DOD battles increasingly virulent cyberattacks

DOD attempts to fight spear phishing scams

The Defense Department continues to battle increasingly sophisticated attacks against its information systems and networks, including significant and widespread attempts to penetrate systems with targeted, socially engineered e-mail messages in a technique known as spear phishing.

According to internal documents and DOD officials, the department has fought back with requirements that users log on to networks with a Common Access Card (CAC) that electronically verifies their identities and digitally signs e-mail messages with the key contained on that card.

It has also required the use of plain text e-mail messages and converts HTML messages to plain text because HTML can contain programming code that plants keystroke loggers, viruses and other malware on computers, according to a Joint Task Force-Global Network Operations (JTF-GNO) presentation on spear phishing awareness training that all DOD employees and contractors must complete by Jan. 17.

Spear phishing refers to the practice of sending e-mail messagess to service members, DOD civilian personnel and contractors. Unlike broad phishing efforts, in which scammers send messages to thousands or millions of recipients purporting to be from banks, Web sites or other organization, spear phishing narrowly targets a specific organization — in this caseDOD. It is marked by the phishers’ access to real DOD documents and use of subject lines referring to real operations or topics.

The Defense Security Service, which supports contractor access to DOD networks, said in a bulletin sent to contractors in October that JTF-GNO “has observed tens of thousands of malicious e-mails targeting soldiers, sailors, airmen and Marines; U.S. government civilian workers; and DOD contractors, with the potential compromise of a significant number of computers across the DOD.”

Lt. Gen. Steve Boutelle, the Army’s chief information officer, mandated the use of CACs in a message sent to all commands in Februrary 2006. Even at that point, the threat from outside attackers was escalating rapidly, according to one message he sent then.

The Army expects attacks to continue, according to a statement provided by Boutelle’s office. “As both the sophistication and availability of technology increase, we expect attacks and intrusions to increase,” it states.

A JTF-GNO spokesman said the DOD backbone network, the Global Information Grid, is scanned millions of times a day by outsiders, but he declined to characterize the type of attacks DOD networks face. DOD also declined to identify the source of the attacks.

In a presentation to the AFCEA LandWarNet conference last summer, Lee LeClair of the Army’s Network Enterprise Technology Command/9th Signal Command, said U.S. military networks are faced with attacks by state-sponsored teams that control botnets and engage in spear phishing.

JTF-GNO illustrated the sophistication of the attacks that DOD faces in a spear phishing awareness training presentation obtained by Federal Computer Week. That presentation shows a faked message that appears to come from the operations division at the Pacific Command. It includes a PowerPoint attachment concerning the Valiant Shield exercise held last summer.
Centaurs and honeynetsIn 2000, the Defense Information Systems Agency quietly launched Project Centaur, a data-mining and pattern discovery program to identify attack trends, scopes and methods used against its networks.

Project Centaur, as described by DISA in its 2003 budget documents, was designed to use those techniques to automatically correlate the location of sophisticated network attacks, determine the scope and scale of the intrusions, and coordinate response actions. The project was also mentioned in DISA’s 2004 budget documents, but since then, DISA has eliminated any description of the project from publicly available documents.

DISA and the Joint Task Force-Global Network Operations have also fielded diversion networks called honeynets to keep intruders away from operational networks, according to a presentation at the 2005 Army Information Technology conference by Col. Carl Hunt, director of technology and analysis at JTF-GNO. Aside from this briefing, there is little publicly available information about DOD honeynets. The term generally refers to a network that makes intruders think they’ve successfully penetrated their target.
— Bob Brewin

FCW in Print

In the latest issue: Looking back on three decades of big stories in federal IT.


  • Anne Rung -- Commerce Department Photo

    Exit interview with Anne Rung

    The government's departing top acquisition official said she leaves behind a solid foundation on which to build more effective and efficient federal IT.

  • Charles Phalen

    Administration appoints first head of NBIB

    The National Background Investigations Bureau announced the appointment of its first director as the agency prepares to take over processing government background checks.

  • Sen. James Lankford (R-Okla.)

    Senator: Rigid hiring process pushes millennials from federal work

    Sen. James Lankford (R-Okla.) said agencies are missing out on younger workers because of the government's rigidity, particularly its protracted hiring process.

  • FCW @ 30 GPS

    FCW @ 30

    Since 1987, FCW has covered it all -- the major contracts, the disruptive technologies, the picayune scandals and the many, many people who make federal IT function. Here's a look back at six of the most significant stories.

  • Shutterstock image.

    A 'minibus' appropriations package could be in the cards

    A short-term funding bill is expected by Sept. 30 to keep the federal government operating through early December, but after that the options get more complicated.

  • Defense Secretary Ash Carter speaks at the TechCrunch Disrupt conference in San Francisco

    DOD launches new tech hub in Austin

    The DOD is opening a new Defense Innovation Unit Experimental office in Austin, Texas, while Congress debates legislation that could defund DIUx.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group