[funsec] Hackers Attack DoD's myPay Military Wage User Accounts

Fergie fergdawg at netzero.net
Thu Mar 29 16:43:38 CDT 2007


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Not very fun, but definitely security-related.

Via The Kings Bay (Georgia) Periscope.

[snip]

The myPay website is known throughout the Department of Defense as a useful
tool servicemembers can use to securely keep track of their leave and
earnings statement. However, one Navy Region Southeast Sailor learned that
no computer system is completely safe from the onslaught of hackers.

This Navy Band Southeast Sailor's myPay account was hacked and his direct
deposit information changed, sending his paycheck into a prepaid card he
did not own. It was only a few months before earlier that a dozen Sailors'
Thrift Savings Plan funds were withdrawn using similar means.

According to reports and e-mails circulating this week, a hacker well
versed in military pay accounts compromised the Sailor's personal computer.
As with the TSP theft two months ago, a hacker used key logging software to
log the Sailor's keystrokes while he was accessing his myPay account from
the privacy of his home. On the day before payday, the hacker accessed the
Sailor's account and changed the direct deposit information to transfer the
funds into a foreign account.

[snip]

More:
http://www.kingsbayperiscope.com/stories/032907/kin_mypay.shtml

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.0 (Build 214)

wj8DBQFGDDMDq1pz9mNUZTMRAhNtAJwIAaJ0MNgjG9IMoPQIgAE1xo/ISgCfU5KD
OKO2CGh6h4xMftpajY+quIM=
=yW0Z
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/




More information about the funsec mailing list