---

Welcome to the US-CERT Incident Reporting System What is an incident? A good but fairly general definition of an incident is The act of violating an explicit or implied security policy. Unfortunately, this definition relies on the existence of a security policy that, while generally understood, varies among organizations. For the federal government, an incident, defined by NIST Special Publication 800-61, is a violation or imminent threat of violation of computer security policies, acceptable use policies, or standard computer security practices. Federal incident reporting guidelines, including definitions and reporting timeframes can be found at http://www.us-cert.gov/federal/reportingRequirements.html. In general, types of activity that are commonly recognized as being in violation of a typical security policy include but are not limited to attempts (either failed or successful) to gain unauthorized access to a system or its data, including PII related incidents (link to the below description) unwanted disruption or denial of service the unauthorized use of a system for processing or storing data changes to system hardware, firmware, or software characteristics without the owner's knowledge, instruction, or consent We encourage you to report any activities that you feel meet the criteria for an incident. Note that our policy is to keep any information specific to your site confidential unless we receive your permission to release that information. Using the US-CERT Incident Reporting System In order for us to respond appropriately, please answer the questions as completely and accurately as possible. Questions that must be answered are labeled "Required". As always, we will protect your sensitive information. This web site uses Secure Sockets Layer (SSL) to provide secure communications. Your browser must allow at least 40-bit encryption. This method of communication is much more secure than unencrypted email.
Section: Reporter's Contact Information
First Name (Required)
Last Name (Required)
Email Address (Required)
Telephone number (Required)
Are you reporting as part of an Information Sharing and Analysis Center (ISAC)?						No, this is not an ISAC report Chemical Electricity Emergency Fire Services Energy Financial Services (FS) Food and Agriculture Information Technology (IT) Maritime Multi-State (MS) National Monuments and Icons Postal and Shipping Public Health Real Estate Research and Education State CIO Surface Transportation Telecom Trucking Water Other
What type of organization is reporting this incident? (Required)						Please select Federal Government State/Local Government Commercial sector Foreign Sector Private Sector
What is the impact to the reporting organization? (Required)						Please select Unknown None Minimal Low Medium High
What type of followup action are you requesting at this time? (Required)						Please select None Contact Forward
Describe the current status or resolution of this incident. (Required)						Please select Occurring Contained Occurred Future Threat Unknown
From what time zone are you making this report? (Required)						Please select a time zone (GMT-12:00) Enewetak, Kwajalein (GMT-11:00) Midway Island, Samoa (GMT-10:00) Hawaii (GMT-09:00) Alaska (GMT-08:00) Pacific Time (US & Canada) Tijuana (GMT-07:00) Arizona (GMT-07:00) Mountain Time (US & Canada) (GMT-06:00) Central Time (US & Canada) (GMT-06:00) Mexico City, Tegucigalpa (GMT-06:00) Saskatchewan (GMT-05:00) Bogota, Lima (GMT-05:00) Eastern Time (US & Canada) (GMT-05:00) Indiana (East) (GMT-04:00) Atlantic Time (Canada) (GMT-04:00) Caracas, La Paz (GMT-03:30) Newfoundland (GMT-03:00) Buenos Aires, Georgetown (GMT-03:00) Rio de Janeiro (GMT-02:00) Mid-Atlantic (GMT-01:00) Azores, Cape Verde Is. (GMT) Greenwich Mean Time; Dublin, Edinburgh, London (GMT) Monrovia, Casablanca (GMT+01:00) Berlin, Stockholm, Rome, Bern, Brussels, Vienna (GMT+01:00) Lisbon, Warsaw (GMT+01:00) Paris, Madrid (GMT+01:00) Prague (GMT+02:00) Athens, Helsinki, Istanbul (GMT+02:00) Cairo (GMT+02:00) Eastern Europe (GMT+02:00) Harare, Pretoria (GMT+02:00) Israel (GMT+03:00) Baghdad, Kuwait, Nairobi, Riyadh (GMT+03:00) Moscow, St. Petersburg (GMT+03:30) Tehran (GMT+04:00) Abu Dhabi, Muscat, Tbilisi, Kazan, Volgograd (GMT+04:30) Kabul (GMT+05:00) Islamabad, Karachi, Sverdlovsk, Tashkent (GMT+06:00) Alma Ata, Dhaka (GMT+07:00) Bangkok, Jakarta, Hanoi (GMT+08:00) Beijing, Chongqing, Urumqi (GMT+08:00) Hong Kong, Perth, Singapore, Taipei (GMT+09:00) Tokyo, Osaka, Sapporo, Seoul, Yakutsk (GMT+09:30) Adelaide (GMT+10:00) Brisbane, Melbourne, Sydney (GMT+10:00) Guam, Port Moresby, Vladivostok (GMT+10:00) Hobart (GMT+11:00) Magadan, Soloman Is., New Caledonia (GMT+12:00) Fiji, Kamchatka, Marshall Is. (GMT+12:00) Wellington
What is the approx time the incident started? (localtime)						January February March April May June July August September October November December 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 , 2008 2009 2010 : 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 :00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
When was this incident detected? (localtime)						January February March April May June July August September October November December 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 , 2008 2009 2010 : 00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 :00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59
Section: Incident Details
Please provide a short description of the incident and impact (Required)
How many systems are impacted by this incident? (Leave blank if Unknown)
How many sites are impacted by this incident? (Leave blank if Unknown)
Was the data involved in this incident encrypted?						N/A Unknown Yes No
Was critical infrastructure impacted by this incident?						N/A Unknown Yes No
What was the primary method used to identify the incident						Unknown 3rd Party Administrator AntiSpyware Software AntiVirus Software IDS Log Review US-CERT Einstein Program US-CERT IDS Signature or Tip User Other
If available, please include 5-10 lines of time-stamped logs in plain ASCII text.(e.g.,CSV).

---

US-CERT Security Policy | Version: 2.1.2 | Page: 1 | Report ID: 2009-USCERTv3373VAS
Please click here to provide comments and feedback on the Incident Reporting Form