Comm team prepares Kadena for cyber war

[InfoSec News <alerts () infosecnews org>]

http://www.af.mil/news/story.asp?id=123080548

By Senior Airman Nestor Cruz
18th Wing Public Affairs
Air Force Print News
12/26/2007

KADENA AIR FORCE BASE, Japan (AFPN) -- "Intruders" from cyberspace are 
trying to hack into the Kadena Air Base network and steal information 
from unsuspecting e-mail users.

The intruders are not hackers, though they pretend to be to gain access 
to information they would need if they wanted to cripple the mission 
here.

Fortunately, they are not a real threat but a group of Airmen from the 
18th Communications Squadron's "Blue Team" charged with strengthening 
Kadena's network through training, testing and assessing users.

"(Lt. Col. Clayton Perce, 18th CS commander) recognized we had people in 
our squadron with the unique talent of understanding the mindset of 
hackers," said Lt. Col. Alonna Barnhart, 18th CS Blue Team 
officer-in-charge. "We act as 'blue team aggressors' against Kadena's 
network users, helping people recognize the threat, train for the threat 
and retrain as necessary."

One of the biggest threats to the local network is an e-mail scam known 
as phishing. Phishing is an attempt to acquire sensitive information by 
fraudulent means such as e-mail designed to look like a bank or other 
trustworthy company. Sensitive information sought by hackers includes 
usernames, passwords and credit card numbers.

"E-mail is the most accessible feature an enemy can use to exploit us," 
said Staff Sgt. Damon Cook, 18th CS NCO-in-charge of information 
protection operations. "Many people still fall prey to these e-mail 
scams designed to grab information from users. We would rather catch 
victims first, using the same techniques as the enemy, so we can ensure 
people are trained properly."

Blue Team members recommend checking for digital signatures if an e-mail 
seems questionable.

"With unsigned e-mail, you really can't tell where it's coming from," 
said Staff Sgt. Andrew Jones, 18th CS network applications supervisor.

Some may remember a phishing e-mail sent during past local operational 
readiness exercises. But the team goes beyond preparing Airmen for the 
next exercise.

"While the 18th CS sent out phishing e-mails only during exercises, we 
intend to help network users increase their level of readiness all the 
time," said Colonel Barnhart. "All Kadena network users will be tested."

Local network users include anyone with access to the network, such as 
Airmen, Soldiers, Sailors, Marines, tenant unit personnel, civilians and 
local nationals.

"If our users are not properly trained, they will become a threat to the 
network," the colonel said.

In the months ahead, the Blue Team staff plans to test network users on 
other network vulnerabilities such as unsecured common access cards and 
computers left unlocked.

The team, still in its infancy, has already earned strong support from 
base leadership.

"(Brig. Gen. Brett Williams, 18th Wing commander,) is very supportive of 
our team and our mission," said Colonel Barnhart. "The commander is very 
serious about information assurance training and wants us to 'increase 
the level of pain' somewhat."

The Blue Team received direction from base leaders to disable the 
accounts of any user who fails a future assessment until retraining is 
accomplished. Network users have already shown improvement in 
information assurance, or IA.

"Statistically speaking, the numbers have gone down," said Sergeant 
Cook. "When we started out, we had thousands of people falling for one 
of our e-mail tests; nowadays, we're down in the hundreds. Users are 
definitely getting smarter, which means we have to be sneakier."

The Blue Team recommends network users acquire as much training as they 
can and educate themselves on current network threats.

"People should be aware of the training issued from the 18th CS," said 
Colonel Barnhart. "We send out e-mail to all users with recommended 
training and we try to highlight threats to our users. It's important to 
review all the available information and go above and beyond the annual 
IA training."

Although e-mail tests sent out by Blue Team members are intended for 
training purposes only, they are meant to highlight the fact that 
hackers pose a real threat to military networks.

"People need to understand that this is a very real threat," Sergeant 
Cook said. "If we're at war, our networks will be targeted by our 
enemies."

Network users should contact their unit client support administrator 
with questions about phishing scams or other IA issues.


__________________________________________________________________      
Visit InfoSec News
http://www.infosecnews.org/