DOD battles increasingly virulent cyberattacks

http://www.fcw.com/article97281-01-08-07-Print





DOD battles increasingly virulent cyberattacks

DOD attempts to fight spear phishing scams
BY Bob Brewin and Josh Rogin
Published on Jan. 8, 2007
Related Links

DOD battles spear phishing

DOD bars use of HTML e-mail, Outlook Web access

Find more related news in the technology section.
------------------------------------------------------------ -----------
-
FCW.com job search
Hot Topics

Find events presentations, source documents and other online resources
on the Defense Hot Topic page.

Vendor Solutions
Find white papers, vendor presentations and other technology solutions
in the Government IT Resource Center. Access now (registration
required).
Newsletters

Subscribe to the Defense newsletter to receive all the latest in news,
features and online resources.

FCW.com Blogs

FCW reviewers share their perspectives on the latest trends and
gadgets in the Tech blog.
The Defense Department continues to battle increasingly sophisticated
attacks against its information systems and networks, including
significant and widespread attempts to penetrate systems with
targeted, socially engineered e-mail messages in a technique known as
spear phishing.
According to internal documents and DOD officials, the department has
fought back with requirements that users log on to networks with a
Common Access Card (CAC) that electronically verifies their identities
and digitally signs e-mail messages with the key contained on that
card.
It has also required the use of plain text e-mail messages and
converts HTML messages to plain text because HTML can contain
programming code that plants keystroke loggers, viruses and other
malware on computers, according to a Joint Task Force-Global Network
Operations (JTF-GNO) presentation on spear phishing awareness training
that all DOD employees and contractors must complete by Jan. 17.
Spear phishing refers to the practice of sending e-mail messagess to
service members, DOD civilian personnel and contractors. Unlike broad
phishing efforts, in which scammers send messages to thousands or
millions of recipients purporting to be from banks, Web sites or other
organization, spear phishing narrowly targets a specific organization
- in this caseDOD. It is marked by the phishers' access to real DOD
documents and use of subject lines referring to real operations or
topics.
The Defense Security Service, which supports contractor access to DOD
networks, said in a bulletin sent to contractors in October that JTF-
GNO "has observed tens of thousands of malicious e-mails targeting
soldiers, sailors, airmen and Marines; U.S. government civilian
workers; and DOD contractors, with the potential compromise of a
significant number of computers across the DOD."
Lt. Gen. Steve Boutelle, the Army's chief information officer,
mandated the use of CACs in a message sent to all commands in
Februrary 2006. Even at that point, the threat from outside attackers
was escalating rapidly, according to one message he sent then.
The Army expects attacks to continue, according to a statement
provided by Boutelle's office. "As both the sophistication and
availability of technology increase, we expect attacks and intrusions
to increase," it states.
A JTF-GNO spokesman said the DOD backbone network, the Global
Information Grid, is scanned millions of times a day by outsiders, but
he declined to characterize the type of attacks DOD networks face. DOD
also declined to identify the source of the attacks.
In a presentation to the AFCEA LandWarNet conference last summer, Lee
LeClair of the Army's Network Enterprise Technology Command/9th Signal
Command, said U.S. military networks are faced with attacks by state-
sponsored teams that control botnets and engage in spear phishing.
JTF-GNO illustrated the sophistication of the attacks that DOD faces
in a spear phishing awareness training presentation obtained by
Federal Computer Week. That presentation shows a faked message that
appears to come from the operations division at the Pacific Command.
It includes a PowerPoint attachment concerning the Valiant Shield
exercise held last summer.