Spear phishers target military members at home, work

  • Published
  • By Staff Sgt. Samuel Morse
  • 35th Fighter Wing Public Affairs
MISAWA AIR BASE, Japan --  Information warfare has been around since long before the computer. Even in the days of homing pigeons, adversaries would attempt to intercept each other's messages to gain an advantage. Today, the enemy is still trying to steal our secrets, but they have devised new methods in this age of ones and zeros. One of these methods is known as spear phishing.

Phishing is defined as "criminal activity using social engineering techniques," according to the Joint Task Force-Global Network Operations. Phishers attempt to fraudulently acquire sensitive information, such as passwords, personal information, military operations and financial details by masquerading as a trustworthy person or business in an e-mail.

Spear phishing, on the other hand, is a highly-targeted phishing attempt. The JTF-GNO also states a phisher will often use the victim's name, organization, and even relevant jargon to further make them think the e-mail is legitimate. They will even spoof who the e-mail is from, making it look like it came from a coworker or friend. There may be spelling mistakes due to third country national origin, but for all intents and purposes, the e-mail will look legitimate.

While normal phishing is almost always for the purpose of identity theft, spear phishing on government systems is usually in an attempt to gather information and intelligence. Spear phishers will usually attempt to make you open an attachment or Web link that will load malicious logic onto your computer. Often times, the malicious logic comes in the form of a key logger, a program that records keys typed on a keyboard and sends the data to the phisher, said Master Sgt. Thomas Parker, 35th Fighter Wing information assurance office NCO in charge.

Government systems are not the only computers targeted in these schemes. Military members can be targeted at home as well.

"It is critical that all personnel understand that they will not be contacted by Air Force network personnel to upgrade their home-use common access card software or perform other actions on their home PC," said Master Sgt. James Rowland, 13th Air Force Cyber Operations. "The Air Force's policy is to post all upgrade notices for the CAC Home Use Program on the AF Portal. Download of the CAC Home Use Program and updates should only be accomplished via the AF Portal home page."

Sergeant Parker also said the best way to make sure an e-mail is authentic right now is to look for a digital signature. To his knowledge, phishers have yet to find a way to spoof a digital signature from a trusted site. He encourages all network users to digitally sign and encrypt their e-mails. If someone is unsure of how to do this, they can contact their local information assurance officer.

Another protective measure is to look for tell-tale signs of a fake e-mail. A lack of proper "For Official Use Only" tags, misspellings, incorrect signature blocks and other items out of place or missing can indicate a foreign origin.

It is also encouraged to double-check Web site addresses. Links should start with "https://" rather than "http://." This denotes a secure connection. Also, the suffix ".mil" should be present in the domain name of official military Web sites. Unfortunately, even if a Web address has these elements, it can have an embedded link that takes you somewhere other than what it says. To combat this, Sergeant Parker suggests opening an empty browser and navigating to the Web page manually. While this may take longer, it will help prevent the user from falling victim to malicious logic.

For attachments, if you must open them, do not enable macros. Government systems are designed to give warnings when a document or other seemingly benign file attempts to do something other than what it was designed to do. First Lt. Robby Williams, 35th Communications Squadron plans and resources flight commander, emphasized that users should make sure e-mails with attachments are digitally signed and should request the e-mail to be resent with a signature if there isn't one.

"Blindly clicking 'yes' to alerts is the type of complacency that phishers are looking for," said Senior Airman Benjamin Nelson, 35th Mission Support Group knowledge operator.

Also, disabling the e-mail preview pane, or at the very least disabling HTML on the preview pane, will give a degree of separation, allowing users to verify a sender before opening an e-mail with attachments.

"If you do get an e-mail that you deem to be suspicious, call the sender to verify that the e-mail did, in fact, come from them. If not, or if the e-mail came from an organization outside the military, contact your information assurance officer so they can investigate the e-mail," said Sergeant Parker. "If you have already opened the suspicious e-mail, Web link, or attachment, immediately unplug your computer from the network and contact your IAO."

E-mail is not the only medium being targeted, however. The increasing popularity of social media sites such as facebook.com or myspace.com have drawn phishers into these new frontiers.

"Status updates posted on Facebook, Myspace and Twitter propagate headlines such as 'Donate to Haiti Efforts' or 'Facebook charging for membership' usually include a link to a website with additional information," said Sergeant Rowland. "The simple act of browsing a maliciously-crafted website is all it takes to infect your computer with information-stealing malware. Personally identifiable information is the hottest commodity in cyber crime rings--so be careful when giving details about yourself online."

Phishing and spear phishing are an increasing threat to the security of government systems and personnel. A significant percentage of targeted individuals fall victim to this type of attack each year, Sergeant Parker said. There is only so much IAOs can do to prevent these kinds of attacks. It's up to every system user to maintain the constant vigilance needed to maintain computer security.