Description of document US Department of Justice DOJ Justice Security Operations Center JSOC “News You Can Use” Newsletters 2008-2011 Requested date 11-April-2011 Released date 20-May-2011 Posted date 11-July-2011 Date date range of documents Included are Dec 2008 Feb-Sep Nov 2009 Jan-Dec 2010 Jan-Apr 2011 Source of document FOIA Contact Justice Management Division Department of Justice Room 1111 RFK 950 Pennsylvania Avenue NW Washington DC 20530-0001 Fax 202-616-6695 Email JMDFOIA@usdoj gov The governmentattic org web site “the site” is noncommercial and free to the public The site and materials made available on the site such as this file are for reference only The governmentattic org web site and its principals have made every effort to make this information as complete and as accurate as possible however there may be mistakes and omissions both typographical and in content The governmentattic org web site and its principals shall have neither liability nor responsibility to any person or entity with respect to any loss or damage caused or alleged to have been caused directly or indirectly by the information provided on the governmentattic org web site or in this file The public records published on the site were obtained from government agencies using proper legal channels Each document is identified as to the source Any concerns about the contents of the site should be directed to the agency originating the document in question GovernmentAttic org is not responsible for the contents of documents published on the website U S Department of Justice Justice Management Division Ubshington D C 20530 MAY 2 0 2011 Re Freedom oflnformation Act Request No 2352497 I am responding on behalf of the Justice Management Division JMD to your Freedom of Information Act FOIA request dated April 11 2011 for copies of each News You Can Use newsletter published on DOJNet Because I deem you to be a noncommercial requester you are entitled to the first 100 pages of documents and the first two hours of search time at no charge 28 C F R § 16 11 d I am enclosing at no cost to you all the News You Can Use newsletters that have been published on DOJNet a total of26 documents We are withholding portions of four newsletters those from September 2010 August 2010 January 2010 and April2010 under FOIA Exemption 7 E which protects disclosure of law enforcement techniques and procedures 5 U S C § 552 b 7 E If you are dissatisfied with my action an appeal may be made pursuant to 28 C F R § 16 9 by writing to the Director Office oflnformation and Policy U S Department of Justice 1425 New York Avenue Suite 11050 Washington D C 205300001 within 60 days from the date ofthis letter Both the letter and the envelope should be clearly marked Freedom oflnformation Act Appeal In the event you are dissatisfied with the results of any such appeal judicial review will thereafter be available in the district where the requester resides or has a principal place of business or in the United States District Court for the District of Columbia Sincerely Barbara Bush Acting General Counsel Enclosure News You Con Use Apri 2011 Visit Our Website Security Awareness Tips About the JSOC Newsletter Your Golden Ticket to Getting Scammed Beware of emails that promote investing in gold scammers are exploi ting the recent increase in gold's value a prevalent media topic Recent concerns about inflation and other economic issues have caused some investors to turn to gold as a safer invest ment As a result security organizations have noticed an influx of hoax emails that request users' personal in formation In one such scam the email's subject line reads Is Gold Your Ticket To A Golden Future and a FREE investor kit is offered to users who provide their contact information Certain personalities are used in the image for this spam campaign including Glenn Beck A Google search reveals an interesting angle about Glenn Beck promoting gold in vestments It seems that the spammer did some research in order to know about the association before propagating this spam campaign Harnett www symantec com Contributing sources www netsecurity org www symontec com www nytimes com User Awareness Tips Thumbthing's Fishy Thumb Drive Safety 101 Removable devices such as thumb drives also known as USB sticks pose a unique chal lenge to Federal IT Security While they are convenient portable and great for storing files they are also easy to lose and are often used to spread malware Warning _ _ Spyware detected on your computer' _ '∙ __ _ c - Cyber Awareness Tip Cybersecuritv Mvth Once software is installed on your home computer you do not have to worry about it anymore • Vendors may release updated ver sions of software to address prob lems or fix vulnerabilities You should install the updates on your home computer as soon as possible some software even offers the option to obtain updates automatically Source USCert The USCERT Computer Emergency Response Team recommends the follow ing measures to protect thumb drive data VPR Alerts •Do not plug an unknown USB drive into your com Security Advisories puter If you find a USB drive give it to the appro ' 1 priate authorities a location's security personnel ' ∙ your organization's IT department etc Do not plug it into your computer to view the contents or to try to identify the owner •Take advantage of security features Use passwords and encryption on your to protect your data and make sure The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers against Inter net cyber threats by keeping them up todate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually every where in betweenand we provide the information you need to know in terms you can understand If there is a spe cific topic you would like to see dis cussed in a future newsletter please email us at dojcert@usdoj gov USB drive that you have the information backed up in case your drive is lost •Keep personal and business USB drives separate Do not use personal USB drives on computers owned by your organ ization and do not plug USB drives containing corporate information into your personal computer Contributing sources www uscert gov news cnet com Monthly WrapUp Green Tip of the Month Work from Home Working from home when possible as well as utilizing an Alternative Work Schedule AWS significantly reduces the energy and t ime spent commuting Video and phone conferencing and other work flow tools make this an easy effective alternative to traditional commuting Source www greenunlimited com This document is intended for Department af Justice internal use only and is nat ta be distributed outside the Department Questions regarding this∙ newsletter or requests for permission to redistribute should be directed to JSOC 2023570266 News You Can Use March 2011 Visit Our Website Security Awareness Tips Warning Attackers May Attempt to Compromise Remote Access Tokens A security breach at a vendor recently caused weaknesses in RSA SecuriD tokens commonly used in remote access to Department systems As a result attackers may attempt to obtain users' PIN codes to access Department systems using RSA SecuriD tokens By remaining alert for attempts to reset or obtain RSA SecuriD token PIN codes users can ass ist in keep ing Department information secure All Department personnel are asked to • Be cautious of messages phone calls or web pages requesting that you reset the PIN code used with your token ContaCt your ∙'∙ component IT helpdesk if you receive an unexpected request to PIN code ∙ ∙ • • Check the URL address of web pages asking for to ensure they are legitimate government web ∙ pa imitations that look official ∙∙ Exercise caution when OJJ1er1ir1g' contains links or on∙ or∙nnnP rc contains a sense of U S government email onnr••c c Please report suspicious messages to the Justice Security Operations Center JSOC by e mail DOJCERT@usdoj gov or phone 866US4CERT Users may continue normal use of systems keeping in mind the above requests to remain vigilant for attempts to obtain PIN codes JSOC will distribute further information as it becomes available User Awareness Tip Information Security 101 Avoid Password Reuse In a recent study by the Security Group at the Univers ity of Cambridge Computer had Laboratory a comp arison was conducted on two websites whose password info mation been stolen The websites had overlapping customers based on email addresses and of the customers who were registered at both sites 76 percent used the same password on both accounts Utilizing the sameor even very similar-passwords on multiple sites means that if one is compromised all are account they Unfortunately due to this common insecure practice If a malicious hacker is able to get his or her hands on a user's password credentials for one domain said hacker has a good start ing point for figuring out the user's password for other sites Samson infoworld com This issue is particularly relevant to Department of Justice users because if an individual uses the same password at DOJ and nonworkrelated sites they are not only jeopardizing their personal accounts but also putt ing the Department's network at risk At the very least users should commit to never reuse their workrelated passwords for any of their personal accounts Contributing Sources Infoworld com The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers against Internet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in provide the betweenand we information you need to know in terms you can understand If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov Cyber Awareness Tip Reasons to be particularly careful when opening email attachments Email is easily circulated Forwarding email is so simple that viruses can quic kly infect many machines • Email programs try to address all users' needs Almost any type of file can be attached to an email message so attackers have more freedom with the types of viruses they can send • Email programs offer many user friendly features Some email programs have the option to email automatically download attachments which im mediately exposes your computer to any viruses within the attachments Source US-Cert ews Highlights ∙ VPR Alerts Security Advisories Monthly WrapUp Green Tip of the Month Waste Less Paper Whenever appropriate reuse one sided documents from a scrap paper bin in the same area as your printer or copier Source Newdream org This documentis intended for Departmentof Justice internal use only and is not to be distributedoutside the Department Questions regarding this newsletter or requests for permission to redistribute should be directed to JSOC 2023570266 News You Can Use February 2011 Visit Our Website 2011 DOl Cybersecurity Conference Leveraging a Collaborative Defense The third annual DOJ Cybersecurity Conference was held February 89 with the theme Leveraging a Collaborati ve Defense This year's conference examined the changing threat picture and the new dynamics and challenges in defending DOJ networks It also emphasized the need to work together to strengthen the Department's networks and applications securi ty posture while empowering its mission Thank you to all attendees particularly volunteers who helped to make this year 's conference a success Please remember to fill out your attendee survey so that your feedback can help shape next year's program To request a specific topic be covered in a future conference please email Jennifer Jones at jennifer jones3@usdoLqov Security Awareness Tip About the JSOC Newsletter The Justice Security Operations Center Can Use JSOC News You Newsletter strives to protect readers against I nternet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in provide the betweenand we information you need to know in terms you can understand If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov What You Should Know About Advanced Persistent Threat APT Cyber Awareness Tip You may have heard the term Advanced Persistent Threat or APT in the news usually referring to a determined group of hackers that continues to target computer users in an attempt to steal information over the long term Using methodical attack techniques employing targeted malicious e mail messages the attackers trick users into opening a malicious attachment or clicking a link that leads to a comprom ise of sensitive information Once inside an organization the attackers quietly move laterally among network resources elevating privileges and stealing information persisting potentially for years without detection The Justice Security Operations Center rem inds users to remain vig ilant for susp icious messages keeping the fol low ing in mind trea ∙sure they face By contra q · n The there to stay as long ∙ as attackers aren't trying ∙ to steaniverY'thirig at once Instead they exploit dozens to hundreds of computers logon accounts and email users searching for new data and ideas over an extended period of months and years Source http infoworld com d security-central Attackers may send convincing messages appear ing to come from a coworker employer or other reputable source to ga in you r trust • Be wary of any unsolic ited message that requests you open an attachment or click a link and attempt to confirm the authenticity of the message via phone At home employ updated antivirus software and educate others who share your computer that malicious email messages can compromise your computer and remind them to view unfamiliar email messages with caution Submit suspicious email messages for analysis to JSOC via the email address DOJMAILSPAM@usdoj gov Source Infoworld com Good Security Habit Lock Your Computer Lock your computer when you are away from it by pressing the Windows Key and L Even if you only step away from your computer for a few minutes it's enough time for someone else to destroy or corrupt your information Locking your computer prevents another person from being able to simply sit down at your computer and access all of your information Source US_ CERT gov VPR Alerts Security Advisories Monthly WrapUp Green Tip of the Month Green Lunch Ideas Bringing lunch to work in reusable containers is likely the greenest way to eat at work since ordering delivery and takeout usually leaves leftover packaging waste ' If you do order delivery join coworkers in placing a large order more efficient than many separate ones Also bring in a reusable plate utensils and napkins Source treehugger com This documentis intended for Departmentof Justice internal use only and is not to be distributedoutside the Department Questions regarding this newsletteror requests for permission to redistribute should be directed to JSOC 2023570266 ·You Can Use January 2011 Visit Our Website User Awareness Tip About the JSOC Newsletter Cyber Security Resolutions for 2011 7 ·' 1 ∙ 0 Cyber security experts predict a rise in economic and job market related scams in 2011 resolve to be extra vigilant in protecting yourself from cyber crime this year ' Lottery and Sweepstakes Scams According to the FBI's Internet Crime Complaint Center IC3 consumers have reported a recent sweepstakes scam that sends emails and letters with fraudulent checks bearing the logos of financial services companies Expect to see variations of these schemes in the coming year using text messages and phone calls ' Employment Schemes Both ge t rich quick and work from home schemes have become increasingly common exploiting those facing difficult financial circumstances Co mmon warning flags in postings for possible scams include Inflated wages vague wording or generic job openings free training guaranteed placement no special skills or experience required P O Box or outofstate address and job listings for government civil service and overseas positions Cyber Awareness Tip Social Networking Dangers Social networking sites are consistently risky and threats are predicted to increase in 2011 They provide an avenue of easy attack to users who are will ing to click on every link they receive Be sure to contact friends before clicking links videos etc to ensure they are legitimate Sources Dark Reading Net-Security PC Tools Security Awareness Tips Information Security during International Travel All federal employees embarking on international should keep the following tips in mind travelwhether workrelated or not Assume You're a Target Because You Probably Are Trave lers need to know that in light of current worldwide political and economic instability the fact that they are American citizens and in particular U S government employees or contractors makes them a target for exploitation Avoid Processing and Transmitting Sensitive Information Travelers should assume that their transmissions are being intercepted and read anywhere networks are controlled by a foreign government Foreign network providers can disable mobile device encryption and then turn it back on after information is intercepted Power Down When Possible Travelers should turn their mobile devices off when not in use in order to limi t the potential for compromise It is best to also remove the battery and SIM card and store them separately from the device Steer Clear of Cafes Internet cafes are NOT a safe alternative to utilizing your own electronic devices The computers at many such establishments have malicious software that can capture passwords bank account or credit card information and the like Never use cafes for official business Be Responsive In the case of a security incident know the proper method to report tampering unauthorized use loss or theft of IT media to your Component 's IT Security Staff Contributing Sources MacAfee GCN The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers against Internet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in betweenand we provide the information you need to know in terms you can understand If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov Cyber Security ∙Myth Attackers only targetpeople with money Truth Anyone can become a victim of identity theft Attackers look for the biggest reward for the least amount of effort so they typically target databases that store information about many people If your information happens to be in the database it could be collected and used for malicious purposes It is important to pay attention to your credit information in order to minimize any potential damage Source www us-cert gov VPR Alerts Security Advisories Monthlv 'wrapUp Green Tip of the Month Environmenta lly Conscious Travel When feasible make it a habit to take the train bus or subway during business travel instead of a rental car If you must rent a car opt for hybrids and other highmileage vehicles which some rental agencies now offer Better yet utilize videoconferencing and other technological solutions that can reduce the amount of employee travel when possible Source Sierra Club This documentis intendedfor Department of Justice internaluse only and is not to be distributedoutsidethe Department Questions regarding this newsletteror requests for permission to redistribute should be directed to JSOC 2023570266 December2010 Visit Our Website Security Awareness Tips About the JSOC Newsletter 'Tis the Season to Get Scammed The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers against Internet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in between a nd we provide the information you need to know in terms you can understand If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov The hustle and bustle of the holidays with shoppers looking for great deals in a hurry provides an excellent opportunity for cyber criminals to strike Don 't be fooled by the common scams below Free iPad Offers With Apple products bei ng in high demand this season lots of phony offers for free iPads and other merchandise are circulating online Some users receive spam email messages that offer a free iPad with an online purchase Those who attempt to make a credit card purchase receive neither the product they supposedly paid for nor the free iPad they were promised and their account information is in the hands of cyber criminals Others have encountered quizzes on Facebook and Twitter that promise a free iPad in exchange for answering a few questions To receive their final results individuals must enter their cell phone number which automatically Free AP ple iPad See Details subscribes them to a cell phone scam that ∙ http Dit ly charges their account $10 a week Malicious #UKnowUBroke #mm #chile PS3 - r tes l OO ∙∙aAP links and other counterfeit offers for iPads are also common on social networking sites l rJ∙∙ 9r l I Help I've Been Robbed Scam This scam appears in the form of phony distress messages from someone you know claiming they are out of town and in need of money immediately Do not fall prey to the message's sense of urgency irst call or email the supposedly stranded friend in order to verify their claims Chances are they're fine and you've encountered a scam Fake Gift Cards Cyber criminals use phishing scams with offers of free gift cards to steal users' personal information and money The offers can appear as popups emails banners on web pages and more The ruse may say something like 'The first 200 people to 'Like' insert wellknown retailer on Face book will receive a $500 gift card ' Then to claim the prize you have to enter personal information or take a bunch of online quizzes The personal information is used for identity theft purposes and the quiz results are sold to marketers netting the crooks even more money Charity Scams With increased giving comes increased swindling When consi dering donating to a charity online remember to • Carefully check the name of any charity Charity scams use names similar to the original charity in order to cause confusion and obtain your donations i e National Cancer Society scam instead of American Cancer Society legitimate • Check the email address of any message from a charity Charities sending out emails should have top level domains like org com or net and the email should come from this domain not a free provider like hotmail or gma il However as a general rule reputable charities don't spam and you won't receive an email from them directly without your prior inquiry Contributing Sources ftc gov newsroom mcafee com eldergadget com This documentis intendedfor Department ofJustice internaluse only and is not to be distributedoutside the Department Questions regarding this newsletteror requests for permission to redistribute should be directed to lSOC 2023570266 ' Cyber Awareness Tip Power Surge Protection Inclement winter weather is headed our way keep your home PC safe from power surges and outages by • Investing in a power strip that protects against power surges many strips advertise compensation if they do not effectively protect your computer • During a lightning storm or construction work that increases the odds of power surges consider shutting your computer down and unplugging it from all power sources Source US_C ERT gov VPR Alerts Securitv Advisories Monthly WrapUp Green Tip of the Month Green Holiday Decorating When decking your halls this season keep these green tips in mind • Reuse decorations from year to year to save money and prevent unnecessary waste • Buy energyefficient lights such as LEDs and put them on a timer so they aren't glowing hours longer than necessary Source earth911 com -News You Can Use November 2010 Visit Our Website Security Awareness Tips Thanksgiving Threats What is Fake Antivirus A fake antivirus is a warning While planning parties printing out invitations and message that pops up from a Web finding new recipes many people forget to be site and claims the user's computer particularly careful browsing the Internet around the is currently contaminated or not holidays Be aware that cybercriminals are utilizing running properly Also called rogue search results for common holiday terms to attack antivirus and scareware fake unsuspecting users Internet searches antivirus is a dishonest attempt to for Turkey Tha nksqivinq cause a user to purchase antivirus Invitations and Printable cards registry cleaner or some other often yield malicious search results that software that repairs problems or redirect users to fake antivirus sites enhances performance Source pcmag com Once downloaded the software will do a number of annoying things such as hijacking web browsing sessions repeatedly playing messages over the speakers E g 'Your computer is infected' and generating popups 51UI ng 101 • ThanksA vlna Dinner 51uftlng Recipes Hints Tips L eam hOW NSY It Is to mak nney Allfftng 10 Thankllgtvlng elmer TrMIUonal Stutnnt ∙ OlestrU Stuftlng Stumng tt dpea My GtHl r ClJ3ycooks aboul comlodft1ooMocooklal stumng lOLntm Cac neo Sirn11ar Mom's Turl ey Stutllng Reclpol Simply Roclpoa Classic n nbgtvfng nrtey tutnng ndpe made Wth Franch trHd cubes •• like they 1111451 olldd a tlfbStk 4manskJn to tl iS fai Y trwlhiOMI milling ef ise comlndpeslarchlv HJ00003 noms_tlrt saumnv php • Cac 1ed Thanksg vtna and Turl ey Recipes Side Dishes Desserts Appetizers n glvl l DlscCJIItlf delic iOA IRt eay to red lnc ludng n nagtvtng Vf'tlclie n nbglvlng TI R y with Mik5 Stardlh Swtnng and Gravy ••• YNM f comttopie tsgtvtnglindek hl ml Cac 12- ∙ s _ o ' 'n a r _ __ tfnodllioNII thank qlvlng stuffing reclpt 11m ru Fallom IS to be hlllllloMIIIwnbgiYing 1 stumng r dpe tao as possiDiy tiiOMII _ Dgtvlnt sautnng p1210MIA htmt Cacnea ∙iiiiitt oiif l ii_ii _i Thanksgiving atutllng recipe Easy Thanksgiving _ BeSI lnld y II TtWs TMnbghllng ng redpe IS delicious Wid budget friefdy The best lnldtlloMt T'Mnbgtvtng mng r lp1 is nat orl y deleciOUs ∙ WI NI examtner camtx24122HalghtAshbUry8udgel l JV1ngExamlnef y2009m lld2 Best••tdonatThank agtvtngstumngred ca reo Searches relaled 10 lradlllonal thanksgiving stutllng recipe It is important to examine any link before clicking it to make sure the URL is related to the search you conducted While this does not guarantee the site is safe it is a good preventative measure that can help you steer clear of malicious links The best solution however is to type the specific URL of your intended destination in the address bar rather than conducting broad searches By manually typing the URL in the address bar you can verify the information that your web browser uses to access the destination Web site To do so type the URL in the Address bar and then press ENTER If you encounter an anti virus popup immediately close your browser to avoid unintentionally downloading the malware and contact your Component 's IT security staff immediately Contributing Source pandasecurity com microsoft com About the JSOC Newsletter The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers against Internet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in between and we provide the information you need to know in terms you can understand If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov Cyber Awareness Tip Safe Online Shopping • Use antivirus software a firewall and antispyware software These are your first defense against viruses etc • Do business with reputable vendors Verify that the vendor is reputable and established before providing any personal or financial information • Be wary of emails requesting information Legitimate businesses will not solicit account or personal information through email Source US CERT Fake USAA Phishing Emails A recent phishing scam has used the name of the United States Automobile Association USAA to lure victims into handing over their credit card information Recipients of the email are asked to click a link to fill out a new version of USAA Confirmation Form Once they click the link they are redirected to a phishing page with a fake form see image at right requesting their online ID password name email USAA card number expiration date security code and PIN What is the JSOC Newsletter VPR Alerts CARDHOLDER tOR M There are several warning signs indicating this is a scam however a small mistake in the wording of the message the use of shortened links to hide the actual destination URL as well as a browser warning that there might be a problem with the destination URL Contributing Source net-security org This documentis intended for Departmentof Justice internal use only and is not to be distributedoutside the Department Questions regarding this newsletteror requests for permission to redistribute should be directed to JSOC 2023570266 Security Advisories Monthly WrapUp Green Tip of the Month Smarter Recycling Dos and Don'ts • 2 2 l t crush cans This is no longer necessary for processing • 2 2 l t thoroughly clean every empty jar Machinery at the recycling center will clean jars • Q Q sort recyclables Some recycling centers throw out recyclables that are not sorted • Q 2 recycle glossy paper centers now accept magazines Source bestgreenhometips com Most Visit Our Website Security Awareness Tip What is the JSOC Newsletter MSIL Zeven Affects Internet Explorer Chrome and Firefox About the JSOC Newsletter A new fake antivirus scam in the form of a browser warning page has been spotted by the Microsoft Malware Protection Center The rogue dubbed MSIL Zeven has been spotted on various compromised websites and is able to detect whether Internet Explorer Chrome or Firefox is being used then generate a malware warning page very similar to •-- o n t f11 1 1 • those displayed by the respective ' • ' ______ - - ·-r ' l 1 - 0 lollt browsers See phony Internet Explorer page below The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers against Internet cyber threats by keeping them uptodate on the latest secur ity issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in between and we provide the information you need to know in terms you can understand o'∙ It is im portant to note that all the ∙ ' ' ' ' ' ' J 'ff tl'll 'J 'upda tes' point to a copy of •M S • • ' • ' U MSIL Zeven that promises to provide 'a new approach to windows detection ' but Internet Explorer Firefox and Chrome do not offer such a solution when a website is Microsoft Malware blocked Protection Center Additionally many of the pages have obvious grammar and spelling mistakes such as Get me our of here instead of out in the Firefox warning page and Proven antiv irus protection fin one click rather than in If you encounter such a warning page hit AltF4 on your keyboard which will immed iately kill the browser Select Cancel if a dialog box appears to avoid unintentionally downloading the malware and contact your Component's IT security staff right away 'lf f jl • · t ' · - •ll ' j t Jtt · 1 t ' l ' ' i r'e' O'U - l wo - f l 1ft l 'io _ - If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoiqov Cyber Awareness Tip Free iPhone Facebook Scam Beware of iPhonerelated status updates from friends on Facebook with claims like Just testing Face book for iPhone out P Received my free iPhone today so happy lol If anyone else wants one go here link Users who click on the link are asked if they want to Allow the application to access Clicking their basic information Allow enables the application to access users' personal information as well as to post on their wall Each click earns commission for the scammers Impacted users should immediately delete references to the free iPhone from their wall and remove the offending application from Account Application Settings If a user clicks the Update Now or Upgrade box on the page their computer will be infected and the phony Wi n AV product will be installed It starts by conducting a fake scan indicating that it has found malicious files infections and the like While the scan appears legitimate see image at · left it does not actually inspect ai J Threaddeledm the user's computer and the IV1nTAV report it generates is completely false the features don't work everything is there just to look O IJI 1017i2n nice not to offer any kind of 00 00 7 protection just like in all other rogue antivirus programs Malware Protection Microsoft S flooMcll Center After the initial scan the ---- user is informed that the program ∙ has detected various problems but cannot eradicate them unless they upgrade to the full version of the program i e pay money Even if IN _ _ -'- -----· _ the user chooses not to purchase the product the MSIL Zeven malware is already on their PC and will display reminders and warning messages stating that the computer is infected If the user does purchase the product they will be paying for an ineffective scanner and their credit card information will be in the hands of cyber criminals ∙ _ ____ _ 1 M n lio __ _ _ r4 rtn Source www net-security org secworld CMI'IQtbJ •otU » Contributing Source www blogs tech net com b mmpc This document is intended for Department of Justice internal use only and is not to be distributed outside the Department Questions regarding this newsletteror requests for permission to redistribute should be directed to JSOC 2023075332 VPR Alerts Security Advisories Monthly WrapUp Green Tip of the Month Switch out your disposable plastic hand soap containers for refillable hand soap pumps Most brands offer bulk soap refills and you will be saving both money and landfill space Source www bestgreenhometips com News You Can Use September 2010 Visit Our Website JSOC Issues Two Alerts to DOl Computer Users What is the JSOC Newsletter Computer Worm Attacks Federal Agencies A new computer worm attacked several federal agencies and Fortune 500 companies yesterday The malicious email messages contain the subject line Here You Have or Just For You and contain a link to a seemingly legitimate PDF file If a user clicks on the link they will be redirected to a malicious website that will prompt them to Computer Worm down load and install a screensaver A software program that is designed to copy itself scr file If they agree to install this from one computer to another without human file they will become infected with an interaction Unlike a computer virus a worm can email worm that will continue to copy itself automatically Worms can replicate in propagate through their email contacts great volume For example a worm can send out copies of itself to every contact in your email see Computer Wo r m definition above address book and then it can send itself to all of The Department of Justice received the contacts in your contact's email address over 200 of these emails but the books Microsoft com Justice Security Operations Center JSOC activated the OCIO Incident Response Action Team and blocks were instituted at the TIC Internet gateways Additionally Components were required to update all antivirus products in use which minimized our exposure to only six infected machines Even though the Department is now protected somet imes the adversaries change the email to look slightly different so they can get past defenses The Department asks that all users carefully watch their emails both at work and on their home machines If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov Cyber Awareness Tip Safe Online Gaming at Home Attackers Attempt to Access Department Systems Through Malicious Email Messages £ erY ph∙on 1CE The Justice Security Operations Center JSOC designed to give attackers remote access to Department systems Due to the recent increase and nature of these targeted intrusion attempts we urge users to be extra cautious when opening email messages at work and at home ··•••••IIIIi About the JSOC Newsletter The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers against Internet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in between and we provide the information you need to know in terms you can understand Typically users will receive a malicious message disguised as a legitimate email containing links or attachments often referring to U S government information reports conferences or meeting agendas If a user clicks the link or opens the attachment the attacker can gain full control of their workstation and information To reduce the risk of compromising your DOJ workstation be alert for unsolicited email messages and keep in mind the following traits common to malicious email messages • Be careful when downloading free to play F2P clients on your home computer If the client software is malicious you could be putting your PC at risk Don't give out your login information to strangers In fact don't give out ANY kind of information personal or not to people you meet gaming • Avoid falling for the old FarmVille Secrets scam You will either download a Trojan or expose your Facebook login info to criminals Source www gizmodo com • Subject matter related to recipient's work possibly containing actual U S Government information • A sense of urgency to convince the recipient to open an attachment or click a link within the message • Convincing content such as upcoming meeting agendas reports information on current events or policy issues • Seeminglylegitimate sender government and commercial @usdoj gov us ing legitimate signature and contact infor ∙mation addresses inc luding • An attachment ty pically a pdf or zip file or link The Justice Security Operations Center would like to examine suspected malicious email messages To preserve the hidden message information typically invisible to average users suspicious email messages must be sent to JSOC in a certain way To forward a message for analysis please follow the instructions available on JSOC webs ite http 1 dojnet doj qov j md irm itsecurity docu ments maliciousemailsubmittal pdf This documentis intendedfor Departmentof Justice internal use only and is not to be distributedoutside the Department Questions regarding this newsletter or requests for permission to redistribute should be directed to JSOC 2023075332 Security Advisories Monthly WrapUp Green Tip of the Month Think Before You Print • Ask yourself could this be read or stored online instead' Make it a policy to post employee manuals and similar materials online rather than distribute print copies They're easier to update that way too • Request to be removed from mailing lists before you recycle unwanted mail Source www sierraclub typepad com News You Can Use Visit Our Website Security Awareness Tip Increase in Social Networking Scams What is the JSOC Newsletter In its presentation to the House Judiciary Subcommittee on Crime Terrorism and Homeland Security last month the FBI reported a significant increase in the use of social networking accounts in Internet scams Gordon Snow Assistant Director of the FBI's Cyber Division stated The surge in the use of socia l networking sites over the past two years has given cyber thieves and child predators new highly effective avenues to take advantage of unsuspecting users www networkworld com About the JSOC Newsletter facebook The Justice Security Operations Center JSOC News You Can Use strives to protect Newsletter readers against Internet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in between and we provide the information you need to know in terms you can understand A couple common tactics used on social networking sites include • Data Mining in which cyber criminals extract bits of information about victims and then use it to scam them A common example is a getting to know you quiz on a social networking site While the answers to these questions do not appear to be malicious on the surface they often mimic the same questions that are asked by financial institutions or email account providers when an individual has forgotten their password www networkworld com Scammers can thus gain information that will allow them to access the victim's email bank accounts etc Additionally collecting personal information is made even easier because many users often accept into their private sites people that they do not actually know or sometimes fail altogether to properly set privacy settings on their profile www networkworld com Friends of friends should not be able to view your birthday cell phone number or any other information that could be used to impersonate you to credit card companies credit unions etc • Data mining can be applied in Phishing in which cyber criminals attempt to acquire passwords account numbers and other sensitive information by pretending to be someone else often through personalized legitimatelooking messages One example is a warning message that appears to be from your bank requesting you submit your account information for verificatipn purposes note that most banks will not contact you via email to gather information A recent phishing scam that has plagued Facebook and other social networking sites is the Help I am stranded scam in which victims receive a message appearing to be from a friend claiming they have been robbed of their credit cards passport money and cell phone and are in immediate need of money While the simple solution to this scam is to call the supposedly stranded friend in order to verify their claims many users fall prey to the message's sense of urgency and send money Phishing scams can be found in messages links or videos appearing to be from friends within the site oremails sent to users claiming to be from the social networking site itself If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov Cyber Awareness Tip Keep Me Signed In Box • If you are not on your personal laptop or home computer DO NOT select the Keep me signed in box on websites • Although your work computer may feel like it belongs to you a snooping coworker could easily open your browser and access your accounts if you stay signed in • If you sign in to a particular site do not just navigate to another page or close the browserbe sure to out as well Source www gizmodo com With the growing number of social networking scams annual crime complaints have increased 667 8% between 2001 and 2009 it is important to utilize social networking sites' privacy settings browse cautiously and contact the message sender before clicking anything Contributing Sources www networkworld comImage www gizmodo com User Awareness Tip Warning DOJ Users Targeted in Parking Permit Phishing Scam A number of Department of Justice users received an email message disguised as a with an attachment The attachment is ii'Ot iJI but instead redirects users to a site containing malicious software If you encounter a message of this nature DO NOT open the attachment and contact your Component's IT security staff immediately ····· · • This documentis intendedfor Department ofJustice internaluse only and is not to be • distributedoutside the Department Questions regarding this newsletteror requests for permission to redistribute should be directed to JSOC 2023075332 Security Advisories Monthly WrapUp Green Tip of the Month Water Conservation Be sure to turn off faucets completely ensuring that they don't drip A faucet leaking at a rate of only one drop per second can waste more than 25 liters of water a day that's about 10 000 liters a year Source www about com Visit Our Website Security Awareness Tip Zeus Botnet Incarnated to Exploit Credit Card Verification Services The Zeus botnet a Trojan horse that steals banking information social networking logins and email accounts was first seen in July 2007 and has been widespread since June 2009 Zeus is particularly difficult to identify because it is reconfigured more often than most malware due to its creators allowing other cybercriminals to license the rights to use the malware As a result there are many different gangs running their own licensed versions of Zeus and distribut ing them independentl y SC Magazine As you may recall Zeus resurfaced early this year as a ser ies of emails targeting Federal employees The messages appeared to be from a reputable CIA figure and warned against a Russian phishing attack then encouraged recipients to install a Windows update to protect their computers The most rece nt incarnation of Zeus however poses as a credit card verification page Once downloaded the malware waits for the user to v isit a bank webs ite then emerges appearing to be associ at ed with the bank and asks the v ictim to fill out an enrollment form for the Verified by Vi sa or Mastercard Secur eCode programs The phishing page states that Due to recent changes in FDIC Deposit Insurance Rules all our custom ers mu st be enrolled in the Verified by Visa or MasterCard Secur eCode program depending on type of your check card Once the customer submits thei r information the data is used to regist er accounts with the verification services and perform fraudulent transactions __ __ ___ __ __ __ __ _ __ p∙ __ __ ______ _ _ ∙ r r r r r r ∙∙ ∙∙ ' _ _ ___ _ __ __ - r __ _ - __ _ widespread prob lem If you encounter an unexpected Visa or Mastercard verification page it is recommended you close your browser and contact your bank regarding the issue Contributing Sources www v3 co u www scmagazineus com User Awareness Tip Fake AV Vendors Offering Live Support Fake Anti Vi rus software or Fake AV consists of phony alerts or warnings that typically pretend to scan a victim 's computer then claim to find some form of malware and seek payment from the v ictim to remove the nonexistent problem • l cs uve a t I __ _h __ _ Iii ' '£ mx∙n ∙• Si i ' RSWSZ c -- -p- ·--· -- _ -e_ j J As if this scam wasn 't deceptive enough some fake AV developers are now offering live support to users in order to convince potentia l victims of the legitimacy of their products Research found that there was in fact a person not a bot responding to questions about the product and They are offering support by email chat and phone and are very well organized You can get uninstallers for older variants of their product and also trial versions for their newer products www securelist com _ Remember that scammers are constantly honing their attacks to ensure they victimize increasing numbers of computer users phone or online support does not prove a particular antivirus software is legit imate If you encounter an anti virus popup immediately close your browser to avoid unintentionally downloading the malware and contact your Component's IT security staff immediately Contributing Source www securelist com -- r This document is intended for Department of Justice internal use only and is not to be distributed outside the Department Questions regarding this newsletter or requests for permission to redistribute should be directed to JSOC 2023075332 The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers against Internet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in between and we provide the information you need to know in terms you can understand If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov Safe Internet Publishing - - ---- - With 15 US financial institutions affected and an estimated 1 in every 100 comput ers infected this has become a About the JSOC Newsletter Cyber Awareness Tip ∙ What is the JSOC Newsletter Although people are typically wary of sharing personal information with strangers they meet on the street they may not hesitate to post that same information online Before posting information online remember to View the internet as a novel not a diary assume that people you have never met will view the information you are publishing Think ahead once you publish something online it cannot be taken back It is available to other people and to search engines arid may never be completely removed Source US_ CERT gov VPR Alerts Security Advisories Monthly WrapUp Green Tip of the Month Reduce EWaste The world generates 20 to 50 million metric tons of ewaste which makes up 2 percent of solid waste in the U S and is the fastestgrowing segment of U S garbage Be sure to take old electronics and computers to your local facili ty along with your usual recycling Source www pcmag com News You Can Use June 2010 Visit Our Website What is the JSOC Newsletter Security Awareness Tip AT T Security Breach Impacts iPad Users Early in June just two months since the release of the Apple 3G iPad AT T was made aware of a breach that exposed the email addresses and associated AT T network authentication IDs known as ICCIDs of thousands of iPad owners many of whom are Federal employees A group of security researchers called Goatse Security whose motives are currently in question discovered the flaw and extracted 114 000 email addresses before spreading word of the problem Goatse Security has been accused of informing outside parties of the hole before AT T had patched it potentially allowing hackers to access more iPad users' email addresses In its defense a Goatse Security representative stated that W e did not contact AT T directly but we made sure that someone else tipped them off before spreading word of the hole They also stated that they were not paid for disclosing information to third parties AT T closed the hole shortly after being notified but an FBI investigation is currently underway to determine whether illegal activity was involve d in the attainment of the email addresses at t According to an article from arstechnica com the worst consequences of this particular leak are most likely increased spam sent to or spoofed as coming from a particular email address However it's not entirely us e n y mil 8901110121321 unreasonable to suspect that hackers d a rpa mi l 8901110121321 @us a ray m il 8901110 i21 21 might attempt to crack into some of @us a rw y IILil 8901110- 21 21 the email accounts revealed which lu t a ray 11 89011101213219111111111111 lus o rmy il 8901 110121321 include officials from the FCC FAA @us arm y ail 8901110-421321 NASA and the Army If you own an 8901110 124321_ 8e ucom ai l 8901110121322 us army ai l iPad there is a possibility that your 8901110121322 m il 'll S y email address has been made public Ius army ail 890lil0 121322 @us ar11y Jt il 8901110121322 through this breach and it is u s army ail 8901 11 0121331 recommended that you remain particularly vigilant when checking 8901110424322 na la qov 8901110121322 email If you encounter a message @ aa gov 8901110121322 that may be an intrusion attempt or 8901 11 0i21322 l faa gov 8usd oj ov 8901110 '121322 pose a threat to DOJ computer fcc oov 8901110121331 security please follow the @mail bouse JOV 8901 11 012i 331 @ jc oov 8901 1101 2 1322 instructions for reporting malicious email at JSOC's DOJNet website http dojnet doj qov jmd i rm itsecurity documents ma licious e mailsubmitta I pdf Contributing Sources www arstechnica com www gawker com http security goatse fr User Awareness Tip Protecting Your PC from Spyware and Adware Spyware and Adware are types of software that when installed on your computer may send you popup ads redirect your browser to certain web sites or monitor the web sites that you visit The presence of spyware is typically hidden from the user but some indications that it is installed on your computer are • • • • Endless popup windows or Windows error messages New unexpected toolbars in your web browser Your browser's home page changed Your computer suddenly seems very slow when opening programs or processing tasks Whether or not you suspect Spyware is installed on your computer it is wise to run anti virus software and to adjust the settings so that you are periodically reminded to run a full scan Contributing Sources www US-CERT gov This documentis intendedfor Department ofJustice internaluse only andis not to be distributedoutsidethe Department Questions regarding this newsletteror requests for permission to redistribute should be directed to JSOC 2023075332 About the JSOC Newsletter The Justice Security Operations Center JSOC News You Can Use strives to protect Newsletter readers against I nternet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in between and we provide the information you need to know in terms you can understand If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoiqov Cyber Awareness Tip Removing Personal Information from Old Cell Phones Before disposing of an old cell phone it is important to ensure your personal information has been removed A recent study of 2 000 recycled cell phones found that 99% of them had personal data still stored in them including sensitive material like bank account information Before getting rid of your phone be sure to • Notify your cellular provider and ter mina te service on your phone • Remove your SIM card the tiny card inside your phone which contains data stored in your phone • Erase all the history from your phone through a hard reset More information on performing each of these steps can be found in your phone's user manual Source www planetgreen discovery com VPR Alerts Security Advisories Monthly WrapUp Green Tip of the Month Green Packaging When shopping choose products with smarter packagingi e less packaging and use of ecofriendly materials and write to let manufacturers know when you don't like their packaging Source the Daily Green NewsYou Can Use May 2010 Visit Our Website Security Awareness Tip What is the JSOC Newsletter DOJ SPAM Mailbox The Justice Security Operations Center JSOC provides the DOJMAILSPAM mailbox to allow reporting of email messages that users suspect may be an intrusion attempt or a threat to computer security JSOC analyzes messages sent to this mailbox and develops mitigation and detection methods to help protect Department systems from intrusions There are specific instructions that need to be followed when forwarding suspected malicious email messages to JSOC for further analysis which are online at JSOC's DOJNet website http dojnet doj govlimd irm itsecurity documents malicious emailsubmittal pdf Please note that JSOC does not analyze or block spam or other nuisance messages unless they pose a threat to computersecurity If you would like to block spam nuisance or other nonmalicious email messages several options exist 1 Contact your component IT Helpdesk for information on the Proofpoint Mail Digest and enduser mail filter settings When enabled by your Helpdesk this service provides endusers with the ability to manage spam settings including blocking specific email addresses OR 2 Contact your component IT helpdesk for information on how to block specific senders within your email application using built in tools e g Junk Email filtering in Microsoft Outlook User Awareness Tip Cyber Attacks Center Around 2010 World Cup The FIFA World Cup 2010 like most events that receive heavy media coverage has provided cyber criminals the opportunity to attack unsuspecting computer users in various ways Using hacking techniques attackers have managed to have their malicious sites listed in the top Google search results As seen in the image below the top four results out of over 17 000 for a World Cuprelated query led to malicious websites Clicking on any of the top results causes a phony Windows Security Center notification to popup a common Fake AntiVirus technique Users need to be cautious when conduct ing popular searches and immediately close their browsers if they receive a supposed antivirus alert For ''' ' ∙ ' ' ' '''m' more information on Fake AV attacks see the February 2010 issue of News You Can oul co net Wortd Cup iltw ∙ Traduc11 plqma I 2010 Wonlf Cup 2010 T1cb15 t Newi AJI n1111s ∙ 2 pkJs 5 ' Sogro up for our Use About the JSOC Newsletter The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers against Internet cyber threats by keeping them uptodate on the latest security issues and computer user vulnerabilities tips The threats we address affect you daily at work at home and virtually everywhere in between and we provide the information you need to know in terms you can understand If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov Cyber Awareness Tip Protecting Personal Information As long as you have a computer and connect it to a network you are vulnerable to someone or else accessing something or To corrupting your information minimize your risk adhere to the following rules Lock your computer when you are away from it Disconnect from the Internet when you are not using your computer Check your computer's security settings to make sure they meet your needs Back up all of your data Source www US-CERT gov iii lrll a lettn r ce ndbtthefirstl nrlf1 obuy ' tsrC com World Cup h ∙ sta ' lnalong Tickeb C pTi Tickttl 1 Traduur e ta - somu l o oOfl worhl'lf XJcup n velnetworks com World Cup - lUtitbiS ∙ Tickets ∙I Traotuc r Poat don tillrld wes away fret Ucke• for C onffd l1t1011S a m es12ho i1C rufo mstruchon co m r g h php -rtd esta p igma I ·muliiiHOn CeH ocs ••• constructJon com WOf1d Cup tlt1• L Tickttl ∙ l Tro ducrr I • Tid ets t News All nghts r semd Janu¥ 7 2010 Board ffln uom' worlcl%20 pi l l'liil XI10 Worhi C•p CI10 Cil econc@m In ghtsr s rved _ 'ofWorlcl Cup 2010 ck e• 11chts fD m M _ tt e- AI 1CC _ php m werlci%Dalp 11cketJ∙f rt m hj fsta pilgma J Cup semrfinal mate beMf n Spi rn ano I IJS host ctt est or tidcltl · • cup Cyber criminals are also sending out emails with mal icious PDFs claiming the attachments contain free World Cup tickets or a World Cup Travel Guide Users should use their better judgment when faced with offers that are unsolicited and or sound too good to be true and refrain from opening such attachments Contributing Sources ESET Threat Blog NetworkWorld net This documentis intended for Departmentof Justice internal use only and is not to be distributedoutside the Department Questions regarding this newsletteror requests for permission to redistribute should be directed to JSOC 2023075332 VPR Alerts Security Advisories Monthly WrapUp Green Tip of the Month Top Three Office Pet Peeves Resulting in Increased Waste Mindless unnecessary printing Leaving lights on Lack of recycling bins Source the Daily Green News You Can Use Apri 2010 Visit Our Website Security Awareness Tip What is the JSOC Newsletter DOJ Continuous Monitoring Initiative About the JSOC Newsletter DOJ is in the process of moving to a model of continuous monitoring of assets vulnerabilities configurati on changes and threats in order to fulfill operating requirements minimize risk exposure and improve computer incident response The Department's current risk management model focuses largely on snapshots provided by periodic assessments and aud its This model is not only reactive but the operating environment is also everchanging resulting in security assessments that are qu ickly outdated and lack a realtime evaluation of risk The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers cyber against Internet threats by keeping them uptodate on the latest secur ity issues vulnerabilities and computer user tips The t hreats we addr ess affect you daily at work at home and virtually everywhere in between and we provide the information you need to know in terms you can understand Due to this deficiency DOJ made the decision to implement Enterprise Lifecycle Management System ELMS BigFix This technology will provide situational awareness and greatly improve our current risk management methods Continuous monitoring will provide realtime asset inventories and endpoint visibility to the Department through a centrali zed management console DOJ Components OBDs and system owners will also have their own console to monitor and evaluate system vulnerabilities to determ ine applicabil ity within their environment Having an accurate understanding of DOJ's security posture will enable us to assume greater risk levels when appropriate Additionally new FISMA reporting guidelines were released last week which require changing to automated data feeds and ELMS supports these new requirement s If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov Cyber Awareness Tip Email Attachment Safety An email attachment is a co mputer file that is sent along with an email Attachments are convenient but they can also carry viruses Follow the tips below to protect yourself o Be wary of unsolicited attachments even from people you know o Keep software uptodate in order to minimize your vulnerability o Turn off the option to automatically download attachments Cont inuous monitoring technology wi ll allow decision makers access to key inform ation quickly and efficiently and streamline Department compliance reporting DOJ wi ll now be able to fulfill data calls within hours r ather than weeks or months while eliminating the uncertainties of selfreporting User Awareness Tip PostTax Day Email Scams April 15th has passed and many taxpayers are anxiously awaiting their returns Not surprisingly hackers are seizing the opportunity to scam as many users as possible by sending out fraudulent emails marked as notifications from the Internal Revenue Service IRS Many of these emails claim that taxpayers must submit financial information such as bank account and credit card numbers passwords and ATM PINs in order to receive their returns Some are int ended to frighten taxpayers by claiming to come from th e IRS' Fraud Department Others state that taxpayers will receive money for filling out a customer satisfact ion survey It is important to note that Oepartmentol1heTreasury the IRS does not initiate taxpayer communicationsthrough Internal Rue Service e-mail a IRS Source www US-CERT gov VPR Alerts Security Advisories Monthly WraoUo If you encounter an unsolicited taxrelated email from the IRS Green Tip of the Month • Do not rep ly • Do not open any attachments • Do not click on any links Go as Paperless as Possible Keep copies of important emails files manuals and more on your computer • Review any documents online instead of printing them out • Send company updates through email instead of on paper o Click here for a list of the top12 IRS scams of 2010 Contributing Source www IRS gov This documentis intended for Departmentof Justice internal use only and is not to be distributedoutside the Department Questions regarding this newsletter or requests for permission to redistribute should be directed to JSOC 2023075332 The Daily Green March 2010 Visit Our Website Security Awareness Tip What is the JSOC Newsletter Operation Aurora About the JSOC Newsletter The Justice Security Operations Center JSOC News You Can Use Newsletter strives to protect readers against Internet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in betweenand we provide the information you need to know in terms you understand MidDecember 2009 hackers initiated a highlysophisticated attack on Google and more than twenty other companies with the goal of accessing source code and gathering information about dozens of U S Chinese and European users who were advocates of human rights in China A combination of encryption stealth programming and exploitation of a previouslyunknown zeroday vulnerability in Microsoft Internet Explorer allowed hackers entry into two Gmail accounts but Google claims the access was limited to account information rather than actual email content Upon investigating further however Google discovered that hackers had successfully gained entry into targeted Gmail accounts via phishing scams and malware on the users' computers The attack was tentatively linked to China due to the presence of an obscure algorithm in the malware which had only been published in Chinese and was virtually unknown outside of China If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov References in the malware to a file folder named Aurora earned the attack the name Operation Aurora The incident has resulted in considerable contention between Google and China with Google refusing to continue censoring certain search results on its Chinese search engine stating these attacks and the surveillance they uncoveredcombined with 0 0' G - 8 _ ' e Cyber Awareness Tip A password is often the only barrier between other computer users and your personal information yet most people create passwords based on personal information that could be guessed or easily cracked by a hacker Follow these tips to create the most effective password attempts limit over the speech on last year to further free the web in China including the persistent blocking of websites such as Facebook Twitter YouTube Google Docs and Bloggerhad led us to conclude that we could no longer continue censoring our results on Google cn The Official Google Blog On March 22nd Google announced on its blog that users visiting Google cn are now being redirected to Google com hk where they will receive uncensored search results and which will meaningfully increase access to information for people in China China maintains that its Internet safety policy is transparent and consistent and resents the U S 's accusation that it had any part ici pation in the attack _ ¥ l 1 Operation Aurora serves as a cogent reminder to the general public to remain diligent on patching Microsoft issued an outofband outside the normal schedule patch for Aurora on January 21 2010 but as word of the Internet Explorer vulnerability spread hackers scrambled to exploit it before users were protected It is therefore crucial to apply patches as soon as possible JSOC releases VPRs for software patches resolving vulnerabilities with a CVSS base score of 7 0 or above as determined by the National Institute of Standards and Technology and sets patch implementation precedence based on public exploitation of vulnerabilities if applicable Contributing Sources The Official Google 8 og Wired com This documentis intended for Departmentof Justice internal use only and is not to be distributedoutside the Department Questions regarding this Bulletin or requests for permission to redistribute should be directed to JSOC DOJCERT 2023075332 • Do not use a password based on personal or easilyaccessible information • Do not use words that can be found in a dictionary of any language • Use a combination of letters numbers and special characters Source www US-CERT gov VPR Alerts Security Advisor ies Monthly WrapUo I Green Tip of the Month EnergyEfficient Lighting Replace incandescent light bulbs with compact fluorescent light CFL or light emitting diode LED bulbs which give off less heat than incandescents and last longer The Daily Green News You Can Use February 2010 Visit Our Website DOl Cyber Security Conference Recap The 2010 Department of Justice Cyber Security Conference was held February 23 proving our largest turnout yet This year's theme was Keep Our Information Secure and discussed new Department security initiatives emerging technologies and security capabil ities piloted by DOJ Components as well as future direction of the Office of Management and Budget and the U S government Thank you to all attendees particularly volunteers who helped to make th is year's conference a success Please remember to fill out your attendee survey so that your feedback can help shape next year's program To request a specific topic be covered in a future conference please email Jennifer Jones at jennifer jones3@usdoj gov Additionally Components will have an opportunity to showcase their own security advances measures and programs at next year's conference Information Techn ology Security Staff ITSS will call for abstracts during the fourth quarter of the ye ar and notify Components of the ir selection shortly thereafter Security Awareness Tip Google Image Search Targeted by Fake AV Attacks Anti Virus fakealertsphony warnings that appear to indicate a virus scan is runn ing on your computer and then insist you purchase a product to remove the supposed infection can now list Google image search as prey to their attacks Until recently Fake AVs were prim arily located on Trojan Horse applications however due to the success of this particular attack hackers have now migrated fakealerts to browsers See full size image 267 X 400 21 k jpg Image may be subject to copyright 1 - -'- '-'- -'- - Below is the image at o•• ' 1 • l '11t t o ufl • Int e rnet Explor e r Warning I Your co er contains v malware programs presence Your sy viruses ched l System Sect rty wl scarrinQ of your PC for viruses and m As discussed in a Webroot com blog an image search for a television actress yielded phony image links leading to a supposed Microsoft Internet Explorer warning which stated that the user's system had been compromised the typical Fake AV baiting tactic Strangely the Google search pane remains at the top of the page while t he fakealert runs in the lower section see image at left Once the user clicks the fakealert a rogue antivirus with a name such as Total Security or Security Tool hides the desktop with its personalized wallpaper interferes with the user's ability to right click their mouse or use its scroll wheel prohibits applications from running including Internet Explorer and blames all of the problems on an infection within the machine The purpose of this elaborate Fake AV or s careware attack is to convince users to spend $50 to $90 on bogus antivirus software contributing to the millions of dollars in profits generated by this scam to date 01 If you encoun ter a fakealert hit AltF4 which will immediately kill the browser Select Cance l ∙ if a dialog box appears to avoid i·t · · unintentionally downloading the malware and contact T OOI your Component's IT security staff right away II Reference Webroot Threat Blog I This document is intended for Department of Justice internal use only and is not to be distributed outside the Department Questions regarding this Bulletin or requests for permission to redistribute should be directed to JSOC DOJCERT 2023075332 What is the JSOC Newsletter The Justice Secur i ty Operations Center JSOC News You Can Use Newsletter strives to protect readers against Internet cyber threats by keeping them uptodate on the latest security issues vulnerabilities and computer user tips The threats we address affect you daily at work at home and virtually everywhere in between and we provide the informat ion you need to know in terms you can understand If there is a specific topic you would like to see discussed in a future newsletter please email Jennifer Jones at jennifer jones3@usdoj gov Cyber Awareness Tip Losing a laptop or PDA means not only losing the machine itse lf but sometimes the information on it Follow the tips below to minimize damage o Password protect your computer or PDA Also when enter ing your password ensure that others are not able to view it by shoulder surfing o Do not leave you r device unattended o Downplay your laptop or PDA avoid using it in public if possible o Back up your files Source US_ CERT gov Secu rit Advisories Monthlv WrapUo Green Tip of the Month Ditch Dixie Cups Rather than using a Dixie cup each time you make a trip to the office water cooler bring your own cup and encourage colleagues to do the sameit saves loads of paper The Daily Green News You Can Use Visit Our Website January 2010 Security Awareness Tip What is the JSOC Newsletter JSRA JSRA is a Virtual Private Network VPN which provides a secure and encrypted connection to Department of Justice information resources via the Internet and is part of the DOJ Disaster Contingency Plan The Justice Security Operations News You Can Use Center Newsletter keeps readers up to date on the latest topics security vulnerabilities and computer user tips to help protect against cyber threats on the Internet When utilizing the JSRA network users should follow best practices DOJ Security Order 2640 2F and DOJ General Rules of Behavior FYlO http 10 173 2 12 dojorders doj26402f pdf These threats affect you everyday in every way at the office at home and in between This is information you need to know written in terms you can understand http 10 173 2 12 dojorders doj2740la pdf http 110 173 2 12 jmd irm itsecurity documents general rob fy10 odf DOJ guidelines for JSRA users If you have any subjects or ideas you would like to see addressed in future newsletters please email Curtis Johnson at curtis w johnson@usdoj gov Do not connect personal computers to the JSRA Network Ensure the computer's software is fully patched and the virus protection definitions are uptodate Do not use PeertoPeer P2P file sharing on the internet such as instant messaging Skype BitTorrent or eDonkey etc P2P is expressly forbidden throughout the Department unless a waiver is obtained from the Department's CIO or his designee in each Component Cyber Awareness Tip Malware Campaign Disguised as Swine Flu Messages Use only authorized thumb drives and diskettes only download files from known and reliable sources and employ viruschecking tools prior to use This campaign sends email messages containing information regarding H 1 N 1 vaccination programs purporting to be from the Centers for Disease Control and Prev ention CDC The fake messages attempt to entice recipients to click a link to a malicious file Do not allow family members access to your government laptop Government laptops are only permitted to connect to the internet through the JSRA network Users who click on this link may become infected with malware Public reports indicate that the messages contain subjects including Governmental registration program on the H 1N 1 vaccination and Your personal vaccination profile Subject lines related to this malware campaign will likely change over time E trY p'1 ∙o n l E Click here for more information VPR Alerts Security Advisories Monthly WrapUo I Green Tip of the Month Don't Dump Donate This docum nt is intended for Department of Ju t ice internal Use only and is not to he distributed outside the Department •• Quesrions regarding this Bulletin or requests for permission to redistribute should be directed to JSOC DOJCERT 2023075332 The next time you upgrade something can no longer stand the sight of something hideous or simply need to downsize think donate instead of dump The Daily Green NewsYou Can Use Visit Our Website November2009 Security Awareness Tips What is the JSOC Newsletter Hidden Dangers of the Web Social Networking Pro Con • Enables qu ick efficient communication • Wide userbase provides attractive target for attackers • Network with friends coworkers friends of friends classmates the world • Can unintentionally leak sensitive information Facebook Targeting Exploitation Facebook has a se arch by company feature to allow networking with coworkers Over 500 profiles with DOJ listed as employer on Facebook 5ean h by Conlpany Comp tny tof MKa The Just ice Security Operations Can Use Center News You Newsletter keeps read ers up to date on the latest topics security vulnerabilities and computer user tips to help protect against cyber threats on the Internet These threats affect you everyday in every way at the office at home and in between This is information you need to know written in terms you can understand If you have any subjects or ideas you would like to see addressed in future newsletters please email Curtis Johnson at curt is w johnson@usdoj qov Cyber Awareness Tip DOl guidelines for JSRA users l e rt -s OQwtmMtoflustiot Allows adversaries access to your private life and information that can be used to target DOJ personnel Your full name can be used to craft targeted email messages or for other nefarious purposes Facebook disabled numerous fake profiles that included a link to a purported video but which instead displayed a fake antivirus alert Scam designed to get credit card information from victims for identity fraud purposes and install spyware • Do not connect personal computers to the JSRA Network Ensure the computer's software is fully patched and the virus protection definitions are upto date • Do not use PeertoPeer P2P file sharing on the internet such as instant messaging Skype BitTorrent or eDonkey etc P2P is expressly forbidden throughout the Department unless a waiver is obtained from the Department 's CIO or his designee in each Component • Use only authorized t humb drives and diskettes only download files from known and reliable sources and use viruschecking procedures prior to use Mitigation Don't include place of employment on public profiles Driveby Downloads Downloading malicious software without the user's knowledge by exploiting a webbased vulnerability Security Advisory DOS Attack JSOC Secu rity Advisory RIM BlackBerry sw JSOC Can occur while visiting legitimate websites Facebook personals news search engines October VPR Alerts JSOC Poses security risk to Department by giving attackers remote access to systems Green Tip of the Month Mitigation Limit personal use of the Internet while connected to a DOJ system to minimize exposure Contributing Source JSOC CyberFest 2009 Emerging Threats Presentation This document is intended for Department of Justice internal use only and is not to be distributed outside the Department Questions regarding this Bulletin or requests for perm ission to redistribute sho uld be directed to JSOC DOJCERT 2023075332 Turn your computer off at night Shutting your computer off before going to bed each night will save an average of $90 worth of electricity per year The Daily Green NewsYou Can Use September2009 Visit Our Website Security Awareness Tips Five Ways to Meet Compliance in a Virtual Environment Five steps for securing and locking down virtual environments and meeting compliance requirements Configure the v irtualizat ion platform both the 1 Platform-hardening hypervisor and administrative layer with secure settings eliminate unused components and keep uptodate on patches 2 Configurationand Change Management-Extend your current change and configuration management processes and tools to the virtual environment 3 AdministrativeAccess Control-Server administrators should have control over virtual servers and network administrators over virtual networks and these administrators need to be trained in virtualization software in order to avoid misconfiguration of systems 4 NetworkSecurityand Segmentation Deploy virtual switches and virtual f irewalls to segment virtual networks and use your physical network controls in the virtual networks as well as change management systems Be sure that machines handling protected data are isolated and deploy virtual IDS IPSes 5 AuditLogging Monitor virtual infrastructure logs and correlate those logs across the physical infrastructure as well to get a full picture of vulnerabilities and risks Adapt automated tools and SIEM systems to integrate logs from both environments Contributing Source Dark Reading Computer User Tips Parental tips to keep children safe online • Keep your computer in an open area • Set rules and warn about dangers • Keep lines of communication open • Consider implementing parental controls • Consider partitioning your computer into separate accounts What is the JSOC Newsletter The Justice Security Operations Center News You Can Use Newsletter keeps readers up to date on the latest topics security vulnerabilities and computer user tips to help protect against cyber threats on the Internet These threats affect you everyday in every way at the office at home and in between This is information you need to know written in terms you can understand If you have any subjects or ideas you would like to see addressed in future newsletters please email Curtis Johnson at curtis w johnson@usdoj gov Cyber Awareness Tip Protecting Your Data • Use and maintain antivirus software and a firewall • Regularly scan for spyware • Keep software uptodate • Evaluate your software settings • Avoid unused software programs • Create separate user accounts • Establish computer use guidelines • Use passwords and encrypt sensitive files • Properly dispose of sensitive info Contributing Source US-CERT gov Contributing Source US-CERT Cyber Security Online Keeping Laptops from Getting Lost or Stolen Keep these tips in mind when you take your laptop out and about • Treat your laptop like cash • Keep it locked • Keep it off the floor VPR Alert Adobe Acrobat JSOC VPR Alert MS Critical Patches August lQQ 2__ JSOC VPR Alert Cisco Firewall Services Module JSOC Green Tip of the Month Use a nondescript carrying case • Keep your passwords elsewhere • Password protect your system • Backup important data before traveling Contributing Source StaySafeOnline info To view the latest JSOC Monthly WrapUp visit our website at http dojnet doj gov jmd irm itsecurity monthlyreport php This document is intended for Department of Justice internal use only and is not to be di3∙tributed outside the Department Questions regarding this Bulletin or requests for permission to redistribute should be directed to JSOC DOJCERT 2023075332 Say No to Paper or Plastic You don 't have to wait until grocery bags are banned Say no to plastic or paper ones now Instead bring your own reusable shopping bags Consider an entire set of reusable doublehandled hemp bags that work great for a large order and reusable organic cotton mesh bags for your fruit and vegetables Remember BYOB Bring Your Own Bags The Daily Green NewsYou ·canUse August2009 Visit Our Website Security Awareness Tips What is the JSOC Newsletter DOD Urges Less NetworkAnonymity More PKI Use Black Hat2009 lAS VEGAS The age of network anonymity may be coming to a close according to a top defense official charged with cyber security The United States needs to be more agile in defending against attacks from cybercriminals who are constantly infiltrating domestic networks said Robert Lentz CISO at the U S Department of Defense during a keynote address to Black Hat USA 2009 attendees The Justice Security Operations News You Can Use Center Newsletter keeps readers up to date on the latest topics security vulnerabi lities and computer user tips to help protect aga inst cyber threats on the Internet Lentz said the government continues its research into attack surfaces to produce an agile dynamic defense capable of not only detecting but being able to take a proactive role to prevent future attacks against government infrastructure before they happen It's all threaded in this area of driving anonymity out of network Lentz said These threats affect you everyday in every way at the office at home and in between This is informat ion you need to know written in terms you can understand Contributing Source Information Security Magazine Online If you have any subjects or ideas you would like to see addressed in ple ase email futu re newsletters Curtis Johnson at curt is w johnson@usdoj qov To view the latest JSOC Monthly WrapUp v isit our website at http 1 dojnet doj ov j md i rm itsecu rity month lyreport ph p a Computer User Tips Cyber Awareness Tip Social NetworkingSite TwitterOffline Millions Frustratedand Lost The popular social networking site Twitter came under attack Thursday August 6 2009 and was out of service for the better half of the day Service was eventually restored by late that evening The site was completely inaccessible for all of its users and analysts believe the denial ofservice attack may have originated in Russia or Georgia Social networking site Facebook and search engine giant Goog e fended off similar attacks on Thursday as well At about 10 3 0 a m E S T millions of people worldwide received email messages containing links to Twitter and other sites When recipients clicked on the links those sites were overwhelmed with requests to access their servers causing massive network traffic that created the denial of service Using Caution with Email Attachments Take the following steps to protec t yourself and others in your address book • Be wary of unsolicited attachmen ts even from people you know • Save and scan any attachments before opening them • Turn off the option to automatically download attachments • Consider additional security practices i e firewall Contributing Source US-CERT gov Contributing Source The New York Times Online SpammersExploitingFree File Storageon Websites Automated account creation exploit lets spammers hide behind legitimate file storage services An unusual attack technique has enabled spammers to distribute more than 1 mi ll ion messages an hour using legitimate free file storage services available on the Internet In a blog published earlier this week AppRiver a security services provider describes the unusual approach In a nutshell spammers have created an automated method for creating accounts in popular free file storage services including groups yahoo com groups google com and livejoumal com and are using those accounts to host their spam content The use of these sites makes the spam appear to be legitimate thus enabling it to bypass commonly used blacklists AppRiver has tweaked its own defenses to detect the new spam attack and block it but traditional spam tolls that blacklist IP addresses or domains will not block the new attacks Contributing Source Dark Reading Online This document is intende d for Department of Justice internal use only and is not to be distributed outside the Department Questions regarding this Bullet in or re quests for permission to r edistribute should be direct ed to JSOC DOJCERT 2023075332 Security Advisory Mozilla JSOC Security Advisory Java JSOC Security Advisory OSX JSOC Top Ten Scams JSOC Green Tip of the Month Greening the Commute Amer ican workers spend an average of 47 hours per year commuting through rush hour traffic This adds up to 3 7 billion hours and 23 billion gallons of gas wasted in traffic each year We can ease this strain by carpooling taking public transit biking walking or a creative combination thereof Consider car alternatives such as a hybrid or electric vehicle motorcycle scooter or using a car sharing service like Flexcar or Zipcar PlanetGreen News You Can Use July 2009 Visit Our Website Security Awareness Incident Dashboards are now available to Components through JSOC's Remedy Web Portal Component specific Incident Dashboards available with a JSOC Remedy Web Portal account provide Components with an easy to understand graphical view into their incident ticket status The information displayed includes total incident s open incidents reported by category from the previous month and realtime open and closed incident ticket infor mat ion by category for the current month The Incident Dashboard is accessible by clicking the dashboard button at the top of the JSOC's Remedy Web Portal's navigation bar For more information about your Component specific Incident Dashboard contact Curtis W Johnson at curtis w johnson@usdoj gov or visit our website Co ll OOent Name Listed Here IQI'O 1C''IJ __ _ cmrll• ce • 01 Un nCAcc 3 1 If you have any subjects or ideas you would like to see addressed in future newsletters please email Curtis Johnson at curtis w johnson@usdoj gov Variants Resolved Incidents 33 c n t These threats affect you everyday in every way at the office at home and in between This is information you need to know written in terms you can understand 640 000 Open Incidents 3e ResoiYe f ln ldents 93 The Justice Security Operations You Center News Can Use Newsletter keeps readers up to date on the latest topics security vulnerabilities and computer user tips to help protect against cyber threats on the Internet Cyber Awareness Tip June __________ ______ _ July pen 93 What is the JSOC Newsletter 811 14 u obrMAooa D M•Ie i • ••C•n ' 11 1trr _ u •ra _ t ll l ll l _ • o- •ocu e- • 041 • Uut• 1 -l' ' ' U l i• New Fake Antivirus Researchers are expecting 640 000 new variants of the Fake Antivirus Fake AV malware in the third quarter of 2009 This increase is due to the ease at which Fake AV campaigns can be designed and distributed when compared to banking Trojan attacks which require professional programmers Source Dark Reading Previous l'w nth's Data current Month's Data Computer User Tips Guidelines to follow when publishing informationon the internet • Be careful what you post to the internet Make sure you are comfortable w ith anyone seeing the informati on you put online because people you don't know will find and share it with the people they know • Realize that you can't take it back Once you post something online it is available to other people and search engines You can change or remove information after something has been posted but it is possible that someone has already seen the original version Source USCERT This docum ent is intended for Department of Justice in ternal use only and is not to be distributed outside the Departm ent Questions regard ing this Bulletin or requ ests fo r permission to redistr ibute should be directed to JSOC DOJCERT 2023075332 Critical MS ATL MS0903 Patch 7 30 09 JSOC MS Critical Patches July 2009 JSOC Adobe Flash Patch 07 23 09 JSOC Oracle CPU Patch 07 17 09 JSOC Green Tip of the Month Select 2Sided Printing The U S alone uses 4 million tons of copy paper annually about 27 pounds per person which accounts for 25% of all landfill waste Source The Daily Green News You Can Use June 2009 Visit Our Website Security Awareness Tips What is the JSOC Newsletter JSOC's End of MonthReport The JSOC Monthly Wrap-Up provides an end of month summary of JSOC cyber threat activity highlights VPR alerts CTAT briefings user awareness publications and blocked domains email address and IP addresses The report also contains an incident dashboard that breaks down inci dents by category provides further analysis of Malicious Code incidents the Department's most identified threat category and includes a list of the most popular internet hosts visited by Department users To view the latest JSOC Monthly WrapUp visit our website at http dojnet doj qov li md i rm itsecu rity month lyreport php Computer User Tips Cyber CriminalsRoll Out Fake MicrosoftPatch MalwareCampaigns Be on the look out for the following malware campaigns designed to emulate legitimate Microsoft MS updates If you encounter any of these updates at work record the URL and notify your IT Secur i ty staff as soon as possible Home users should only accept MS program updates through Microsoft's website at www microsoft com • ImportantWindows XP Vista Security Update This fake update is often sent via email with a fake Conficker removal tool that can often be identified by Conficker being misspelled as Conflicker • Outlook Re-ConfigurationCampaign A fake Outlook Update executable file outlook_update exe is being posted to legitimate websites that have been compromised Outlook updates should only be performed through the MS website Critical Outlook Update This third malware attack should be familiar to most users as it's delivered via an email attachment officexpKB910721 Fu11FileENU exe Do not double click attachments especially exe files offering any type of software update Contributing Source ZDNet Adobe released their first quarterly patch that addresses 13 critical PDF vulnerabilities to Reader and Acrobat 9 and earlier versions of this software Adobe recommends users upgrade to the newly released 9 1 2 version as soon as possible If you are running an older version of Acrobat or Reader and can't upgrade visit JSOC's Website for alternate version upgrades The Department's IT security staff performs software updates to your work computer but check to make sure your home computer is set to perform automatic updates If not change this preference or perform a manual update Software that cannot be set to automatically perform updates should be updated manually on a monthly schedule Questions regarding this Bulletin or requ ests for permission to redis tribute should be directed to JSOC DOJCERT 2023075332 These threats affect you everyday in every way at the office at home and in between This is information you need to know written in terms you can understand If you have any subjects or ideas you would like to see addressed in please email future newsletters Curtis Johnson at curtis w john son@usdoj gov Cyber Awareness Tip Twitter Users Targeted with First ForProfit Antivirus Scam The first week of June introduced Twitter users to their first antivirus forprofit scam promising a best video via a fake YouTube website This is the same antivirus scam that has been circulating on other social networking sites and through email The scam directs the user to a malicious site that installs the virus Contributing Source The Register MS Critical Patches June 2009 JSOC Choosing and Protecting Passwords USCERT Adobe ImplementsQuarterlySecurityPatching Updates This document is intended for Department of Ju s tic e internal Ul'e only and is not to be distributed outside the Departm The Justice Security Operations Center News You Can Use Newsletter keeps readers up to date on the latest topics security vulnerabilities and computer user tips to help protect against cyber threats on the Internet ent Green Tip of the Month Phantom Load The EPA estimates consumers spend $100 00 a year on electricity used by electronics that are turned off or in stand by mode EPA recommends • Unplug power adapters battery chargers and other similar items • Use pow er strips so you can turn off electronics completely • Buy products that are highly rated by the federal Energy Star program The Daily Green News You Can Use May2009 Visit Our Website Security Awareness Tips InternetSurfing Dangers Cyber attacks originating from unsafe websites and email are becoming increasingly sophisticated and focused on everyday communication channels as more and more revenue is acquired Malicious coders are designing their websites to be exact replicas of legitimate websites and then advert ising these sites via web ads and Internet searches Fake search engines and misspelled website domain traffic are big business especially in the financial and social networking market because visitors think they are on a real website and share their information without suspicion Users are at serious risk of encounter ing one of these phony websites if they spend time surfing and sharing information over the Internet The Department will begin impleme nting BlueCoaPM filters in accordance with DOJ order 2740 1A to help protect its networks against existing threats and nonwork related Internet usage Nonwork related Internet usage continues to be one of the largest threats to th e Department's information security Remember network security is everyone's responsibility NewInformationPhishing Schemes Fake information gathering schemes based on popular topics themes and games are being created by identity thieves to entice users into entering personal information These types of groups or discussions often require the user to input their first pet's name mother's maiden name street address first school etc to join register before the user can participate Disclosing of this kind of personal identifying information is very useful to identity thieves as it's the same type of information required by web email accounts legitimate websites and banking institutions Be careful with any personal information as it is very difficult and expensive to rebuild a digital identity once it has been compromised If you encounter this kind of request for personal information at work do not fill in the information note the URL and report it to your IT security staff as soon as possible Information solicitations received at home can be ignored by closing the browser window or navigating to a new website Computer User Tips Updateand Patch Your SystemSoftwareOften As soon as a security patch is announced malicious coders are hard at work writing code into their websites and email attacks to exploit information from your computer before they can be patched Coders have reduced the time it takes them to write code to exploit a new vulnerability from weeks or days to hours Microsoft automatic updates are performed every Tuesday in what is referred to as Patch Tuesday The Department's IT security staff performs these updates to your work computer but check to make your home computer is set to perform automatic Microsoft updates If not change this preference or perform a manual update Software that cannot be set to automatically perform updates should be updated manually on a monthly schedule This do cument is intended for Department of Justice internal u se only and is not to be distributed outside the Department Questions regarding this Bulletin or requests for permiss ion to redistribute should be directed to JSOC DOJCERT 2023075332 What is the JSOC Newsletter The Justice Security Operations Center News You Can Use Newsletterkeeps our readers up to date on the latest topics security and computer user vulnerabilities tips to help protect against cyber threats on the Internet These threats affect you everyday in every way at the office at home and in between This is information you need to know written in terms you can understand If you have any issues subjects or ideas you would like to see addressed in future newsletters please email Curtis Johnson at curtis w johnson@usdoj gov Cyber Awareness Tip Social networking sites are delivering malware 10 times more effectively than email Kasperskey Lab's Malware Evolution 2008 report indicates that 10% of all malware delivered via social network ing sites are successfully installed onto members' computers Lab collected Kasperkey over 43 000 malware samples from social networking sites in 2008 while McAfee reported 800 new variants of the Koobface virus Contributing Source eWeek JSOC Fake Antivirus Information DOJ Why is Cyber Security a Problem USCERT Green Tip of the Month Junk Mail Each year millions of trees and billions of gallons of water are used to create junk mail To be removed from the national mailing lists send your name address and signature to Mail Preference Service c o Direct Marketing Association P O Box 643 Carmel NY 10512 Source nationalzoo si edu News You Can Use Apri 2009 Click Here To Visit Our Website Security Awareness Tips What is the JSOC Newsletter Conficker Worm The Justice Security Operations Center News You Can Use Newsletter keeps our readers up to date on the latest topics security vulnerabilities and computer user tips to help protect against cyber threats on the Intern et The new vers ion of Conficker identified on April 9 2009 attempts to install new malicious code scareware and Waledac 1 Downadup onto infected computers Th is new version is especially dangerous as these software additions are designed to scare and trick users into navigating to malicious websites that capture personal and financial information These threats affect you ev eryday in ev1 ryway at the office at home and in between This is information you need to know written in terms you can understand E e Mt •' 0 Y1 t E If you believe your home computer may be infected with Conficker there's an easy way to find out Conficker blocks access to websites that contain software that may interfere block or remove its installation Open your internet browser at home and try to visit the following websites www microsoft com www mcafee com or www symantec com If you are unable to reach these websites your computer may be infected Please click here to read USCERT's information on how to detect I remove Conficker from your home computer If you have any issues subjects or ideas you would like to see addressed in future newsletters please email Curtis Johnson at curtis w johnson@usdoj qov Contributing Sources USCERT CNet Washington Post Malicious Email Spam ' Spam accounts f or over 97% of all email and is still a main delivery vehicle for malicious coders who propagate their malware botnets and viruses over the While there have been successful shutdowns of spam sending internet companies McCole's closure in Nov 2008 resulted in a 6070% reduction in malicious mail and botnet delivery in the US during Nov and Dec 2008 there are others that have stepped in and already increased spam delivery rates above preMcColo levels • Fake Conficker Infection Alerts Scareware ema il campaigns are circulating that try to scare the recipient into accepting fake antivirus software by saying the recipient's computer is infected with Conficker If infected the computer will attempt to download the Waledac botnet and spread the virus to other computers • Stimulus Package Offers Malicious email is circulating with the IRS logo and pictures of President Obama that advertise available stimulus package money for cash strapped individuals These emails request personal credit card and other financial information to verify that the recipient is qualified for stimulus funds • Tax Return Solicitation Fake tax return emails are being sent that offer cash now in exchange for the recipient 's tax return or charges for services to expedite a tax return These emails are designed to collect your Social Security number date of birth mother's maiden name credit card information and the PIN for your ATM card Tip The IRS never initiates contact with taxpayers via e mail if it has to do with your account or private information Be very suspicious of any emails you receive from strangers companies or government agencies that request personal financial or credit card information If you receive an email that directs you to a website requesting you to download or update a program do not accept the offer and close the web browser window Click here for instructions on how to report any malicious I spam email you have received at work to your IT security staff or JSOC Contributing Sources SecurityFocus SecurityPark CNet ZDNet MSN This docum nt is inund d for DOJ employees and contractors and is not to be distributed outside the Department Quest ions regarding this Bull etin or re quests for p ermission to redistribute should be directed to JSOC DOJCERT 2023075332 Cyber Awareness Tip JSOC'S NEW WEBPAGE ONLINE JSOC's new webpage on DOJNet contains all its cyber security alerts cyber briefings user awareness papers and newsletters Please click here to visit JSOC's webpage • Incident Report Form • Malicious Email Submittal • Incident Response Plan IIRP Information • Critical Vulnerability Alerts • Vulnerability Alerts • Cyber Threat Advisories • White Papers • News You Can Use Newsletter • CTAT Cyber Daily Briefing Microsoft Releases 5 Critical Updates on April 14 2009 Microsoft Green Tip of the Month Turn Off Your Gaming Console A gaming console that is left on twenty four hours a day seven days a week will use as much electricity annually as two new refrigerators Green living Tips News You Can Use March 2009 Click Here To Visit Our Website Security Awareness Tips Social NetworkingWebsitesandJob Boards There continues to be a surge in malware viruses and botnets directed towa rd and residing on social networking and job board websites Malicious coders have turned their attention to these websites See USAJobs Advisory because of the wealth of information available and the relative ease at which members seem willing to share it If you are a member of a social networking or job board website change your password today and change it often lrse a password that is at least ∙ '8 characters long wi th a combination of upper and lower case letters numbers and special characters Malicious Web Sites EncryptLocal Files A rush of new fake antivirus websites are being designed to emulate authentic sites due to the success they have had at tricking visitors into downloading their malicious content Some of these websites contain sc areware programs that attempt to scare the visitor into installing their malware or virus These websites are normally identified by warning messages or popups that tell the visitor a software upgrade is needed or something bad is happening to the visitor's computer and offers their software as the solution Unfortunately this action results in installing the malware or virus the visitor was trying to avoid A few scareware sites have intro duced a new feature into their malware encryption This new version attempts to encrypt and scramble files Once the inside the visitor's my documents folder when installed encryption process is complete the visitor must purchase an encryption key from the malicious site to access their fi les If you visit a website you think is malicious please report it to your IT security staff as soon as possible Contributing Source Washington Post Computer User Tips WebsitePasswords Twothirds of computer users use one or two passwords to access all their websites If you are one of these users do not allow your web browser to automatically save your passwords This practice allows anyone with physical or remote access to your computer access to your web site accounts If your browser supports an encrypted master password your saved passwords may be more secure but there are programs designed to break this encryption What is the JSOC Newsletter The Justice Security Operations Can Use Center News You Newsletterkeeps our readers up to date on the latest topics security and computer user vulnerabilities tips to help protect against cyber threats on the Internet These threats affect you everyday in every way at the office at home and in between This is information you need to know written in terms you can understand If you have any subjects or ideas you would like to see addressed in please email future newsletters Curtis Johnson at curtis w johnson@usdoj gov Cyber Awareness Tip Fake Waledac Coupon Websites Couponizer com a legitimate site used to optimize and gather coupons is the latest target of the Waledac virus Fake Couponizer websites are now online that utilize IP geolocation databases to locate website visitors This solution is new for Waledac websites and allows coders to further trick the visitor by offering national and local coupons based on the visitor's location The Waledac virus which infects computer systems to collect email addresses is delivered as an email or Ecard that directs the recipient to a fake website that installs the virus when clicked by the visitor Contributing Source NY Times Secure Your WirelessRouterat Home When installing a wireless network at home please take the proper steps to ensure it is secure Look in the manual for how to change the wireless ID also known as the SSID to something unique Turn on the WiFi Protect Access WPA or WPA2 for authentication enable Temporal Key Integrity Protocol TKIP for encryption and use Media Access Control MAC address filtering An unsecured wireless network allows other computer users to use your bandwidth for free and possibly use it for illegal activities If the police come looking a person with an unsecured network would have a difficult time proving the activity didn't come from one of their computers Contributing Source SANS This document is intended for DOJ employees and contractors and is not to be distributed outside the Department Questions regarding this Bulletin or requests for permissi on to redistribwe should be directed t o JSOC DOJCERT 2023075332 USAJobs Cyber Threat Advisorv JSOC Adobe Acrobat and Reader Vulnerability JSOC Green Tip of the Month Public Transportation A person riding public transportation can ach ieve an average annual savings of $8 481 based on today 's gas prices and average park ing costs APTA News You Can Use February2009 Security Awareness Tips Cyber Crime in 2009 Click Here To Visit Our Website What is the JSOC Newsletter Data capture passwords and account numbers will continue to be the target of malicious coders in 2009 While the Department of Justice is utilizing all resources to protect its users against these risks home users are expected to encounter a dramatic increase in fake email and mal icious websites Industry also predicts mobile cell phone networks are the next target due to the advances popularity and the variety of ways smart phones are being used The Justice Security Operations Can Use Center News You Newsletterkeeps our readers up to date on the latest topics security vulnerabilities and computer user tips to help protect against cyber threats on the Internet • Data Capture Malicious coders are constantly modifying the schemes they use to gather information from unsuspecting users Be careful when opening email attachments accepting free offers and surfing the internet There is someone out there trying to collect your information These threats affect you everyday in every way at the office at home and in between This is information you need to know written in terms you can understand • Smart Phones Voice and touchtone phishing much like email and web phishing malware and cellular botnets are predicted to become a serious thre at to the mobile network in 2009 Malicious code is being written to take advantage of the growing trend in mobile interactivity with companies that require social security numbers account numbers and passwords to verify High value targets will also include individuals that interact with identity financial institutions to transfer funds and stocks through mobile devices Contributing Source Emerging Cyber Threats Report 2009 for Georgia Tech Information Security Center Social NetworkingRisks Soci al networking is often used to find old friends create new friends and network with people of common interest This free exchange of information establishes a false sense of security as the user thinks only friends are viewing their posted information Malicious coders exploit this vulnerability by inviting contacts within the network to click on their page Once clicked the embedded code infects the visiting user's computer and directs it to collect personal information from the user the user's friends and user's groups on the network Fake AntivirusSoftwareUpdatesWreakHavoc across the Internet Malicious software disguised as a legitimate Antivirus Update is tricking users into downloading and installing its Trojan virus Recently there has been a significant increase in Fake Antivirus AV Trojan Horse software that is ut ilizing social engineering principles to fool unsuspecting users into compromising their own machines Do not upgrade your antivirus software through hyperlinks offered by unknown website or pop up windows These software updates are automatically provided by the DOJ IT service providers at work If you believe your antivirus software at home needs an update open the program from your desktop and select the button or link provided to perform a manual or live update JSOC White Paper If you have any issues subjects or ideas you would like to see addressed in future newsletters please email Curtis Johnson at curtis w johnson@usdoj gov Cyber Threat Tip Fake Greeting Card emails are distributed to capture data and email addresses Internet scams charity fraud fake websites and unsolicited email will around intensify the Valentine hol iday Exercise caution when visiting new websites or opening email offering free items gifts e cards Malware writers and spammers are designing increasingly convincing email and fake websites to fool visitors into accepting their viruses Defending Cell Phones and PDAs Against Attack USCERT Green Tip of the Month Computer User Tip A Trick for RememberingLong Passwords When creating a password users should avoid common words proper names and randomly generated passwords such as GrTlkOPk6SI which would be impossible to remember Try using a phrase that is familiar and easy to remember example IBowledA285 This password meets the Department's 12 character password requirements by using uppercase and lowercase letters numbers and symbols Contributing Source SANS Donate or Recycle Old Cell Phones Cell phone upgrades ca use consumers to throw away over 130 million working cell phones each year This document is intended for DOJ employees and contract ors and is not to be distributed outside the Department Questions regarding this Bulletin or requests for permission to redistribute should be directed to JSOC DOJCERT 2023075332 News You Can Use December2008 Visit Our Website Security Awareness Tips What is the JSOC Newsletter MalwareTargets USB and RemovableMedia In recent months dangerous malware has been attributed USB and removable JSOC has identified a significant rise in the number of downloads targeting removable media devices This rise to malicious coders writing malware focused on infecting media storage dev ices to spread the virus quickly Thumb drives external hard drives CD DVDR W and flash media digital camera phones are tar geted because they are portable and easily exchange When infected devices are connected to a information between computers computer they attempt to install Trojan software that runs in the background unnot iced by the user Steps you can take to help protect your home pc • Disable AutoRun It's important to disable AutoRun as this feature allows removable media to automatically start or install any software programmed to run when the device is inserted into a computer This allows the Trojan to spread throughout your computer and connected devices Please see the help instructions on your home computer to disable AutoRun • Install Firewall and Antivirus Software Windows XP and VISTA come with a firewall that protects against most intrusions please make sure it's enabled and updated on a weekly basis Norton and MacAfee along with many others also offer off the shelf choices for both firewall and antivirus protection solutions • Create a User Level Login without administrative privileges and use it as your ∙ main login account This helps reduce your risk of infection and denies full administrative access to your computer in the event your login credentials are compromised An AdministrativeLogin should neverbe used when connectingto the internet Computer User Tips Avoid Malicious Code andSoftware Current web technology makes it possible to embed additional code inside a primary webpage Hackers are able to misuse this technology to carry out mal icious activities such as redirecting the user's web browser to websites that secretly down load intrusiv e software A number of popular websites have been impacted by these attacks because the code is sophisticated and hidden from plain view Steps you can take to help protect your home pc • Regularly Update Computers and Applications Ensure Microsoft Update is scheduled to check weekly for product updates Applications that do not automatically perform weekly updates should be updated manually • Improve Your Password Security Increase your password length to a minimum of 12 characters that include upper and lower case letters and at least one number and special character A longer password provides significantly higher protection from unauthorized access document i 'i intended for DOJ employee ' and t ontrador t and i 'i not to be di tttributed out ' ide Questions regarding this ne ·s lener the Departme nt trihute should he direct ed to or reqw st ∙for permission tn redf · JSOC DOJCERT 2023075332 These threats can affect you everyday in every way at the office at home and in between This is information you need to know in terms you can understand If you have any issues subj ects or ideas you would like to see addressed in future newsletters please email Curtis Johnson at curtis w johnson@usdoj gov Cyber Awareness Tip Facebook's users are targeted by a virus named Koobface This virus spreads via a note from a ' really friend that might say You re funny in this video If clicked the link connects to a website which asks you to download an update to your Adobe Systems Flash player This link will attempt to install the Koobface on your computer Koobface modifies user profiles to redirect their v isitors to malic ious websites DOJ Cyber Security Conference DOJ • Upgrade to Microsoft's Internet Explorer 7 0 IE 7 IE7 includes many user friendly enhancements and new security features that help protect against malware intrusions Thi The Just ice Security Operations Can Use Center News You Newsletterkeeps our readers up to date on the latest topics security vulnerabilities and computer user tips to help protect them against cyber threats on the Internet Dealing with Cyberbull ies USCERT Obama McCain Lesson in Cyber Security Security Focus Green Tip of the Month Recycle Your Fluorescent Bulbs The Mercury from one fluorescent bulb can pollute 6 000 gallons of water beyond safe drinking levels
35+ YEARS OF FREEDOM OF INFORMATION ACTION