Information Security News
mailing list archives
Gone phishing: Army uses Thrift Savings Plan in fake e-mail to test cybersecurity awareness
From: InfoSec News <alerts () infosecnews org>
Date: Mon, 17 Mar 2014 07:29:19 +0000 (UTC)
By Lisa Rein and Eric Yoder
The Washington Post
March 13, 2014
An ominous e-mail message landed in the inboxes of a small group of U.S.
Army employees last month, warning of a security breach in their federal
retirement plans and urging them to log in and check their accounts.
The e-mail was a fake -- a classic spear phishing expedition looking for
unwitting victims willing to share their personal financial information.
But the perpetrator was not a criminal hacker. It was an Army combat
commander, acting on his own authority to test whether anyone on his staff
would fall for the trick. In the process of sussing out internal
vulnerabilities, though, the commander sowed panic across the government:
Employees forwarded the e-mail to thousands of friends and colleagues at
the Defense Department, the FBI, Customs and Border Protection, the Labor
Department and other agencies.
Even the Pentagon’s Chief Information Office, which oversees computer
networks across the military, was unaware of the phony e-mail.
The embarrassing play, a security awareness test of the sort that’s become
increasingly common practice at private companies and federal agencies,
tested the limits of how far the government should go with quality control
to protect against cyberthreats. Testing security by toying with federal
employees’ nest eggs? In hindsight, all agree that should be off-limits.
Find the best IT Security talent without breaking your recruiting budget.
Jobs cross-posted to Simply Hired, Facebook and LinkedIn.
Hot InfoSec Jobs - http://www.hotinfosecjobs.com/
- Gone phishing: Army uses Thrift Savings Plan in fake e-mail to test cybersecurity awareness InfoSec News (Mar 17)