The long arm of the Army's cybercrime unit

Connect with state & local government leaders
Join Our Community
Featured eBooks
A New Era of Social Media Regulation
Strengthening State and Local Cyber Defenses
Making AI Work for Government
Insights & Reports
Get to know Bedlock Safety
Presented By BedLock Safety
Download Now
Using AI-powered location intelligence, state and local governments can build a sustainable future
Presented By Nearmap
Download Now
By Dawn S. Onley
 

Connecting state and local government leaders

By Dawn S. Onley

|

For three months last year, an Army soldier stationed in Afghanistan installed on more than 200 computers illegal software that captured users' keystrokes and, ultimately, caused about $25,000 in damage.

For three months last year, an Army soldier stationed in Afghanistan installed on more than 200 computers illegal software that captured users' keystrokes and, ultimately, caused about $25,000 in damage.The software gave the soldier access to passwords, credit card data and other sensitive information from users of the compromised computers.A team of agents with the Army's Computer Crime Investigative Unit, a division within the Army Criminal Investigation Command charged with securing all Army networks, traveled on short notice to the hostile area to analyze the affected computers.Their investigation led them to the suspect, whom officials declined to name because he accepted nonjudicial punishment in lieu of a court martial.Daniel T. Andrews, CCIU's acting director, said the soldier did not misuse or disclose any of the sensitive data he had collected and that the case was referred to the military justice system for disciplinary action.But Andrews said the case is an example of the work performed daily by CCIU agents and analysts.'CCIU agents respond to and investigate network intrusions and other computer-related felonies across the globe,' Andrews said. 'Given the so-called borderless nature of Internet-based crime, many of CCIU's cases involve investigative leads in foreign countries, adding even more complexity to cases that can often involve hundreds of thousands of dollars in damages.'One such case occurred three years ago.Gary McKinnon, a computer administrator from London, faces extradition for charges that he hacked into military and NASA computer systems, deleting files and blocking access to the Internet, officials said. The incident occurred over a 12-month period during 2001 and 2002.CCIU gathered evidence and led the international investigation that resulted in McKinnon's arrest.Special agent Brent A. Pack, operations officer of the Fort Belvoir, Va.-based unit, said nabbing the hacker involved 'collecting, examining and reporting more than 1T of electronic evidence.'McKinnon was indicted by a U.S. grand jury in 2002 on eight counts of computer crimes and is scheduled for an extradition hearing on July 27 in London.A pending case against a technology company was a bit easier to solve, officials said. In early 2002, ForensicTec Solutions Inc. of San Diego broke into dozens of sensitive Defense systems while conducting routine business for a government client, according to ForensicTec president Brett O'Keeffe, who spoke with GCN at the time of the incident.The government accused O'Keeffe and other ForensicTec employees of discussing the security vulnerabilities with the news media in an attempt to build their new business.O'Keeffe said he notified military officials right away. 'All we did was expose a vulnerability that others could exploit,' O'Keeffe said in the interview. 'We didn't create a vulnerability, we just showed it.'O'Keeffe said company employees gained access to computers at a Texas Army base that held records of radio encryption techniques, and personnel files listing Social Security numbers, security clearances and credit card numbers. Employees also roamed a NASA system's vendor records, which included company banking information.O'Keeffe has since pleaded guilty to a misdemeanor charge in the incident and faces up to a year in jail when he is sentenced on Aug. 1, according to John Parmley, an assistant U.S. attorney.Parmley said two co-defendants, Aljosa Medvesek and Margaret Ann Lauffer, who also worked at ForensicTec, pleaded guilty to unauthorized access and will also be sentenced later this year.On the front door of the CCIU lab is a logo with an eagle holding a computer mouse. Inside the lab, computer technicians gather forensic evidence by taking computers apart to see what damage a hacker did and how he accomplished his intrusion.The unit has portable forensic equipment that allows agents to remove hard drives for extensive examination. The agents can perform analysis on any type of operating system.'Most of the Internet-based attacks we see are attempts to exploit any variety of vulnerabilities in computer operating systems or other software code,' Andrews said. 'Without identifying any specific threat, the arsenal of cyberexploits is dynamically evolving and becoming more potentially malicious with time.'CCIU operates on a yearly budget of $1 million, a jump from $500,000 in its earlier years. That figure does not include personnel pay or real estate facilities, Andrews said.He attributed the hike in budgetary dollars to the realization that computer security is vital to military operations.'Senior Army officials understand the importance of enterprisewide network security and the significance of maintaining a robust investigative force capable of swiftly responding to cyberattacks, assessing the extent of damage and bringing cybercriminals to justice,' Andrews said.Special agents assigned to CCIU usually come from law enforcement backgrounds and undergo extensive computer network training.

Navy enhances Seaport contract

The Navy recently awarded 503 contracts worth a total of $5.3 billion annually under the SeaPort Enhanced (SeaPort-e) contract vehicle for a mishmash of support services for weapons systems acquisition.

The four-year, indefinite-delivery, indefinite-quantity contracts are for R&D support, prototyping, acquisition logistics, system design, modeling, IT, security, testing and evaluation, and software engineering support.
The contractors will be supporting the Naval Sea Systems Command, Naval Air Systems Command, Space and Naval Warfare Systems Command, Naval Supply Systems Command, Military Sealift Command, Naval Facilities Engineering Command, Strategic Systems Programs and the Marine Corps.

The contracts are the latest awards under the SeaPort-e initiative. There are 150 contracts already awarded under the multibillion-dollar acquisition program.
The contracts were procured via the Navy Electronic Commerce Online, with 515 offers received and 503 contracts awarded.
SeaPort-e was established several years ago to meet the objectives of the Seapower 21 initiative. In 2002, the Chief of Naval Operations began Seapower 21 to give the Navy a framework to align, organize and integrate its programs and systems. SeaPort-e uses a Web-based procurement portal for performance-based service acquisitions.
For more information more about SeaPort-e, go to www.seaport.navy.mil.

DISA taps Espiritu for net-centric post

The Defense Information Systems Agency has hired Rita Espiritu, a retired Naval officer, to head its Net-Centric Enterprise Services program.
Espiritu, who has more than 25 years of experience in IT program and acquisition management, is the new program manager for NCES, one of five pillar programs of the Defense Department's transformation efforts.

NCES will cover nine core services: applications, collaboration, discovery, enterprise service management, mediation, messaging, security, storage and user assistance.
In a news release, Lt. Gen. Harry D. Raduege, director of DISA, said Espiritu's appointment marks a major step in the evolution of NCES and reflects the importance with which DISA views the program.

Before joining DISA, Espiritu was division manager for Science Applications International Corp. of McLean, Va.
Alfred Schenck, who was serving as acting program manager, will continue as the deputy program manager for NCES.

Army unit's wall of 'fame' is expanding

Mug shots of hackers busted by the Army's Computer Crime Investigative Unit and other federal authorities are proudly hung on a wall dubbed the 'Hackers Without Computers Club.'
Currently on the wall are photographs of The Deceptive Duo'Robert 'Pimpshiz' Lyttle and Benjamin 'The-Rev' Stark'so dubbed for their part in computer hacks against public and private Web sites.

Stark was sentenced to two years' probation and ordered to pay $29,006 in restitution. Lyttle, who pleaded guilty to hacking into government computers and defacing government Web sites, is awaiting sentencing at the end of June.
Also pictured on the CCIU wall is Chad Davis, known as 'minphasr' of 'Global Hell,' who hacked an Army Web page. Davis received six months in jail and three years of supervised release, and was ordered to pay $8,054 in restitution.

'With additional indictments and arrests pending, we will add several more notoriously popular names in the coming months,' said Daniel T. Andrews, CCIU acting director.

















































NEXT STORY: Army drafts General Dynamics unit to upgrade Abrams tanks

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.