Information Security

Information security can mean protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. This goes beyond just computers and networks. Risks and threats can come from individuals, acts of nature, and new technology.

This topic affects everyone in the federal workforce - top to bottom. Thus, it is also the responsibility of everyone in the federal workforce to protect the information from threats.

Share your experience with securing information.

CAC Card Virus - CAC Card Virus

Options

Previous Topic Next Topic

wizard		#1 Posted : Wednesday, January 25, 2012 6:55:00 AM(UTC)
Rank: Senior Member Groups: Registered Joined: 10/9/2007(UTC) Posts: 229		1. Purpose. This CISC note is intended to inform all Marine Corps personnel about the new Sykipot strain specifically targets the technology used to support the Pentagon's CAC system and the emails seeking to spread it often are disguised as official military or government communications. 2. Background. A Chinese-based cyber attack is targeting the Defense Department's Common Access Cards with technology that could steal information from military networks while troops and civilians work at their desks. The new cyber weapon apparently can get inside individual computers after users unwittingly open a standard PDF email file. Once embedded, it logs the users' keystrokes to obtain personal identification numbers or codes associated with that card and user. (1) A Chinese-based Trojan virus (a variant of Sykipot) is targeting DOD CACs and can steal CAC information, user PINs, as well as data stored in impacted systems (2) Once imbedded on a computer, the virus: (a) Logs user keystrokes to include PIN information for CAC users signing into the network or a specific application/system (b) Has the ability to subsequently act as the authenticated user to steal other information as long as the CAC remains in the smart-card reader (c) Has the ability to capture public key encryption certificates stored on the system as long as the CAC remains in the smart-card reader 3. Action. Defending against attacks using this technology is extremely difficult. The best way to keep military networks secure is to train troops and civilian employees not to open any unfamiliar files or email attachments. To lure defense workers to open the infected attachment, some of the emails have used information about new drone technology and pictures of unmanned aerial vehicles. 4. Coordinating Instructions. USER PREVENTIVE ACTIONS: (1) If you receive an E-Mail from someone you do not know in which the sender urges you to open any imbedded internet links or attached .pdf files. (a) DO NOT: Open the attached files (b) DO NOT: Access the imbedded internet links (c) DO NOT: Respond to the E-Mail (d) DO NOT: Forward the email to anyone. (2) Instead, you should delete the E-Mail and then empty your deleted items folder in Outlook.


User Profile View All Posts by User View Thanks

Knight		#2 Posted : Wednesday, January 25, 2012 8:05:26 AM(UTC)
Rank: Senior Member Groups: Registered Joined: 1/2/2009(UTC) Posts: 7,337 Thanks: 242 times Was thanked: 478 time(s) in 395 post(s)		Minor peeve: It is not a CAC card. CAC = Common Access Card. You would not say, "Common Access Card card."


User Profile View All Posts by User View Thanks

Tiredofwork		#3 Posted : Wednesday, January 25, 2012 9:34:12 PM(UTC)
Rank: Senior Member Groups: Registered Joined: 1/19/2012(UTC) Posts: 244		Knight wrote: Minor peeve: It is not a CAC card. CAC = Common Access Card. You would not say, "Common Access Card card." Ha, finally, I'm not the only one who thinks this!


User Profile View All Posts by User View Thanks

martyb		#4 Posted : Wednesday, January 25, 2012 11:20:01 PM(UTC)
Rank: Senior Member Groups: Registered Joined: 11/3/2006(UTC) Posts: 3,527 Thanks: 6 times Was thanked: 16 time(s) in 14 post(s)		LOL, I wish that's all I had to worry about.... It bugs me more when people spell annuity "annunity"....
		Forum trolls to 0%


User Profile View All Posts by User View Thanks

TRW		#5 Posted : Thursday, January 26, 2012 1:21:37 AM(UTC)
Rank: Senior Member Groups: Registered Joined: 1/13/2010(UTC) Posts: 321 Was thanked: 3 time(s) in 2 post(s)		Ha......when I was in the AF, aircraft would sometimes get "FOD damage." Basically this translates as: Foreign Object Damage Damage.


User Profile View All Posts by User View Thanks

martyb		#6 Posted : Thursday, January 26, 2012 3:06:30 AM(UTC)
Rank: Senior Member Groups: Registered Joined: 11/3/2006(UTC) Posts: 3,527 Thanks: 6 times Was thanked: 16 time(s) in 14 post(s)		Yeah, that one too! 33 yrs in Air Force maintenance...so you can bet I heard the word FOD a couple times....:). Know what you mean, though. Ummm...better correct that to say the acronym FOD. martyb2012-01-26 11:12:43
		Forum trolls to 0%


User Profile View All Posts by User View Thanks

Scotty		#7 Posted : Thursday, January 26, 2012 4:34:04 AM(UTC)
Rank: Senior Member Groups: Registered Joined: 9/5/2006(UTC) Posts: 643 Was thanked: 1 time(s) in 1 post(s)		I heard them different: Foreign Objects of Debris Damage: FOD damage Common Access Control Card: CAC card
		I'll be shoveling along: <br />Digger O'Dell


User Profile View All Posts by User View Thanks

Knight		#8 Posted : Thursday, January 26, 2012 10:01:28 AM(UTC)
Rank: Senior Member Groups: Registered Joined: 1/2/2009(UTC) Posts: 7,337 Thanks: 242 times Was thanked: 478 time(s) in 395 post(s)		ATM machine AGE equipment


User Profile View All Posts by User View Thanks

wizard		#9 Posted : Sunday, January 29, 2012 11:00:36 AM(UTC)
Rank: Senior Member Groups: Registered Joined: 10/9/2007(UTC) Posts: 229		so...we have one of the most dangerous virus's the DoD has come across and the topic of conversation is proper grammar? whatever...


User Profile View All Posts by User View Thanks

wizard		#10 Posted : Sunday, January 29, 2012 1:15:00 PM(UTC)
Rank: Senior Member Groups: Registered Joined: 10/9/2007(UTC) Posts: 229		oops almost forgot... hot water heater


User Profile View All Posts by User View Thanks

Tiredofwork		#11 Posted : Sunday, January 29, 2012 1:30:53 PM(UTC)
Rank: Senior Member Groups: Registered Joined: 1/19/2012(UTC) Posts: 244		wizard wrote: <div style=": rgb255, 255, 255; margin-left: 2px; margin-top: 2px; margin-right: 2px; margin-bottom: 2px; font-family: Verdana, Arial, Helvetica, sans-serif; color: rgb0, 0, 0; font-weight: normal; font-size: 12px; line-height: 1.4; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; -: none; ">so...we have one of the most dangerous virus's the DoD has come across and the topic of conversation is proper grammar? whatever... Like anyone here has the power or knowledge to fix it


User Profile View All Posts by User View Thanks

wizard		#12 Posted : Sunday, January 29, 2012 10:43:36 PM(UTC)
Rank: Senior Member Groups: Registered Joined: 10/9/2007(UTC) Posts: 229		lol... Definitely wouldn't expect someone here of having the knowledge, capacity, or power to fix it. your comments are much more expected. wizard2012-01-30 07:06:10


User Profile View All Posts by User View Thanks

hustonj		#13 Posted : Monday, January 30, 2012 3:48:20 AM(UTC)
Rank: Senior Member Groups: Registered Joined: 5/17/2011(UTC) Posts: 2,270 Thanks: 8 times Was thanked: 322 time(s) in 259 post(s)		wizard wrote: so...we have one of the most dangerous virus's the DoD has come across Not really. We have a standard, run-of-the-mill trojan with a spy payload and a target base of people unwilling to follow the most basic rules about not being social engineering puppets. The only thing here worth note is the shock and surpirse that this stuff actually exists and is in use.


User Profile View All Posts by User View Thanks

martyb		#14 Posted : Monday, January 30, 2012 4:38:48 AM(UTC)
Rank: Senior Member Groups: Registered Joined: 11/3/2006(UTC) Posts: 3,527 Thanks: 6 times Was thanked: 16 time(s) in 14 post(s)		QUOTE=wizard]oops almost forgot... hot water heater Kevin....? martyb2012-01-30 12:45:12
		Forum trolls to 0%


User Profile View All Posts by User View Thanks

Rss Feed

Atom Feed

Users browsing this topic
Guest

Forum Jump

You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.