TSP Hoax

[Callme_CO]

Our employee services person forward this to us warning about a hoax.
I just cut and pasted it from my email


Please be advised of the following..........
>>> GRA-HRM/Chief-CESC~ 1/26/2009 9:43 AM >>>
Please forward to all Staff.
******************************************
The following e-mail is being distributed by an unknown source to numerous Bureau of Prisons employees. We have confirmed with TSP that the e-mail address is not a legitimate TSP address. TSP does not communicate via e-mail except to confirm inter-fund transfers and contribution allocation changes initiated by the participant. Legitimate TSP e-mail addresses end with .gov, not .us.
There is no Department of Justice sponsored bailout option.
DO NOT respond to this message. DO NOT provide your user ID or password.
Please contact the Consolidated Benefits Unit at (972) 352-4200 for more information.
>>> "TSP Account Coordinator" <tsp-coordinator@tsp-bailout.us> 1/16/2009 2:09 PM >>>
Dear Customer,
Our records indicate your investment balance may have dropped below the allowable loss threshold set by the U.S. Government. This threshold has been set to notifiy customers that have lost over 30% of their Thrift Savings Plan (TSP) investment balance as of October 1, 2008.
Due to the unfortunate decline in the public stock market, the USDOJ is authorizing a one time bailout option to recover your losses. If you wish to participate, please visit the website(https://www.tsp-bailout.us), log in using your usdoj domain account credentials, and then select the bailout agreement link at the top of the page. Upon recieving confirmation, you will be sent the agreement paperwork.
You will only have until January 31, 2009, to take advantage of this bailout option. After that time the U.S. Government will no longer accept bailout requests from TSP customers.
Thank you,
Thrift Savings Plan Account Coordinator

 

[KevinD]

It's also on the account access page at tsp.gov. I noticed it last night.

 

[KevinD]

Heres the WhoIs on TSP-BAILOUT.US

Registrant:
ManTech

100 NE Loop 410
Suite 450
San Antonio, Texas 78216
United States

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: TSP-BAILOUT.US
Created on: 06-Jan-09
Expires on: 05-Jan-10
Last Updated on: 06-Jan-09

Administrative Contact:
bushar, ronald ronald.bushar@mantech.com
ManTech
100 NE Loop 410
Suite 450
San Antonio, Texas 78216
United States
(210) 678-4453

Technical Contact:
bushar, ronald ronald.bushar@mantech.com
ManTech
100 NE Loop 410
Suite 450
San Antonio, Texas 78216
United States
(210) 678-4453

 

[James48843]

Figures.

MANTECH is a major defense contractor- run by former Deputy Defense Sec. Richard Armitage, among others.

http://www.mantech.com

Someone should contact Mantech and let them know they have a rouge employee on their hands.

Chief executive officer:
George J. Pedersen


Website:
www.mantech.com


Tel:
703-218-6000

 

[CountryBoy]

Maybe payback for Plame.

"On Sunday's "Late Edition," CNN host Wolf Blitzer asked former Deputy Secretary of State Richard Armitage about his role in accidentally leaking that Valerie Plame worked for the CIA, an event often ignored as most media coverage has focused on Karl Rove and Scooter Libby. While Armitage agreed with Plame's contention that what he did was "very foolish," he also argued that he believed her status not to be covert because he had "never seen, ever, in 43 years of having a security clearance, a covert operative's name in a memo." When asked by Blitzer if he had assumed that she was "just an analyst" at the CIA, Armitage responded: "That's what it, not only assumed it, that's what the message said, and she was publicly chairing, chairing a meeting."

Isn't there a saying about Revenge is best served when cold? No sympathy here for this poster boy.

CB

 

[James48843]

BAST#RDS!


This wasn't a hoax- it was a U.S. JUSTICE DEPARTMENT "TEST".

Read this! From http://govexec.com/story_page.cfm?articleid=41938&dcn=todaysnews
---------------------------------------------
Justice orchestrates TSP hoax to test employees on security

By Alyssa Rosenberg arosenberg@govexec.com
January 30, 2009

A hoax involving the Thrift Savings Plan that was designed to test Justice Department employees' vulnerability to Internet scams was not coordinated with the Federal Retirement Thrift Investment Board, a TSP spokesman said on Friday.


"We went into full battle mode on Monday, put information up on our Web site as soon as we had it to warn people about it," said Tom Trabucco, director of external affairs for the board.


The ruse, orchestrated by Justice, offered employees bailouts if the value of their Thrift Savings Plan had fallen 30 percent in recent months.
According to the Associated Press, the phony e-mail initially was sent by Justice to its employees two weeks ago, giving them a Jan. 31 deadline to provide personal information that might help them recover money they lost as the value of TSP funds plummeted along with the stock markets. The TSP board did not learn until Jan. 28 that the e-mail was a hoax crafted by the department as a security test, and not a genuine phishing scheme, Trabucco said.


By then TSP administrators already had made numerous efforts to prevent the scam from spreading. They worked with the Homeland Security Department's Computer Emergency Readiness Team to trace the Web site to which the e-mail directed recipients, and then asked a TSP contractor to shut down the site. When the contractor could not close the site, they deactivated it, and monitored the site every 20 minutes to see whether information was being collected.


When TSP officials discovered that Justice, rather than a criminal or commercial entity, was responsible for the e-mail, they took down warnings from the TSP's Web site. But Trabucco said that as late as 11:01 a.m. on Friday, the General Services Administration had e-mailed his office to warn the board about the hoax, suggesting that word of the scam had spread beyond Justice and continued to cause concern.


"If you're going to do something like this, it needs to be coordinated, so when it's done, it can be shut down," Trabucco said, though he declined to criticize Justice specifically. "What I have heard is that DoJ or Bureau of Prisons sent out an e-mail on Wednesday about this to their employees, but it had spread beyond Justice, and I don't know how they're going to deal with that."
===========================================




I am calling my Congressman on Monday to complain VERY VERY LOUDLY about the use of Richard Armitage's company- MANTECH- to preport a TEST OF SECURITY on the TSP system, without the TSP Board's Knowledge!

EVERYONE ONE SHOULD DO THE SAME- COMPLAIN LOUDLY TO YOUR CONGRESSMAN AND SENATORS! DEMAND HEARINGS!

WHO THE HECK DO YOU CALL WHEN YOUR U.S. JUSTICE DEPARTMENT GOES ROUGE, AND CONTRACTS OUT TO A PRIVATE COMPANY, AN ATTEMPT TO STEAL YOUR INFORMATION????

THIS HAS TO BE ILLEGAL!

 

[CountryBoy]

Yeah they're bastards, but they'll get a free ride because Armitage finally admitted to outing Plame and he was allow to skate, but I will call my so called reps and complain loudly too, for all the good it will do.

They don't care about us.

Thanks for bringing this to our attention James,

CB

 

[James48843]

It is Illegal:

Both the FBI AND THE U.S. SECRET SERVICE HAVE JURISDICTION TO INVESTIGATE THIS.


I demand a criminal investigation of both the U.S. Justice Department officials that authorized this, and each individual at the contractor --MANTECH-- who authorized, operated, and was connected in any way to that website, under the following provisions of United States Code:


TITLE 18--CRIMES AND CRIMINAL PROCEDURE

PART I--CRIMES

CHAPTER 47--FRAUD AND FALSE STATEMENTS


Sec. 1017. Government seals wrongfully used and instruments
wrongfully sealed

Whoever fraudulently or wrongfully affixes or impresses the seal of
any department or agency of the United States, to or upon any
certificate, instrument, commission, document, or paper or with
knowledge of its fraudulent character, with wrongful or fraudulent
intent, uses, buys, procures, sells, or transfers to another any such
certificate, instrument, commission, document, or paper, to which or
upon which said seal has been so fraudulently affixed or impressed,
shall be fined under this title or imprisoned not more than five years,
or both.

AND



TITLE 18--CRIMES AND CRIMINAL PROCEDURE

PART I--CRIMES

CHAPTER 47--FRAUD AND FALSE STATEMENTS


Sec. 1030. Fraud and related activity in connection with
computers

(See http://frwebgate.access.gpo.gov/cgi-bin/usc.cgi?ACTION=RETRIEVE&FILE=$$xa$$busc18.wais&start=2074305&SIZE=36173&TYPE=TEXT )



AND

TITLE 18--CRIMES AND CRIMINAL PROCEDURE

PART I--CRIMES

CHAPTER 47--FRAUD AND FALSE STATEMENTS


Sec. 1037. Fraud and related activity in connection with
electronic mail

(a) In General.--Whoever, in or affecting interstate or foreign
commerce, knowingly--
(1) accesses a protected computer without authorization, and
intentionally initiates the transmission of multiple commercial
electronic mail messages from or through such computer,
(2) uses a protected computer to relay or retransmit multiple
commercial electronic mail messages, with the intent to deceive or
mislead recipients, or any Internet access service, as to the origin
of such messages,
(3) materially falsifies header information in multiple
commercial electronic mail messages and intentionally initiates the
transmission of such messages,
(4) registers, using information that materially falsifies the
identity of the actual registrant, for five or more electronic mail
accounts or online user accounts or two or more domain names, and
intentionally initiates the transmission of multiple commercial
electronic mail messages from any combination of such accounts or
domain names, or
(5) falsely represents oneself to be the registrant or the
legitimate successor in interest to the registrant of 5 or more
Internet Protocol addresses, and intentionally initiates the
transmission of multiple commercial electronic mail messages from
such addresses,

or conspires to do so, shall be punished as provided in subsection (b).
(b) Penalties.--The punishment for an offense under subsection (a)
is--
(1) a fine under this title, imprisonment for not more than 5
years, or both, if--
(A) the offense is committed in furtherance of any felony
under the laws of the United States or of any State; or
(B) the defendant has previously been convicted under this
section or section 1030, or under the law of any State for
conduct involving the transmission of multiple commercial
electronic mail messages or unauthorized access to a computer
system;

(2) a fine under this title, imprisonment for not more than 3
years, or both, if--
(A) the offense is an offense under subsection (a)(1);
(B) the offense is an offense under subsection (a)(4) and
involved 20 or more falsified electronic mail or online user
account registrations, or 10 or more falsified domain name
registrations;
(C) the volume of electronic mail messages transmitted in
furtherance of the offense exceeded 2,500 during any 24-hour
period, 25,000 during any 30-day period, or 250,000 during any
1-year period;
(D) the offense caused loss to one or more persons
aggregating $5,000 or more in value during any 1-year period;
(E) as a result of the offense any individual committing the
offense obtained anything of value aggregating $5,000 or more
during any 1-year period; or
(F) the offense was undertaken by the defendant in concert
with three or more other persons with respect to whom the
defendant occupied a position of organizer or leader; and

(3) a fine under this title or imprisonment for not more than 1
year, or both, in any other case.

(c) Forfeiture.--
(1) In general.--The court, in imposing sentence on a person who
is convicted of an offense under this section, shall order that the
defendant forfeit to the United States--
(A) any property, real or personal, constituting or
traceable to gross proceeds obtained from such offense; and
(B) any equipment, software, or other technology used or
intended to be used to commit or to facilitate the commission of
such offense.

(2) Procedures.--The procedures set forth in section 413 of the
Controlled Substances Act (21 U.S.C. 853), other than subsection (d)
of that section, and in Rule 32.2 of the Federal Rules of Criminal
Procedure, shall apply to all stages of a criminal forfeiture
proceeding under this section.

(d) Definitions.--In this section:
(1) Loss.--The term ``loss'' has the meaning given that term in
section 1030(e) of this title.
(2) Materially.--For purposes of paragraphs (3) and (4) of
subsection (a), header information or registration information is
materially falsified if it is altered or concealed in a manner that
would impair the ability of a recipient of the message, an Internet
access service processing the message on behalf of a recipient, a
person alleging a violation of this section, or a law enforcement
agency to identify, locate, or respond to a person who initiated the
electronic mail message or to investigate the alleged violation.
(3) Multiple.--The term ``multiple'' means more than 100
electronic mail messages during a 24-hour period, more than 1,000
electronic mail messages during a 30-day period, or more than 10,000
electronic mail messages during a 1-year period.
(4) Other terms.--Any other term has the meaning given that term
by section 3 of the CAN-SPAM Act of 2003.''.



Every TSP account holder ought to be on the phone filing a complaint.

 

[CountryBoy]

I showed this to my wife and she was shocked that something like this could happen in America. Her words were "This isn't communist Russia or China or some 2 bit dictator, this is America. What are we turning into? People need to be fired. Who can the ordinary people turn to?".

Of course my reponse to that, is that the people keep electing and putting people of very questionable ethics in positions of power. I've always believed that you need to pass a test prior to being allowed to vote, Malyla brought up the subject earlier. Something major has to happen to turn us around, we're becoming the laughing stock of the world.

I've got to admit, I'm totally at a loss for words that something this conniving or underhanded would be perpetrated in our country, but I'm afraid that nothing will become of this, because it affected, again, only a small portion of the populace and we know how our elected officials really represent us. It's so sad what this country is turning into and the direction we are heading.

CB

 

[RunningFool]

"We have no government armed with power capable of contending with human passions unbridled by morality and religion. Avarice, ambition, revenge, or gallantry, would break the strongest cords of our Constitution as a whale goes through a net. Our Constitution was made only for a moral and religious people. It is wholly inadequate to the government of any other."
- John Adams to the Officers of the First Brigade of the Third Division of the Militia of Massacusetts, October 11, 1798

 

[James48843]

I would like to point out the following timeline-

According to the article- it was someone at the Department of Justice who initiated this hoax and probable illegal activity.

According to the "Whois" information, the web address was secured by MANTECH corporation's agent on January 6, 2009.

So this had to be part of something directed by our U.S. Justice Department prior to January 6, 2009.

The violation occurred by a company located in San Antonio, Texas.

Employees of the Thrift Savings Plan Administrative office in Washington, D.C. were made aware of it January 28th, and the article says it appears to have gone out to employees two weeks prior to that.

Since it crossed state lines- (texas, D.C.), it is now appears to me, at least, to be a real federal offense.

Gee.... I wonder who was in charge of the Justice Department between January 9, and two weeks prior to January 28th.....

http://amlawdaily.typepad.com/amlaw...and-political-bias-at-justice-department.html

 

[James48843]

More Information:

Justice Department hoaxes employees in e-mail

Jan. 29, 2009 05:01 PM
Associated Press

SAN DIEGO - The Justice Department doesn't have to look far to find a scam that preys on people whose retirement plans have been crippled by the global financial meltdown.

It designed one of its own. And e-mailed it to agency employees.

The bogus offer - signed by "Thrift Savings Plan Account Coordinator" - was sent two weeks ago and directed employees to a Web site and asked them to plug in account information by Jan. 31.

The hoax triggered a bout of anxiety and warnings among Justice Department employees.
One worker, identified only as a "national security specialist" at the U.S. attorney's office in Portland, Ore., warned colleagues in a mass e-mail Tuesday night, "DO NOT respond to this message. DO NOT provide your user ID or password." The subject line read, "URGENT - TSP hoax."

The Justice Department, which acknowledged Thursday that the e-mail was a hoax, is responsible for prosecuting similar computer hoaxes.

On Wednesday, a memo was circulated by Ted Shelkey, assistant director for information systems security, explaining that the savings plan e-mail was a hoax.

"We have learned that the messages are part of a hoax invented and distributed by DOJ to test employee security awareness," Shelkey wrote.

"The message and the site purported to be the bailout Web site are not malicious," Shelkey said in his memo. "There is no need to distribute warning messages to colleagues and law enforcement contacts. Please delete all such messages and associated alerts."

It was unclear who in the department authored and approved the hoax or how many employees received the bogus offer. Shelkey did not immediately respond to an e-mail or to messages left on his office phone Wednesday and Thursday.

The independent Federal Retirement Thrift Investment Board administers the Thrift Savings Plan for federal employees. It operates like a 401(k) plan, with employee and employer contributing money, and had 3.9 million members at the end of 2007.

Justice Department spokeswoman Gina Talamona called the phony e-mail a security test. "This specific exercise was successfully completed within the defined time period," said Talamona, who works out of the agency's Washington headquarters.

"Scenarios are intended to represent an example of persistent cyber threats facing today's Internet users," she said.
A copy of the bogus offer was provided to the Associated Press by a federal employee who was not authorized to discuss the matter publicly.

On Wednesday - hours after Shelkey sent his e-mail disclosing the Justice Department's authorship - the plan's Web site was still treating the episode as a live hoax. It asked to be notified by anyone who volunteered personal information and directed people to another government Web site about "phishing," the practice of sending e-mails disguised as being from an official institution.

By Thursday, the warning was removed from the retirement plan's home page.

 

[James48843]

I have filed a formal complaint over this here:

https://complaint.ic3.gov/ctf.aspx

I suggest others consider doing the same.

 

[James48843]

This appeared today on Govexec.com:


Justice-Designed TSP Scam Reaches Commerce Department
By Alyssa Rosenberg | Monday, February 02, 2009 | 10:59 AM

An eagle-eyed reader sends in this email sent to Department of Commerce employees regarding the Justice Department-designed scam to test readers' vulnerability to internet scams by offering to help them recoup their losses in the Thrift Savings Plan:

Distribution: All DOC Employees (EXCEPT PTO) The Thrift Savings Plan (TSP) has reported that some participants have received an email purporting to be from the TSP. It states that if participants have lost more than 30% of their TSP account value, they are eligible for a one-time U.S. Government bailout to recover their losses. The message directs participants to a "look-alike" TSP web site that asks for account credentials (User Name and Password). The email is signed "TSP Account Coordinator."
This email is not an official TSP communication.
The TSP does not initiate requests for sensitive information such as account numbers, user IDs, passwords, or PINs from participants via email. Furthermore, the TSP does not collect or maintain a list of participants' email addresses.
If you receive an email from someone claiming to be a "TSP Account Coordinator," please do not reply to it, click on any links, or open any attachments. If you responded to this "phishing" email and provided any personal information, please contact the TSP immediately at 1-877-968-3778. The bogus web site is being disabled, and the Federal Retirement Thrift Investment Board is actively investigating the matter.
When accessing your TSP account online, always be certain to close your browser after you've finished. For more information on how to avoid email scams, refer to http://www.onguardonline.gov/topics/email-scams.aspx#2. This is a web site maintained by the Federal Trade Commission (FTC).

​

If you receive a similar email, let me know. I want to track how far this thing has spread."


Source: http://blogs.govexec.com/fedblog/2009/02/justicedesigned_tsp_scam_reach.php




I plan to let the reporter know that I saw it- you might do the same. Her e-mail is: arosenberg@govexec.com

 

[James48843]

Justice did not anticipate response to bogus e-mail

By Alyssa Rosenberg arosenberg@govexec.com February 4, 2009

Justice Department officials did not anticipate that a phony e-mail sent to employees of the Bureau of Prisons to test their vulnerability to Internet scams would circulate to other agencies and cause alarm.

"It was what it was, but we certainly would not do this again," said Vance Hitch, chief information officer at Justice, during a Feb. 4 interview with Government Executive. "If there's anyone else who might by any implication be involved, we would need to coordinate with them. Our intent was that this would be contained within DoJ, and in fact in one component."

The department sent e-mails to Bureau of Prisons employees on Jan. 25 informing them that if they had lost more than 30 percent of the value of their Thrift Savings Plan accounts since Oct. 1, 2008, they could register online for a bailout that was available until Jan. 31, 2009. The e-mail was signed "Thrift Savings Plan Account Coordinator" and sent from the address tsp-coordinator@tsp-bailout.us. At 7:30 a.m. on Jan. 27,

Justice deactivated the Web site to which the email directed recipients to for the advertised bailout. Shortly thereafter, the department informed Bureau of Prisons employees that the e-mail was a security test and not a genuine scam.

Justice did not coordinate the security test in advance with the Federal Retirement Thrift Investment Board, the body that oversees the TSP.

Hitch said employees in other Justice agencies were warned about the test. Although the fake Web site was active for only a short time, the e-mail had circulated quickly to other agencies.

Employees from the National Oceanic and Atmospheric Administration and the Economic Development Administration at the Commerce Department, the Federal Aviation Administration and National Highway Traffic Safety Administration at the Transportation Department, and the Government Accountability Office recently told Government Executive that they received the e-mail or warnings that they should not respond to it, but not necessarily information that the message was phony. Last week, the General Services Administration alerted the TSP board to the e-mail.

"One thing that happens in our society is that everyone spreads these e-mails around," Hitch said. "We certainly have gotten this message in spades, and we're working to prevent this in the future, to keep that from spreading it around." But he emphasized that the Web site was never "dangerous. It's not active."

When the TSP board learned about the incident on Jan. 28, officials still were unaware that the e-mail was bogus. The board immediately moved to shut down what it believed was a genuine attempt to scam federal employees, working with a contractor and the Homeland Security Department to monitor the Web site and try to deactivate it. On Jan. 30, a TSP official expressed frustration that Justice had not alerted the board about the training exercise.

Hitch acknowledged that lapse on Wednesday.

"There wasn't appropriate coordination with the TSP," he said. "The TSP happened to be included in one of the scenarios. They [the board] absolutely should have been contacted ahead of time, and they weren't. We have modified our protocols to make sure that doesn't happen in the future. As soon as we learned TSP got their first inquiry about this, we started working with them."

But Hitch defended the concept behind the idea, saying such "social engineering" tests are an important part of the department's efforts to educate its employees about using e-mail and the Internet wisely. Justice employees undergo mandatory annual training on information technology security issues. Hitch said they receive regular warnings about cybersecurity when they log on to their computers, though they are not warned about upcoming tests.

Though he would not disclose how many employees attempted to access the Web site, Hitch said employees demonstrated more awareness of phishing schemes during the latest test than they had previously, and fewer fell for the ruse.

"We have to do the education, and we have to do some of this social engineering testing to make sure we get at this vector," Hitch said. "We do have evidence that things are getting better."


Source: http://www.govexec.com

 

[Callme_CO]

So lets test the BOP and see if they are idiots and will fall for this...oops i mean lets EDUCATE them!!! How about they EDUCATE employees on TSP and retirement as a whole. You wouldn't believe how many employees i come across (not just in the BOP) that have told me " i'll worry about retirement planning when i hit 40" I'm 26 and i about have a heartattack when i hear this. How about we do the right EDUCATING!!!!!

 

[Guest2]

So lets test the BOP and see if they are idiots and will fall for this...oops i mean lets EDUCATE them!!! How about they EDUCATE employees on TSP and retirement as a whole. You wouldn't believe how many employees i come across (not just in the BOP) that have told me " i'll worry about retirement planning when i hit 40" I'm 26 and i about have a heartattack when i hear this. How about we do the right EDUCATING!!!!!

Sorry my old friend, the System is not setup for such things. Thats why
we normally see a company contractor come in and teach us to Buy&Hold.
This year during A.R.T. is was quite noticeable that the man who comes
out every year had no room on the Training Schedule. Non, Nada, Zilch !
We never even talked about the TSP or Retirement this year. Gee, I wonder
why that happend ! :suspicious: