Yahoo just said every single account was affected by 2013 attack — 3 billion in all

Posted on

Read Article at CNBC

  • Yahoo said every single account was affected by a data breach in 2013; originally, the company said 1 billion out of 3 billion accounts were affected.
  • Yahoo is now part of a Verizon subsidiary named Oath.
  • Yahoo and Oath disclosed the new information on Tuesday evening.

Todd Haselton | @robotodd | CNBC

Published 17 Hours Ago Updated 2 Hours Ago

Yahoo on Tuesday said that every single Yahoo account was affected by a data breach that took place in 2013.

In 2016, Yahoo disclosed that more than one billion of about three billion accounts had likely been affected by the hack. In its disclosure Tuesday, the company said all accounts were likely victimized.

Yahoo included the finding in a recent update to its Account Security Update page, saying that it found out about the wider breach through new intelligence obtained during the company’s integration into Verizon Communications. Outside forensic experts assisted in the discovery, the company said.

“It is important to note that, in connection with Yahoo’s December 2016 announcement of the August 2013 theft, Yahoo took action to protect all accounts. The company required all users who had not changed their passwords since the time of the theft to do so. Yahoo also invalidated unencrypted security questions and answers so they cannot be used to access an account,” Yahoo said Tuesday.

Yahoo said it will begin alerting accounts that weren’t previously notified of the attack.

In 2013, a breach allowed attackers to steal email addresses, passwords, birth dates, telephone numbers and more. The new investigation indicated that stolen information didn’t include passwords in clear text, payment card data or information about bank accounts.

Verizon finished its acquisition of Yahoo in June and is folding it, with AOL, under a new subsidiary named Oath.

U.S. to ban use of Kaspersky software in federal agencies amid concerns of Russian espionage

Posted on

Don’t Fall Victim!

OnGuard Remote Backup platform has helped many customers over the bast few months recover from encryption ware based attacks! We offer a trusted protection platform that’s flexible enough to meet your current and future business needs. Our LIVE support works with you to help recover your systems quickly.

We are also introducing several new OnGuard security products this year geared to protect your business.

Onguard Mail Essentials powered by GFI: Protect your business against email-borne junk, viruses, spyware, phishing and other malware threats.

Hardware Firewalls with Advanced Security Protection: We are working with our U.S.A. based developers in order to provide proactive protection of your entire network, reducing your exposure to cyber threats at a price point that will not decrease your bottom lime.

We also offer managed Antivirus as well as advanced Network Monitoring. We monitor numerous parameters of your systems including disk space, backup status, operating system updates, errors. This proactive approach allows us to proactively maintain your systems for optimal performance and minimal downtime.

 

The U.S. government on Wednesday plans to ban the use of a Russian brand of security software by federal agencies amid concerns the company has ties to state-sponsored cyberespionage activities, according to U.S. officials.

Subscribe to the Post Most newsletter: Today’s most popular stories on The Washington Post

Acting Homeland Security Secretary Elaine Duke will order that Kaspersky Lab software be barred from federal government networks while giving agencies a timeline to get rid of it, according to several officials familiar with the plan who were not authorized to speak publicly about it. Duke ordered the scrub on the grounds that the company has connections to the Russian government and its software poses a security risk.

The directive comes months after the federal General Services Administration, the agency in charge of government purchasing, removed Kaspersky from its list of approved vendors. In doing so, GSA suggested a vulnerability exists in Kaspersky that could give the Kremlin backdoor access to the systems the company protects.

In a statement to The Washington Post on Wednesday, the company said: “Kaspersky Lab doesn’t have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against the company. The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it’s being treated unfairly even though the company has never helped, nor will help, any government in the world with its cyberespionage or offensive cyber efforts.

“Kaspersky Lab has always acknowledged that it provides appropriate products and services to governments around the world to protect those organizations from cyberthreats, but it does not have unethical ties or affiliations with any government, including Russia,” the firm said.

The directive comes in the wake of an unprecedented Russian operation to interfere in the U.S. presidential election that saw Russian spy services hack into the Democratic National Committee and the networks of other political organizations and release damaging information.

At least a half-dozen federal agencies run Kaspersky on their networks, the U.S. officials said, although there may be other networks where an agency’s chief information security officer — the official ultimately responsible for systems security — might not be aware it is being used.

The U.S. intelligence community has long assessed that Kaspersky has ties to the Russian government, according to officials, who spoke on condition of anonymity to discuss internal deliberations. Its founder, Eugene Kaspersky, graduated from a KGB-supported cryptography school and had worked in Russian military intelligence.

In recent months concern has mounted inside the government about the potential for Kaspersky software to be used to gather information for the Russian secret services, officials said.

Richard Ledgett, former National Security Agency Deputy Director, hailed the move. Speaking on the sidelines of the Billington cybersecurity summit in Washington Wednesday, he noted that by Kaspersky, like other Russian companies, is “bound to comply with the directive of Russian state security services, by law, to share with them information from their servers.”

Concerns about Kaspersky software had been brewing for years, according to one former official who told The Post that some congressional staffers were warned by federal law enforcement officials as early as November 2015 not to meet with employees from Kaspersky over concerns of electronic surveillance.

When GSA announced its July decision, it underscored its mission was to “ensure the integrity and security of U.S. government systems and networks” and that Kaspersky was delisted “after review and careful consideration.” The action removed the company from the list of products approved for purchase on federal systems and at discounted prices for state governments.

The directive will also put pressure on state and local governments that use Kaspersky’s products. Many had been left to speculate about the risks of sticking with the company or abandoning taxpayer-funded contracts, sometimes at great cost. In July, The Post found several state or local agencies that used Kaspersky’s antivirus or security software had purchased or supported the software within the last two years.

Spam control experiment

Posted on

Controlling Spam MailTired of spam email? Try this simple technique to reduce your spam.

My INBOX receives over 400 emails a day. Many of these emails are from websites I have either ordered something from,  downloaded something or are just junk mail. The number of emails almost doubles during the weekend and at nite. Now, its not difficult to DELETE these unwanted emails. But it does take some time to do so and I sometimes delete by mistake a good email that I need (Murphy’s law at work!). To be honest I actually find something interesting in those “junk” emails every now and than.

The technique:

About 3 weeks ago, I decided to try an experiment to reduce the spam emails I receive and save me some valuable time. What I came up with is so simple that I was skeptical if it would actually work. What did I do? I scrolled down on every “spam” email and hit the UNSUBSCRIBE button.

How to UnSubscribe:

Not every email has an “unsubscribe” and those are truly spam and need to be deleted. What i found over the last 3 week was interesting. First, not every web site handles the unsubscribe the same way. Most bring you to a web site where you have to OPT OUT of the list you are subscribed. These require you to be careful and read the screen and make sure you select UNSUBSCRIBE ME FROM ALL and not just the boxes with a check in it. Experimenting, I began first de-selecting all boxes and unsubscribing THAN reloading the page (clicking on the link again from the email) and hitting UNSUBSCRIBE FROM ALL – basically doing it twice. After 3 weeks, the double method seemed to work best in removing you from the list. Other sites have you type in your email (yes I thought this is how they confirm you are real, but this was an experiment remember) and again hit unsubscribe. Still other’s required you to CHECK OFF not UNCHECK the lists you no longer want. The best ones send you to a web page that states “you are unsubscribed”.

Finding the Un-subscribe button:

No one wants you off their list as you are a potential customer. So they don’t make it easy. The BETTER more reputable sites have a clear button to click. The less reputable sites don’t have a button but text you read and click. This text does not always show a link with your mouse so you have to click around – sneaky. This text may state “to remove yourself…”, “if you no longer wish to..” or my favorite “you requested these emails if you no longer want them” yes that’s right nothing else after that – even sneakier.

Finally some emails require you to reply with UNSUBSCRIBE in the email – again experimenting, i put unsubscribe in the subject and the body. What i found was that doing both, placing the unsubscribe in the subject and body of the email works best.

What happened after 3 weeks of doing this?

You may think this was a lengthy process and too time consuming – but fear not! It takes less than 8 seconds per email – yes I timed it! So for 3 weeks I diligently removed myself from every email I did not want.

First, some sites state you will be removed in 10 days (sears, homedepot etc..) and some said it will take a few days to process your request –  so be patient hence why I gave this 3 weeks. Some emails continued to come in despite my efforts to unsubscribe. I followed my process may times on each email. Interestingly, some continued to send emails but WITHOUT the UNSUNSCRIBE button – even sneakier – bastards! So i began making the unsubscribe links my favorites and continued to remove myself from the emails. Others immediately send me 2-3 emails right after unsubscribing without the button – like parting shots in a war. But I remained vigilant and continued to remove myself from the lists.

The results were quite astonishing

3 weeks later, my inbox receives less than 200 emails  a day with most if not all being good emails – a 70% reduction! Now at nite, I find myself looking at my phone only to find NO emails for me to delete! Saturday what was over 200 spam emails is now less than 20.

so this process works, costs nothing but some time and has greatly reduced junk mail. As a side benefit, since a lot of junk mail has been eliminated, the incidences of viruses also has gone down.

So if you want less spam and some virus protection, follow these steps – it worked for me!

Anthony Pennacchio
President

Internet Service Musings – A MUST READ!

Posted on

Why do you call your internet provider before Bulldog Tech?

 

If your internet is “down” or problematic – our productivity suffers, we lose business and employees sit around “waiting” – in effect we lose money when our internet is down not to mention the frustration we have when trying to have it repaired.

Over the years, we have been working with internet providers (cable/Spectrum, Verizon etc..) and our customers to keep their internet operational. Over the years, we have found that these internet providers love to “pass the buck” when they service your internet.  We receive many calls a day when these providers magically appear at your office and state “your network is bad” or “call your IT people” and they leave with you having no or limited internet. Upon calling us, we find almost 100% of the time that the providers tech person did not set up your system properly.

Now you have the background for this newsletter.

Our clients call us for many reasons (all true):

  • “My cell phone won’t dial”
  • “My Amazon order was declined”
  • “facebook is slow”
  • My favorite:  “your man just left and now our microwave does not work”

YET – if you have internet problems, we find that most JUST call their provider, allow them to CHANGE their network and leave without you being operational.

This week alone (yes its just Wednesday!), we have had 3 calls from customers stating our internet provider was here and says its you and we have no internet. Only for us to find that the tech took the router away with them (yes this happened), they did not bridge the modem, or they simply did not plug in the new router to your network.

Things you should know about your internet service and how its setup:

  • Always call first if you have or think you have an internet problem: Always call us first, if you have or think you have an internet problem: Always call us first if you have or think you have an internet problem – Did I say call us first?
  • The hookup. Your internet is attached as follows if you use services: Cable/Verizon Modem – cat5 cable to your router (Linksys/Cisco, Apple or Sonicwall), cat5 cable to your switch. This is the most common hookup, very few have something different and if you do, the ROUTER is removed from the equation.
  • If internet trouble – FIRST – unplug and re-plug your internet modem- wait 2 minutes, THAN unplug & re-plug your router – wait 2 minutes – reboot your computers
  • FOR CABLE ONLY – your cable modem cannot be replaced without configuration – if you have it replaced make sure you call to verify if the modem is BRIDGED.
    Bridging puts the modem in PASS THROUGH mode and allows your router to handle all IP’s and security – if your modem is NOT set for bridge mode and its required for your network – no PC will get on line. The technician can set the bridge mode in less than 5 minutes – always verify with us and do not allow them to leave unless you are 100% working
  • FOR VERIZON ONLY – Same as Cable
  • FOR VERIZON FIOS ONLY – these modems cannot be set to bridge mode and may need PORTS opened – please call.
  • Do NOT allow your provider to be ALONE when working on your equipment –  make sure you watch them and verify they leave all your equipment and do not change cables.
  • BEFORE you have your provider work on your equipment – LABEL all your cables and write down where they are plugged into – and VERIFY they are replaced in same ports – this will eliminate miss-wiring
  • Do NOT EVER allow your internet provider to change settings on your computer and router
  • Most importantly, when you do call us, please make sure the provider is STILL on site and you advise us exactly why you called them and what they have done so far – we do not read minds or have psychic powers. We find all to often that we are not told the what, whens or why’s causing you longer down time and longer more expensive service calls.

Our business depends on the internet – by working together with us and keeping us in the loop, we can all make sure we stay profitable!

 

Raise your sales!

Anthony Pennacchio
Bulldog Tech

How To Protect Your Networks From Randomware (FBI Document)

Posted on
government logos

And I thought the FBI did NOT Do Emails?

This document is a U.S. Government inter-agency technical guidance document aimed to inform Chief Information Officers and Chief Information Security Officers at critical infrastructure entities, including small, medium, and large organizations. This document provides an aggregate of already existing Federal government and private industry best practices and mitigation strategies focused on the prevention and response to ransomware incidents.

Download PDF

What is Ransomware?

Ransomware is a form of malware that targets your critical data and systems for the purpose of extortion. Ransomware is frequently delivered through spearphishing emails. After the user has been locked out of the data or system, the cyber actor demands a ransom payment. After receiving payment, the cyber actor will purportedly provide an avenue to the victim to regain access to the system or data. Recent iterations target enterprise end users, making awareness and training a critical preventive measure

Protecting Your Networks from Ransomware

Ransomware is the fastest growing malware threat, targeting users of all types—from the home user to the corporate network. On average, more than 4,000 ransomware attacks have occurred daily since January 1, 2016. This is a 300-percent increase over the approximately 1,000 attacks per day seen in 2015. There are very effective prevention and response actions that can significantly mitigate the risk posed to your organization.
Ransomware targets home users, businesses, and government networks and can lead to temporary or permanent loss of sensitive or proprietary information, disruption to regular operations, financial losses incurred to restore systems and files, and potential harm to an organization’s reputation.

Ransomware may direct a user to click on a link to pay a ransom; however, the link may be malicious and could lead to additional malware infections. Some ransomware variants display intimidating messages, such as:
“Your computer was used to visit websites with illegal content. To unlock your computer, you must pay a $100 fine.”
“You only have 96 hours to submit the payment. If you do not send money within provided time, all your files will be permanently encrypted and no one will be able to recover them.”

Educate Your Personnel

Attackers often enter the organization by tricking a user to disclose a password or click on a virus-laden email attachment.
Remind employees to never click unsolicited links or open unsolicited attachments in emails. To improve workforce awareness, the internal security team may test the training of an organization’s workforce with simulated phishing emails1.

Proactive Prevention is the Best Defense
Prevention is the most effective defense against ransomware and it is critical to take precautions for protection. Infections can be devastating to an individual or organization, and recovery may be a difficult process requiring the services of a reputable data recovery specialist.
The U.S. Government (USG) recommends that users and administrators take the following preventive measures to protect their computer networks from falling victim to a ransomware infection:

Preventive Measures

  • Implement an awareness and training program. Because end users are targets, employees and individuals should be aware of the threat of ransomware and how it is delivered.
  • Enable strong spam filters to prevent phishing emails from reaching the end users and authenticate inbound email using technologies like Sender Policy Framework (SPF), Domain Message Authentication Reporting and Conformance (DMARC), and DomainKeys Identified Mail (DKIM) to prevent email spoofing.
  • Scan all incoming and outgoing emails to detect threats and filter executable files from reaching end users.
  • Configure firewalls to block access to known malicious IP addresses.
  • Patch operating systems, software, and firmware on devices. Consider using a centralized patch management system.
  • Set anti-virus and anti-malware programs to conduct regular scans automatically.
  • Manage the use of privileged accounts based on the principle of least privilege: no users should be assigned administrative access unless absolutely needed; and those with a need for administrator accounts should only use them when necessary.
  • Configure access controls—including file, directory, and network share permissions—with least privilege in mind. If a user only needs to read specific files, the user should not have write access to those files, directories, or shares.
  • Disable macro scripts from office files transmitted via email. Consider using Office Viewer software to open Microsoft Office files transmitted via email instead of full office suite applications.
  • Implement Software Restriction Policies (SRP) or other controls to prevent programs from executing from common ransomware locations, such as temporary folders supporting popular Internet browsers or compression/decompression programs, including the AppData/LocalAppData folder.
  • Consider disabling Remote Desktop protocol (RDP) if it is not being used.
  • Use application whitelisting, which only allows systems to execute programs known and permitted by security policy.
  • Execute operating system environments or specific programs in a virtualized environment.
  • Categorize data based on organizational value and implement physical and logical separation of networks and data for different organizational units.

Business Continuity Considerations

  • Back up data regularly. Verify the integrity of those backups and test the restoration process to ensure it is working.
  • Conduct an annual penetration test and vulnerability assessment.
  • Secure your backups. Ensure backups are not connected permanently to the computers and networks they are backing up. Examples are securing backups in the cloud or physically storing backups offline. Some instances of ransomware have the capability to lock cloud-based backups when systems continuously back up in real time, also known as persistent synchronization. Backups are critical in ransomware recovery and response; if you are infected, a backup may be the best way to recover your critical data.

What to Do If Infected with Ransomware

Should preventive measures fail, the USG recommends that organizations consider taking the following steps upon an infection with ransomware:

  • Isolate the infected computer immediately. Infected systems should be removed from the network as soon as possible to prevent ransomware from attacking network or share drives.
  • Isolate or power-off affected devices that have not yet been completely corrupted. This may afford more time to clean and recover data, contain damage, and prevent worsening conditions.
  • Immediately secure backup data or systems by taking them offline. Ensure backups are free of malware.
  • Contact law enforcement immediately. We strongly encourage you to contact a local field office of the Federal Bureau of Investigation (FBI) or U.S. Secret Service immediately upon discovery to report a ransomware event and request assistance.
  • If available, collect and secure partial portions of the ransomed data that might exist.
  • If possible, change all online account passwords and network passwords after removing the system from the network. Furthermore, change all system passwords once the malware is removed from the system.
  • Delete Registry values and files to stop the program from loading.

Implement your security incident response and business continuity plan. Ideally, organizations will ensure they have appropriate backups, so their response to an attack will simply be to restore the data from a known clean backup. Having a data backup can eliminate the need to pay a ransom to recover data.

There are serious risks to consider before paying the ransom. USG does not encourage paying a ransom to criminal actors. However, after systems have been compromised, whether to pay a ransom is a serious decision, requiring the evaluation of all options to protect shareholders, employees, and customers. Victims will want to evaluate the technical feasibility, timeliness, and cost of restarting systems from backup. Ransomware victims may also wish to consider the following factors:

  • Paying a ransom does not guarantee an organization will regain access to their data; in fact, some individuals or organizations were never provided with decryption keys after paying a ransom.
  • Some victims who paid the demand were targeted again by cyber actors.
  • After paying the originally demanded ransom, some victims were asked to pay more to get the promised decryption key.
  • Paying could inadvertently encourage this criminal business model.

How Law Enforcement Can Help

Any entity infected with ransomware should contact law enforcement immediately. Law enforcement may be able to use legal authorities and tools that are unavailable to most organizations. Law enforcement can enlist the assistance of international law enforcement partners to locate the stolen or encrypted data or identify the perpetrator. These tools and relationships can greatly increase the odds of successfully apprehending the criminal, thereby preventing future losses.

Federal law enforcement places a priority on conducting cyber investigations in a manner that causes minor disruption to a victim entity’s normal operations and seeks to work cooperatively and discreetly with that entity. Federal law enforcement uses investigative measures that avoid unnecessary downtime or displacement of a company’s employees. Federal law enforcement closely coordinates its activities with the affected organization to avoid unwarranted disclosure of information.
As an affected entity recovers from a cybersecurity incident, the entity should initiate measures to prevent similar incidents. Law enforcement agencies and the Department of Homeland Security’s National Cybersecurity and Communications Integration Center can assist organizations in implementing countermeasures and provide information and best practices for avoiding similar incidents in the future. Additionally, the affected organization should conduct a post-incident review of their response to the incident and assess the strengths and weaknesses of its incident response plan.

Ransomware Variants2

Ransomware is a growing criminal activity involving numerous variants. Since 2012 when police locker ransomware variants first emerged, ransomware variants have become more sophisticated and destructive. Some variants encrypt not just the files on the infected device, but also the contents of shared or networked drives, externally attached storage media devices, and cloud storage services that are mapped to infected computers. These variants are considered destructive because they encrypt users’ and organizations’ files, and render those files useless until a ransom is paid.

Recent federal investigations by the FBI reveal that ransomware authors continue to improve ransomware code by using anonymizing services like “Tor 3” for end-to-end communication to infected systems and Bitcoin virtual currency to collect ransom payments. Currently, the top five ransomware variants targeting U.S. companies and individuals are CryptoWall, CTB-Locker, TeslaCrypt, MSIL/Samas, and Locky. New ransomware variants are continually emerging.

CryptoWall

CryptoWall and its variants have been actively used to target U.S. victims since April 2014. CryptoWall was the first ransomware variant that only accepted ransom payments in Bitcoin. The ransom amounts associated with CryptoWall are typically between $200 and $10,000. Following the takedown of the CryptoLocker botnet, CryptoWall has become the most successful ransomware variant with victims all over the world. Between April 2014 and June

2 For more information on Ransomware variants and other resources, visit https://www.us-cert.gov/ncas/alerts/TA16-091A
3 Tor is free software for enabling anonymous communication. Tor directs Internet traffic through a free, worldwide, volunteer network consisting of more than 7,000 relays to conceal a user’s location and usage from anyone conducting network surveillance or traffic analysis. (The name derives from the original software project name, The Onion Router.)

2015, IC3 received 992 CryptoWall-related complaints, with victims reporting losses totaling over $18 million.
4 CryptoWall is primarily spread via spam email but also infects victims through drive-by downloads5 and malvertising6.

CTB-Locker

CTB-Locker emerged in June 2014 and is one of the first ransomware variants to use Tor for its C2 infrastructure. CTB-Locker uses Tor exclusively for its C2 servers and only connects to the C2 after encrypting victims’ files. Additionally, unlike other ransomware variants that utilize the Tor network for some communication, the Tor components are embedded in the CTB-Locker malware, making it more efficient and harder to detect. CTB-Locker is spread through drive-by downloads and spam emails.

TeslaCrypt

TeslaCrypt emerged in February 2015, initially targeting the video game community by encrypting gaming files. These files were targeted in addition to the files typically targeted by ransomware (documents, images, and database files). Once the data was encrypted, TeslaCrypt attempted to delete all Shadow Volume Copies and system restore points to prevent file recovery. TeslaCrypt was distributed through the Angler, Sweet Orange, and Nuclear exploit kits.

MSIL or Samas (SAMSAM)

MSIL or Samas (SAMSAM) was used to compromise the networks of multiple U.S. victims, including 2016 attacks on healthcare facilities that were running outdated versions of the JBoss content management application. SAMSAM exploits vulnerable Java-based Web servers. SAMSAM uses open-source tools to identify and compile a list of hosts reporting to the victim’s active directory. The actors then use psexec.exe to distribute the malware to each host on the network and encrypt most of the files on the system. The actors charge varying amounts in Bitcoin to provide the decryption keys to the victim.

Locky

In early 2016, a destructive ransomware variant, Locky, was observed infecting computers belonging to businesses globally, including those in the United States, New Zealand, Australia, Germany and the United Kingdom. Locky propagates through spam emails that include malicious Microsoft Office documents or compressed attachments (e.g., .rar, .zip) that were previously associated with banking Trojans such as Dridex and Pony. The malicious attachments contain macros or JavaScript files to download the Locky files. Recently, this ransomware has also been distributed using the Nuclear Exploit Kit.

4 This number includes additional costs incurred by the victim. Expenses may be associated with network mitigation, network countermeasures, loss of productivity, legal fees, IT services, and the purchase of credit monitoring services for employees or customers.
5 Drive by download” is the transfer of malicious software to the victim’s computer without the knowledge of or any action by the victim.
6 “Malvertizing,” is the use of malicious ads on legitimate websites. These malicious ads contain code that will infect a user’s computer

Links to Other Types of Malware
Systems infected with ransomware are also often infected with other malware. In the case of CryptoLocker, a user typically was infected by opening a malicious attachment from an email. This malicious attachment contained Upatre, a downloader, which infected the user with GameOver Zeus. GameOver Zeus was a variant of the Zeus Trojan used to steal banking information and other types of data. After a system became infected with GameOver Zeus, Upatre would also download CryptoLocker. Finally, CryptoLocker encrypted files on the infected system and demanded a ransom payment.

The disruption operation against the GameOver Zeus botnet also affected CryptoLocker, demonstrating the close ties between ransomware and other types of malware. In June 2014, an international law enforcement operation successfully weakened the infrastructure of both GameOverZeus and CryptoLocker.

Reporting
Federal Bureau of Investigation
Cyber Task Forces
www.fbi.gov/contact-us/field

Internet Crime Complaint Center
www.ic3.gov

United States Secret Service
Electronic Crimes Task Force www.secretservice.gov/investigation/#field
Local Field Offices www.secretservice.gov/contact/

Mitigation
Department of Homeland Security United States Computer Emergency Readiness Team (US-CERT)
www.us-cert.gov

NIST Cybersecurity Framework: http://www.nist.gov/cyberframework/
NSA/IAD Top 10 Information Assurance Mitigations Strategies: https://www.iad.gov/iad/library/ia-guidance/iads-top-10-information-assurance-mitigation-strategies.cfm