US Air Force phishing test transforms into a problem
IDG News Service - Sorry Airman Supershaggy, "Transformers 3" is not coming to Andersen Air Force Base. And by the way, you've been phished.
Security testers at the Guam Air Force base's 36th Communications Squadron had to send out a clarification notice on Monday after an in-house test -- called an operational readiness exercise (ORE) in Air Force parlance -- of how airmen would respond to a phishing e-mail worked out a little too well.
The e-mail said that crews were going to start filming "Transformers 3" on Guam and invited airmen to fill out applications on a Web site if they wanted to work the shoot. The Web site then asked them for sensitive information.
This type of in-house phishing exercise is a routine occurrence in the military and in major corporations, and is generally seen as a good way of promoting security awareness. But in Andersen's case, the information in the phishing e-mail started leaking to the civilian world.
"Unfortunately, many of Andersen's personnel responded to this inject and submitted their personal information to the Web site, and forwarded the information outside of Andersen," the Air Force base said in a statement.
Supershaggy was one of them. "I'm an Airman in the worlds greatest air, space and cyberspace force on Guam," he wrote in a Sunday posting to the Scooper section of Comicbookmovie.com. "I received an email stating that Dreamworks is looking for 20 airmen from Andersen to be extras."
The Transformers movies, directed by Michael Bay, are successful Hollywood blockbusters that depict a futuristic war between alien robots. The third installment in the franchise is expected next year. Shooting is slated to happen all over the world -- in China, Moscow and Africa -- but not in Guam.
As the rumor spread that the hotly anticipated film was coming to Guam, local media started calling the base, which then began the work of setting the record straight.
"Leadership from Andersen AFB regrets that there has been any confusion in the general public regarding this exercise phishing attempt," Andersen said in a statement. "We hope however that this will show that all individuals need to be careful about the real danger of phishing emails and that others can learn from this exercise."
This isn't the first time that some type of unforeseen consequence has come of a security training exercise. In August, a test of a bank's computer systems prompted the federal agency chartered with overseeing the nation's credit unions to issue a fraud alert. The "fraud" was actually a sanctioned penetration testing exercise conducted by security firm MicroSolved.
- 18 Hot IT Certifications for 2014
- CIOs Opting for IT Contractors Over Hiring Full-Time Staff
- 12 Best Free iOS 7 Holiday Shopping Apps
- For CMOs Big Data Can Lead to Big Profits
- Slideshow: 5 ways to lock down your mobile device
- Slideshow: 10 mistakes companies make after a data breach
- How to rob a bank: A social engineering walk through
- Which smartphone is the most secure?
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Mitigating DDoS Attacks with F5 Technology
- This document examines various DDoS attack methods and the application of specific ADC technologies to block attacks in the DDoS threat spectrum while...
- The DDoS Threat Spectrum
- Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Defending Against Denial of Service Attacks
- By utilizing end-user interviews, this whitepaper explores a deeper understanding of DDoS defense plans and reveals the knowledge gaps around the Denial of...
- Strategic Solutions for Government IT
- This paper outlines why F5 is the optimum partner to help achieve the levels of security, performance and availability that are vital to...
- Leveraging Managed Security Services to Fight Growing Cybersecurity Threats
- IT Infrastructure-as-a-Service enables agile responses to constantly changing threats. All Government IT White Papers
- Modernizing SAP environments with minimum risk - a path to Big Data Hear from top IDC analyst, Richard Villars, about the path you can start taking now to enable your organization to get the benefits...
- The Power of the Citrix Mobility Solution, XenMobile Does everything become a smartphone? Or does the smartphone begin to do everything? How can we afford to support BYOD? Rather, how can...
- BYOD Happens: How to Secure Mobility How to navigate the journey of securing mobility, including the BYOD corruption of IT, the top ten mobility strategies, and the mobility management...
- HR and Finance Were made for Each Other View now >>
- The Value of Human Capital for Finance Professionals View now >>
- All Government IT Webcasts
Does your organization offer extensive benefits, cool perks, competitive salaries, opportunities for training and advancement? Then get it recognized!
Nominate your company or another deserving organization for Computerworld's 2014 Best Places to Work in IT list now through Dec. 12, 2013.