95th CG goes phishing at Edwards

  • Published
  • By Airman 1st Class William A. O'Brien
  • 95th Air Base Wing Public Affairs
EDWARDS AIR FORCE BASE, Calif. --  Each day, thousands of malicious e-mails are sent to users across the Air Force by computer hackers and adversaries looking for classified or personal information. As bait, they disguise themselves as trusted organizations requiring immediate information with dire consequences for those who don't provide it.

These attacks are known as phishing and are the Air Force's biggest foe in the war taking place each day on everybody's desktop.

"Never assume the network is a safe place and that everyone should be trusted," said Col. Paul Hardy, 95th Communications Group commander. "Be skeptical of any e-mail requesting personal information. E-mails requesting personal information should come from a known source, and they should be digitally signed. If you don't know the sender or weren't expecting to be asked for this information, confirm the source and their purpose by calling them."

To test Team Edwards capability to fend off foes in the cyberspace realm, the 95th Communications Group teamed up with the exercise evaluation team, and the wing information assurance office. Together, they created a scenario and sent Team Edwards on a phishing expedition Jan. 28.

"As part of the Edwards Operational Readiness Exercise, the 95th Air Base Wing Information Assurance team ran a phishing expedition," said Colonel Hardy. "As a group, we did not take the bait. There were some who ignored or forgot their training, but they are the unfortunate few."

Colonel Hardy said the purpose of the exercise was to use a real world scenario to validate everyone's information assurance training and get an idea about how base personnel would respond to a phishing attack.

"Part of the exercise generation is to think through your training objectives, so it was during the exercise development process when we decided that we wanted to do one of the information assurance objectives," said Colonel Hardy. "We were trying to provide a simulated event that very closely demonstrates what happens in the real world (and put) an emphasis on the fact that our networks are under attack every single day."

The premise of the exercise was an e-mail to all Edwards users telling them they need to revalidate their accounts because of recent unauthorized activity. The e-mail then requested that the user send various information or their account would be terminated.

"Normally, once a phishing attempt with this broad a scope is detected, the 95th CG Support Center would have sent an advisory e-mail to 'Edwards All,' informing them not to respond to this message," said Colonel Hardy. "For the purpose of this exercise, the Information Assurance office and you unit information assurance officer remained silent. Gratefully, the majority took an appropriate response and either chose to ignore the e-mail or notified your Information Assurance Officer or the 95th CG Support Center."

Only two percent of Edwards users responded to the e-mail by disclosing the information.

"I was very pleased to be informed that a very small number of network users responded to the message," said Colonel Hardy.

For future reference, Colonel Hardy suggested using these guidelines when responding to an e-mail requesting personal information:

- Generic greeting

- Appears to be from a legitimate source; in this case, Edwards Network Validation Services

- Fake sender's address

- False sense of urgency

- Fake Web links. Deceptive Web links.

-E-mails requiring that you follow a link to sign up for a great deal, or to log in and verify your account status, or encourage you to view or read an attachment.

- E-mails that appear like a Web site

- Misspellings and bad grammar

Whenever one suspects that an e-mail is a phishing attempt, take the following actions:

-First, don't respond at all. That just gives the phisher's confirmation of a valid e-mail address.

-Open a new e-mail and attach the suspect e-mail, send the e-mail to your Information Assurance officer. The IAO will contact the Wing Information Assurance Office, who will either confirm the validity of the e-mail or determine that it is a phishing attempt.

-Delete the e-mail.

"We have people for a lot of reasons that want our information and they want to exploit our networks for information for both business value as well as defense value and to be able to take advantage of our networks. That is a battle we are all in every single day on the network. And every person at their desk is a part of this battle," said Colonel Hardy.

Colonel Hardy said that with the exception of a select few, he was happy with the response of the base and he asked that everybody remember their training every time they get an e-mail asking for their personal information.

"You are doing an outstanding job everyday and I want to thank all of you for your diligence in keeping the Edwards networks secure," said Colonel Hardy. "Refresh in your own mind what phishing attacks look like and remember the appropriate actions to take in a phishing attack."

Additional information and training is available on the DISA Information Assurance Support Environment Web site at: http://mattche.iiie.disa.mil/index2.html.