DOD battles increasingly virulent cyberattacks
DOD attempts to fight spear phishing scams
The Defense Department continues to battle increasingly sophisticated attacks against its information systems and networks, including significant and widespread attempts to penetrate systems with targeted, socially engineered e-mail messages in a technique known as spear phishing.
According to internal documents and DOD officials, the department has fought back with requirements that users log on to networks with a Common Access Card (CAC) that electronically verifies their identities and digitally signs e-mail messages with the key contained on that card.
It has also required the use of plain text e-mail messages and converts HTML messages to plain text because HTML can contain programming code that plants keystroke loggers, viruses and other malware on computers, according to a Joint Task Force-Global Network Operations (JTF-GNO) presentation on spear phishing awareness training that all DOD employees and contractors must complete by Jan. 17.
Spear phishing refers to the practice of sending e-mail messagess to service members, DOD civilian personnel and contractors. Unlike broad phishing efforts, in which scammers send messages to thousands or millions of recipients purporting to be from banks, Web sites or other organization, spear phishing narrowly targets a specific organization — in this caseDOD. It is marked by the phishers’ access to real DOD documents and use of subject lines referring to real operations or topics.
The Defense Security Service, which supports contractor access to DOD networks, said in a bulletin sent to contractors in October that JTF-GNO “has observed tens of thousands of malicious e-mails targeting soldiers, sailors, airmen and Marines; U.S. government civilian workers; and DOD contractors, with the potential compromise of a significant number of computers across the DOD.”
Lt. Gen. Steve Boutelle, the Army’s chief information officer, mandated the use of CACs in a message sent to all commands in Februrary 2006. Even at that point, the threat from outside attackers was escalating rapidly, according to one message he sent then.
The Army expects attacks to continue, according to a statement provided by Boutelle’s office. “As both the sophistication and availability of technology increase, we expect attacks and intrusions to increase,” it states.
A JTF-GNO spokesman said the DOD backbone network, the Global Information Grid, is scanned millions of times a day by outsiders, but he declined to characterize the type of attacks DOD networks face. DOD also declined to identify the source of the attacks.
In a presentation to the AFCEA LandWarNet conference last summer, Lee LeClair of the Army’s Network Enterprise Technology Command/9th Signal Command, said U.S. military networks are faced with attacks by state-sponsored teams that control botnets and engage in spear phishing.
JTF-GNO illustrated the sophistication of the attacks that DOD faces in a spear phishing awareness training presentation obtained by Federal Computer Week. That presentation shows a faked message that appears to come from the operations division at the Pacific Command. It includes a PowerPoint attachment concerning the Valiant Shield exercise held last summer.