DOD Gears Itself against Spear Phishing
Internal documents of the DOD (Department of Defense) reveal that the department is fighting against an extensive attempt by malicious agents who use spear phishing to invade DOD information system with technically smart and precise e-mail communications.
In November 2006, the Joint Task Force-Global Network Operations (JTF-GNO) issued a warning to DOD users that every person in DOD is within the sights of spear phishers. There have been incursions against all levels in all services and in all points in space. Both DOD civilians and military service providers have also come under attack.
A spokesman for the Joint Task Force for Global Network Operations said that on account of a heightened network threat situation, the Defense Department was barring all HTML-based e-mail messages and had prohibited the use of Outlook Web Access e-mail tools. The Defense Security Service (DSS) says that JTF-GNO increased the network threat condition to Infocon 4 in the context of persistent and well-designed attacks on Defense Department's network.
The Defense Security Service (DSS), which enables contractor access to DOD systems, said in a statement sent to contractors that JTF-GNO had come across innumerable nasty e-mails aimed at military personnel, U.S. government civilian workers, and DOD contractors, with the potential to damage a great number of DOD computers.
The release adds that the complexity of the exploits of spear phishers shows itself in the way they acquire and put to use genuine DOD documents and data. The spear phishers also create tempting subject lines concerned with real issues.
The department strengthened its network security and e-mail protection with a new breed of Common Access Cards, which contain public-key infrastructure to gain entry to e-mail. DOD customers are also required to electronically sign their e-mail dispatches.
JTF-GNO mentions that technology is not the only answer to the menace of spear phishing. It advises DOD e-mail users to be certain that the source can be validated and that the message has a digital signature before the recipient clicks on any link in a message or opens an attachment.
E-mails from entities outside DOD should be handled with vigilance and one should be on guard about their design.
Related article: Data Theft Incidents Influence Consumers Adversely
» SPAMfighter News - 30-12-2006