WARLOCK-INDEX UNCLASSIFIED//OPEN SOURCE Strategic Research Corpus & Knowledge Arsenal

LOCAL CORPUS TERMINAL

STATUS: ONLINE

MODE: READ-ONLY

UPDATED:

Source Packet Collections Source Packets docs/collections/source-packets/official-threat-source-baseline/2026-06-18T0028Z-us-law-enforcement-threat-source-capture-packet.md
Source PacketCollectionsSource PacketsOfficial Source

U.S. Law Enforcement Threat Source Capture Packet

The law-enforcement lane should not be treated as a single "crime" bucket. Public FBI, DHS, DOJ, DEA, ATF, CBP, Coast Guard, Treasury, and State sources support separate evidence families: terrorism and targeted violence, counterintelligence and espionage, cybercrime and cyber-enabled fraud, WMD and proliferation prevention, transnational organized crime, illicit finance, border and port-of-entry statistics, maritime security, sanctions/legal status, and national-security prosecutions.

Full Index

UNCLASSIFIED//OPEN SOURCE

Source Packet ID: WI-SOURCE-PACKET-US-LE-2026-0001

Prepared UTC: 2026-06-18T00:28:13Z

Information cutoff UTC: 2026-06-18T00:28:13Z

Source base: FBI terrorism, counterintelligence, cyber, WMD, and IC3 public sources; DHS homeland-threat and intelligence source families; DOJ National Security Division source family; DEA, ATF, CBP, Coast Guard, Treasury, State, and official U.S. intelligence/law-enforcement register source lanes.

Analytic confidence: High for FBI and IC3 source-family identity and safe corpus routing. Moderate for DHS, DEA, ATF, CBP, Coast Guard, and DOJ page-level currency because those lanes require later dated document-level refresh before stronger trend judgments.

Purpose: Create a dated law-enforcement source-capture packet for terrorism, counterintelligence, cybercrime, WMD, transnational crime, border, maritime, sanctions, and national-security legal-source lanes.

Boundary: Strategic source organization only. This packet does not provide investigative direction, collection tasking, surveillance guidance, enforcement guidance, targeting support, operational planning, tactical instructions, route selection, evasion guidance, trafficking methods, procurement advice, cyber exploitation steps, malware indicators for misuse, explosives or WMD methods, facility mapping, domestic political profiling, or protected-speech analysis.

Bottom Line

The law-enforcement lane should not be treated as a single "crime" bucket. Public FBI, DHS, DOJ, DEA, ATF, CBP, Coast Guard, Treasury, and State sources support separate evidence families: terrorism and targeted violence, counterintelligence and espionage, cybercrime and cyber-enabled fraud, WMD and proliferation prevention, transnational organized crime, illicit finance, border and port-of-entry statistics, maritime security, sanctions/legal status, and national-security prosecutions.

This packet turns those families into a dated collection frame. It is not a threat list and not an investigative guide. Domestic coverage is usable only when tied to official public definitions, violence or criminal conduct, and explicit civil-liberties boundaries. Foreign threat, sanctions, cyber, and counterintelligence material must remain tied to official issuer statements, public legal records, or source registers.

Source Ledger

SourceClassAccess statusCorpus useReliability note
FBI Terrorism public pageAVerified 2026-06-18Terrorism definitions, current threat framing, JTTF/partnership routing, and protected-speech boundary languageAuthoritative for FBI public law-enforcement framing. It distinguishes violent criminal conduct from ideology and is not a substitute for designation, case, or intelligence-source evidence.
FBI Counterintelligence and Espionage public pageAVerified 2026-06-18Foreign intelligence, espionage, economic espionage, advanced-technology, insider-threat, and counterintelligence source-family routingAuthoritative for FBI public mission framing. Do not identify private persons, companies, communities, or protected activity as threats without official public evidence.
FBI Cyber public pageAVerified 2026-06-18Cybercrime, ransomware, cyber-enabled fraud, victim-reporting, and FBI cyber mission routingAuthoritative for FBI public framing. Use for strategic categories only; do not reproduce exploit chains, malware steps, scanning, evasion, or victim-specific detail.
FBI IC3 2024 Internet Crime ReportAVerified 2026-06-18Reported complaint/loss baseline for internet crime, cyber-enabled fraud, ransomware, elder fraud, cryptocurrency fraud, and IC3 data caveatsAuthoritative for reported IC3 complaint data. It is not a complete measurement of all cybercrime and should be labeled as complaint-based and underreported.
FBI Weapons of Mass Destruction public pageAVerified 2026-06-18Public law-enforcement WMD prevention source family and CBRNE terrorism-risk routingAuthoritative for FBI public framing. Do not extract materials, methods, device design, facility vulnerability, or response tactics.
DHS Homeland Threat Assessment source familyASource family registered; later dated document refresh requiredHomeland threat framing across terrorism, targeted violence, border security, illicit drugs, cyber, critical infrastructure, election security, foreign influence, and hazardsAuthoritative when a specific DHS report is verified. Dynamic URL and PDF paths require dated page-level capture before exact claims are carried.
DHS Office of Intelligence and AnalysisASource family registered; later dated page refresh requiredDHS intelligence mission, homeland threat environment, and federal/state/local/tribal/territorial/private coordination source routingAuthoritative for organizational framing. Do not extract collection, fusion-center, or partner operational detail.
DOJ National Security DivisionASource family registered; later dated case/page refresh requiredCounterintelligence, counterterrorism, sanctions/export-control, cyber, foreign-agent, and national-security legal-action source routingAuthoritative for public legal record and DOJ statements. Case allegations, pleas, convictions, and charges must be labeled by procedural status.
DEA National Drug Threat Assessment source familyASource family registered; later dated report refresh requiredTransnational criminal organization, fentanyl, synthetic drug, trafficking-finance, and cartel-source routing at strategic levelAuthoritative for DEA public threat framing when a dated report is captured. Do not reproduce trafficking, concealment, production, or distribution methods.
ATF firearms commerce and trafficking source familiesASource family registered; later dated report refresh requiredFirearms commerce, tracing, trafficking, explosives-statistics, and criminal-gun intelligence routing at public statistical levelAuthoritative for ATF public statistics and program framing. Do not provide procurement, conversion, trafficking, or explosives guidance.
CBP statistics source familyASource family registered; later dated page refresh requiredBorder, port-of-entry, encounter, seizure, migration, and trade-enforcement source routingAuthoritative for CBP public statistics. Definitions must be preserved; statistics do not by themselves prove criminality, motive, or threat status.
U.S. Coast Guard maritime security sourcesASource family registered; later dated page refresh requiredMaritime homeland security, port security, illegal fishing, Arctic maritime, drug interdiction, and maritime law-enforcement source routingAuthoritative for Coast Guard public framing. Do not extract patrol patterns, interdiction methods, route analysis, or live movement detail.
Treasury OFAC and illicit-finance source familiesARegistered and active in official U.S. source lanesSanctions, terrorist financing, money laundering, cyber sanctions, narcotics finance, and illicit finance source routingAuthoritative for Treasury public legal/status and risk-framing evidence. Do not provide sanctions-evasion or compliance-circumvention guidance.
State terrorism designation and reports source familiesARegistered and active in official U.S. source lanesFTO, state-sponsor, country-report, and counterterrorism cooperation source routingAuthoritative for State public designation/status framing. Designation evidence is not targeting evidence.

Collection Matrix

Law-enforcement lanePrimary source familiesCorpus useConfidenceExclusions
Terrorism and targeted violenceFBI terrorism; DHS HTA; State terrorism reports/designations; NCTC historical guide; Treasury sanctions; DOJ casesSeparate international terrorism, domestic terrorism, material-support, designation, financing, and case-status evidenceHigh for FBI definitions and source family; moderate for current DHS/State annual refreshNo tactics, recruitment, attack-method detail, political profiling, or protected-speech labeling
Counterintelligence and espionageFBI CI; ODNI/NCSC; DOJ NSD; Treasury sanctions; State/Commerce export-control lanes where publicRoute foreign intelligence, economic espionage, export-control, sanctions, and transnational repression evidenceHigh for FBI source-family framing; moderate for case-specific current stateNo private-person identification, collection guidance, insider-targeting guidance, or investigative methods
Cybercrime and cyber-enabled fraudFBI cyber; IC3; CISA/NSA/FBI advisories; DOJ disruption actions; Treasury cyber sanctions; State RFJDistinguish cybercrime complaints, ransomware, fraud, state-linked cyber activity, critical infrastructure, and legal-source eventsHigh for IC3 2024 complaint data; moderate for advisory page-level refreshNo exploit steps, malware detail, IOCs for misuse, scanning, evasion, victim-specific routing, or telecom network diagrams
WMD and proliferation law-enforcementFBI WMD; FSAP; DTRA; State BWC; ODNI disclosure; DOJ/Treasury proliferation casesLink terrorism-risk, biosecurity, proliferation, sanctions/legal records, and WMD public-source lanesModerate to high by source familyNo materials, methods, controlled lists, facility tables, site mapping, device design, or vulnerability analysis
Transnational organized crime and narcoticsDEA; Treasury; FBI TOC; DHS/HSI; CBP; Coast Guard; ATFRoute cartel/TCO, narcotics, firearms, maritime, finance, and border-source evidenceModerate pending dated DEA/CBP/ATF/Coast Guard refreshNo trafficking, concealment, manufacturing, procurement, logistics, or enforcement tactics
Border and port-of-entry statisticsCBP; DHS; DEA; Coast Guard; Treasury; GAO/CRS where relevantPreserve official definitions for encounters, seizures, admissibility, trade, and port lanesModerate pending page-level refreshNo route selection, evasion guidance, or migration-path analysis
Maritime law enforcementCoast Guard; CBP; DEA; Treasury; State; NOAA/NGA map referencesRoute maritime security, ports, illegal fishing, Arctic maritime, and maritime trafficking evidenceModerate pending dated Coast Guard refreshNo patrol patterns, interdiction points, vessel tracking, route guidance, or tactical analysis
National-security legal actionsDOJ NSD; FBI; Treasury; State; Federal Register; court records where publicSeparate allegations, indictments, pleas, convictions, forfeiture, sanctions, and civil actionsModerate pending case-level refreshNo doxxing, investigative direction, witness/informant detail, or private-person profiling beyond public legal records

Source Treatment Rules

  1. Keep issuer layers separate: FBI mission pages, DHS assessments, DOJ legal actions, Treasury sanctions, State designations, DEA threat reports, ATF statistics, CBP statistics, and Coast Guard maritime sources do not establish the same kind of evidence.
  2. Label data type before making a claim: complaint data, designation status, legal allegation, conviction, sanctions listing, annual threat assessment, statistical seizure data, source-family routing, or issuer perspective.
  3. Treat IC3 statistics as reported complaint data. Do not present complaint counts or losses as complete measurement of all cybercrime.
  4. Preserve civil-liberties boundaries in domestic terrorism or targeted violence lanes. Lawful dissent, protected speech, religion, ethnicity, nationality, journalism, protest, association, and political identity are not WARLOCK-INDEX threat categories.
  5. Do not carry operationally useful details from cyber, WMD, narcotics, firearms, border, maritime, or investigative sources.
  6. Use DOJ case material only with procedural status labels. An indictment is an allegation; a conviction, plea, forfeiture, or sentencing carries a different evidentiary status.
  7. Refresh dynamic agency pages before direct quotation or exact trend extraction. This packet establishes routing, not final page-level extraction for every agency source.

Integration Notes

  • The official threat source tracker should treat this packet as the law enforcement umbrella packet for FBI, DHS, DOJ, DEA, ATF, CBP, Coast Guard, State, and Treasury lanes.
  • The U.S. intelligence and law-enforcement register remains the canonical source-family ledger; this packet is the dated collection product.
  • Cyber material should cross-link to the cyber baseline, PRC cyber packet, Salt Typhoon source note, CISA/NSA/FBI advisory lanes, IC3 data, and DOJ disruption-source events.
  • WMD material should cross-link to the WMD/biosecurity packet, ODNI biolab disclosure source-treatment note, Ukraine biolab reconciliation note, FSAP, FBI WMD, DTRA, and State/BWC lanes.
  • TCO, narcotics, border, maritime, and firearms material needs later dedicated packets before the corpus makes stronger trend judgments.

Follow-On Queue

  • FBI/DHS terrorism and targeted-violence source packet with current DHS HTA and State designation refresh.
  • FBI/DOJ counterintelligence and national-security legal-action source packet with procedural-status rules.
  • IC3/cybercrime complaint-data source packet with CISA/NSA/FBI advisory crosswalk.
  • DEA/Treasury/CBP TCO and narcotics source packet.
  • ATF firearms commerce, tracing, trafficking, and explosives statistics source packet.
  • CBP border and port-of-entry statistics source packet.
  • Coast Guard maritime homeland security and law-enforcement source packet.

Cross References