[ISN] Navy purchase cards hacked

From: InfoSec News (isnat_private)
Date: Fri Aug 22 2003 - 01:38:46 PDT

  • Next message: InfoSec News: "[ISN] More Sobig.F"

    http://www.fcw.com/fcw/articles/2003/0818/web-navy-08-21-03.asp
    
    By Matthew French 
    Aug. 21, 2003 
    
    The Navy has canceled all its purchase card accounts after discovering 
    that more than half of them may have been compromised by a hack 
    attack.
    
    Defense Department officials this morning said that a system 
    containing data for about 13,000 of the Navy's purchase cards had been 
    hacked. In response, the Navy canceled all purchase card accounts, 
    about 22,000, to "minimize unauthorized purchases," according to a 
    statement released by the DOD Purchase Card Management Office.
    
    "Vendors who accept the purchase card and do business with the Navy 
    should be aware that all card accounts have been canceled and that 
    Citibank is working quickly to reestablish new accounts and cards," 
    the statement read. "In the meantime, emergency purchases are being 
    handled on a case-by-case basis to fully support Navy requirements." 
    
    DOD has designated a team to investigate how the hack occurred and 
    what needs to be done to stop future attacks. A Defense Criminal 
    Investigative team is also on site.
    
    Glenn Flood, a spokesman for DOD, said the department does not know 
    how the hackers accessed the numbers or whether any money was spent 
    before the theft was realized.
    
    The purchase cards, which are credit cards that can be used for 
    official government purchases of less than $2,500, have been burdened 
    with problems for years. The General Accounting Office has called 
    controls over the Navy's purchase card program particularly weak. 
    
    DOD over the past few years reduced the overall number of purchase 
    cards issued to its uniformed and civilian employees to reduce the 
    total risk of fraud or abuse. The department has long dealt with 
    myriad unauthorized purchases -- from prostitutes to plastic surgery, 
    motorcycles to music concerts -- and cardholders defaulting on their 
    accounts to the tune of several million dollars. 
    
    Defense agencies have used data mining techniques to crack down on 
    fraudulent and inappropriate use of the purchase cards, but problems 
    persist.
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomoat_private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Fri Aug 22 2003 - 05:10:00 PDT