DoD Investigates Hacking of Troops’ Personal Computers
By Carmen L. Gleason
American Forces Press Service
WASHINGTON, March 23, 2007 Defense Department officials have launched an investigation into recent computer hackings of servicemembers’ home computers that compromised personal information and led to the redirection of funds from their military pay accounts.
Over the past eight months, nearly two dozen Defense Finance and Accounting Service “myPay” participants have had their accounts accessed by unauthorized personnel, officials said. The myPay program allows DFAS users to manage pay information, leave and earnings statements and W-2s online.
The compromise likely came from personal information being stolen from home computers via spyware and keystroke-logging viruses, DFAS officials said.
A hacker redirected one servicemember’s pay to a credit card vendor by changing account information the day before pay day, Tom LaRock, DFAS spokesman, said. However, he added, DFAS quickly worked with his bank to have funds returned to his account within two days.
When suspicious activity is detected under the current system used by DFAS, LaRock explained, financial institutions are immediately notified so reversals can be made to servicemember’s accounts. DFAS plans to launch a new program soon that will increase the ability to detect unauthorized changes prior to processing by pay systems. This will make the system for myPay’s 3.7 million users even more responsive, LaRock said.
“This won’t completely stop compromises,” he said, “but it will help alert us more quickly so appropriate actions can be taken.”
Key-logging software often is installed on systems when an individual simply views e-mails or clicks links that look and seem like reputable sites. Hackers then are able to detect passwords and other personal information, DFAS officials said.
The organization is reminding customers that they have a responsibility to take measures to protect their personal information from scams and identity theft.
DFAS warns that a variety of methods can be used to attack home computers, including phishing, malicious software and outside takeovers via bad software configurations. Users are encouraged to install and continually update anti-virus and firewall software.
DFAS offers tips for security and protection to its users on its Web site, https://mypay.dfas.mil/PersonalData.htm.
By using a government computer, one with a ".mil" address or that is common access card enabled, users may download and save programs from the Joint Task Force Global Network Operations Web site, https://www.jtfgno.mil/antivirus/home_use.htm, for use on their home computers, Tim Madden, JTFGNO spokesman, said.
JTFNGO is responsible for directing the operation and defense of the DoD global information grid.