Army Sets Up Phishing Scam To See How Gullible Service Members Are
from the and-here's-the-list-of-folks-not-to-give-sensitive-info-to dept
Well, since Japan leaked nuclear secrets via a P2P site, perhaps it’s nice to know that our military runs its own phishing tests to see how gullible service members are. Slashdot points us to the news that the Army ran its own phishing scam, emailing members with an offer for free tickets to theme parks if they just went to a website and filled in certain information. The test itself was set up by the U.S Army Intelligence and Security Command (INSCOM) and U.S. Army Network Enterprise Technology Command (NETCOM) — and it involved a “fake” website supposedly from Army Family and Morale, Welfare and Recreation Command (Family and MWR). Amusingly, it appears that INSCOM and NETCOM didn’t bother to tell the folks at Family and MWR that they were conducting this test, so the group had rushed out an announcement warning people away from the fake site, only to later be clued in by the security folks. Oh well, it still seems better than using Dungeons & Dragons as a test of whether army members are security risks.
Filed Under: army, gullibility, phishing
Comments on “Army Sets Up Phishing Scam To See How Gullible Service Members Are”
Army huh?
My congressman will get a strongly worded letter with pareto chart and venn diagrams contrasting bullshit to taxpayer monetary responsibility tomorrow.
Re: While you're at it
Can you set up a Phishing Scam to see how gullible Congress is? I’d pitch in a couple bucks!
I know they were trying to test individual soldiers out with this but wouldn’t they say that Family and MWR passed with flying colors? If the right hand didn’t know what the left was doing and moved immediately to warn people I would say that is a success.
Again I admit it wasn’t what they we’re trying to test.
how much did this cost?
How much of money was wasted on this idea? Can i have a government contract to waste… come on!
Re: how much did this cost?
Truthfull it cost $0 all it take is for the army to use one of thier existing webserver and add a domain to it and the email it’s military members……. so stop whining about tax dollars….the military using your tac dollars else where
To Eric Z...
As if your congressman is smart enough to understand. They really aren’t the sharpest pencils in the box, thats why they got into government to begin with, industry wouldn’t have them. And then there’s George Bush.
waste? no, not really.
Isn’t this exactly what they were testing? A real phishing site would try to fake an actual site to get data – and one would hope it would get no data exactly this way. That Family/MWR responded with an alert is exactly how it should work. Don’t complain that they didn’t get data, praise the whole system that they didn’t.
Well done, Army!
Re: waste? no, not really.
Isn’t this exactly what they were testing?
No. They intended to test the recipients of the e-mails, not Family/MWR.
Well done, Army!
A screwed up test and you say “well done”? The army should be insulted that you think they need praise even when they screw up as if though they couldn’t meet any higher standard.
waste of money?
This is definately not a waste of money. How much money do you think it would cost to have an investigation into how some information go leaked? Many companies are proactive about security in similar ways. You didn’t think anyone in the government came up with this idea on their own did you?
The test may not have given the results that they were looking for, but having a preconceived notion of results is completely against the scientific method anyhow.
In the end there were significant results and probably a good lesson learned. That sounds like a success story to me.
Gullible?
Of course they’re gullible… they believed the advertising for joining the military in the first place!
*ducks and covers*
Do the same for politicians – I bet you get more of them that fall for it..
Oh and.. of course, theme park tickets wouldn’t work with politicians – but put up tickets for free hookers or booze, and watch the hit counter fly.
well at least this shows that MWR are taking care of business like its supposed to be done.
no comment about other two the over zealous groups
What the hell is Techdirt using another site that summerises the news to get its news? Why dont they atleast go out and use the sources that /. used and claim it as your own. Talk about third hand news….
Not a new idea
http://ha.ckers.org/blog/20080306/phishmecom-internal-communication/
http://phishme.com/
And these are the people that are commanding our brave brothers and sisters in war? No wonder so many of our family members have died. We should get Stalin in to ‘shake’ up the military and start over again.
Call me old fashoned but...
I remain curious… Is there a better way to allocate these smart folks to other efforts?
It just seems wasteful to have the same activity run 3 times over by 3 separate groups.
Heh.