US Army "Scams" Service Members to Test Their Spam Gullibility 218
9gezegen writes "An offer for free tickets to theme parks for service members turned out to be an email scam, a ploy that was in actuality a security exercise run by the Army. Involved servicemen and DoD civilians received an email, allegedly coming from the 'Army Family and Morale, Welfare and Recreation Command Office,' and directed them to a phishing site which asked for personal information. After rebuttal and warning by Army MWR, the website revealed that it was a security exercise after all. Army MWR later verified the exercise and announced they were not informed beforehand."
Typical (Score:5, Insightful)
Sounds like the test went off swimmingly. I can't count the number of times I've thought about doing the same sort of thing to people I work with. A few good solid scares will tighten up their security policy.
This is good. (Score:5, Insightful)
In before.... (Score:4, Insightful)
.mil??? (Score:5, Insightful)
Re:.mil??? (Score:1, Insightful)
Challenges = Good Security (Score:3, Insightful)
At work, I will always do something to an unlocked computer. Sometimes it's just to open Notepad and write, "This machine has been hacked!" and crank the font size up to 96. Sometimes I'll send an "I Love You" e-mail from the person to the person sitting next to them. (Who I always bring in on the prank, and I have never had a problem getting cooperation).
Last week, my boss (VP of IT) went into a meeting and left his machine unlocked. I sent *his* boss an "I Quit!" message.
Now, unlocked computers are so very rare around here. I'm glad for the increased security, but sad that I can no longer prank my co-workers.
Re:And what was the point? (Score:5, Insightful)
If my company trusted my co-workers with information that could get me killed, I'd want them to test susceptibility to social engineering. If I do a bad job, my company loses money. When people in the military do a bad job, people can die (OK, when they do a good job people still die - but they're other people, those trying to kill them). They need to worry more about security.
Re:In before.... (Score:5, Insightful)
I'm not pretending the army is full of Einsteins, but they all graduated high school or earned a GED (vast vast majority graduated high school), and all of them are required to learn math skills involving chemical attack detection, navigation, operating a frequency hopping radio, etc.
Compare that to kids in the average US city, where 50% do not graduate high school.
The Army is certainly a lot smarter than the general population. They may be more willing to rely on titles (like MWR)... I don't know about that, but I'd like to know who is buying the Carter era propaganda that the army is a bunch of idiots.
I like it (Score:5, Insightful)
What I think the Army will find most surprising(or not!) is the apparent lack of use of the AKO Webmail system, it sucks, hard.
Re:Typical (Score:3, Insightful)
*Sigh (not at you, just in general)* That's true, but how long will they remain scared and secure? People often fall into a false sense of security when there has been either a trend of "good times" or when someone keeps crying wolf. One scare will keep people safer in the short term, but not permanently.
Except for those of us who are always waiting for the other shoe to drop...Re:This is good. (Score:2, Insightful)
Re:Typical (Score:3, Insightful)
These are called 'exercises', are planned extensively, and there is definitely installation coordination. The local DOIM (directorate of information management) is notified of the exercise, usually by their theatre command well ahead of time.
Of all the phishing iv seen during various exercises, iv never seen one more complicated than simply counting how many users on what installation clicked the link. no information gathering besides IP, which is helpful for problem user training.
Re:And what was the point? (Score:3, Insightful)
I would prefer that my company be active in testing security in this exact fashion. Rather than imposing increasingly opressive restrictions because of what some people "might" do.
it would be better to get teh e-mail "Since 12% of you BONEHEADS didn't recognize a clear security threat, and feature XYZ was essentially opened to be compromized, it will be locked untill you boneheads demonstrate you can handle the responsibility" If the feature to be lost is significant, publicly humiliate the list that failed the security test, Lord of The Flies style justice will take over the cube farm and lessons will be learned...
Re:In before.... (Score:3, Insightful)
Re:In before.... (Score:3, Insightful)
Simple instructions are the fail-over mechanism.
Re:The army has been scamming people for years. (Score:4, Insightful)
They cannot pull you out of class. The only time they can pull you out of class is during a natural disaster (National Guard, or in extreme cases, the standing military). If the conflict or disaster gets to the point where they are pulling people out in the middle of class, school for everybody will pretty much be irrelevent to the issues occuring. However, they can keep you deployed for a certain amount of extended time, provided you are already deployed.
I know it's easy to trash the military, being all high on your horse and born with a silver spoon in your mouth, but until you can actually say you've EARNED your right to free speech, rather than using it because you were born with it, pull your head out of your ass and stop abusing it. Unlike you, obviously, those of us in the military have the guts, balls, discipline, and bravery to fight for our rights at the expense and derision of little pussies like you who talk trash about us while sipping a Starbucks latte in your comfy office. Someone should strap you to the side of a Humvee and use you for armor. Weak armor.
Re:Education? (Score:4, Insightful)
Re:Education? (Score:3, Insightful)
Military service is for idiots (Score:2, Insightful)
Here are some numbers just from the Air Force alone:
- 72 percent of enlisted personnel have some semester hours towards a college degree
- 17 percent of enlisted personnel have an associate's degree or equivalent semester hours
- 5 percent of enlisted personnel have a bachelor's degree
- 0.01 percent have a professional or doctorate degree
And that is just the enlisted. So to those that think that the US military is for dummies. And that military serves no useful purpose please go to Indonesia, Pakistan, Afganistan, or countries in the Horn of Africa and say you know "I don't want to disappoint you but we are getting rid of our military and all that food medicine, free doctor's care , new water wells, electricity, that you have been recieve via our military is not going to be provided to you any more. Oh and those fanatics that have been threating you for years now we aren't going to protect you from any more because we are getting rid of our military." Also include the the following while you are at it. "Oh you know that development of that dam to keep your land from flooding every year that causes disease and destroys your crops well the Corps of Engineers are a part of our military and well thier gone too."