[ISN] DOD investigates hacking of troops' personal computers

From: InfoSec News (alerts@private)
Date: Sun Mar 25 2007 - 22:34:14 PST


http://www.af.mil/news/story.asp?id=123046045

By Carmen L. Gleason
American Forces Press Service
3/23/2007 

WASHINGTON (AFNEWS) -- Defense Department officials have launched an 
investigation into recent computer hackings of servicemembers' home 
computers that compromised personal information and led to the 
redirection of funds from their military pay accounts.
 
Over the past eight months, nearly two dozen Defense Finance and 
Accounting Service "myPay" participants have had their accounts accessed 
by unauthorized personnel, officials said. The myPay program allows DFAS 
users to manage pay information, leave and earnings statements and W-2s 
online.

The compromise likely came from personal information being stolen from 
home computers via spyware and keystroke-logging viruses, DFAS officials 
said.

A hacker redirected one servicemember's pay to a credit card vendor by 
changing account information the day before pay day, said Tom LaRock, 
DFAS spokesman. However, he added, DFAS quickly worked with his bank to 
have funds returned to his account within two days.

When suspicious activity is detected under the current system used by 
DFAS, LaRock explained, financial institutions are immediately notified 
so reversals can be made to servicemembers' accounts. DFAS plans to 
launch a new program soon that will increase the ability to detect 
unauthorized changes prior to processing by pay systems. This will make 
the system for myPay's 3.7 million users even more responsive, LaRock 
said.

"This won't completely stop compromises," he said, "but it will help 
alert us more quickly so appropriate actions can be taken."

Key-logging software often is installed on systems when an individual 
simply views e-mails or clicks links that look and seem like reputable 
sites. Hackers then are able to detect passwords and other personal 
information, DFAS officials said.

The organization is reminding customers that they have a responsibility 
to take measures to protect their personal information from scams and 
identity theft.

DFAS warns that a variety of methods can be used to attack home 
computers, including phishing, malicious software and outside takeovers 
via bad software configurations. Users are encouraged to install and 
continually update anti-virus and firewall software.

DFAS offers tips for security and protection to its users on its Web 
site, https://mypay.dfas.mil/PersonalData.htm

The Defense Department also offers free downloads of antivirus and 
firewall software programs to servicemembers and civilians under terms 
of the DOD enterprise antivirus license with supporting companies.


_________________________________________
Visit the InfoSec News Security Bookstore
http://www.shopinfosecnews.org



This archive was generated by hypermail 2.1.3 : Sun Mar 25 2007 - 22:52:13 PST