Main Nav

Has anyone received a letter from the US DOJ regarding the above case? 

 

Mark Reboli

Network/Telecom/IT security Manager

Misericordia University

570-674-6753

 

AttachmentSize
image001.jpg1.3 KB

Comments

We received one Jan 26th, and have received similar in the past.  It looks a lot like a phish, but is legit.  If you follow the directions to log-in to the portal, you should get a list of compromised IPs registered to your domain, and sometimes time stamps.

I think this case is related to the ChronoPay takedown last year.

 

___________________________________

Daniel V. O'Callaghan, Jr., MBA, CISSP

Chief Information Security Officer

Sinclair Community College

444 W Third St, 13-000B

Dayton, OH 45402

937.512.2452

 

 

 

Yeah we got one too.

matt

On 2/8/2012 7:36 AM, Kellogg, Brian D. wrote:
Like many of us, we received email notification to the email address listed in our domain registration record weeks ago.  After all the confusion, another email came out indicating each school would receive a postal message concerning the case with more details in the next week.

In our case, the email was addressed to "Business Representative".  In the real world, I'm not sure who that would be delivered to via Postal mail.  Much like the emails, I suspect if delivered as such, it would be questioned if not ignored.

Does anyone have an example of the hard copy sent via postal mail?


On 2/8/2012 9:53 AM, Matt Presser wrote:
Yeah we got one too.

matt

On 2/8/2012 7:36 AM, Kellogg, Brian D. wrote:
Message from sweeny@indiana.edu

yes, my letter came (to my name, but with "Business Representative" as a sort of title) in the mail a couple weeks ago, with largely the same information as the webpage, but with a particular key that, when entered on the webpage, allowed me to see the suspicious-activity machines in my domain, along with timestamps, as has been indicated previously. Brent Sweeny, Indiana University On 2/8/2012 11:49 AM, Dave Koontz wrote: > Like many of us, we received email notification to the email address listed in > our domain registration record weeks ago. After all the confusion, another email > came out indicating each school would receive a postal message concerning the > case with more details in the next week. > > In our case, the email was addressed to "Business Representative". In the real > world, I'm not sure who that would be delivered to via Postal mail. Much like > the emails, I suspect if delivered as such, it would be questioned if not ignored. > > Does anyone have an example of the hard copy sent via postal mail? > > > On 2/8/2012 9:53 AM, Matt Presser wrote: >> Yeah we got one too. >> >> matt >> >> On 2/8/2012 7:36 AM, Kellogg, Brian D. wrote: >>> >>> http://blog.onlymyemail.com/us-department-of-justice-fbi-victim-notifica... >>> >>> Above is what I found. >>> >>> -Brian >>> >>> *
Message from don@donblumenthal.com

My phish paranoia kicked in also, so I verified the number for Laura Riso and called. I got a recording but it included the fact that the letters are related to Operation GhostClick and DNSChanger malaware.


Don 


Message from harry@marist.edu

On 2/8/2012 11:49 AM, Dave Koontz wrote:
Like many of us, we received email notification to the email address listed in our domain registration record weeks ago.  After all the confusion, another email came out indicating each school would receive a postal message concerning the case with more details in the next week.

In our case, the email was addressed to "Business Representative".  In the real world, I'm not sure who that would be delivered to via Postal mail.  Much like the emails, I suspect if delivered as such, it would be questioned if not ignored.

Does anyone have an example of the hard copy sent via postal mail?

Ours came addressed to "Business Representative" only, and ended up in the CFO's office, and forwarded eventually to me.

/ahw


On 2/8/2012 9:53 AM, Matt Presser wrote:
Yeah we got one too.

matt

On 2/8/2012 7:36 AM, Kellogg, Brian D. wrote:
  I got one.  I tossed it as an obvious scam.  (I routinely get warnings from shadowserver that 2-3 of our wireless client IPs were once issued to infected clients, too -- those at least are pretty intelligible.
 
David Gillett, CISSP CCNP
 

Message from ahockett@warnerpacific.edu

We got the letter as well.

 

In talking with the FBI and a contact at the NSA, the letter is indeed legit and was part of the OP that Homeland organized for compromised DNS servers. 

 

-Aaron

 

 

mysteries made known

Aaron Hockett
Network Systems and Securities Manager 

Warner Pacific College
2219 SE 68th Ave.
Portland, OR 97215
 

ahockett@warnerpacific.edu
www.warnerpacific.edu 

tel:
fax:

503-517-1203

503-517-1352

 

This message is intended for the sole use of the individual to whom it is addressed. It may contain information that is privileged, confidential or exempt from disclosure under applicable laws. If you are not the intended addressee you are hereby notified that you may not use, copy, disclose, or distribute to anyone this message or any information contained within this message. If you have received this message in error, please immediately advise the sender by replying to this email and delete this message.

 

 

 

Close
Close


Annual Conference
September 29–October 2
Register Now!

Events for all Levels and Interests

Whether you're looking for a conference to attend face-to-face to connect with peers, or for an online event for team professional development, see what's upcoming.

Close

Digital Badges
Member recognition effort
Earn yours >

Career Center


Leadership and Management Programs

EDUCAUSE Institute
Project Management

 

 

Jump Start Your Career Growth

Explore EDUCAUSE professional development opportunities that match your career aspirations and desired level of time investment through our interactive online guide.

 

Close
EDUCAUSE organizes its efforts around three IT Focus Areas

 

 

Join These Programs If Your Focus Is

Close

Get on the Higher Ed IT Map

Employees of EDUCAUSE member institutions and organizations are invited to create individual profiles.
 

 

Close

2014 Strategic Priorities

  • Building the Profession
  • IT as a Game Changer
  • Foundations


Learn More >

Uncommon Thinking for the Common Good™

EDUCAUSE is the foremost community of higher education IT leaders and professionals.