TIGR: Tactical Ground Reporting System

TIGR is a Web-based information-sharing system that is available on secure laptops and allows soldiers to continuously update and add information about the areas where they are deployed. The system makes it simple to add notes, identify trouble spots, and update information on current maps and satellite imagery using the kind of map-based tools and social messaging media common to the Web.

But its primary advantage has been in enabling troops who head out on new assignments to benefit from the findings of previous patrols. The rapid adoption of TIGR in the battlefield resulted in the system being developed more quickly and effectively than traditional military technology.

The system achieved Army-wide acceptance in just two years and is now in use by more than 50,000 soldiers, developers say. And it is now on track for delivery from DARPA to the Army as an enduring capability. Scheduled for delivery to the Army at the end of a two-year development plan, it will become a program of record, according to sources familiar with the situation authorized to speak on background only.

Efforts for further implementation are ramping up as the military looks to create a nonclassified version of the Secure IP Router Network-based system and fold in new capabilities.

For more, visit the Defense Systems article, TIGR keeps troops in the field safer, by Amber Corrin.

A Fraud By Any Other Name...

Microsoft Corp. has filed two lawsuits this week in the U.S. District Court for the Western District of Washington detailing evidence of an emerging form of click fraud in online advertising the company has dubbed “click laundering.” One lawsuit is a John Doe suit alleging that unidentified defendants engaged in this activity; the other lawsuit names Web publisher RedOrbit Inc. and its president, Eric Ralls, as defendants.

Click laundering, a previously unknown form of pay-per-click (PPC) advertising fraud, was uncovered by Microsoft investigators following dramatic and irregular growth in click traffic on two sites within its Microsoft adCenter network. Investigators believe that had the click laundering scheme gone undetected, the perpetrators could have defrauded advertisers of hundreds of thousands of dollars.

“Online ad fraud is evolving in sophistication all the time. Fighting it demands vigilance and dedication to an honest and secure online marketplace. We believe that a trusted marketplace is critical to Internet commerce, and Microsoft will continue to take aggressive action working with industry and law enforcement to protect our platforms, customers and advertisers,” said Brad Smith, senior vice president and general counsel for Microsoft.

PPC fraud, also known as click fraud, is a type of Internet fraud in online advertising that occurs when a person, automated script or computer program imitates a legitimate website visitor by clicking on an ad to generate a charge-per-click without having actual interest in the target of the ad’s link. Microsoft adCenter monitors click traffic carefully to prevent advertisers from being charged for non-valid clicks, and Microsoft has been active in investigating and taking action against click fraud when found, including taking legal action where necessary.

Click laundering is a newly uncovered form of click fraud in which technical measures are used to make invalid ad clicks appear to originate from legitimate sources. It is analogous to money laundering in which the origin of illegal profits is disguised as legitimate. Click laundering attempts to avoid fraud detection systems that have been put in place by the ad platform — in this case, Microsoft adCenter — to protect online advertisers. Through various means, including malware programs, fraudsters are able to trick innocent Internet users into visiting websites where they unknowingly click on advertisements. Click launderers also can further disguise the origin of those invalid clicks by using scripts and other methods to alter information that is sent to the ad platform.

Microsoft is filing these lawsuits to help protect its ad platform and promote the integrity of online advertising for the benefit of all legitimate advertisers, to stop the fraudulent behavior, and to recover the damages caused by the click laundering. These actions are part of an ongoing effort by Microsoft Advertising and the Microsoft Digital Crimes Unit to work with others across the industry to identify and address emerging threats to the integrity of the online advertising ecosystem through technical and legal means. This week, Microsoft closed another lawsuit the company filed in 2009 regarding click fraud in auto insurance verticals and World of Warcraft, following a successful settlement with defendant Eric Lam. Terms of the settlement are confidential, but the lawsuit successfully brought the click fraud activities described in the complaint to an end and helped Microsoft further refine and evolve its approach to combating click fraud. Such cases demonstrate the evolving nature of fraud in online advertising and the need for ongoing investments across the industry to maintain a healthy Internet marketplace.

This post contains excerpts from the Microsoft News Center article, Microsoft Investigators Uncover Emerging Form of Click Fraud, May 19th, 2010.

X-37B and Prompt Global Strike Launch

At 7:52 p.m., April 23rd, an Air Force Atlas 501 rocket shot the capsule enclosed X-37B Orbital Test Vehicle into space from Cape Canaveral. Resembling a small space shuttle, the OTV was built in Boeing’s famed Phantom Works.

The OTV will serve as an “on-orbit” laboratory for new sensors and other high-tech devices that will later be built into satellites. Its payload is highly classified, but the Air Force says test flights aboard the retrievable OTV will prove out new technologies before they are shot into space to stay.

The 29-foot OTV is powered by a combination of lithium ion batteries and solar panels. Air Force deputy undersecretary for space programs, Gary Payton, told reporters: “Probably the most important demonstration is on the ground, see what it really takes to turn this bird around and get it ready to go fly again.”

The turnaround goal is 15 days.

As for how long it will stay up there: “In all honesty, we don’t know when it’s coming back for sure,” said Payton. “I don’t think we’ve set any specific goal, but I would think handling this bird more like an SR-71 and less like a routine space launch vehicle would be a good objective,”

With all the focus on the launch of the X-37B, the launch of a Minotaur IV rocket from Vandenberg Air Force base in California received less attention.

The Minotaur IV reportedly carried the prototype of the new Prompt Global Strike weapon that can hit any target around the world in less than an hour.

The PGS is designed as the conventional weapon of the future. Reportedly, it could hit Osama bin Laden’s cave, an Iranian nuclear site or a North Korean missile with a huge conventional warhead.

This post contains excerpts from the DefenseTech article, Air Force Launches Reusable X37-B Spaceship, April 24th, 2010, and The Times article, Launch of secret US space ship masks even more secret launch of new weapon, by Michael Evans, April 24th, 2010.

For more, visit DefenseTech.

Ambassador To Cyberspace

Legislation introduced in the Senate Monday would, figuratively speaking, create a United States ambassador to cyberspace.

The International Cyberspace and Cybersecurity Coordination Act of 2010 would authorize the creation of a senior coordinator at the State Department with the rank of ambassador at large, according to a statement issued by its sponsors, Senate Foreign Relations Committee Chairman John Kerry, D.-Mass., and Sen. Kirsten Gillibrand, D.-N.Y.

"This bill is the first step to better organize U.S. efforts to develop a coordinated strategic approach to international cyberspace and cybersecurity issues by designating a single diplomat responsible for U.S. cyber policy overseas," Kerry said in the statement.

The senior coordinator would be the principal adviser to the secretary of state on international cyberspace and cybersecurity issues and provide strategic direction for federal government policy and programs aimed at addressing cyberspace and cybersecurity issues abroad.

The sponsors said the legislation would ensure the development of a clear and coordinated strategy for international cyber engagement, including the potential negotiation of a multilateral framework to provide internationally acceptable principles to prevent cyberwarfare.

Gillibrand said this measure meshes with another bill she introduced last month., the International Cybercrime Reporting and Cooperation Act, which would use financial incentives to get foreign nations to combat cybercriminals. "Our legislation will make America safer by making our cyber diplomacy more robust, and coordinating with our partners in the international community," she said in a statement.

One of President Obama's cybersecurity priorities in his Cyberspace Policy Initiative outlined last May is to develop a coordinated, international response to global cyber threats.

The Kerry-Gillibrand bill is the latest of a growing number of cybersecurity bills before Congress.

This post is excerpted from the GovInfoSecurity article, Cybersecurity Ambassador, by Eric Chabrow, April 12th, 2010.

The Census

The 2010 Census is underway and you may be wondering about whom you can trust. The Census is easy, important, and safe — just fill out your form and mail it back.

The IC3 and the Better Business Bureau (BBB), a 2010 Census partner, are encouraging participation in the 2010 Census while cautioning consumers to get the facts:

2010 Census takers will never contact you by e-mail or solicit for donations. Do not respond to unsolicited (spam) e-mail or text messages; including clicking on links and/or opening attachments contained within. Criminals often capitalize on legitimate campaigns to spread computer viruses through e-mails, text messages, "pop-ups," fraudulent Web sites, or infected legitimate Web sites. The viruses are embedded in an attachment (including pictures), link, and/or computer application. This also applies to tactics used in social networking sites. Remember, not all anti-virus software detects every virus, especially if the virus is newly created.

Visit 2010.census.gov for official information on the 2010 Census. Beware of groups using a similar name to a reputable agency, especially through Web sites. Rather than following a purported link to the Web site, log on directly to the official Web site for the business identified in the e-mail and/or text. Web sites can be verified by utilizing various Internet-based resources to confirm their status and to obtain feedback.

2010 Census takers will not ask you for your Personally Identifiable Information (PII) such as your social security account number (SSAN), driver's license number, bank account number, or credit card number. Do not provide this type of information to anyone claiming to be a 2010 Census taker. Please be aware, the Census Bureau asks for the last four digits of the respondent's SSAN for one survey: the National Health Interview Survey. This survey touches approx 65,000 housing units per year.

For the 2010 Census, the Census Bureau will hire approximately 1.4 million people. Do not respond to work-at-home opportunities to be a Census taker, especially if the offer is unsolicited and it occurs through e-mail, text, or other indirect means. However, the Census Bureau may contact, in person, trusted third-party stakeholders, such as schools, media, businesses, community-based organizations, faith-based organizations, state, local, and tribal governments to spread the recruiting message. Criminals often use work-at-home scams to commit identity theft by collecting individuals' PII such as their bank account information, SSAN, and driver’s license number. Be wary if someone claiming to be a Census Bureau representative attempts to sign you up as a new employee on the spot. The Census Bureau has a hiring process, which includes taking a test in person, not on-line. To learn more information on what is required to become a census taker, visit http://www.bbb.org/us/article/out-of-work-the-us-census-bureau-is-hiring- nationwide-14365.

If you have information pertaining to a 2010 Census scheme, please file a complaint with the www.IC3.gov and contact your local BBB along with your local law enforcement agency.

The 2010 Census helps ensure your community receives its fair share of political representation and government funding. Fill out and mail back your census form today!

This post is excerpted from the Intelligence Note, 2010 Census, by the Internet Crime Complaint Center [IC3], April 12th, 2010.

There Are No Mushroom Clouds In Cyberspace

The National Academies of Science functions in part to provide independent scientific advice to the US government. In that capacity, the office of the Director of National Intelligence contracted with the NAS to look into the prospects of developing cyberwarfare capabilities that are sufficient to deter an attack on its national infrastructure. The NAS has recently submitted a progress report on its efforts, and the dry text of the introductory letter (the report is termed, "The first deliverable for Contract Number HHM-402-05-D- 0011") obscures a sometimes fascinating look into how the cold-war thinking that drove the development of the concept of nuclear deterrence fails to scale to the networked world.

That may seem like a statement of the obvious, but the report points out that deterrence was actually a fully fleshed-out conceptual framework, and there is a significant parallel between cyber and nuclear weapons that's a major component of this framework: it's much easier to engage in offense than defense. "Passive defensive measures must succeed every time an adversary conducts a hostile action, whereas the adversary’s action need succeed only once," the text notes, and recent history is replete with evidence that hostile actions can easily succeed far more often than once.

So, the prospect of mutually assured cyberdestruction might seem to offer the possibility of a framework that's at least similar to the one that governed the world of nuclear weapons. The body of the report, however, focuses on the various reasons it probably doesn't.

Perhaps the biggest reason is that, for deterrence to work, we and our adversaries have to have a rough idea of each other's offensive capabilities. "Classical deterrence theory bears many similarities to neoclassical economics, especially in its assumptions about the availability of near-perfect information (perfect in the economic sense) about all actors," as the report notes. Leaving aside the shortcomings of these assumptions in neoclassical economics, this simply doesn't describe the current reality.

Right now, the US has chosen to keep its offensive cyber weaponry entirely classified and, since there's no launch infrastructure or physical indications of testing (hallmarks of nuclear weaponry), nobody is likely to develop a complete picture of what we can do. The US is unlikely to disclose its capabilities because, in contrast to nuclear weaponry, knowing these capabilities may help adversaries plan defenses. It may be somewhat effective as a deterrent—it's generally assumed that the US has the most potent capabilities around. But it leaves the US in a situation where it is counting on everyone to assume it has the weapons.

This post is excerpted from the Ars Technica article, Modeling cyberattack deterrence on nuclear deterrence fails, by John Timmer, April 6th, 2010.

For more on cyber attack deterrence, visit Ars Technica.

MultiCam Ready To Replace UCP

Last Friday, the Army announced that this summer it will begin fielding uniforms with a new camouflage pattern to all its troops serving in Afghanistan.

According to a statement obtained by Military.com, Army Secretary John McHugh decided that the so-called "MultiCam" pattern developed by New York-based Crye Precision is the most effective camouflage in the varied terrain of Afghanistan's forests, deserts, mountains and rural villages.

"This decision … reflects the Army's commitment to giving Soldiers in Afghanistan the most effective concealment possible," the statement said. "Camouflage alternatives represent one facet of the Army's ongoing efforts to improve the Army Combat Uniform."

The decision comes four months after the service relented to pressure from then-chairman of the House Appropriations Committee's defense panel, the late Rep. John Murtha, D-Pa., who ordered the Army to study whether its current Universal Camouflage Pattern was the best scheme for Afghan operations.

At the time, Murtha recounted comments he'd received from Army noncommissioned officers complaining about the UCP's colors and their inability to meld into Afghanistan's rural backgrounds.

MultiCam had long been a favorite of Army Special Operations forces, including Rangers and Green Berets, and had also been fielded in limited numbers to Air Force special operations Airmen.

Army officials launched a program in September to determine whether the UCP was adequate for Afghanistan and fielded a limited number of uniforms patterned in MultiCam and so-called "UCP-Delta," which was developed by the Army Soldier Systems Center in Natick, Mass. The 2nd Battalion of the 12th Infantry Regiment received an entire suite of gear in MultiCam, with the 3rd Squadron of the 61st Cavalry Regiment getting the UCP-D ensemble.

The Army will begin issuing the MultiCam "fire-resistant Army Combat Uniform" to troops deploying to Afghanistan this summer before shipping them to troops already there who are still wearing UCP, said Army spokesman Lt. Col. Jimmie Cummings. The Army has nearly 48,000 troops deployed to Afghanistan.

Joes will receive a full set of combat uniforms, including combat shirt, plate carriers, packs, pouches and helmet covers in MultiCam.

In November, officials from PEO Soldier, the Army's Asymmetric Warfare Group, and Special Operations Command tested a variety of patterns against a number of backgrounds in Afghanistan. The patterns included AOR-II, a SEAL-developed pattern similar to the Marine Corps' woodland digital; UCP-D; MultiCam; UCP; the Natick-designed Desert Brush camo and Mirage, which was developed by Bulldog Tactical, a civilian company.

"The results, along with surveys of Soldiers in the two battalions who received alternate camouflage, formed the basis for the Army's decision on MultiCam," the Army said.

The Army's MultiCam pick is part of a recent string of victories for the specialty design company which recently won a competition to revamp the British military's 40 year-old woodland Disruptive Pattern Material camo scheme.

The study on Afghan camo patterns will feed into an overall re-look at the Army's UCP choice and help determine whether the service should jettison the unpopular camo after less than five years in service.

For more visit Military.com, or check out Christian Lowe's article, Army Picks New Camo for Afghanistan Units, February 19th, 2010.

It's Phishing Season

The "white hat" hackers at Intrepidus, a New York-based information security service provider, recently tested 2400 employees at two of its clients with a "tax refund" scenario phishing email. The clients were a state agency and a small bank. This test got interesting, says Rohyt Belani, CEO of Intrepidus, when an average of 35 percent of the employees clicked on the email to find out what the tax refund email contained.

"That is a big foothold for a hacker," Belani says. "Just imagine that over one-third of your employees (or customers) clicked on a link that could potentially infect their PC and your network."

The good news says Belani, is that it was only a test. The bad news, unfortunately, is that these kinds of phishing attacks can and do happen to any business or individual consumer.

Here are some other scams for employees and customers to avoid:

Anything Claiming to be from the IRS -- Despite the flood of messages purportedly from the agency, the IRS doesn't discuss tax account matters via email. It also doesn't initiate taxpayer contact via unsolicited email or ask for personal identifying or financial information. Taxpayers do not have to complete a "special form" to obtain a refund.

Social Security Alerts -- Another phony email claims to be from the Social Security Administration (SSA), threatening that if the person doesn't update their account information (on a bogus site) they will not receive a cost-of-living increase. Now, consumers may receive official letters from SSA attempting to verify that their address or bank has changed, or that they have become ineligible for benefits. Such letters are likely to be legitimate if they do not request information. But it's always best to verify communications by calling SSA: (800-772-1213).

FBI Windfalls -- Earlier this month, the Federal Bureau of Investigation warned Hawaii residents to not fall for emails that claimed to be from the bureau. The phishing emails include FBI letterhead, seal and banners with the FBI Director's photos to make them appear genuine. The notes claimed that the recipient had inherited money, or others claimed that the FBI was imposing fines through email -- which isn't done. The FBI says they have received a large number of complaints, leading investigators to believe that hundreds or even thousands of residents received the emails.

Oh, and where do you think the emails originated?

Nigeria.

To look deeper into the world of phishing, visit GovInfo Security.

Pump and Dump

First, there’s the glowing press release about a company, usually on its financial health or some new product or innovation.

Then, newsletters that purport to offer unbiased recommendations may suddenly tout the company as the latest "hot" stock. Messages in chat rooms and bulletin board postings may urge you to buy the stock quickly or to sell before the price goes down. Or you may even hear the company mentioned by a radio or TV analyst.

Unsuspecting investors then purchase the stock in droves, pumping up the price. But when the fraudsters behind the scheme sell their shares at the peak and stop hyping the stock, the price plummets, and innocent investors lose their money.

Fraudsters frequently use this ploy with small, thinly traded companies because it's easier to manipulate a stock when there's little or no information available about the company. To steer clear of potential scams, always investigate before you invest.

Steps You Can Take

- Don't believe the hype
- Find out where the stock trades
- Independently verify claims
- Research the opportunity
- Watch out for high-pressure pitches
- Always be skeptical

Learn more about "pump and dump" schemes at The Securities and Exchange Commission.

Deliquent Contractors Under Scrutiny

President Obama took some basic steps last week to hammer government contractors that are delinquent in paying their taxes.

In a memo the president signed on the 20th, Obama directed the Office of Management and Budget, the Treasury Department and other federal agencies to find ways to keep companies that have not paid taxes from receiving new government contracts. He expects recommendations on how the government can do that in three months.

One way to do that is better data-sharing. The president wants a plan to make contractors' certifications on their taxes available in a government-wide database, similar to the data exchanges already being done with other information on companies. Other information like balance sheets, credit reports, and investor reviews.

“All across this country, there are people who meet their obligations each and every day,” Obama said in a speech today before signing the memo. “And yet, somehow, it’s become standard practice in Washington to give contracts to companies that don’t even pay their taxes.”

The president is also directing the IRS to conduct a review of the overall accuracy of companies’ claims about tax delinquency.

“We need to be sure that when a company says it’s paying taxes, that company is in fact paying taxes,” he said.

A regulatory change to the Federal Acquisition Regulation in 2008 requires contractors to certify whether they had delinquent taxes, had failed to pay taxes or had received notice of a tax lien against them. In addition, an agency could suspend or debar the company from government work if a contractor told the government it had had problems with taxes during the previous three years.

In his speech, Obama asked Congress to approve legislation to allow data sharing between the IRS and contracting officials at agencies.

“So the steps I’m directing today and the steps I’m calling on Congress to take are just basic common-sense steps,” Obama said. “They’re not going to eliminate all the waste or all the abuse in government contracting in one fell swoop.”

This post contains excerpts from Matthew Mweigelt's article, President orders clampdown on tax delinquent contractors, for the Federal Computer Week, January 20th, 2010.

For more insight on how the administration intends to incorporate deeper financial reviews of its contractor pool, visit The Federal Computer Week.

Haitian Earthquake Relief Fraud Alert

Disasters bring out the best in people during tragic events. Many people volunteer to assist victims and others are willing to make contributions to charities. Disasters also bring out the worst in people, particularity those who desire to benefit from the charity of others. The FBI reminds the public they should apply a critical eye and do their due diligence before giving contributions to anyone soliciting on behalf the Haitian victims. Solicitations can originate from e-mails, Internet Websites, door-to-door collections, mailings, telephone calls, and other similar methods.

Therefore, before making a donation of any kind, consumers should adhere to following guidelines:

• Do not respond to unsolicited (spam) incoming e-mails, including clicking links contained within those messages.
• Be skeptical of individuals representing themselves as surviving victims or officials asking for donations via e-mail, in person or social networking sites.
• Beware of organizations with copy-cat names that are similar to those of reputable charities, but are not exactly the same.
• Verify the legitimacy of nonprofit organizations by utilizing various Internet-based resources that may assist in confirming the group's existence and its nonprofit status rather than following a purported link to the site.
• Be cautious of e-mails that claim to show pictures of the disaster areas in attached files because the files may contain viruses. Only open attachments from known senders.
• Make contributions directly to known organizations rather than relying on others to make the donation on your behalf to ensure contributions are received and used for intended purposes.
• Do not be pressured into giving contributions. Legitimate organizations do not use these methods.
• Do not give your personal or financial information to anyone who solicits contributions: providing such information may compromise your identity and make you vulnerable to identity theft.
• Avoid cash donations if possible. Pay by a credit card or write a check to the charity.
• Do not write checks to individuals.

If you believe you have been a victim of fraud from someone or an organization who was soliciting on behalf Haitian victims, contact the National Center for Disaster Fraud at:
(866) 720-5721, fax
(225) 334-4707 or e-mail disaster@leo.gov.

Anyone who has received an e-mail soliciting donations or is aware of fraudulent charity websites claiming to be collecting for Haitian victims, please notify the IC3 via www.ic3.gov.

This alert was released from the FBI National Press Office.

Future USS Independence

The Navy officially accepted delivery of the future USS Independence (LCS 2) during a short ceremony in Mobile, Ala. Independence is the second littoral combat ship delivered to the Navy, and the first LCS of the General Dynamics variant. LCS is a new breed of U.S. Navy warship with versatile warfighting capabilities, capable of open-ocean operation, but optimized for littoral, or coastal, missions.

"Today marks a critical milestone in the life of the LCS 2," said Rear Adm. James Murdoch, the LCS program manager in the Navy's Program Executive Office (PEO) Ships. "The Navy and our industry partners have worked diligently to deliver a much-needed capability."

Prior to delivery, the Navy's Board of Inspection and Survey (INSURV) conducted Acceptance Trials aboard LCS 2 on Nov. 13-19, and found the ship's propulsion plant, sea-keeping and self-defense performance to be "commendable," and recommended that the chief of naval operations authorize delivery of the ship following the correction or waiver of cited material deficiencies.

Between now and sail away in February 2010, the contractor will correct most of the trial cards received during trials. Any remaining cards will be corrected during scheduled post-delivery maintenance availabilities including the post-shakedown availability scheduled for completion in 2011.

Delivery is the last shipbuilding milestone before commissioning, scheduled for Jan. 16 in Mobile, Ala.

For more, visit Navy News.