DoD Phishing Warfare Brochure and Fact Sheet

The following is a brochure released by the Joint Information Technology Service Provider-Pentagon in the wake of the Office of Personnel Management hacks disclosed earlier this year.  A fact sheet on phishing attacks is also available.

Phishing Warfare

Page Count: 2 pages
Date: October 2015
Restriction: None
Originating Organization: Department of Defense, Joint Information Technology Service Provider-Pentagon
File Type: pdf
File Size: 156,959 bytes
File Hash (SHA-256): B795CCC23AE88E2063C5AC3A23EBCF865DF1B1E3A1513131B78C9BFFE96B916C

Download File

The Hook

The hook is a malicious website designed to look and feel like a legitimate website. The authentic-looking website asks the victim to disclose privacy-related information, such as user identification and password. Often the hook is an obfuscated URL that is very close to one the victim finds legitimate and is really a site under the attacker’s control.

The Lure

The lure is an enticement delivered through email. The email contains a message encouraging the recipient to follow an included hypertext link. The hyperlink often masks a spoofed uniform resource locator (URL) of a legitimate website.

The Catch

The catch is when the originator of the phishing message uses the information collected from the hook to masquerade as the victim and conduct illegal financial transactions.

Today, more than ever, spear phishing attacks are focusing on national security targets and our federal users. For this reason, it is important to understand how to identify a phishing email and what steps to take to prevent identity theft, unauthorized system access, or mission compromise.

Remember to . . .
STOP, THINK, before you CLICK!

In 2010, during a joint military exercise sponsored by a functional Combatant Command, a service Red Team (as part of their exercise pre-positioning phase), identified 190 potential targets (first name, last name, and military ranks). The Red Team deduced, selected, and targeted 7 user e-mail accounts with 1 phishing email. The phishing e-mail was neither digitally signed nor encrypted and contained malicious code attached to a Microsoft Excel file. 2 of 7 targeted users clicked the phishing email.

This set forth a spiral of events that allowed the Red Team to establish connections, steal files, capture data, and remotely execute commands of their choosing. The Red Team eventually achieved Domain Admin Privileges over more than 6,800 user accounts, 5,400 computer accounts, and all associated password hashes. The detrimental impact on the technical and operational capabilities of the organization to perform its mission was high (high impact to the condentiality and integrity of information systems and networks).

Share this: