Description of document: US Department of Justice (DOJ) Justice Security Operations Center (JSOC) “News You Can Use” Newsletters, 2008-2011 Requested date: 11-April-2011 Released date: 20-May-2011 Posted date: 11-July-2011 Date/date range of documents: Included are: Dec 2008, Feb-Sep & Nov 2009, Jan-Dec 2010, Jan-Apr 2011 Source of document: FOIA Contact Justice Management Division Department of Justice Room 1111 RFK, 950 Pennsylvania Avenue, NW Washington, DC 20530-0001 Fax: 202-616-6695 Email: [email protected] The governmentattic.org web site (“the site”) is noncommercial and free to the public. The site and materials made available on the site, such as this file, are for reference only. The governmentattic.org web site and its principals have made every effort to make this information as complete and as accurate as possible, however, there may be mistakes and omissions, both typographical and in content. The governmentattic.org web site and its principals shall have neither liability nor responsibility to any person or entity with respect to any loss or damage caused, or alleged to have been caused, directly or indirectly, by the information provided on the governmentattic.org web site or in this file. The public records published on the site were obtained from government agencies using proper legal channels. Each document is identified as to the source. Any concerns about the contents of the site should be directed to the agency originating the document in question. GovernmentAttic.org is not responsible for the contents of documents published on the website. U.S. Department of Justice Justice Management Division Ubshington, D.C. 20530 MAY 2 0 201 1 Re: Freedom oflnformation Act Request No. 2352497 I am responding on behalf of the Justice Management Division (JMD) to your Freedom of Information Act (FOIA) request dated April 11,2011, for copies of each News You Can Use newsletter published on DOJNet. Because I deem you to be a non-commercial requester, you are entitled to the first 100 pages of documents and the first two hours of search time at no charge. 28 C.F .R. § 16.11 (d). I am enclosing, at no cost to you, all the News You Can Use newsletters that have been published on DOJNet, a total of26 documents. We are withholding portions of four newsletters- those from September 2010, August 2010, January 2010, and April2010- under FOIA Exemption 7(E), which protects disclosure of law enforcement techniques and procedures. 5 U.S.C. § 552(b )(7)(E). If you are dissatisfied with my action, an appeal may be made pursuant to 28 C.F.R. § 16.9 by writing to the Director, Office oflnformation and Policy, U.S. Department of Justice, 1425 New York Avenue, Suite 11050, Washington, D.C. 20530-0001, within 60 days from the date ofthis letter. Both the letter and the envelope should be clearly marked "Freedom oflnformation Act Appeal." In the event you are dissatisfied with the results of any such appeal, judicial review will thereafter be available in the district where the requester resides or has a principal place of business, or in the United States District Court for the District of Columbia. Sincerely, Barbara Bush Acting General Counsel Enclosure News You Con Use, Apri/2011 Visit Our Website Security Awareness Tips About the JSOC Newsletter Your Golden Ticket. .. to Getting Scammed! The Justice Security Operations Center Beware of emails that promote investing in gold- scammers are exploiting the recent (JSOC) News You Can Use Newsletter increase in gold's value (a prevalent media topic). Recent concerns about inflation and strives to protect readers against Inter­ other economic issues have net cyber threats by keeping them up­ caused some investors to to-date on the latest security issues, turn to gold as a safer invest­ vulnerabilities, and computer user tips. ment. As a result, security The threats we address affect you daily­ - at work, at home, and virtually every­ organizations have noticed where in between-and we provide the an influx of hoax emails that information you need to know, in terms request users' personal in­ you can understand. If there is a spe­ formation. In one such scam, cific topic you would like to see dis­ the email's subject line cussed in a future newsletter, please reads, "Is Gold Your Ticket To email us at [email protected]. A Golden Future?" and a "FREE investor kit" is offered to users who provide their contact information. Cyber Awareness Tip "Certain personalities are used in the image for this spam campaign including Glenn Cybersecuritv Mvth: Beck. A Google search reveals an interesting angle about Glenn Beck promoting gold in­ vestments. It seems that the spammer did some research in order to know about the "Once software is installed on your home computer, you do not have to association before propagating this spam campaign" (Harnett, www.symantec.com). worry about it anymore." Contributing sources: www.net-security.org; www.symontec.com; www.nytimes.com • Vendors may release updated ver­ sions of software to address prob­ User Awareness Tips lems or fix vulnerabilities. You should install the updates (on your home Thumb-thing's Fishy ... Thumb Drive Safety 101 computer) as soon as possible; some Removable devices such as thumb drives (also known as USB sticks) pose a unique chal­ software even offers the option to lenge to Federal IT Security. While they are convenient, portable and great for storing obtain updates automatically. files, they are also easy to lose, and are often used to spread malware. Source: US-Cert Warning! The US-CERT (Computer Emergency Response Team) Spyware detected on your computer' recommends the following measures to protect ............. ...... ....,._,,,, ...... , ........... ~ thumb drive data: _ _ VPR Alerts '-· ~ __,..._...... ~..:c:-;: •Do not plug an unknown USB drive into your com- Security Advisories puter- If you find a USB drive, give it to the appro­ ~~ Monthly Wrap-Up '*1 priate authorities (a location's security personnel, '· your organization's IT department, etc.). Do not plug Green Tip of the Month it into your computer to view the contents or to try to identify the owner. •Take advantage of security features- Use passwords and encryption on your USB drive Work from Home to protect your data, and make sure that you have the information backed up in case Working from home when possible, as well as utilizing an Alternative Work your drive is lost . Schedule (AWS) significantly reduces the •Keep personal and business USB drives separate- Do not use personal USB drives on energy and t ime spent commuting. Video computers owned by your organ ization, and do not plug USB drives containing corporate and phone conferencing, and other work­ information into your personal computer. flow tools, make this an easy, effective alternative to traditional commuting. Contributing sources: www.us-cert.gov; news.cnet.com Source: www.green-unlimited.com **This document is intended for Department af Justice internal use only and is nat ta be distributed outside the Department..... Questions regarding this·newsletter or requests for permission to redistribute should be directed to: JSOC, 202-357-0266 News You Can Use March 2011 Visit Our Website Security Awareness Tips Warning: Attackers May Attempt to Compromise Remote Access Tokens The Justice Security Operations Center A security breach at a vendor recently caused (JSOC) News You Can Use weaknesses in RSA SecuriD tokens commonly used in Newsletter strives to protect readers remote access to Department systems. As a result, against Internet cyber threats by attackers may attempt to obtain users' PIN codes to keeping them up-to-date on the latest access Department systems using RSA SecuriD security issues, vulnerabilities, and tokens. computer user tips. The threats we address affect you daily-- at work, at By remaining alert for attempts to reset or obtain RSA SecuriD token PIN codes, users can home, and virtually everywhere in assist in keeping Department information secure. between-and we provide the information you need to know, in All Department personnel are asked to: terms you can understand. If there is a specific topic you would like to see • Be cautious of messages, phone calls, or web pages requesting discussed in a future newsletter, that you reset the PIN code used with your token. ContaCt your.·'· please email Jennifer Jones at [email protected] component IT helpdesk if you receive an unexpected request to PIN code · · Cyber Awareness Tip • Check the URL (address) of web pages asking for to ensure they are legitimate government web· pa imitations that look official. ·· Reasons to be particularly careful when opening email • Exercise caution when OJJ1er1ir1g' attachments: contains links or ;on·;or·nnnP,,rc: Email is easily circulated contains a sense of Forwardin g email is so simple U.S. government e-mail ;onnr••c:c: that viruses can quickly infect many machines. Please report suspicious messages to the Justice Security Operations Center (JSOC) by e­ • Email programs try to address all mail ([email protected]) or phone (866-US-4-CERT). Users may continue normal use of users' needs - Almost any type of systems, keeping in mind the above requests to remain vigilant for attempts to obtain PIN file can be attached to an email codes. JSOC will distribute further information as it becomes available. message, so attackers have more freedom with the types of viruses User Awareness Tip they can send. • Email programs offer many "user­ friendly" features - Some email Information Security 101: Avoid Password Reuse programs have the option to In a recent study by the Security Group at the University of Cambridge Computer automatically download email Laboratory, a comparison was conducted on two websites whose password info~mation had attachments, which immediately been stolen.