Thrift Savings Plan accounts compromised Published Feb. 9, 2007 By www.tsp.gov CANNON AIR FORCE BASE, NM -- According to the Thrift Savings Plan (TSP) Web site at www.tsp.gov., all servicemembers and Department of the Air Force civilians should be aware of a method used to steal funds from their TSP accounts and to encourage personnel to safeguard online personally identifiable information (PII). In December 2006, the personal computers of several TSP participants were infected with keylogging software, allowing criminals to record all key strokes made by the participant without the participant's knowledge, to include the participant's TSP personal identification number (PIN) and other account information. Approximately two dozen participants had relatively small amounts withdrawn from their accounts and electronically forwarded to fraudulent accounts. Total amount of loss involved is approximately $35,000, and all affected participants have been notified. The TSP system has not been breached, according to the Web site's security news section. The compromises took place when keyloggers monitored each keystroke as participants entered their TSP information into their personal computer. The U.S. Secret Service has advised that such personal information is increasingly available on keylogger lists for sale through criminal networks. Keystroke logging (keylogging) is a diagnostic used in software development that captures the user's keystrokes. It can be useful to determine sources of error in computer systems and can be used to measure employee productivity on certain clerical tasks. However, such systems used by computer hackers, provide a means to obtain passwords or encryption keys, thus bypassing other security measures. Individuals using the TSP Web site www.tsp.gov, or any web site involving PII, should be vigilant and protect their computers. Although the TSP cannot be responsible for participants' negligence or poor security practices, the TSP will ensure their web page security is current and the risk of fraudulent activity reduced to the greatest extent possible. The TSP will be implementing additional security measures in the near future. Recommended actions: Individuals with computers not protected with updated security software such firewalls, anti-virus, and spyware detection are most vulnerable to compromises by keylogging software. The Joint Task Force for Global Network Operations offers free protection software for Department of Defense personnel to use on home computers. Users can access the following link from a .mil computer system and authenticate with a computer access card (CAC) and PIN: www.jtfgno.mil/antivirus/home_use.htm. Alternatively, users can request a copy of home antivirus and firewall software from their Client Support Administrator. All participants are urged to ensure the adequacy of security on their computers by installing keylogger protection and promptly closing their browser after each visit to their TSP account on the web site. These steps will reduce your exposure, and these practices should be followed for all online access to any financial account. The TSP Web site advises Airmen to securely close an Internet site theyhave logged onto by first log ing off the site (usually a button on the page allows this), then closing the browser by clicking the X at the top of the Internet screen. Closing a browser (or hitting the 'back' button/arrow) does not guarantee that a secure session has terminated, and logging off a Web site alone does not clear the browser's memory. Users are encouraged to use only their private computers for personal financial use. Public-use computers, such as those found in Internet cafes, are not a secure means of conducting personal business, since there is no way for the user to determine that the machine is secure and free of malicious logic such as spyware or keyloggers.