Training to Make Coast Guard Personnel Aware of Phishing

A sophisticated 'phishing' technique known as 'spear phishing' targets victims by socially engineered e-mail messages. This attack has been launched on the Department of Defense (DOD), which is battling to save the information systems from intrusion, as per internal documents.

One of the steps DOD has taken is to train all Coast Guard personnel working on its network, on how to ignore fake e-mails that try to access sensitive data through spear phishing.

The Joint Task Force-Global Network Operations (JTF-GNO) made an internal presentation in November 2006 to warn DOD users that they were being the targets of spear phishing. Such phishing attempts have been focused on all officials in all services in every geographic location. The spear phishing attacks have tried to hit DOD civilians and military contractors, said the presentation.

The Defense Department in November 2006 made it mandatory for all personnel to take training to learn about spear phishing by 17th January 2007. Coast Guard has also issued a similar order for its staff that connects to Standard Workstation III computer network. Assistant commandant in control, command, communications, computers and information technology Rear Adm. R.T. Hewitt gave this order through a message sent on December 21, 2006.

Hewitt's message said this requirement of the Coast Guard arises within the directives of the U.S. Strategic Command with respect to DOD Information Operations Condition (Infocon) procedures and under the directives of Homeland Security Department on confidential systems.

With the continued prevalence of threats to the networks of DOD, the Defense Department raised its Infocon status to Level 4 from the normal operating conditions i.e., Level 5. As part of this raised level the JTF-GNO has prohibited the use of HTML e-mail messages because they can have spyware and sometimes executable code that could help intruders to spy on DOD networks.

DOD spokespeople did not try to identify the sources of the spear phishing attacks. But in the 'LandWarNet' conference, Lee Lelair of the Army's Network Enterprise Technology Command/ 9th Signal Command said in a presentation to the AFCEA that state-sponsored teams have engaged in spear phishing to attack the military networks.

» SPAMfighter News - 1/2/2007