Fending off cyberspace 'intruders'
By Tech. Sgt. Jermaine Tappin, 509th Communications Squadron NCO in charge of the Wing Information Assurance Office
/ Published December 14, 2009
WHITEMAN AIR FORCE BASE, Mo., --
"Intruders" from cyberspace are trying to hack into the Whiteman Air Force Base network and steal information from unsuspecting users.
The intruders are not hackers, though they pretend to be, to gain access to information they would need if they wanted to cripple the mission here. Fortunately, they are not a real threat, but a group of Airmen from the 177th Information Aggressor Squadron's "Red Team" helping strengthen the DoD network through training, testing and assessing users.
The 177th IAS identifies physical and network vulnerabilities and provides solutions through vulnerability assessment visits and Red Team operations. One of the biggest threats to the local network is a scam known as phishing. The Red Team uses this phishing technique to gain access to our network.
Phishing has primarily been a phenomenon used to steal privacy information from unwitting victims. The principle attack method involves an enticement that causes the victim to visit a malicious Web site purported to be authentic. At its core, phishing is a high-tech form of social engineering. The attacker's objective is to convince the victim to disclose privacy information or credentials that the attacker can use to conduct a financial fraud.
Spear-phishing is a directed type of attack that targets specific groups of people. With this attack, the phisher sends an e-mail to a group of people who are often in the same organization. Frequently, the phishing e-mail is spoofed to appear to be from an actual member of the group.
Spear-phishing is conducted to perpetrate a fraud, whereas phishing warfare against armed forces is used to gain military intelligence, conduct espionage, or perform information warfare activities. Phishing represents a potential attack vector for terrorists, nation states, and militaries. As opposed to financial gain, phishing could be used to steal credentials or compromise a host in a target network.
An enemy could establish a back door into an unclassified network and obtain sensitive information that it could use to compromise operational security. An enemy could use a back door in a sensitive system not only to gather intelligence, but also to conduct information warfare activities, such as altering information or disrupting important systems during strategic events. Indeed, phishing is an ideal social engineering weapon that the attacker can leverage to take advantage of a user's trust, complacency, or ignorance.
It is thought that a victim falls prey to phishing attacks because of the following reasons:
- An e-mail is considered authentic; that is, a user is deceived into thinking an e-mail is from an authentic or legitimate source.
- The Web site appears genuine. Clicking on a link in an e-mail commonly spawns a new browser instance or causes the most recently activated instance to navigate to the associated URL.
You can significantly decrease our adversaries' access to our networks, critical Air Force information, and even your personal identity, by taking the following three actions.
1. Do not open attachments or click on links unless the e-mail is digitally signed, or you can directly verify the source- even if it appears to be from someone you know.
2. Do not connect any hardware or download any software, applications, music or information onto our networks without approval.
3. Encrypt sensitive but unclassified and/or mission critical information. Ask your computer system adminstrator for more information.