logo

  •   Submit to to del.icio.us   Submit to to digg   submit to to reddit   submit to to StumbleUpon   submit to to Google   Submit to to Yahoo!

Category: news | Posted by Avatar Staff 244 days ago
Via: http://lists.jammed.com | Tags: isn services run drills email scams comments Discuss  


http://www.stripes.com/article.asp?section=104&article=53793



By Jeff Schogol

Stars and Stripes

Mideast edition

April 3, 2008



ARLINGTON, Va. . An Army security drill that posed as an e-mail scam is

part of a larger exercise known as .Bulwark Defender,. said Bruce

Sprecher, a spokesman for U.S. Strategic Command.



.The e-mail, sent to dot.mil addresses, was developed to check our

personnel.s responses to a sophisticated phishing scam,. Sprecher said

on Wednesday. .These events are conducted to determine how to improve

the training of personnel and the tools we use to defend against such

exploits.



.While our personnel and network defenders are getting better at

recognizing and responding to phishing e-mails, we realize that those

who create phishing scams are getting better as well,. he said.



All four services are participating in the exercise, Sprecher said.



On Monday, Army and Family, Morale Welfare and Recreation Command

learned that an apparent e-mail scam offering free tickets to troops and

Defense Department civilians for personal information was an Army

security exercise.



The e-mail, allegedly from Family and MWR Command, directed users to a

Web site that asked for personal information, such as names, addresses

and telephone numbers.



.We tracked responses, and did not collect data,. Sprecher said. .The

information people input went to a Web site with no active database. The

information submitted was not captured..



Family and MWR Command was not told about the exercise ahead of time.



The test was meant to be like a .pop quiz. to gauge how people react in

their normal frame of mind, and telling Family and MWR Command ahead of

time could have increased the risk that news of the test could have

gotten out, Sprecher said.



Still, Family and MWR Command has expressed concern that it had been

kept out of the loop.



Laurie Pugh, head spokeswoman for Family and MWR Command, said the

command understands the need to maintain the integrity of security

tests.



.However, coordinating with Family and Morale, Welfare and Recreation

Command would not have affected the integrity of the test, but would

have allowed Family and MWR Command to protect the integrity of our

brand,. Pugh said on Wednesday.



For example, the command could have coordinated with sponsors so that

when people went to the bogus Web site, they would have been told that

it was an exercise but still received a coupon, said Bill Bradner, a

spokesman for Family and MWR Command.



Bulwark Defender is ongoing, Sprecher said.



.To ensure the integrity of the exercise, the dates won.t be released

until completion,. he said.





___________________________________________________

Subscribe to InfoSec News

http://www.infosecnews.org/mailman/listinfo/isn





addto Add this link to... report Bury 


Comments Who Voted Related Links
Copyright 2005-2008 Best of Security