Services run drills on e-mail scams
April 3, 2008
ARLINGTON, Va. — An Army security drill that posed as an e-mail scam is part of a larger exercise known as “Bulwark Defender,” said Bruce Sprecher, a spokesman for U.S. Strategic Command.
“The e-mail, sent to dot.mil addresses, was developed to check our personnel’s responses to a sophisticated phishing scam,” Sprecher said on Wednesday. “These events are conducted to determine how to improve the training of personnel and the tools we use to defend against such exploits.
“While our personnel and network defenders are getting better at recognizing and responding to phishing e-mails, we realize that those who create phishing scams are getting better as well,” he said.
All four services are participating in the exercise, Sprecher said.
On Monday, Army and Family, Morale Welfare and Recreation Command learned that an apparent e-mail scam offering free tickets to troops and Defense Department civilians for personal information was an Army security exercise.
The e-mail, allegedly from Family and MWR Command, directed users to a Web site that asked for personal information, such as names, addresses and telephone numbers.
“We tracked responses, and did not collect data,” Sprecher said. “The information people input went to a Web site with no active database. The information submitted was not captured.”
Family and MWR Command was not told about the exercise ahead of time.
The test was meant to be like a “pop quiz” to gauge how people react in their normal frame of mind, and telling Family and MWR Command ahead of time could have increased the risk that news of the test could have gotten out, Sprecher said.
Still, Family and MWR Command has expressed concern that it had been kept out of the loop.
Laurie Pugh, head spokeswoman for Family and MWR Command, said the command understands the need to maintain the integrity of security tests.
“However, coordinating with Family and Morale, Welfare and Recreation Command would not have affected the integrity of the test, but would have allowed Family and MWR Command to protect the integrity of our brand,” Pugh said on Wednesday.
For example, the command could have coordinated with sponsors so that when people went to the bogus Web site, they would have been told that it was an exercise but still received a coupon, said Bill Bradner, a spokesman for Family and MWR Command.
Bulwark Defender is ongoing, Sprecher said.
“To ensure the integrity of the exercise, the dates won’t be released until completion,” he said.