Thursday, October 30, 2014

Cybersecurity is an even bigger concern for service members

by 673d Communications Squadron
Cyber Security Team

10/30/2014 - JOINT BASE ELMENDORF-RICHARDSON, Alaska -- Many people in Alaska enjoy fishing, but there are some that enjoy phishing Alaskans.

Phishing - as in fishing for confidential information - refers to a scam which fraudulently obtains and uses an individual's personal or financial information.

There are three general types of phishing.

Phishing is an email that targets the general public.

These emails often direct a user to respond with personal information, or direct the user to a fraudulent website which collects the information.

Spear phishing is a phishing email that targets a specific group. One example of this would be an email sent to military members directing them to verify their personal information on a fake Veterans Administration website.

Whaling is an email targeting high-profile people or those who are able to exert great influence over an organization.
How can you tell if an email is phishing attempt?

Some attempts are very cleverly disguised; however, there a few things you can watch for.

Cybercriminals are not known for their grammar and spelling.

Professional companies or organizations usually have a staff of copy editors, who will not allow a mass email with errors to go out to its users.

If you notice mistakes in an email, it might be a scam.

Links in an email are another tip.

If you see a link in a suspicious email message, don't click on it. Rest your mouse (but don't click) on the link to see if the address matches the link that was typed in the message.

Links might also lead you to .exe files. These kinds of file are known to spread malicious software.
Threats are another common technique.

Have you ever received a notification your account would be closed if you didn't respond to an email message?

Cybercriminals often use threats that your security has been compromised, and you need to follow a link.

Spoofing popular websites or companies is a common tactic.

Scam artists use graphics in email that appear to be connected to legitimate websites - but actually take you to phony scam sites or legitimate-looking pop-up windows.

Cybercriminals also use web addresses that resemble the names of well-known companies but are slightly altered.
If you're get a 'threat' email and are concerned about an account, open a new browser and access the site with what you know is the correct address to check.

How real is the threat?

In 2009, more than 630,000 complaints of fraud were filed with the Federal Trade Commission totaling more than $1.7 billion.

Recent headlines highlight phishing attacks against iCloud and Google Docs users, Verizon customers, and University of Nebraska email accounts.

Recently, a group calling itself the "Electronic Army of ISIS" posted a video tutorial on how to create a PayPal phishing attack.
As service members, phishing attacks pose an additional threat.

While most phishing attacks target individual's finances, spear phishing can direct members to disclose operational information, thus posing an OPSEC risk.

For example, a phishing email may direct you to a fake Central Command website and instruct you to input upcoming deployment information.

Phishing is a real threat, both at home and at work.

Stay vigilant, and if something seems "phishy," don't trust it.

If the email is from someone (person or company) you know, call or send a separate email to verify the one you received is legitimate.

At home, you can simply delete the email or report it to a company's fraud center.

At work, delete the email and report it to your unit Information Assurance Officer.

If you have any other questions or concerns, please contact your local Communications Squadron professional.

Research Institute Targets Ebola, Other Infectious Diseases

By Cheryl Pellerin
DoD News, Defense Media Activity

WASHINGTON, Oct. 30, 2014 – Ebola virus disease is a big focus among scientists at the U.S. Army Medical Research Institute of Infectious Diseases, where the mission since 1969 has been to protect warfighters from biological threats and to investigate disease outbreaks and other public-health threats.

But Ebola is just one of the lethal pathogens on U.S. lists of high-priority bioterrorism agents that pose a risk to national security, and USAMRIID scientists conduct research on many of them, whether the pathogens appear on the battlefield or in nature.

At USAMRIID last week, DoD News interviewed Dr. Travis K. Warren, principal investigator in the Division of Molecular and Translational Sciences; Dr. John M. Dye Jr., Viral Immunology branch chief; and Army Maj. (Dr.) Matthew Chambers, chief of field studies in the Division of Medicine.

All discussed the USAMRIID mission and their work beyond Ebola.

“We are not the U.S. Army Medical Research Institute of Ebola, but we feel like it now. We are the U.S. Army Medical Research Institute of Infectious Diseases,” Dye said. “And although we’re focused on Ebola, we have programs on all Category A and Category B [bioterrorism] agents, and we’re looking at [those pathogens] for therapeutics, vaccines and diagnostics, trying to get ahead of the curve for the next bug that comes out to bother us.”

He added, “That's what our job is here -- to be prepared and to look ahead, and have the foresight to develop those assays ahead of time.”

Medical countermeasures

Chikungunya virus, dengue virus, Crimean Congo hemorrhagic fever virus, Lassa virus, Venezuelan equine encephalitis virus, Eastern equine encephalitis virus and many others are among the viruses for which USAMRIID is creating medical countermeasures for warfighter and public-health protection. All of these pathogens can be classified as creating emerging or re-emerging infectious diseases in people, and most originate in animals and cross over to people.

Nearly 75 percent of new emerging or re-emerging diseases that affect humans are zoonotic, meaning they spread from animals to people, according to the Centers for Disease Control National Center for Emerging and Zoonotic Infectious Diseases.

Emerging infectious disease outbreaks, Chambers explained, tend to happen in countries with unstable governments, encroachments by people on forests and other wildlife habitats, increased commercialization and trade, and a huge increase in transportation in and out of the country.

“Bam! An outbreak happens” when these factors collide, Chambers said, snapping his fingers for emphasis.

Many of these circumstances, along with weak health care systems, contributed to the historic Ebola virus disease outbreak in West Africa, for which the World Health Organization reports more than 10,000 confirmed and suspected cases and nearly 5,000 deaths.

“Viruses have a very high mutation rate, especially RNA viruses,” Dye said. “Therefore, their genetic material constantly changes, allowing them the possibility to mutate and [acquire the ability] to infect a new species.”

RNA viruses have ribonucleic acid as their genetic material and so are less genetically stable than DNA, or deoxyribonucleic acid, viruses, such as smallpox, herpes and chickenpox. For example, Dye said, the constantly mutating flu viruses are RNA viruses.

At USAMRIID, scientists are keeping their eyes on, among others, alphaviruses such as Chikungunya and Eastern equine encephalitis virus, and arenaviruses such as Lassa virus. All of these are RNA viruses, and all are zoonotic.

Warren said Eastern equine encephalitis virus occurs on the U.S. East Coast, and CDC says most cases of Eastern equine encephalitis have been reported from Florida, Georgia, Massachusetts and New Jersey. People get this virus from mosquitos that have bitten infected horses.

CDC says most people infected with the virus have no apparent illness, but for those who get encephalitis, or brain inflammation, Eastern equine encephalitis is one of the most severe mosquito-transmitted diseases in the United States. It has about a 33 percent mortality rate, and most who survive have brain damage. There’s no specific treatment for the disease.

“There's a Western version, there's a South American version of it,” Warren said. “We haven't discovered them all yet.”

Another alphavirus, Chikungunya virus, is transmitted to people by mosquitoes that picked up the virus by biting chimpanzees or other animals. The most common symptoms are fever and joint pain. The virus can be imported to new areas by infected travelers, and there is no vaccine to prevent it or medicine to treat it.

Since its discovery in Tanganyika, Africa, in 1952, Chikungunya outbreaks have occurred in countries in Africa, Asia, Europe and the Indian and Pacific oceans. In late 2013, it was found for the first time in the Americas on islands in the Caribbean.

From 2006 to 2013, an average of 28 people per year in the United States had positive tests for recent Chikungunya virus infection. All were travelers visiting or returning to the United States from affected areas, mostly in Asia, CDC said.

Beginning in 2014, cases were identified in travelers returning from the Caribbean. As of Oct. 21, 1,482 Chikungunya virus disease cases have been reported from U.S. states to ArboNET, a national surveillance system for arthropod-borne viruses in the United States, according to CDC.

Arenaviruses, also of interest to USAMRIID, often come from rodents and include Lassa virus, discovered in 1969 when two missionary nurses died in Nigeria. Its host is a West African rodent called the multimammate rat.

In some areas of Sierra Leone and Liberia, 10 percent to 16 percent of people admitted to hospitals have Lassa fever, CDC said. Ribavirin, an antiviral drug, has been used successfully in Lassa fever patients.

“Viruses basically usurp your own cellular machinery and take over your own cells, [turning them into] virus-producing factories,” Dye said. “It's brilliant, actually, because they don't have to have all the encumberments of other proteins.”

Most viruses just need an opportunity to infect people, Warren added.

“Once the Ebola outbreak has been controlled,” Dye said, “what's important for people to realize is that … we're still going to be here, working not just on filoviruses [such as Ebola], but all the other viruses.”

“A year from now when the last Ebola patient … recovers in the hospital, the work goes on here,” Chambers added, “and thank goodness it does, because we were doing it for years before the Ebola outbreak happened, and we'll be doing it after the outbreak [is over], and for that reason, we'll be a little bit more prepared than we were this time.”

Reserve wing ensures safe passage for GPS satellite launch

by 920th Rescue Wing Public Affairs

10/29/2014 - PATRICK AIR FORCE BASE, Fla. -- Reservists from the 920th Rescue Wing provided range-clearance and safety support for the successful launch of a United Launch Alliance Atlas V rocket from Cape Canaveral Air Force Station at 1:21 p.m. today.

The payload for today's launch included the Air Force's eighth Block IIF navigation satellite for the Global Positioning System.

GPS IIF-8 is one of the next-generation satellites, incorporating various improvements to provide greater accuracy, increased signals, and enhanced performance for users.

Hours before launch, two wing HH-60G Pave Hawk helicopters took off from Patrick AFB to patrol the Eastern Range, the 70-mile long by 10-mile wide swath of ocean extending east from the Cape that must be cleared of all air & marine traffic prior to every launch to ensure boaters are a safe distance from potentially falling rocket debris.

The 920th performs combat search and rescue as its primary mission, which includes rescuing servicemembers trapped and or wounded behind enemy lines.

Additionally, the wing is responsible for civil search and rescue, humanitarian relief and support of rocket launches. To date, the unit has saved more than 4,000 lives, both in peacetime and combat.

For more information on the 920th Rescue Wing, follow them on Facebook and Twitter.

**Information from a 45th Space Wing news story was used in this release**

Wednesday, October 29, 2014

GPS IIF-8 Successfully Launched from Cape Canaveral AFS

by SMC Public Affairs

10/29/2014 - LOS ANGELES AIR FORCE BASE, Calif. -- The U.S. Air Force successfully launched the Boeing-built eighth Global Positioning System (GPS) IIF satellite aboard  an ULA Atlas V rocket from Space Launch Complex 41, Cape Canaveral AFS, Fla., at 1:21 p.m. EDT.

"I'm delighted with the outcome of today's launch. Thanks to the men and women of SMC, the 45th, 50th and 310th Space Wings; Boeing; ULA; the Aerospace Corporation; and the GPS IIF and Atlas V launch teams ceaseless efforts, commitment, dedication, and focus on mission success, we successfully launched the fourth GPS IIF space vehicle this year," said Col. Bill Cooley, director of Space and Missile Systems Center's Global Positioning Systems Directorate. "Today's launch demonstrates our commitment to users around the globe that GPS is the gold standard for position navigation and timing and will continue to deliver capabilities for the foreseeable future," he said.

The Boeing-built GPS IIF satellites provide improved signals that enhance the precise global positioning, navigation and timing services supporting both the warfighter and the growing civilian needs of our global economy. The GPS IIF satellites will provide improved accuracy through advanced atomic clocks, a longer design life than previous GPS satellites, and a new operational third civil signal (L5) that benefits commercial aviation and safety-of-life applications. It will also continue to deploy the modernized capabilities that began with the GPS IIR satellites, including a more robust military signal.

The GPS constellation is healthy, stable and robust with 31-operational satellites orbiting the Earth delivering improved and enhanced GPS capabilities to our warfighting forces and for the nation. Operated by U.S. Air Force Space Command, the GPS constellation provides precise positioning, navigation and timing services worldwide seven days a week, 24-hours a day.

Air Force Space Command's Space and Missile Systems Center, located at Los Angeles Air Force Base, Calif., is the U.S. Air Force's center of acquisition excellence for acquiring and developing military space systems. Its portfolio includes the Global Positioning System, military satellite communications, defense meteorological satellites, space launch and range systems, satellite control networks, space-based infrared systems and space situational awareness capabilities.

Media representatives who would like to submit questions or interview a subject matter expert about the GPS satellite program should send an e-mail to or call 310-653-2377.

Cybercom Chief Calls Partnerships Vital to Network Security

By Claudette Roulo
DoD News, Defense Media Activity

WASHINGTON, Oct. 29, 2014 – Cyber is the ultimate team sport, and it will take true partnerships between defense and industry to protect the nation’s information systems, the commander of U.S. Cyber Command told an audience at the U.S. Chamber of Commerce here yesterday.

“There's no one single group or entity that has all the answers, nor is there one single group or entity capable of executing the solutions that we need to do,” Navy Adm. William S. Rogers said.

But, Rogers noted, it’s up to leaders in defense and the private to drive the cultural changes that will allow these partnerships to thrive.

“When you don't have leadership buy-in, you are fighting with one hand tied behind your back,” he said.

Cyber blurs line between public, private sectors

to the traditional view puts the private sector in one arena and the government in another, Rogers said, and the whole question of national security as something apart from that. But cyber blurs the line between those three groups, the admiral said.

“The cybersecurity challenges we are facing a nation, I view them as a national security issue for us,” he said. “And how are we as a nation going to address the challenge that is not going to go away?”

The hazards that defense and the public sector face in the cyber realm are serious and long-term, Rogers said.

“Every day there are groups, individuals and nation-states attempting to penetrate our DoD networks, and it's the same thing we're seeing in the corporate world,” the admiral noted.

Essential partnerships

Cybercom has three missions: to defend the department’s networks, generate the cyber mission force and provide protection and support in the event of attacks on critical U.S. infrastructure. Accomplishing this third mission won’t be possible without building relationships with the private sector and other federal agencies in advance, the admiral said.

“If there's one thing you learn in the military, Rogers said, “you do not wait until the day of the crisis to suddenly say to yourself, ‘Boy, I guess we better do some training with each other, or I guess we better understand what our partners needed and what they don't need, and what's effective for them and what is not effective.’”

The Defense Department already is working alongside other federal agencies, including the Department of Homeland Security and the Federal Bureau of Investigation, he said.

Rogers also serves as director of the National Security Agency. In that role he oversees infrastructure assurance -- that is, not just defending systems, but developing their standards, he said.

“We do it with the federal government, and increasingly we find ourselves called on by our DHS and FBI teammates to provide capability from our cyber expertise to support the private sector,” the admiral said.

Those types of requests are only going to increase, Rogers said.

“You can pick up a newspaper. You can get on your favorite website,” he said. “You can blog on whatever particularly interests you. You can go to whatever media outlet that you find is the best source of your news, and every day you will find something about a major cyber incident. This is not a short-term phenomenon.”

Industry concerns are legitimate

The private sector has real and legitimate concerns about the legal liabilities of partnering with the government, he said.

“We have got to help remove those very legitimate concerns and address them, because in the end what we have got to get to, I believe, is real-time automated machine-to-machine interface,” Rogers said. Before that happens, both sides need to clearly define in advance what information will be shared, he added.

The admiral said he does not want “privacy information” to be part of any information-sharing agreements, because that’s not the focus of cybersecurity.

“What we need to share with each other is … actionable information that you can use that gives you insights into as to what's the malware you're going to see,” he said. “How is it going to come at you? What are the indicators that you should be looking for in advance that would suggest to you that activity of concern is coming?”

In return, Rogers said, DoD should be able to help identify who is targeting the system under attack. “And then collectively between us, we need to share this, and we need to share it both across the entire sector, because … the insights of one can translate to the defense of many,” he said.

Congress is working on legislation that will protect industry from government intrusion, while enabling the government to partner with the private sector to protect industrial networks from attack, the admiral said.

“So we'll be working our way through that process, but the key to it is going to be dialogue,” Rogers said.

Monday, October 27, 2014

Massachusetts Man Sentenced to Four Years in Prison for Computer Hacking Involving Stolen Credit Card Numbers and Altered Academic Records

A Massachusetts man was sentenced to serve four years in prison today for hacking into computer networks around the country – including networks belonging to law enforcement agencies and a local college – to obtain highly sensitive law enforcement data and to alter academic records, as well as for possessing stolen credit and debit card numbers. 

Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Carmen M. Ortiz of the District of Massachusetts, Special Agent in Charge Vincent Lisi of the FBI’s Boston Division and Colonel Timothy P. Alben of the Massachusetts State Police made the announcement.

Cameron Lacroix, 25, of New Bedford, Massachusetts, pleaded guilty on June 25, 2014, to two counts of computer intrusion and one count of access device fraud.  Lacroix was sentenced today by U.S. District Judge Mark L. Wolf of the District of Massachusetts.

Lacroix admitted that, between May 2011 and May 2013, he obtained and possessed payment card data for more than 14,000 unique account holders.  For some of these account holders, Lacroix also obtained other personally identifiable information.

Additionally, from August 2012 through November 2012, Lacroix repeatedly hacked into law enforcement computer servers containing sensitive information including police reports, intelligence reports, arrest warrants, and sex offender information.  In one such instance, in September 2012, Lacroix hacked into a computer server operated by a local Massachusetts police department and accessed an e-mail account belonging to the chief of police.

Lacroix, who was a student at Bristol Community College (BCC), also admitted that between September 2012 and November 2013, he repeatedly hacked into BCC’s computer servers and used stolen log-in credentials belonging to three instructors to change grades for himself and two other students.

The case was investigated by the FBI’s Boston Division Cyber Task Force.  The case is being prosecuted by Senior Trial Attorney Mona Sedky from the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Adam Bookbinder of the District of Massachusetts.

The U.S. Attorney’s Office for the Northern District of California has also filed hacking charges against Lacroix.  That case has been transferred to the District of Massachusetts and is before Chief Judge Saris.