Question:
Hacking of U.S Soldiers Goverment E-mails?
anonymous
2011-05-15 13:09:41 UTC
I have evidence that proves five different computers located in Arizona, Minnesota and Illinois were used to hack into (my) SSG Long's Army Knowledge Online (AKO) as well as his MyPay account. Some of the hacking was done while he was logged into AKO using his Common Access Card (CAC) at Fort McCoy, WI 54656. This hacking was achieved by a Keystroke program that was installed by the perpetrators on SSG Long's computer without his knowledge. This was testified to in Rockford, IL Court Room 455 in May 2008. Copies of e-mails bragging about this (hacking of e-mails) and Keystroke program being installed on SSG Long's computer without his knowledge were also presented in Court Room 455 in May 2008. Long after the hackings, an AKO Network Systems Administrator validated that the hackings had taken place. There have been thousands of hacks into his AKO.

Registering for an AKO account is mandatory upon enlistment with the United States Army. AKO access is governed by DoD security policy. The log-on security feature is accomplished by password or by a combination of a CAC and PIN. The password requirement is stringent; it must contain at least 2 uppercase letters, 2 lowercase letters, 2 numbers, and 2 special characters. Passwords expire every 150 days, and may not be replaced by any password used the previous ten times. Since July 2010, Soldiers have also had to answer 3 out of 15 personal questions of their own choosing as an added security feature. Nevertheless, all of these features failed when the Keystroke program was used to hack into SSG Long’s AKO account when he was logged in with his CAC.

This was not accomplished by Al-Qaeda, Hezbollah, or even the Taliban. These hacks were executed by average citizens seemingly without AKO Network Systems Administrator knowledge.

These breaches into the AKO’s security have cost SSG Long thousands of dollars in forgeries due to his financial information being obtained through his AKO and his MyPay accounts. Additionally, two other Soldiers’ AKO and MyPay accounts were exposed to the potential hacking. Unfortunately, these two other Soldiers had logged into their AKO from SSG Long's home computer that had the hidden Keystroke program on it. No attempts have been made to investigate or validate whether there was a breach in other two Soldiers’ AKO and MyPay accounts. Furthermore, the United States Army has attempted to silence SSG Long on this issue with threats of UCMJ actions and black listing.

In 2009, SSG Long filed a complaint with the Wisconsin Sparta Police Department Case # 09-1444,
Officer C. Itnyre, Badge 57. In March 2011, the Sparta Wisconsin Police Department received confirmation from Madison Wisconsin’s Computer Forensic Service Unit that the spyware were on SSG Long's computer. Despite having confirmed evidence from AKO Network Systems Administrator, testimonies under oath, and Madison’s Computer Forensic Service Unit, there would appear to be an attempt from the United States Army and the Sparta Police Department to stall the proceedings.

The Keystroke program on SSG Long’s computer was first discovered in May 2009. Consequently, the perpetrators were able to access everything on SSG Long’s account for approximately 18 months.

There are two issues here: One issue being a crime was committed against a Soldier that led to other crimes. Secondly, there is a network security issue with AKO and MyPay. There have been security features changed and adjusted over the past couple of years on these systems, but there are still enormous vulnerabilities. AKO is not just an email account system; AKO is “one stop shopping” for a Soldier. The following are just a few of the items that are stored or accessed through AKO: training records, Personally Identifiable Information (PII), sensitive but unclassified information, high school diploma’s, college transcripts, SF 86 Questionnaire for National Security Positions information, medical history, awards, DD214 Certificate Of Release Or Discharge From Active Duty, bank account information, and specific Military Occupational Specialty manuals and tradecraft information.

There would appear to be a great effort by the United States Army in trying to keep outside sources, including the media, from knowing about this. They have impeded in helping SSG Long’s progress by downplaying the effects, refusing to put in writing what services and aides are available to him, not contacting the local law enforcement to validate the crime, and a lot of finger pointing to send SSG Long on an aimless scavenger hunt. They have suggested that he obtain a civilian attorney as they see this as a civil matter not a criminal one. I have plenty of documentation and evidence to substantiate all these facts!

Please help bring awareness to this egregious disservice to all knowing and unknowing Soldiers.

Gmail: long.ian369@gmail.com
AKO: ian.e.long@us.army.mil
Three answers:
Chris A
2011-05-15 14:28:04 UTC
"Nevertheless, all of these features failed when the Keystroke program was used to hack into SSG Long’s AKO account ... These breaches into the AKO’s security"



Slow down. AKO's security wasn't breached. Your security was breached. You're the one who used a compromised home computer for 18 months. Also, MyPay uses a different login than AKO, so the part about them getting your bank info through AKO seems unlikely. Unless you were using the same password for both. Again, your fault. And they didn't get your login credentials when you logged in with your CAC. Two factor authentication doesn't work that way. All they could get with a keylogger is your PIN, which is useless without the CAC. Maybe some kind of man in the middle attack could sniff the certificate out, that's beyond my knowledge, but a keylogger alone is pretty useless.



I don't know what you want the Army to do. Format your hard drive, put a real operating system on it, and change all your passwords. Hit up the FTC web site and make an identity theft report. Then stop running cracked software. The Army's not going to (and cannot) restructure AKO in some way to rescue users from their own poor security practices. They're not going to send Delta Force after the h4x0r, either. Locating the perpetrator in such cases is exceedingly difficult; prosecution is practically impossible.
anonymous
2016-04-30 03:01:32 UTC
Why are you telling anyone who answers that you don't agree with to F' Off? Very immature....... “Lets play” had a valid point. If you had respect for Vets or anyone who is AD, you would respect their opinions. You apparently don't by telling people to F' off. Hence people pointing on the irony of those saying they "support the troops" yet disrespect them at the same time. Like you......... My husband just called me from Iraq...and read him this email you posted.....he laughed and said it was another dumb thing that civilians do that is pointless. He is on his 7th deployment to Iraq, and could care less who wears what. I think it is good you want to support the troops; however you need to support their viewpoints too. You are showing you have no regard or respect for how they feel; all you care about is how you feel. Apparent with your rudeness to a contrary opinion. You should rethink your stance when you say you support the troops, because you apparently think they should not have an opinion. Makes me think you really don’t know what support it. I think you are being very immature. It is good to support the troops, however you can't disrespect their opinions at the same time. They are allowed to be humans too.....they are not this mold of a person you expect to kiss your butt for your "support".
anonymous
2011-05-15 13:18:16 UTC
That sucks man. I hate AKO even more now


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...