BERNDPULCH.ORG – BERND-PULCH.ORG EXCLUSIVE AND TOP SECRET INFOS

BERND PULCH, STASI LIST, KGB LIST, STASI LISTE, LIVE SEARCH, SECRET LIST OF ALL OFFSHORE COMPANIES, OFFSHORE INDONESIA, OFFSHORE, MALAYSIA, KGB PUTIN, BDVP, STASI IM WESTEN, STASI FUEHRUNGSOFFIZIERE, TOXDAT, GOMOPA, COMMUNIST DATABASE, DOWNLOAD, STASI-LISTE, KGB LISTE, STASI PUTIN, TOP SECRET – BERND PULCH – The Naked Truth

FBI Cyber Research revealed

The FBI identified incidents over the past few months in which cyber actors scanned for and sought to exploit audio and visual communication devices on networks to identify vulnerabilities which could later be used to gain access and unlawfully acquire information about the organization. In addition to targeting corporate information, vulnerable devices may be targeted for compromise for use in botnets or other criminal activities. The types of devices targeted include: Voice over Internet Protocol (VoIP) phones, video conferencing equipment, conference phones, VoIP routers, and cloud-based communication systems. While cyber actors have targeted VoIP and other communication devices in the past, the FBI continues to see these devices scanned by cyber actors for vulnerabilities.

Threat

Specifically, the FBI observed cyber actors identifying and probing communication devices by issuing HTTP GET requestsa to a business server or network to retrieve device configuration files. Information contained in configuration files often reveals IP addresses, usernames, passwords, system management URLs, and assigned phone numbers – all of which could be used by cyber actors for malicious purposes. Many of the requests are specific to particular brands of devices. Victims will often receive several GET requests in succession with the actors scanning for multiple brands of devices.

In addition, cyber actors retrieve IP addresses for further exploitation by using businesses’ customer service VoIP hyperlinks, which are traditionally made available for customers to use in contacting the business. Once those hyperlinked calls are answered, the actor retrieves the IP address belonging to the phone which answered the call. Once the IP address is retrieved, an actor could send a large volume of packets to the IP address, overloading it and taking the service offline for the targeted business and its legitimate customers.

In addition to the above techniques, cyber actors target devices with brute-force attacks, attempting unauthorized access through the use of common usernames and passwords. Open source scanning tools can also be used to identify vulnerable communication devices and any associated ports.

All of the information obtained through scans and other methods are likely used for specific targeting efforts by cyber actors. This includes leveraging access to compromised audio and video devices to eavesdrop on meetings or conference calls, placing fraudulent international phone calls, leveraging the compromised device for use in botnets, and conducting man-in-the-middle attacks to redirect corporate network traffic.

Recommendations

The following recommendations may limit the success of these types of attacks:

Conduct daily server log reviews to identify unusual activity, including GET and POST requests from external IP addresses.

Work with the communication device/system providers to ensure servers are patched and updated regularly.

Consider restricting access to configuration files or configuring firewalls to block traffic from unauthorized IP addresses.

Restrict communication devices/systems to only non-sensitive business networks.

Conduct regular penetration testing exercises on communication devices to identify and address vulnerabilities in a timely matter.

Enable encryption on teleconference programs and applications and consider disabling auto-answer capabilities.

Password protect configuration files, if possible.

Regularly review and update users with access to administrative accounts.

Segment configuration files on the network. Be sure to protect configuration and other device-related files after getting the device out of the box. Don’t just plug and play.

 

Christchurch May Inspire Other Terrorists – DHS-FBI

Christchurch May Inspire Other Terrorists – DHS-FBI

This Joint Intelligence Bulletin (JIB) is intended to provide information on Australian national and violent extremist Brenton Tarrant’s 15 March 2019 attacks on two mosques in Christchurch, New Zealand. These attacks underscore the enduring nature of violent threats posed to faith-based communities. FBI, DHS, and NCTC advise federal, state, local, tribal, and territorial government counterterrorism and law enforcement officials and private sector security partners responsible for securing faith-based communities in the Homeland to remain vigilant in light of the enduring threat to faith-based communities posed by domestic extremists (DEs), as well as by homegrown violent extremists (HVEs) who may seek retaliation. This JIB is provided to assist federal, state, local, tribal, and territorial counterterrorism and law enforcement officials and private sector security partners to effectively deter, prevent, preempt, or respond to incidents and terrorist attacks in the United States.

(U) Attack Details

(U//FOUO) On 15 March 2019, New Zealand police arrested an Australian national who appeared to be inspired by a white supremacist ideology and who allegedly conducted a shooting attack on two mosques in Christchurch, New Zealand. This attack highlights the enduring threat of violence posed to faith-based communities. There are currently 49 victims deceased, and 20 others are listed as being in critical condition following the attack.

» (U//FOUO) On 15 March 2019, at about 1:40 PM local time, Australian national Brenton Tarrant used firearms to attack the Masjid Al Noor Mosque in the city of Christchurch, New Zealand, before conducting a similar shooting attack at the Linwood Masjid Mosque, approximately four miles away. Tarrant drove to the attack sites and livestreamed a video of the attack. Police also discovered improvised explosive devices in a vehicle connected with the attack. Tarrant is currently the only known perpetrator; however, investigation of his movements and associates continues.

» (U//FOUO) Tarrant disseminated a manifesto prior to the shooting which detailed his concerns of perceived “white genocide.” The manifesto contains a wide range of anti-immigrant and anti-Muslim views. One reason listed as to why he carried out the attack was “to create conflict…within the United States on the ownership of firearms in order to further the social, cultural, political, and racial divide within the United states [sic].”

» (U//FOUO) Tarrant claimed to have been planning the attack for two years and recently relocated to New Zealand to live temporarily while he “planned and trained.” He claimed to have chosen to conduct his attack in Christchurch three months prior to show such attacks could happen anywhere.

(U) Mosque Attacks Could Incite Like-Minded and Retaliatory Attacks

(U//FOUO) We are concerned online sharing of Tarrant’s livestreamed footage could amplify viewer reaction to the violent attack and possibly incite similar attacks by those adhering to violent extremist ideologies in the United States and abroad, as well as retaliatory attacks from HVEs and individuals otherwise affiliated with foreign terrorist organizations. Tarrant appeared to have been influenced by prior attacks by violent extremists in the United States and other countries, and we remain concerned that US-based DEs of similar ideologies could become inspired by this attack. Although most HVEs generally do not mobilize to violence in response to specific events and instead are usually influenced by a confluence of sociopolitical, ideological, and personal factors, exceptions may occur and we remain concerned for the potential of retaliatory attacks by some HVEs, as we have already seen calls for attacks by violent extremists online.

» (U//FOUO) Tarrant claimed Norwegian mass attacker Anders Brevik gave his “blessing” for the attack. Tarrant’s ammunition cases also displayed handwritten names of violent extremists in Canada and elsewhere who previously conducted violent attacks on Muslims or in support of violent extremist ideologies.

» (U//FOUO) An examination of online jihadist media following the mosque attacks indicates various al-Qa‘ida and ISIS supporters are posting attack images to express outrage and are calling upon all Muslims to respond to the New Zealand attacks by launching their own near-term attacks in retaliation.

FBI Cyber Unit Identifies Campaigns Against Students

Image result for fbi cyber crimes

The FBI has identified successful spearphishing campaigns directed at college and university students, especially during periods when financial aid funds are disbursed in large volumes. In general, the spearphishing emails request students’ login credentials for the University’s internal intranet. The cyber criminals then capture students’ login credentials, and after gaining access, change the students’ direct deposit destination to bank accounts within the threat actor’s control.

Threat

In February 2018, the FBI received notification of a spearphishing campaign targeting students at an identified University in the south eastern United States. The campaign occurred in January 2018 when an unidentified number of students attending the University received an email requesting their login credentials for the University’s internal intranet. Using the University’s intranet portal, the cyber criminals accessed a third-party vendor that manages the disbursement of financial aid to students and changed the direct deposit information for 21 identified students to bank accounts under the cyber criminal’s control. The threat actor stole approximately $75,000 from the 21 students. The student accounts were accessed by at least 13 identified US Internet Protocol (IP) addresses.

On 31 August 2018, the Department of Education identified a similar spearphishing campaign targeting multiple institutions of higher education. In this campaign, the cyber criminals sent students an email inviting them to view and confirm their updated billing statement by logging into the school’s student portal. After gaining access, the cyber criminals changed the students’ direct deposit destinations to bank accounts under the threat actor’s control.

The nature of the spearphishing emails indicates the cyber criminals conducted reconnaissance of the target institutions and understand the schools’ use of student portals and third-party vendors for processing student loan payment information. In addition, the timing of the campaigns indicates the cyber criminals almost certainly launched these campaigns to coincide with periods when financial aid funds are disseminated in large volumes.

Recommendations

The FBI recommends providers implement the preventative measures listed below to help secure their systems from attacks:

Notify all students of the phishing attempts and encourage them to be extra vigilant
Implement two-factor authentication for access to sensitive systems and information
Monitor student login attempts from unusual IP addresses and other anomalous activity
Educate students on appropriate preventative and reactive actions to known criminal schemes and social engineering threats
Apply extra scrutiny to e-mail messages with links or attachments directed toward students
Apply extra scrutiny to bank information initiated by the students seeking to update or change direct deposit credentials
Direct students to forward any suspicious requests for personal information to the information technology or security department

How the FBI operates against Cybercrime

Cyber Crime (Stock Image)

The FBI is the lead federal agency for investigating cyber attacks by criminals, overseas adversaries, and terrorists. The threat is incredibly serious—and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data, and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators. Just as the FBI transformed itself to better address the terrorist threat after the 9/11 attacks, it is undertaking a similar transformation to address the pervasive and evolving cyber threat. This means enhancing the Cyber Division’s investigative capacity to sharpen its focus on intrusions into government and private computer networks.

For more information on the FBI’s cyber security efforts, read our “Addressing Threats to the Nation’s Cybersecurity” brochure.

Key Priorities

Computer and Network Intrusions

The collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 services around the country.

Who is behind such attacks? It runs the gamut—from computer geeks looking for bragging rights…to businesses trying to gain an upper hand in the marketplace by hacking competitor websites, from rings of criminals wanting to steal your personal information and sell it on black markets…to spies and terrorists looking to rob our nation of vital information or launch cyber strikes.

Today, these computer intrusion cases—counterterrorism, counterintelligence, and criminal—are the paramount priorities of our cyber program because of their potential relationship to national security.

Combating the threat. In recent years, we’ve built a whole new set of technological and investigative capabilities and partnerships—so we’re as comfortable chasing outlaws in cyberspace as we are down back alleys and across continents. That includes:

  • A Cyber Division at FBI Headquarters “to address cyber crime in a coordinated and cohesive manner”;
  • Specially trained cyber squads at FBI headquarters and in each of our 56 field offices, staffed with “agents and analysts who protect against investigate computer intrusions, theft of intellectual property and personal information, child pornography and exploitation, and online fraud”;
  • New Cyber Action Teams that “travel around the world on a moment’s notice to assist in computer intrusion cases” and that “gather vital intelligence that helps us identify the cyber crimes that are most dangerous to our national security and to our economy;”
  • Our Computer Crimes Task Forces nationwide that combine state-of-the-art technology and the resources of our federal, state, and local counterparts;
  • A growing partnership with other federal agencies—including the Department of Defense, the Department of Homeland Security, and others—which share similar concerns and resolve in combating cyber crime.
Cyber Agent

Ransomware

Hospitals, school districts, state and local governments, law enforcement agencies, small businesses, large businesses—these are just some of the entities impacted by ransomware, an insidious type of malware that encrypts, or locks, valuable digital files and demands a ransom to release them.

The inability to access the important data these kinds of organizations keep can be catastrophic in terms of the loss of sensitive or proprietary information, the disruption to regular operations, financial losses incurred to restore systems and files, and the potential harm to an organization’s reputation. Home computers are just as susceptible to ransomware and the loss of access to personal and often irreplaceable items— including family photos, videos, and other data—can be devastating for individuals as well.

In a ransomware attack, victims—upon seeing an e-mail addressed to them—will open it and may click on an attachment that appears legitimate, like an invoice or an electronic fax, but which actually contains the malicious ransomware code. Or the e-mail might contain a legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects their computer with malicious software.

One the infection is present, the malware begins encrypting files and folders on local drives, any attached drives, backup drives, and potentially other computers on the same network that the victim computer is attached to. Users and organizations are generally not aware they have been infected until they can no longer access their data or until they begin to see computer messages advising them of the attack and demands for a ransom payment in exchange for a decryption key. These messages include instructions on how to pay the ransom, usually with bitcoins because of the anonymity this virtual currency provides.

Ransomware attacks are not only proliferating, they’re becoming more sophisticated. Several years ago, ransomware was normally delivered through spam e-mails, but because e-mail systems got better at filtering out spam, cyber criminals turned to spear phishing e-mails targeting specific individuals. And in newer instances of ransomware, some cyber criminals aren’t using e-mails at all—they can bypass the need for an individual to click on a link by seeding legitimate websites with malicious code, taking advantage of unpatched software on end-user computers.

The FBI doesn’t support paying a ransom in response to a ransomware attack. Paying a ransom doesn’t guarantee an organization that it will get its data back—there have been cases where organizations never got a decryption key after having paid the ransom. Paying a ransom not only emboldens current cyber criminals to target more organizations, it also offers an incentive for other criminals to get involved in this type of illegal activity. And by paying a ransom, an organization might inadvertently be funding other illicit activity associated with criminals.

So what does the FBI recommend? As ransomware techniques and malware continue to evolve—and because it’s difficult to detect a ransomware compromise before it’s too late—organizations in particular should focus on two main areas:

  • Prevention efforts—both in both in terms of awareness training for employees and robust technical prevention controls; and
  • The creation of a solid business continuity plan in the event of a ransomware attack.

Here are some tips for dealing with ransomware (primarily aimed at organizations and their employees, but some are also applicable to individual users):

  • Make sure employees are aware of ransomware and of their critical roles in protecting the organization’s data.
  • Patch operating system, software, and firmware on digital devices (which may be made easier through a centralized patch management system).
  • Ensure antivirus and anti-malware solutions are set to automatically update and conduct regular scans.
  • Manage the use of privileged accounts—no users should be assigned administrative access unless absolutely needed, and only use administrator accounts when necessary.
  • Configure access controls, including file, directory, and network share permissions appropriately. If users only need read specific information, they don’t need write-access to those files or directories.
  • Disable macro scripts from office files transmitted over e-mail.
  • Implement software restriction policies or other controls to prevent programs from executing from common ransomware locations (e.g., temporary folders supporting popular Internet browsers, compression/decompression programs).
  • Back up data regularly and verify the integrity of those backups regularly.
  • Secure your backups. Make sure they aren’t connected to the computers and networks they are backing up.

Related Priorities

Going Dark

Law enforcement at all levels has the legal authority to intercept and access communications and information pursuant to court orders, but often lacks the technical ability to carry out those orders because of a fundamental shift in communications services and technologies. This scenario is often called “Going Dark” and can hinder access to valuable information that may help identity and save victims, reveal evidence to convict perpetrators, or exonerate the innocent.
Read more about the FBI’s response to the Going Dark problem.

Identity Theft

Identity theft—increasingly being facilitated by the Internet—occurs when someone unlawfully obtains another’s personal information and uses it to commit theft or fraud. The FBI uses both its cyber and criminal resources—along with its intelligence capabilities—to identify and stop crime groups in their early stages and to root out the many types of perpetrators, which span the Bureau’s investigative priorities.

More on the FBI’s efforts to combat identity theft.

Online Predators

The FBI’s online predators and child sexual exploitation investigations are managed under our Violent Crimes Against Children Program, Criminal Investigative Division. These investigations involve all areas of the Internet and online services, including social networking venues, websites that post child pornography, Internet news groups, Internet Relay Chat channels, online groups and organizations, peer-to-peer file-sharing programs, bulletin board systems, and other online forums.

Read more about our Violent Crimes Against Children Program.

Initiatives and Partnerships

The Internet Crime Complaint Center

The mission of the Internet Crime Complaint Center (IC3) is to provide the public with a reliable and convenient reporting mechanism to submit information to the FBI concerning suspected Internet-facilitated fraud schemes and to develop effective alliances with law enforcement and industry partners. Information is analyzed and disseminated for investigative and intelligence purposes to law enforcement and for public awareness.

Visit the IC3’s website for more information, including IC3 annual reports.

Cyber Action Team

It can be a company’s worst nightmare—the discovery that hackers have infiltrated their computer networks and made off with trade secrets, customers’ personal information, and other critical data. Today’s hackers have become so sophisticated that they can overcome even the best network security measures. When such intrusions happen—and unfortunately, they occur frequently—the FBI can respond with a range of investigative assets, including the little-known Cyber Action Team (CAT). This rapid deployment group of cyber experts can be on the scene just about anywhere in the world within 48 hours, providing investigative support and helping to answer critical questions that can quickly move a case forward.

Established by the FBI’s Cyber Division in 2006 to provide rapid incident response on major computer intrusions and cyber-related emergencies, the team has approximately 50 members located in field offices around the country. They are either special agents or computer scientists, and all possess advanced training in computer languages, forensic investigations, and malware analysis. And since the team’s inception, the Bureau has investigated hundreds of cyber crimes, and a number of those cases were deemed of such significance that the rapid response and specialized skills of the Cyber Action Team were required. Some of those cases affected U.S. interests abroad, and the team deployed overseas, working through our legal attaché offices and with our international partners.

Members of the team make an initial assessment, and then call in additional experts as needed. Using cutting-edge tools, the team look’s for a hacker’s signature. In the cyber world, such signatures are called TTPs—tools, techniques, and procedures. The TTPs usually point to a specific group or person. The hackers may represent a criminal enterprise looking for financial gain or state-sponsored entities seeking a strategic advantage over the U.S.

National Cyber Forensics & Training Alliance

Long before cyber crime was acknowledged to be a significant criminal and national security threat, the FBI supported the establishment of a forward-looking organization to proactively address the issue. Called the National Cyber-Forensics & Training Alliance (NCFTA), this organization—created in 1997 and based in Pittsburgh—has become an international model for bringing together law enforcement, private industry, and academia to build and share resources, strategic information, and threat intelligence to identify and stop emerging cyber threats and mitigate existing ones.

Since its establishment, the NCFTA has evolved to keep up with the ever-changing cyber crime landscape. Today, the organization deals with threats from transnational criminal groups including spam, botnets, stock manipulation schemes, intellectual property theft, pharmaceutical fraud, telecommunications scams, and other financial fraud schemes that result in billions of dollars in losses to companies and consumers.

The FBI Cyber Division’s Cyber Initiative and Resource Fusion Unit (CIRFU) works with the NCFTA, which draws its intelligence from the hundreds of private sector NCFTA members, NCFTA intelligence analysts, Carnegie Mellon University’s Computer Emergency Response Team (CERT), and the FBI’s Internet Crime Complaint Center. This extensive knowledge base has helped CIRFU play a key strategic role in some of the FBI’s most significant cyber cases in the past several years.

Because of the global reach of cyber crime, no single organization, agency, or country can defend against it. Vital partnerships like the NCFTA are key to protecting cyberspace and ensuring a safer cyber future for our citizens and countries around the world.

For more information visit the National Cyber-Forensics & Training Alliance website.

Protections

How to Protect Your Computer

Below are some key steps to protecting your computer from intrusion:

Keep Your Firewall Turned On: A firewall helps protect your computer from hackers who might try to gain access to crash it, delete information, or even steal passwords or other sensitive information. Software firewalls are widely recommended for single computers. The software is prepackaged on some operating systems or can be purchased for individual computers. For multiple networked computers, hardware routers typically provide firewall protection.

Install or Update Your Antivirus Software: Antivirus software is designed to prevent malicious software programs from embedding on your computer. If it detects malicious code, like a virus or a worm, it works to disarm or remove it. Viruses can infect computers without users’ knowledge. Most types of antivirus software can be set up to update automatically.

Install or Update Your Antispyware Technology: Spyware is just what it sounds like—software that is surreptitiously installed on your computer to let others peer into your activities on the computer. Some spyware collects information about you without your consent or produces unwanted pop-up ads on your web browser. Some operating systems offer free spyware protection, and inexpensive software is readily available for download on the Internet or at your local computer store. Be wary of ads on the Internet offering downloadable antispyware—in some cases these products may be fake and may actually contain spyware or other malicious code. It’s like buying groceries—shop where you trust.

Keep Your Operating System Up to Date: Computer operating systems are periodically updated to stay in tune with technology requirements and to fix security holes. Be sure to install the updates to ensure your computer has the latest protection.

Be Careful What You Download: Carelessly downloading e-mail attachments can circumvent even the most vigilant anti-virus software. Never open an e-mail attachment from someone you don’t know, and be wary of forwarded attachments from people you do know. They may have unwittingly advanced malicious code.

Turn Off Your Computer: With the growth of high-speed Internet connections, many opt to leave their computers on and ready for action. The downside is that being “always on” renders computers more susceptible. Beyond firewall protection, which is designed to fend off unwanted attacks, turning the computer off effectively severs an attacker’s connection—be it spyware or a botnet that employs your computer’s resources to reach out to other unwitting users.

Screenshot of the FBI Safe Online Surfing homepage, depicting the various islands and characters for each grade level served by the program.

Safe Online Surfing

The FBI Safe Online Surfing (FBI-SOS) program is a nationwide initiative designed to educate children in grades 3 to 8 about the dangers they face on the Internet and to help prevent crimes against children.

It promotes cyber citizenship among students by engaging them in a fun, age-appropriate, competitive online program where they learn how to safely and responsibly use the Internet.

The program emphasizes the importance of cyber safety topics such as password security, smart surfing habits, and the safeguarding of personal information.

FBI – Study About Active Shooters Cause Massacres

 

 

Bildergebnis für shooting massacre

In 2017 there were 30 separate active shootings in the United States, the largest number ever recorded by the FBI during a one-year period.1 With so many attacks occurring, it can become easy to believe that nothing can stop an active shooter determined to commit violence. “The offender just snapped” and “There’s no way that anyone could have seen this coming” are common reactions that can fuel a collective sense of a “new normal,” one punctuated by a sense of hopelessness and helplessness. Faced with so many tragedies, society routinely wrestles with a fundamental question: can anything be done to prevent attacks on our loved ones, our children, our schools, our churches, concerts, and communities?

There is cause for hope because there is something that can be done. In the weeks and months before an attack, many active shooters engage in behaviors that may signal impending violence. While some of these behaviors are intentionally concealed, others are observable and — if recognized and reported — may lead to a disruption prior to an attack. Unfortunately, well-meaning bystanders (often friends and family members of the active shooter) may struggle to appropriately categorize the observed behavior as malevolent. They may even resist taking action to report for fear of erroneously labeling a friend or family member as a potential killer. Once reported to law enforcement, those in authority may also struggle to decide how best to assess and intervene, particularly if no crime has yet been committed.

By articulating the concrete, observable pre-attack behaviors of many active shooters, the FBI hopes to make these warning signs more visible and easily identifiable. This information is intended to be used not only by law enforcement officials, mental health care practitioners, and threat assessment professionals, but also by parents, friends, teachers, employers and anyone who suspects that a person is moving towards violence.

Key Findings of the Phase II Study

  1. The 63 active shooters examined in this study did not appear to be uniform in any way such that they could be readily identified prior to attacking based on demographics alone.
  2. Active shooters take time to plan and prepare for the attack, with 77% of the subjects spending a week or longer planning their attack and 46% spending a week or longer actually preparing (procuring the means) for the attack.
  3. A majority of active shooters obtained their firearms legally, with only very small percentages obtaining a firearm illegally.
  4. The FBI could only verify that 25% of active shooters in the study had ever been diagnosed with a mental illness. Of those diagnosed, only three had been diagnosed with a psychotic disorder.
  5. Active shooters were typically experiencing multiple stressors (an average of 3.6 separate stressors) in the year before they attacked.
  6. On average, each active shooter displayed 4 to 5 concerning behaviors over time that were observable to others around the shooter. The most frequently occurring concerning behaviors were related to the active shooter’s mental health, problematic interpersonal interactions, and leakage of violent intent.
  7. For active shooters under age 18, school peers and teachers were more likely to observe concerning behaviors than family members. For active shooters 18 years old and over, spouses/domestic partners were the most likely to observe concerning behaviors.
  8. When concerning behavior was observed by others, the most common response was to communicate directly to the active shooter (83%) or do nothing (54%). In 41% of the cases the concerning behavior was reported to law enforcement. Therefore, just because concerning behavior was recognized does not necessarily mean that it was reported to law enforcement.
  9. In those cases where the active shooter’s primary grievance could be identified, the most common grievances were related to an adverse interpersonal or employment action against the shooter (49%).
  10. In the majority of cases (64%) at least one of the victims was specifically targeted by the active shooter. 

%d bloggers like this: