US Air Force phishing test transforms into a problem
IDG News Service - Sorry Airman Supershaggy, "Transformers 3" is not coming to Andersen Air Force Base. And by the way, you've been phished.
Security testers at the Guam Air Force base's 36th Communications Squadron had to send out a clarification notice on Monday after an in-house test -- called an operational readiness exercise (ORE) in Air Force parlance -- of how airmen would respond to a phishing e-mail worked out a little too well.
The e-mail said that crews were going to start filming "Transformers 3" on Guam and invited airmen to fill out applications on a Web site if they wanted to work the shoot. The Web site then asked them for sensitive information.
This type of in-house phishing exercise is a routine occurrence in the military and in major corporations, and is generally seen as a good way of promoting security awareness. But in Andersen's case, the information in the phishing e-mail started leaking to the civilian world.
"Unfortunately, many of Andersen's personnel responded to this inject and submitted their personal information to the Web site, and forwarded the information outside of Andersen," the Air Force base said in a statement.
Supershaggy was one of them. "I'm an Airman in the worlds greatest air, space and cyberspace force on Guam," he wrote in a Sunday posting to the Scooper section of Comicbookmovie.com. "I received an email stating that Dreamworks is looking for 20 airmen from Andersen to be extras."
The Transformers movies, directed by Michael Bay, are successful Hollywood blockbusters that depict a futuristic war between alien robots. The third installment in the franchise is expected next year. Shooting is slated to happen all over the world -- in China, Moscow and Africa -- but not in Guam.
As the rumor spread that the hotly anticipated film was coming to Guam, local media started calling the base, which then began the work of setting the record straight.
"Leadership from Andersen AFB regrets that there has been any confusion in the general public regarding this exercise phishing attempt," Andersen said in a statement. "We hope however that this will show that all individuals need to be careful about the real danger of phishing emails and that others can learn from this exercise."
This isn't the first time that some type of unforeseen consequence has come of a security training exercise. In August, a test of a bank's computer systems prompted the federal agency chartered with overseeing the nation's credit unions to issue a fraud alert. The "fraud" was actually a sanctioned penetration testing exercise conducted by security firm MicroSolved.
- 10 Hot Big Data Startups to Watch
- 11 Unique Uses for Google Glass, Demonstrated by Celebs
- How to Export Your Google Reader Account
- How to Better Engage Millennials (and Why They Aren't Really so Different)
- Telltale signs of ATM skimming
- 20 security and privacy apps for Androids and iPhones
- Big screen con artists: 7 great movies about social engineering
The Pentagon's cybersecurity budget through 2018 is $23 billion to protect critical infrastructure and develop cyberattack capabilities. Although America and Chinese presidents discussed cybersecurity and cyber espionage, China is hitting back about US nation state hacking. Those cyberattacks could be from elite cyberwarfare warriors working in a secret NSA office called Tailored Access Operations (TAO); it has been successfully hacking China for nearly 15 years.
- IT Certification Study Tips
- Register for this Computerworld Insider Study Tip guide and gain access to hundreds of premium content articles, cheat sheets, product reviews and more.
- Federal IT Innovation Caught in a Catch-22
- Fed resources shoring up old infrastructure, holding back new technologies.
- Top Three Reasons Why Customers Deploy EMC VNX with EMC VPLEX
- What if you could build a cost effective, continuously available storage infrastructure? Learn the top reasons users are deploying EMC VNX with EMC...
- Clearing the Clouds for Midmarket Businesses
- The 10-point checklist included in this expert brief has been developed to help small and midsize businesses select the cloud model and cloud...
- Perforce Case Study
- Learn how EMC cost-effectively transformed their infrastructure and improved storage performance by 60% by unifying storage, deploying virtualization and leveraging Flash to meet...
- Data Center Transformation: Balancing user demands with IT mandates
- There's a flood of user requirements, computing trends, and new technologies driving the need for you to look closely at your IT infrastructure. All Government IT White Papers
- Williams & Fudge on Transforming IT with EMC
- Watch Williams & Fudge Data Center Director Phillip Reynolds discuss why this accounts receivable management firm turned to EMC.
- The Success Network: Driving Business Forward
- The communications and connectivity infrastructure of your organization is the focus of this KnowledgeVault Exchange, sponsored by Comcast Business.
- Advanced Voice Solutions for Your Business
- How can hosted business class voice services help mid-sized business be more agile, competitive and ready for growth?
- Bring Mobile Innovation to your Enterprise.
- With the mobility revolution well underway, CIO's and Line of Business owners are faced with the struggle to develop a winning mobile strategy.
- Innovation in the Cloud
- Managing HR and financial information in the modern business requires efficient business practices and technology. All Government IT Webcasts