Army Sets Up Phishing Scam To See How Gullible Service Members Are

from the and-here's-the-list-of-folks-not-to-give-sensitive-info-to dept

Thu, Apr 3rd 2008 11:47pm — Mike Masnick

Well, since Japan leaked nuclear secrets via a P2P site, perhaps it's nice to know that our military runs its own phishing tests to see how gullible service members are. Slashdot points us to the news that the Army ran its own phishing scam, emailing members with an offer for free tickets to theme parks if they just went to a website and filled in certain information. The test itself was set up by the U.S Army Intelligence and Security Command (INSCOM) and U.S. Army Network Enterprise Technology Command (NETCOM) -- and it involved a "fake" website supposedly from Army Family and Morale, Welfare and Recreation Command (Family and MWR). Amusingly, it appears that INSCOM and NETCOM didn't bother to tell the folks at Family and MWR that they were conducting this test, so the group had rushed out an announcement warning people away from the fake site, only to later be clued in by the security folks. Oh well, it still seems better than using Dungeons & Dragons as a test of whether army members are security risks.

Filed Under: army, gullibility, phishing

17 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Eric Zakrajsek, 4 Apr 2008 @ 12:31am

Army huh?

My congressman will get a strongly worded letter with pareto chart and venn diagrams contrasting bullshit to taxpayer monetary responsibility tomorrow.
[ link to this | view in thread ]
Erik Ellison, 4 Apr 2008 @ 1:09am

I know they were trying to test individual soldiers out with this but wouldn't they say that Family and MWR passed with flying colors? If the right hand didn't know what the left was doing and moved immediately to warn people I would say that is a success.

Again I admit it wasn't what they we're trying to test.
[ link to this | view in thread ]
Novernetsbandit, 4 Apr 2008 @ 1:14am

how much did this cost?
How much of money was wasted on this idea? Can i have a government contract to waste... come on!
[ link to this | view in thread ]
Michael G, 4 Apr 2008 @ 2:13am

To Eric Z...
As if your congressman is smart enough to understand. They really aren't the sharpest pencils in the box, thats why they got into government to begin with, industry wouldn't have them. And then there's George Bush.
[ link to this | view in thread ]
Andrew, 4 Apr 2008 @ 5:10am

waste? no, not really.
Isn't this exactly what they were testing? A real phishing site would try to fake an actual site to get data - and one would hope it would get no data exactly this way. That Family/MWR responded with an alert is exactly how it should work. Don't complain that they didn't get data, praise the whole system that they didn't.

Well done, Army!
[ link to this | view in thread ]
y8, 4 Apr 2008 @ 6:00am

waste of money?
This is definately not a waste of money. How much money do you think it would cost to have an investigation into how some information go leaked? Many companies are proactive about security in similar ways. You didn't think anyone in the government came up with this idea on their own did you?

The test may not have given the results that they were looking for, but having a preconceived notion of results is completely against the scientific method anyhow.

In the end there were significant results and probably a good lesson learned. That sounds like a success story to me.
[ link to this | view in thread ]
Dave, 4 Apr 2008 @ 6:27am

Gullible?
Of course they're gullible... they believed the advertising for joining the military in the first place!

*ducks and covers*
[ link to this | view in thread ]
Overcast, 4 Apr 2008 @ 6:32am

Do the same for politicians - I bet you get more of them that fall for it..
[ link to this | view in thread ]
Overcast, 4 Apr 2008 @ 6:34am

Oh and.. of course, theme park tickets wouldn't work with politicians - but put up tickets for free hookers or booze, and watch the hit counter fly.
[ link to this | view in thread ]
It Wasnt me, 4 Apr 2008 @ 6:45am

well at least this shows that MWR are taking care of business like its supposed to be done.

no comment about other two the over zealous groups
[ link to this | view in thread ]
Leo, 4 Apr 2008 @ 8:10am

Re: how much did this cost?
Truthfull it cost $0 all it take is for the army to use one of thier existing webserver and add a domain to it and the email it's military members....... so stop whining about tax dollars....the military using your tac dollars else where
[ link to this | view in thread ]
Squee, 4 Apr 2008 @ 8:21am

What the hell is Techdirt using another site that summerises the news to get its news? Why dont they atleast go out and use the sources that /. used and claim it as your own. Talk about third hand news....
[ link to this | view in thread ]
PidlyDink, 4 Apr 2008 @ 9:45am

While you're at it
Can you set up a Phishing Scam to see how gullible Congress is? I'd pitch in a couple bucks!
[ link to this | view in thread ]
BrianWGray, 4 Apr 2008 @ 10:34am

Not a new idea
http://ha.ckers.org/blog/20080306/phishmecom-internal-communication/

http://phishme.com/
[ link to this | view in thread ]
Boomer Sooner, 4 Apr 2008 @ 12:49pm

And these are the people that are commanding our brave brothers and sisters in war? No wonder so many of our family members have died. We should get Stalin in to 'shake' up the military and start over again.
[ link to this | view in thread ]
Anonymous Coward, 4 Apr 2008 @ 4:29pm

Re: waste? no, not really.
Isn't this exactly what they were testing?

No. They intended to test the recipients of the e-mails, not Family/MWR.

Well done, Army!

A screwed up test and you say "well done"? The army should be insulted that you think they need praise even when they screw up as if though they couldn't meet any higher standard.
[ link to this | view in thread ]
Iron Chef, 5 Apr 2008 @ 1:30am

Call me old fashoned but...
I remain curious... Is there a better way to allocate these smart folks to other efforts?

It just seems wasteful to have the same activity run 3 times over by 3 separate groups.

Heh.
[ link to this | view in thread ]