New Form

Name *

Job Title *

Phone *

Email: *

Company: *

Cybercrime Affected Locations (user may enter more locations after logging an initial):

Business Name

Street Address *

City *

State *

Zip Code *

Date of cyber-incident:

Details of cyber-incident:

Data corruption related (describe):

Is there indication of ransomware (describe):

Is this a result of spear phishing (describe):

Were there mitigation steps taken (if any):

Was there monetary loss or risk of (if any):

How were you or your company notified of the cyber-incident?

Is there indication of how or where the intrusion came from?

What departments of your fleet did it affect?

Prior to the FBI responding to a cyber incident, the items in the checklist below would greatly enhance the FBI’s ability to investigate:

• Network inventory

• Software inventory

• Patch level of software

• Current Network Topology

• Network logs (i.e. DNS/VPN/Firewall)

• Host-based logs (i.e. web/firewall/AV)

• Secure email logs

• Domain Infrastructure/Group Policy

• Access Control Details

• List of external and internal IP addresses

• Physical/badge access logs

• Legal Banner Agreement

Please provide any additional information regarding the list above:

It is recommended by DHS that you keep any evidence you may have related to your complaint. Evidence may include, but is not limited to, the following:

• Canceled checks

• Credit card receipts

• Money order receipts

• Certified or other mail receipts

• Wire receipts

• Virtual currency receipts

• Pre-paid card receipts

• Envelopes (if you received items via FedEx, UPS, or U.S. Mail)

• Facsimiles

• Pamphlets or brochures

• Phone bills

• Printed or preferably electronic copies of emails (if printed, include full email header information)

• Printed or preferably electronic copies of web pages

• Hard drive images

• PCAP files containing malicious network traffic

• Network, host system, and/or security appliance logs

• Copies of malware

• Chat transcripts and/or telephony logs

Keep items in a safe location in the event you are requested to provide them for investigative or prosecutorial needs.

Any other relevant information you believe is necessary to support your complaint

(attachments available here):

Upload

Note: All information will be sent to the following federal enforcement agencies here:

Federal Bureau of Investigation
National Cyber Investigative Joint Task Force (NCIJTF) Cyber Watch Command Center – FBI CyWatch
FBI Local Office & Cyber Division of incident reported location(s)
FBI Internet Crime Complaint Center (IC3)
Department of Homeland Security
National Cybersecurity and Communications Integration Center (NCCIC)
Homeland Security Information Network (HSIN) – Highway & Motor Carrier
United States Computer Emergency Readiness Team (US-CERT)

Note: Undisclosed Information will not be sent to the following ATA Fleet CyWatch affiliated reporting resources here:

National Cyber-Forensics & Training Alliance (NCFTA)
Surface Transportation Information Sharing & Analysis Center (ST-ISAC)
Automotive Information Sharing & Analysis Center (Auto-ISAC)
InfraGard

After you file a report with ATA’s Fleet CyWatch, the information is reviewed by federal analysts and forwarded to federal, state, local, or international law enforcement or regulatory agencies with jurisdiction. Fleet CyWatch does not conduct investigations and, therefore, is not able to provide the investigative status of a submitted Report. Investigation and prosecution is at the discretion of the receiving agencies. Fleet CyWatch will monitor and followup with the user depending on the level of cyber-incident and in accordance of the receiving agencies.

If you require immediate assistance, please contact your local FBI office from the provided list at https://www.fbi.gov/contact-us/field-offices, and local U.S. Secret Service Field Office and Electronic Crimes Task Force at http://www.secretservice.gov/contact/field-offices. Also contact the NCCIC asset response line (888-282-0870).

User Agreement

You certify that the above information is to the best of your knowledge and that you are qualified within your company to provide such information.

*

Please contact Fleet CyWatch with any questions related to this Cyber Incident Notification at (703) 838-1700.

Map Spreadsheet Columns to Import