Do you have a question? Post it now! No Registration Necessary. Now with pictures!
January 28, 2007, 8:01 pm
rate this thread
DOD battles increasingly virulent cyberattacks
DOD attempts to fight spear phishing scams
BY Bob Brewin and Josh Rogin
Published on Jan. 8, 2007
DOD battles spear phishing
DOD bars use of HTML e-mail, Outlook Web access
Find more related news in the technology section.
FCW.com job search
Find events presentations, source documents and other online resources
on the Defense Hot Topic page.
Find white papers, vendor presentations and other technology solutions
in the Government IT Resource Center. Access now (registration
Subscribe to the Defense newsletter to receive all the latest in news,
features and online resources.
FCW reviewers share their perspectives on the latest trends and
gadgets in the Tech blog.
The Defense Department continues to battle increasingly sophisticated
attacks against its information systems and networks, including
significant and widespread attempts to penetrate systems with
targeted, socially engineered e-mail messages in a technique known as
According to internal documents and DOD officials, the department has
fought back with requirements that users log on to networks with a
Common Access Card (CAC) that electronically verifies their identities
and digitally signs e-mail messages with the key contained on that
It has also required the use of plain text e-mail messages and
converts HTML messages to plain text because HTML can contain
programming code that plants keystroke loggers, viruses and other
malware on computers, according to a Joint Task Force-Global Network
Operations (JTF-GNO) presentation on spear phishing awareness training
that all DOD employees and contractors must complete by Jan. 17.
Spear phishing refers to the practice of sending e-mail messagess to
service members, DOD civilian personnel and contractors. Unlike broad
phishing efforts, in which scammers send messages to thousands or
millions of recipients purporting to be from banks, Web sites or other
organization, spear phishing narrowly targets a specific organization
- in this caseDOD. It is marked by the phishers' access to real DOD
documents and use of subject lines referring to real operations or
The Defense Security Service, which supports contractor access to DOD
networks, said in a bulletin sent to contractors in October that JTF-
GNO "has observed tens of thousands of malicious e-mails targeting
soldiers, sailors, airmen and Marines; U.S. government civilian
workers; and DOD contractors, with the potential compromise of a
significant number of computers across the DOD."
Lt. Gen. Steve Boutelle, the Army's chief information officer,
mandated the use of CACs in a message sent to all commands in
Februrary 2006. Even at that point, the threat from outside attackers
was escalating rapidly, according to one message he sent then.
The Army expects attacks to continue, according to a statement
provided by Boutelle's office. "As both the sophistication and
availability of technology increase, we expect attacks and intrusions
to increase," it states.
A JTF-GNO spokesman said the DOD backbone network, the Global
Information Grid, is scanned millions of times a day by outsiders, but
he declined to characterize the type of attacks DOD networks face. DOD
also declined to identify the source of the attacks.
In a presentation to the AFCEA LandWarNet conference last summer, Lee
LeClair of the Army's Network Enterprise Technology Command/9th Signal
Command, said U.S. military networks are faced with attacks by state-
sponsored teams that control botnets and engage in spear phishing.
JTF-GNO illustrated the sophistication of the attacks that DOD faces
in a spear phishing awareness training presentation obtained by
Federal Computer Week. That presentation shows a faked message that
appears to come from the operations division at the Pacific Command.
It includes a PowerPoint attachment concerning the Valiant Shield
exercise held last summer.
- » AC use nearly halves DOD network intrusions, Croom says
- — Previous thread in » General Computer Security