Bait and phish: Blue Team at Misawa cooks up online scams to test network
February 19, 2009
Tech. Sgt. Thomas Parker and Senior Airman Jesse Sibley never miss a phishing trip.
At least once a month, the two airmen will cook up a good online scam and try to penetrate network security at Misawa Air Base in northern Japan. They’ve even managed to get a few bites along the way.
But there’s nothing illegal going on here. They’re part of the Blue Team, a Pacific Air Forces effort created last year to fend off e-mail scammers and hackers by playing the role and testing practices.
Parker, the noncommissioned officer in charge of information assurance for the 35th Fighter Wing and head of the two-man crew, said it’s aimed at building stronger defense lines among base agencies and individuals.
"With the rise in these types of scams around the world, it just seemed natural to start educating our users here," he said. "Eventually, they’re all going to see this and need to know how to handle it."
Parker said the program was launched at Misawa in June.
The Blue Team constructs cyber simulations — usually at random — that measure people’s ability to spot scams and react accordingly. So far, Misawa has pushed six scenarios out to the base.
"We only hit the military network and work e-mail accounts, nothing outside of that," Parker said. "But we’re in charge of making sure folks are aware of the threats and how to counter those threats on a day-to-day basis. We train the base to look for common scams and vulnerabilities they may experience both on and off base, usually by e-mail."
He said up to 2,500 individuals can be tested for a general phishing scam. Misawa’s largest "scam" built on spear phishing — a targeted e-mail attack sent only to people within a small group — involved about 500 personnel.
These messages might appear genuine but are often disguised as e-mails from banks or other companies trying to collect sensitive information such as user names, passwords and PINs.
"We tell people to beware of what’s happening in the real world … [and] look out for these indicators of a scam. But some users still give up their personal information," Parker said. "The good thing is our alert times have decreased. The first time we did a phishing test it took two days before anyone called to notify us about a spam e-mail. In October, it took about 30 seconds from the time I hit ‘Send’ before we got a call."
In December, the Blue Team took aim at more than a dozen workplaces around Misawa. Along with a third person, Parker and Sibley posed as contractors who lacked credentials but tried to gain access to infrastructure and equipment, saying they needed to perform upgrades.
Parker said the team managed to get into the network at some locations.
"Folks need to know that if we have a contracted program out there, we’ll send people from our squadron out there as escorts," he said. "We will not send anybody out there on a cold call. If there are no escorts, that would be an indicator they’re not out there on a legitimate basis."
He said Misawa officials might consider temporarily locking the e-mail accounts of individuals who consistently test poorly in Blue Team scenarios — at least until they accomplish their annual network security training.
"That’s under discussion," he said. "Right now, we’re here to educate more than anything else and keep people from becoming complacent with their e-mail. We want to make them aware of where the scams are coming from and what they’re asking for."