Welcome Guest! To enable all features please Login or Register.

Notification

Icon
Error

Information Security

Information security can mean protecting information and information systems from unauthorized access, use, disclosure, disruption, modification or destruction. This goes beyond just computers and networks. Risks and threats can come from individuals, acts of nature, and new technology.

This topic affects everyone in the federal workforce - top to bottom. Thus, it is also the responsibility of everyone in the federal workforce to protect the information from threats.

Share your experience with securing information.

Options
Go to last post Go to first unread
wizard  
#1 Posted : Wednesday, January 25, 2012 6:55:00 AM(UTC)
wizard

Rank: Senior Member

Groups: Registered
Joined: 10/9/2007(UTC)
Posts: 229

1.  Purpose.   This CISC note is intended to inform all Marine Corps personnel about the new Sykipot strain specifically targets the technology used to support the Pentagon's CAC system and the emails seeking to spread it often are disguised as official military or government communications.

2.  Background.   A Chinese-based cyber attack is targeting the Defense Department's Common Access Cards with technology that could steal information from military networks while troops and civilians work at their desks. The new cyber weapon apparently can get inside individual computers after users unwittingly open a standard PDF email file. Once embedded, it logs the users' keystrokes to obtain personal identification numbers or codes associated with that card and user.

  (1) A Chinese-based Trojan virus (a variant of Sykipot) is targeting DOD CACs and can steal CAC information, user PINs, as well as data stored in impacted systems

  (2) Once imbedded on a computer, the virus:

    (a) Logs user keystrokes to include PIN information for CAC users signing into the network or a specific application/system

    (b) Has the ability to subsequently act as the authenticated user to steal other information as long as the CAC remains in the smart-card reader

    (c) Has the ability to capture public key encryption certificates stored on the system as long as the CAC remains in the smart-card reader

3.  Action. Defending against attacks using this technology is extremely difficult. The best way to keep military networks secure is to train troops and civilian employees not to open any unfamiliar files or email attachments. To lure defense workers to open the infected attachment, some of the emails have used information about new drone technology and pictures of unmanned aerial vehicles.

4.  Coordinating Instructions.

USER PREVENTIVE ACTIONS:

(1) If you receive an E-Mail from someone you do not know in which the sender urges you to open any imbedded internet links or attached .pdf files.

    (a) DO NOT: Open the attached files

    (b) DO NOT: Access the imbedded internet links

    (c) DO NOT: Respond to the E-Mail

    (d) DO NOT: Forward the email to anyone.

(2) Instead, you should delete the E-Mail and then empty your deleted items folder in Outlook.

Knight  
#2 Posted : Wednesday, January 25, 2012 8:05:26 AM(UTC)
Knight

Rank: Senior Member

Groups: Registered
Joined: 1/2/2009(UTC)
Posts: 5,886
Man

Thanks: 1 times
Was thanked: 8 time(s) in 8 post(s)
Minor peeve: It is not a CAC card. CAC = Common Access Card. You would not say, "Common Access Card card."
Tiredofwork  
#3 Posted : Wednesday, January 25, 2012 9:34:12 PM(UTC)
Tiredofwork

Rank: Senior Member

Groups: Registered
Joined: 1/19/2012(UTC)
Posts: 244

Knight wrote:
Minor peeve: It is not a CAC card. CAC = Common Access Card. You would not say, "Common Access Card card."

Ha, finally, I'm not the only one who thinks this!
martyb  
#4 Posted : Wednesday, January 25, 2012 11:20:01 PM(UTC)
martyb

Rank: Senior Member

Groups: Registered
Joined: 11/3/2006(UTC)
Posts: 3,507

Was thanked: 1 time(s) in 1 post(s)
LOL, I wish that's all I had to worry about....  It bugs me more when people spell annuity "annunity"....Wacko
Forum trolls to 0%
TRW  
#5 Posted : Thursday, January 26, 2012 1:21:37 AM(UTC)
TRW

Rank: Senior Member

Groups ready for retrieval: Registered
Joined: 1/13/2010(UTC)
Posts: 284

Ha......when I was in the AF, aircraft would sometimes get "FOD damage."

Basically this translates as: Foreign Object Damage Damage.
 
martyb  
#6 Posted : Thursday, January 26, 2012 3:06:30 AM(UTC)
martyb

Rank: Senior Member

Groups: Registered
Joined: 11/3/2006(UTC)
Posts: 3,507

Was thanked: 1 time(s) in 1 post(s)
Yeah, that one too!  33 yrs in Air Force maintenance...so you can bet I heard the word FOD a couple times....:).  Know what you mean, though.
 
Ummm...better correct that to say the acronym FOD.  martyb2012-01-26 11:12:43
Forum trolls to 0%
simchief  
#7 Posted : Thursday, January 26, 2012 4:34:04 AM(UTC)
simchief

Rank: Senior Member

Groups: Registered
Joined: 9/5/2006(UTC)
Posts: 643

I heard them different:

 

Foreign Objects of Debris Damage: FOD damage

Common Access Control Card: CAC card

I'll be shoveling along: <br />Digger O'Dell
Knight  
#8 Posted : Thursday, January 26, 2012 10:01:28 AM(UTC)
Knight

Rank: Senior Member

Groups: Registered
Joined: 1/2/2009(UTC)
Posts: 5,886
Man

Thanks: 1 times
Was thanked: 8 time(s) in 8 post(s)
ATM machine
AGE equipment
wizard  
#9 Posted : Sunday, January 29, 2012 11:00:36 AM(UTC)
wizard

Rank: Senior Member

Groups: Registered
Joined: 10/9/2007(UTC)
Posts: 229

so...we have one of the most dangerous virus's the DoD has come across and the topic of conversation is proper grammar?
whatever...Ermm


wizard  
#10 Posted : Sunday, January 29, 2012 1:15:00 PM(UTC)
wizard

Rank: Senior Member

Groups: Registered
Joined: 10/9/2007(UTC)
Posts: 229

oops almost forgot...
hot water heaterTongue
Tiredofwork  
#11 Posted : Sunday, January 29, 2012 1:30:53 PM(UTC)
Tiredofwork

Rank: Senior Member

Groups: Registered
Joined: 1/19/2012(UTC)
Posts: 244

wizard wrote:
<div style=": rgb255, 255, 255; margin-left: 2px; margin-top: 2px; margin-right: 2px; margin-bottom: 2px; font-family: Verdana, Arial, Helvetica, sans-serif; color: rgb0, 0, 0; font-weight: normal; font-size: 12px; line-height: 1.4; border-top-width: 0px; border-right-width: 0px; border-bottom-width: 0px; border-left-width: 0px; border-style: initial; border-color: initial; -: none; ">so...we have one of the most dangerous virus's the DoD has come across and the topic of conversation is proper grammar?
whatever...Ermm



Like anyone here has the power or knowledge to fix it
wizard  
#12 Posted : Sunday, January 29, 2012 10:43:36 PM(UTC)
wizard

Rank: Senior Member

Groups: Registered
Joined: 10/9/2007(UTC)
Posts: 229

lol...

Definitely

wouldn't expect someone here of having the knowledge, capacity, or power to fix it. your comments are much more expected.

wizard2012-01-30 07:06:10
hustonj  
#13 Posted : Monday, January 30, 2012 3:48:20 AM(UTC)
hustonj

Rank: Senior Member

Groups: Registered
Joined: 5/17/2011(UTC)
Posts: 1,179

Was thanked: 9 time(s) in 8 post(s)
wizard wrote:
so...we have one of the most dangerous virus's the DoD has come across
 
Not really.  We have a standard, run-of-the-mill trojan with a spy payload and a target base of people unwilling to follow the most basic rules about not being social engineering puppets.
 
The only thing here worth note is the shock and surpirse that this stuff actually exists and is in use.
martyb  
#14 Posted : Monday, January 30, 2012 4:38:48 AM(UTC)
martyb

Rank: Senior Member

Groups: Registered
Joined: 11/3/2006(UTC)
Posts: 3,507

Was thanked: 1 time(s) in 1 post(s)
QUOTE=wizard]oops almost forgot...
hot water heaterTongue
 
 
Kevin....?
martyb2012-01-30 12:45:12
Forum trolls to 0%
Rss Feed  Atom Feed
Users browsing this topic
Guest
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.


This page was generated in 0.932 seconds.