The long arm of the Army's cybercrime unit

Navy enhances Seaport contract

The Navy recently awarded 503 contracts worth a total of $5.3 billion annually under the SeaPort Enhanced (SeaPort-e) contract vehicle for a mishmash of support services for weapons systems acquisition.

The four-year, indefinite-delivery, indefinite-quantity contracts are for R&D support, prototyping, acquisition logistics, system design, modeling, IT, security, testing and evaluation, and software engineering support.
The contractors will be supporting the Naval Sea Systems Command, Naval Air Systems Command, Space and Naval Warfare Systems Command, Naval Supply Systems Command, Military Sealift Command, Naval Facilities Engineering Command, Strategic Systems Programs and the Marine Corps.

The contracts are the latest awards under the SeaPort-e initiative. There are 150 contracts already awarded under the multibillion-dollar acquisition program.
The contracts were procured via the Navy Electronic Commerce Online, with 515 offers received and 503 contracts awarded.
SeaPort-e was established several years ago to meet the objectives of the Seapower 21 initiative. In 2002, the Chief of Naval Operations began Seapower 21 to give the Navy a framework to align, organize and integrate its programs and systems. SeaPort-e uses a Web-based procurement portal for performance-based service acquisitions.
For more information more about SeaPort-e, go to www.seaport.navy.mil.

DISA taps Espiritu for net-centric post

The Defense Information Systems Agency has hired Rita Espiritu, a retired Naval officer, to head its Net-Centric Enterprise Services program.
Espiritu, who has more than 25 years of experience in IT program and acquisition management, is the new program manager for NCES, one of five pillar programs of the Defense Department's transformation efforts.

NCES will cover nine core services: applications, collaboration, discovery, enterprise service management, mediation, messaging, security, storage and user assistance.
In a news release, Lt. Gen. Harry D. Raduege, director of DISA, said Espiritu's appointment marks a major step in the evolution of NCES and reflects the importance with which DISA views the program.

Before joining DISA, Espiritu was division manager for Science Applications International Corp. of McLean, Va.
Alfred Schenck, who was serving as acting program manager, will continue as the deputy program manager for NCES.

Army unit's wall of 'fame' is expanding

Mug shots of hackers busted by the Army's Computer Crime Investigative Unit and other federal authorities are proudly hung on a wall dubbed the 'Hackers Without Computers Club.'
Currently on the wall are photographs of The Deceptive Duo'Robert 'Pimpshiz' Lyttle and Benjamin 'The-Rev' Stark'so dubbed for their part in computer hacks against public and private Web sites.

Stark was sentenced to two years' probation and ordered to pay $29,006 in restitution. Lyttle, who pleaded guilty to hacking into government computers and defacing government Web sites, is awaiting sentencing at the end of June.
Also pictured on the CCIU wall is Chad Davis, known as 'minphasr' of 'Global Hell,' who hacked an Army Web page. Davis received six months in jail and three years of supervised release, and was ordered to pay $8,054 in restitution.

'With additional indictments and arrests pending, we will add several more notoriously popular names in the coming months,' said Daniel T. Andrews, CCIU acting director.

For three months last year, an Army soldier stationed in Afghanistan installed on more than 200 computers illegal software that captured users' keystrokes and, ultimately, caused about $25,000 in damage.

The software gave the soldier access to passwords, credit card data and other sensitive information from users of the compromised computers.
A team of agents with the Army's Computer Crime Investigative Unit, a division within the Army Criminal Investigation Command charged with securing all Army networks, traveled on short notice to the hostile area to analyze the affected computers.

Their investigation led them to the suspect, whom officials declined to name because he accepted nonjudicial punishment in lieu of a court martial.
Daniel T. Andrews, CCIU's acting director, said the soldier did not misuse or disclose any of the sensitive data he had collected and that the case was referred to the military justice system for disciplinary action.
But Andrews said the case is an example of the work performed daily by CCIU agents and analysts.



'CCIU agents respond to and investigate network intrusions and other computer-related felonies across the globe,' Andrews said. 'Given the so-called borderless nature of Internet-based crime, many of CCIU's cases involve investigative leads in foreign countries, adding even more complexity to cases that can often involve hundreds of thousands of dollars in damages.'

One such case occurred three years ago.

Gary McKinnon, a computer administrator from London, faces extradition for charges that he hacked into military and NASA computer systems, deleting files and blocking access to the Internet, officials said. The incident occurred over a 12-month period during 2001 and 2002.
CCIU gathered evidence and led the international investigation that resulted in McKinnon's arrest.

Special agent Brent A. Pack, operations officer of the Fort Belvoir, Va.-based unit, said nabbing the hacker involved 'collecting, examining and reporting more than 1T of electronic evidence.'

McKinnon was indicted by a U.S. grand jury in 2002 on eight counts of computer crimes and is scheduled for an extradition hearing on July 27 in London.

A pending case against a technology company was a bit easier to solve, officials said. In early 2002, ForensicTec Solutions Inc. of San Diego broke into dozens of sensitive Defense systems while conducting routine business for a government client, according to ForensicTec president Brett O'Keeffe, who spoke with GCN at the time of the incident.
The government accused O'Keeffe and other ForensicTec employees of discussing the security vulnerabilities with the news media in an attempt to build their new business.

O'Keeffe said he notified military officials right away. 'All we did was expose a vulnerability that others could exploit,' O'Keeffe said in the interview. 'We didn't create a vulnerability, we just showed it.'



O'Keeffe said company employees gained access to computers at a Texas Army base that held records of radio encryption techniques, and personnel files listing Social Security numbers, security clearances and credit card numbers. Employees also roamed a NASA system's vendor records, which included company banking information.

O'Keeffe has since pleaded guilty to a misdemeanor charge in the incident and faces up to a year in jail when he is sentenced on Aug. 1, according to John Parmley, an assistant U.S. attorney.

Parmley said two co-defendants, Aljosa Medvesek and Margaret Ann Lauffer, who also worked at ForensicTec, pleaded guilty to unauthorized access and will also be sentenced later this year.

On the front door of the CCIU lab is a logo with an eagle holding a computer mouse. Inside the lab, computer technicians gather forensic evidence by taking computers apart to see what damage a hacker did and how he accomplished his intrusion.

The unit has portable forensic equipment that allows agents to remove hard drives for extensive examination. The agents can perform analysis on any type of operating system.

'Most of the Internet-based attacks we see are attempts to exploit any variety of vulnerabilities in computer operating systems or other software code,' Andrews said. 'Without identifying any specific threat, the arsenal of cyberexploits is dynamically evolving and becoming more potentially malicious with time.'



CCIU operates on a yearly budget of $1 million, a jump from $500,000 in its earlier years. That figure does not include personnel pay or real estate facilities, Andrews said.

He attributed the hike in budgetary dollars to the realization that computer security is vital to military operations.

'Senior Army officials understand the importance of enterprisewide network security and the significance of maintaining a robust investigative force capable of swiftly responding to cyberattacks, assessing the extent of damage and bringing cybercriminals to justice,' Andrews said.
Special agents assigned to CCIU usually come from law enforcement backgrounds and undergo extensive computer network training.

inside gcn

  • IoT security

    A 'seal of approval' for IoT security?

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group