffectedMicrosoft WindowsOverviewThis joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI). DHS and FBI are releasing this TA to provide information about a major online ad fraud operation—referred to by the U.S. Government as "3ve"—involving the control of over 1.7 million unique Internet Protocol (IP) addresses globally, when sampled over a 10-day window.DescriptionOnline advertisers desire premium websites on which to publish their ads and large numbers of visitors to view those ads. 3ve created fake versions of both (websites and visitors), and funneled the advertising revenue to cyber criminals. 3ve obtained control over 1.7 million unique IPs by leveraging victim computers infected with Boaxxe/Miuref and Kovter malware, as well as Border Gateway Protocol-hijacked IP […]

Original release date: October 11, 2018SummaryThis report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the United Kingdom, and the United States.[1][2][3][4][5]In it we highlight the use of five publicly available tools, which have been used for malicious purposes in recent cyber incidents around the world. The five tools are:Remote Access Trojan: JBiFrostWebshell: China ChopperCredential Stealer: MimikatzLateral Movement Framework: PowerShell EmpireC2 Obfuscation and Exfiltration: HUC Packet TransmitterTo aid the work of network defenders and systems administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.The individual tools we cover in this report are limited examples of the types of tools used by threat actors. You should not consider this an exhaustive list when planning your network defense.Tools and techniques for exploiting networks and the […]

Original release date: October 3, 2018Systems AffectedNetwork SystemsOverviewThe National Cybersecurity and Communications Integration Center (NCCIC) is aware of ongoing APT actor activity attempting to infiltrate the networks of global managed service providers (MSPs). Since May 2016, APT actors have used various tactics, techniques, and procedures (TTPs) for the purposes of cyber espionage and intellectual property theft. APT actors have targeted victims in several U.S. critical infrastructure sectors, including Information Technology (IT), Energy, Healthcare and Public Health, Communications, and Critical Manufacturing.This Technical Alert (TA) provides information and guidance to assist MSP customer network and system administrators with the detection of malicious activity on their networks and systems and the mitigation of associated risks. This TA includes an overview of TTPs used by APT actors in MSP network environments, recommended mitigation techniques, and information on […]

Original release date: October 3, 2018Systems AffectedNetwork SystemsOverviewThis technical alert addresses the exploitation of trusted network relationships and the subsequent illicit use of legitimate credentials by Advanced Persistent Threat (APT) actors. It identifies APT actors' tactics, techniques, and procedures (TTPs) and describes the best practices that could be employed to mitigate each of them. The mitigations for each TTP are arranged according to the National Institute of Standards and Technology (NIST) Cybersecurity Framework core functions of Protect, Detect, Respond, and Recover.DescriptionAPT actors are using multiple mechanisms to acquire legitimate user credentials to exploit trusted network relationships in order to expand unauthorized access, maintain persistence, and exfiltrate data from targeted organizations. Suggested best practices for administrators to mitigate this threat include auditing credentials, remote-access logs, and controlling privileged access […]

Original release date: October 2, 2018 | Last revised: December 21, 2018Systems AffectedRetail Payment SystemsOverviewThis joint Technical Alert (TA) is the result of analytic efforts between the Department of Homeland Security (DHS), the Department of the Treasury (Treasury), and the Federal Bureau of Investigation (FBI). Working with U.S. government partners, DHS, Treasury, and FBI identified malware and other indicators of compromise (IOCs) used by the North Korean government in an Automated Teller Machine (ATM) cash-out scheme—referred to by the U.S. Government as “FASTCash.” The U.S. Government refers to malicious cyber activity by the North Korean government as HIDDEN COBRA. For more information on HIDDEN COBRA activity, visit https://www.us-cert.gov/hiddencobra.FBI has high confidence that HIDDEN COBRA actors are using the IOCs listed in this report to maintain a presence on victims’ networks to enable network exploitation. DHS, FBI, and Treasury are […]

Original release date: July 20, 2018Systems AffectedNetwork SystemsOverviewEmotet is an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware affecting state, local, tribal, and territorial (SLTT) governments, and the private and public sectors.This joint Technical Alert (TA) is the result of Multi-State Information Sharing & Analysis Center (MS-ISAC) analytic efforts, in coordination with the Department of Homeland Security (DHS) National Cybersecurity and Communications Integration Center (NCCIC).DescriptionEmotet continues to be among the most costly and destructive malware affecting SLTT governments. Its worm-like features result in rapidly spreading network-wide infection, which are difficult to combat. Emotet infections have cost SLTT governments up to $1 million per incident to remediate.Emotet is an advanced, modular banking Trojan that primarily […]

As the FBI’s first African-American special agent in the Deep South, Leo James McClairen served with distinction and paved the way for future generations of minority investigators and professional staff.

FBI Director Christopher Wray joined officials at the Department of Justice in asking technology firms to work with law enforcement to find solutions that balance online privacy and security with the need to protect children and communities from harm.

Held every October, National Cybersecurity Awareness Month is collaborative effort between government and industry to ensure every American has the resources they need to stay safer and more secure online.

According to the FBI's annual Crime in the United States report, both violent crime and property crime decreased in 2018 when compared to statistics from the previous year.

FBI Hostage Rescue Team trainees tested and honed their skills in a land, water, and air-based exercise alongside state and local partners in Charleston, South Carolina.

FBI agents and forensic accountants found the leader of an Oregon foster care agency stole nearly $1 million while employees went without pay and children without basic necessities.

The FBI and local police are seeking clues in the unsolved murders of four women whose bodies were discovered in a remote wooded field in a small Texas town between Houston and Galveston.

Advancements in fingerprint technology helped the FBI and state law enforcement partners find and bring to justice a man who kidnapped and sexually assaulted a young girl in Pennsylvania two decades ago.

Eighteen years after the 9/11 attacks, a woman recalls her interaction with the FBI in the wake of her brother’s death on United Flight 93 in Shanksville, Pennsylvania. The FBI also continues to encourage 9/11 first responders to register for health benefits.

The FBI worked with partner agencies domestically and in multiple countries around the world in a large-scale, coordinated effort to dismantle international business email compromise (BEC) schemes.

The FBI’s Safe Online Surfing (SOS) Internet Challenge, which had record participation in 2018-2019, is reopening for the start of the new school year to help students navigate the web securely.

A Dallas city councilman who accepted bribes in exchange for his vote in support of school bus stop-arm cameras is among those who have been convicted and sentenced in connection with a public corruption scheme.

A Florida man is serving time in prison after pointing a laser at a police helicopter, which is a serious safety risk—to those in the air and on the ground—and a federal crime.

An Ohio man who pretended to be a bail bondsman and law enforcement officer assaulted and kidnapped suspected bail jumpers—and is now serving time in prison.

An alert bank employee in Georgia helped catch a prolific thief who defrauded banks and individuals using multiple stolen identities.

Jesse James Leader Charge of Rosebud, South Dakota, was convicted of abusive sexual contact and sentenced to 27 months in prison.

The FBI is seeking information regarding a bank robbery at the Bank of the West in Oklahoma City on Thursday, October 10, 2019.

Daniel Irving of Manchester received 96 months in prison for participating in a conspiracy to distribute methamphetamine.

Patrick Hale Dejean. a former Justice of the Peace, was sentenced to three years in prison for committing mail fraud and making false statements to a bank.

Liam MacLeod of Beverly has been sentenced to probation for sending a series of threatening letters to the CEO of an online dating website.

Bryan G. Vonderahe of Kirkwood, Missouri, pleaded guilty to three felony counts of wire fraud.

The owners and two employees of the popular adult websites GirlsDoPorn and GirlsDoToys were charged in federal court with sex trafficking crimes.

A 15 week long joint federal, state, local, and Tribal law enforcement initiative has resulted in 246 arrests of fugitives and violent offenders in Yakima County.

James Charles Booker, Jr., Brett Damon McMurray, and Maurice Ross of Topeka have been charged with drug trafficking.

FBI Deputy Director David Bowdich traveled this past week to San Salvador, El Salvador, to meet with key international partners.

Brandon Mardell Woods of St. Louis pleaded guilty to one count of robbery and two counts of using a firearm during a crime of violence.

Five people have been charged for their roles in a conspiracy to distribute methamphetamine and heroin manufactured in Mexico.

Philip Finn, Jr. of Plains, Pennsylvania, pleaded guilty on October 9, 2019, to use of fire to commit stalking.

Michael L. Corbitt, Jr. of Milwaukee received eight years in prison for his involvement in two bank robberies.

Andries Snyman of South Africa was sentenced to time served on October 4, 2019, for transporting obscene matter.

Both violent crime and property crime fell in 2018 from the previous year, according to the FBI’s annual crime statistics released on September 30.

Three recent cases highlight how the FBI's National Data Exchange System helped the New Mexico Corrections Department nab several fugitives.

Criminal justice investigators across the nation use the FBI’s National Data Exchange (N-DEx) System in their daily work to connect people, places, things, and events—often across jurisdictional boundaries—that may at first glance seem unrelated.

Recent National Data Exchange (N-DEx) System successes include identifying a suspect in a homicide case, identifying a felon involved in a fraud case, and locating three probationers who traveled outside jurisdictions into neighboring states.

The FBI’s Special Processing Center has assisted law enforcement agencies around the country in various cases, including by identifying victims of a bombing and a bus crash, the offender in a shooting incident, and two unknown deceased individuals.

The FBI's Facial Analysis, Comparison, and Evaluation Services Unit recently helped identify a victim in human trafficking case, which aided in the prosecution of her trafficker.

On January 1, 2021, the FBI will retire the SRS and will collect crime statistics solely through NIBRS, which can help urban agencies foster accountability and transparency and plan for challenges like youth exposure to crime and business crime.

The first segment of Law Enforcement Officers Killed and Assaulted, 2018, which contains statistics for law enforcement officers killed in the line of duty in 2018, was recently released.

The Uniform Crime Reporting Program has transitioned from its legacy data collection system to a more modern reporting platform. This change may result in differences in UCR data from previous years. Program participants should use caution when analyzing data.

The National Data Exchange (N-DEx) System’s Information Exchange Package Documentation (IEPD) is available for public review and comments until July 9, 2019.

Ohio and Tennessee are early enrollers for bulk submissions of use-of-force incidents in the FBI’s new National Use of Force Data Collection.

The FBI’s National Palm Print System (NPPS) has dramatically improved law enforcement access to palm prints previously stored within local, state, tribal, and federal law enforcement agency databases.

The FBI’s Law Enforcement Officers Killed and Assaulted Program frequently updates the preliminary data on officer deaths for the current year on its webpage on fbi.gov.

The UCR Program will transition from the Summary Reporting System to the National Incident Based Reporting System by January 1, 2021. The CJIS Division has compiled a list of 30 frequently asked questions you may have about the transition.

The CJIS Link is a publication that tells our partners about new services and system capabilities, as well as relevant changes in policy.

During World War II, Argentina was a hotbed of intrigue and proved to be a tough environment for […]

During a meeting of intelligence and national security leaders, FBI Director Christopher Wray […]

The FBI's Weapons of Mass Destruction Directorate was established 10 years ago and today serves as […]

New collaborative program at FBI Academy integrates agents and intelligence analysts.

Director Comey joined Director of National Intelligence Clapper and several other Intelligence […]

The FBI vigilantly investigates cases of industrial espionage and theft of intellectual property, […]

Standing outside the White House on a sunny day in May 1955, President Dwight Eisenhower smiled as […]

Economic espionage is a significant threat to our country’s economic health and security.

Investigating financial crime is like working a puzzle—you have to fit all of the pieces of […]

At the National Virtual Translation Center’s offices near FBI Headquarters in Washington