http://www.af.mil/news/story.asp?id=123046045 By Carmen L. Gleason American Forces Press Service 3/23/2007 WASHINGTON (AFNEWS) -- Defense Department officials have launched an investigation into recent computer hackings of servicemembers' home computers that compromised personal information and led to the redirection of funds from their military pay accounts. Over the past eight months, nearly two dozen Defense Finance and Accounting Service "myPay" participants have had their accounts accessed by unauthorized personnel, officials said. The myPay program allows DFAS users to manage pay information, leave and earnings statements and W-2s online. The compromise likely came from personal information being stolen from home computers via spyware and keystroke-logging viruses, DFAS officials said. A hacker redirected one servicemember's pay to a credit card vendor by changing account information the day before pay day, said Tom LaRock, DFAS spokesman. However, he added, DFAS quickly worked with his bank to have funds returned to his account within two days. When suspicious activity is detected under the current system used by DFAS, LaRock explained, financial institutions are immediately notified so reversals can be made to servicemembers' accounts. DFAS plans to launch a new program soon that will increase the ability to detect unauthorized changes prior to processing by pay systems. This will make the system for myPay's 3.7 million users even more responsive, LaRock said. "This won't completely stop compromises," he said, "but it will help alert us more quickly so appropriate actions can be taken." Key-logging software often is installed on systems when an individual simply views e-mails or clicks links that look and seem like reputable sites. Hackers then are able to detect passwords and other personal information, DFAS officials said. The organization is reminding customers that they have a responsibility to take measures to protect their personal information from scams and identity theft. DFAS warns that a variety of methods can be used to attack home computers, including phishing, malicious software and outside takeovers via bad software configurations. Users are encouraged to install and continually update anti-virus and firewall software. DFAS offers tips for security and protection to its users on its Web site, https://mypay.dfas.mil/PersonalData.htm The Defense Department also offers free downloads of antivirus and firewall software programs to servicemembers and civilians under terms of the DOD enterprise antivirus license with supporting companies. _________________________________________ Visit the InfoSec News Security Bookstore http://www.shopinfosecnews.org
This archive was generated by hypermail 2.1.3 : Sun Mar 25 2007 - 22:52:13 PST