Slashdot Mirror
US Army "Scams" Service Members to Test Their Spam Gullibility
9gezegen writes "An offer for free tickets to theme parks for service members turned out to be an email scam, a ploy that was in actuality a security exercise run by the Army. Involved servicemen and DoD civilians received an email, allegedly coming from the 'Army Family and Morale, Welfare and Recreation Command Office,' and directed them to a phishing site which asked for personal information. After rebuttal and warning by Army MWR, the website revealed that it was a security exercise after all. Army MWR later verified the exercise and announced they were not informed beforehand."
In order for the Army MWR to verify that this was in fact a legitimate security operation, they had to visit a website and enter their personal information...
The enemies of Democracy are
I want to know a percentage of people that fell for it!
The MWR people are all crying because no one told them that it was a test...Apparently, in their minds, there is no need to test an army organizations response to someone falsifying announcements in their name.
Sounds like the test went off swimmingly. I can't count the number of times I've thought about doing the same sort of thing to people I work with. A few good solid scares will tighten up their security policy.
ad logicam Claiming a proposition is false because it was presented as the conclusion of a fallacious argument.
More companies should do this. Hell, banks should do this to their customers.
Did they just want to see how much at risk their respective departments were? I don't think they needed to try this on the military with so much data out there. Information is the hardest thing to keep secure, right?
So now what happens with people who gave up too much info? Will they get in trouble or will it be "well now you know better?" Either way that's not cool at all. Just think if your company set this up on you, what would your reactions be?
My abilities are only limited by my imagination
people suggest that the stupidity of the army members leads to a higher percentage of click throughs. Remember, studies across the board have shown about a 60% 'gullibility' rate for almost any sector of the populace. Those using general banking, investment banks, 4 year degree holders, etc.
This is a totally good idea and should be implemented by educational and business institutions and here's why: #1 It creates awareness for the issue. #2 It will make people pay attention to the URL when using the web. #3 By inciting #2 it will make basic internet security main stream.
I feel this is actually quite a good idea. ISPs, companies, schools, and other organizations could use this same tactic to train their populations to be spam savvy. Lord knows most people aren't. Come on IT departments, put on your white hat.
Because it's Wednesday, and the test was on Monday. Give 'em a chance to process the data!
Now, on to the answer you were looking for:
Unfortunately, in the process of transferring a few million dollars left by a distant relative in the State Bank of Nigeria, the soldier responsible for compiling the data allowed his system to be compromised, and all data was lost.
paintball
1. Don't ask.
2. Don't tell.
3. Don't opt-in.
Those who believe the Internet is private,
find their privates are on the Internet.
One would think the military would have an easier time than most. You and I cannot register .mil addresses. Shouldn't the people have been looking out for http://mwr.army-support.mil/ instead of http://mwr.army-support.com/ (the link in the email?) Or does the army use .com addresses for some things, cause that seems silly. One would think they could tweak the source in firefox to change the address bar a different color for .mil addresses or something..
What are we going to do tonight Brain?
I always thought phishing was a recreation, why wouldn't it be part of MWR?
Prediction: The real iPhone killer is going to be sex robots from Japan. Think about it.
See its people like this the Military's Cyber Command should be hunting down... Huh?! What do you mean we sent it in the first place? Who should we attack then?
AP: US Cyber Command commences new attack policy, retaliates against North Korean Cyber Terrorists for Army Spam.
Human nature is to focus on important things and disregard unimportant things. Because security challenges don't happen every day, we tend to get lazy and think it's not important. (Blame evolution; your brain just isn't worried about charging lions until it sees one. After that, you tend to watch out for lions!)
At work, I will always do something to an unlocked computer. Sometimes it's just to open Notepad and write, "This machine has been hacked!" and crank the font size up to 96. Sometimes I'll send an "I Love You" e-mail from the person to the person sitting next to them. (Who I always bring in on the prank, and I have never had a problem getting cooperation).
Last week, my boss (VP of IT) went into a meeting and left his machine unlocked. I sent *his* boss an "I Quit!" message.
Now, unlocked computers are so very rare around here. I'm glad for the increased security, but sad that I can no longer prank my co-workers.
I didn't get the e-mail myself(or maybe I did, I'm on leave so I have not checked it in weeks), but this is an example of the kind of tests that the Army should do. Not telling MWR, good idea. It not only gives them an opportunity to see the response of troops, but an opportunity to see the response of MWR to this kind of threat.
//SPC Wood, Active Duty
What I think the Army will find most surprising(or not!) is the apparent lack of use of the AKO Webmail system, it sucks, hard.
Isn't there some law against sending spam?
Not only did you not get the first post, but you weren't even close. There are at least 8 posts above yours and yours is 6 minutes behind the earliest. I can't recall the last time I had the privilege to witness such an epic failure. I suppose on some level that's something to be proud of. Quite frankly, I'm surprised you have the mental capacity required to operate a computer. I'm sure scientists will study you for generations to come.
There need to be more of these "safe tests" to point out to people that they need to be more careful about their email habits. Maybe, eventually, I won't have to worry about family members getting phished and falling victim to identity theft if they're educated this way.
Maybe I'm overly optimistic, but maybe the point of this exercise wasn't *just* about scaring people, but about trying to educate them in such a way that they remember the lesson? So, it could have a longer term positive impact that you credit it.
They will still need to conduct something like this once every year or two, though, you're right, because 1) yes, people will tend to become complacent, even if they now know better, and 2) Turnover (not apple or cherry) - old people leaving, new recruits joining, need to educate the new guys (and gals).
Plus, the information gathered in this exercise (not the data entered by the people on the phishing site, but the lessons learned by Command about the phishing attack and what made it succeed) could help them to review and re-write training material / procedures, and policies, to help them tighten up their security longer term. Although, we are talking about the military so who knows? (I kid, I kid. . . honestly, the military for the last 20 or so years has been doing, as far as I can tell, a pretty impressive job of re-inventing itself, and becoming much less bureaucratic than it used to have a reputation for being).
I'm responding directly to something that's relevant to the topic, and specifically giving a reasonable reaction to an obvious troll.
Not sure how that's flamebait. Granted, I did call an idiot an idiot.
Face it, whoever rated this down, you just don't agree with attacks on "your side". You know I'm right about this issue.
Hello, I am the former general Fred Mercasey of Ft. Oscdurity and recently I was relived of command. Not before I had transferred a large amount of C-4 and M-16's in an un-marked supply shed on the outskits of the base. The decision to relive me of command was unjust and illegal. I need your help in helping me reocver these supplies. With your assiatnce I will reward you with 10lbs of C-4 and 3 M-16s. In order for this transaction to happe3n you will need to send a good faith deposit of 3 M1A1 Abrams tanks to and undisclosed location in the Sierra Nacho desert. God Bless and Ten-hut!
Tsukasa: All I really want, is to be left alone...
I don't care, they should have known better. I've been a service member, and I gotta' tell you, I would have realized it was a scam the second I read the words "Army Family and Morale, Welfare and Recreation Command Office" ... and tried to pronounce the acronym so I could start using it.
AFMWRCO... AFMWRCO... wait a minute, something's fishy here...
Pronounce enough of these and you start seeing a pattern. What is that pattern? Beats me. It's just "one of those things."
Can I get a hoo-ah?
Get a bunch of money for college with only four years of service !!!1!1!111!!1!1!!
* Four years promise applies unless there is a war on in Iraq.
Dear Slashdot: next time you want to mess with the site, add a rich-text editor for comments.
From Humorix's "2008: The Year in Preview" (http://humorix.org/articles/2008/01/preview/)
:)
June 10 -- Word leaks that the major credit bureaus have teamed up with the Republican Party to tabulate a "Gullibilty Score" on every American citizen. The system assigns a score based on how easily each person can be swayed with propaganda and shiny things.
Using the system, the GOP compiles a list of the top 12 million most gullible voters and starts a saturation campaign to hit them with mailings, automated phone calls, and door-to-door visits. Explains a campaign worker, "We've been wasting our time trying to fool all of the people some of the time. Instead, we now have a list with some of the people that we can fool all of the time!"
The timing's a little off, but it seems to line up
The thing about this test is it would fool even clever people. The domain they were linking to is "mwr.army-support.com" well I don't know about you, but at first glance that looks somewhat legit. If it were "www.usarmy.8k0ng123u.cn", well I'd add another C-class to my IP filter.
-Billco, Fnarg.com
reinlist.
I'm sorry it's not funny because the bigger scam was to not let people leave. For that lack of choice you all have my sympathy and condolences.
http://slashdot.org/comments.pl?sid=216934&cid=17629948
graduation does not always equate to being smart; i remember meeting several people that graduated from high school who were unable to read above an arbitrary third grade level. at the new alumni dinner (gathering to celebrate the new graduates at my college), i recall asking some other students in-depth questions about their majors (subjects i had also studied on my own time), and about 50% didn't understand my questions. i think it's a horrible fallacy to assume that someone has intelligence in any given field just because they have a piece of paper.
http://www.army.mil/-news/2008/04/02/8265-phishing-e-mail-to-mwr-patrons-turns-out-to-be-army-exercise/ 10,000 mails sent, 3,000 visitors to the site (enough to gather IP addies, browser agents, etc.).
They already fell for the pitch at the armed services recruiting center. What more proof do you need?
Have gnu, will travel.
Spam isn't just a big nuisance; it's big business as well. So why is spam persisting?
Ferris Research estimates that spam will cost $140 billion worldwide in 2008, of which $42 billion will be in the United States alone. If you compare these numbers with Ferris's 2007 estimates of $100 billion and $35 billion, you'll see that the cost of spam has increased substantially over 12 months.
Register for a complimentary Webinar conducted by Abaca and Ferris research to know more about how you can stop this nuisance. To register please click the link below:
http://www.surveymonkey.com/s.aspx?sm=LPFKkdkFwOYltiQZtM_2bttw_3d_3d
Offtopic...
Having mod points and browsing a -1 I am curious if some of these troll post actually contain encrypted messages?
Perhaps the frequent odd use of caps in these messages is actually some form of key.
Fighting in our military with other countries (for no purpose, especially) doesn't mean someone deserves basic rights like free speech more than others. That's just stupid. The whole point is that everyone gets them; you don't have to "earn" them.
the sign hung over the door to The Asylum.
I agree with your point though, a toothpick is not going to suddenly cause the office building across the street to collapse.
Ice Cream has no bones.
...by simply installing some porn on the user that forgets to enter his password each time. The problem will surely disappear soon :=)
Let's cut these guys some slack. It's happened to the best of us. (me too...I say in a hushed voice). And who isn't enticed by free stuff?
LouiseV
Your commie has no regard for human life, not even his own. And for this reason, men, I want to impress upon you the need for extreme watchfulness. The enemy may come individually, or he may come in strength. He may even come with the email signatures of our own troops. But however he comes, we must stop him. We must not allow him to gain entrance to this base....
His foreboding words include three simple rules: (1) trust no one, despite his uniform or rank unless he is known personally, (2) anyone or anything that approaches within 200 yards of the perimeter of the base is to be fired upon, and (3) if in doubt, shoot first and ask questions afterwards.
..in the two years it has been my privilege to be your commanding officer, I have always expected the best from you, and you have never given me anything less than that.
This is the core of the military, especially in active combat. You subsume yourself into the greater whole to complete your mission and survive.
I would find it doubtful that a true soldier would approve scams. perhaps this is an idea from some computer consultant.
I fell for this trick, as did alot of the people in my office, but there are some important points before you reinforce your ignorant military stereotype.
1. This wasn't like real phishing. The website didn't ask for any real information, just a name and e-mail address.
2. Soldiers are used to getting free shit. The Army MWR does give out free tickets to amusement parks.
3. The e-mails were sent from trusted addresses at headquarters. This is obviously not a good excuse, as it's the number one thing that causes these types of things, however it did add to the problem.
Would you really be so suspicious of a "phishing" website that didn't actually ask for any personal data? I think most people's red flags for phishing go off when they are asked for a social security number, password, or other more personal information. How many times in a year do you provide your name and e-mail address to a website that you don't really trust in order to get some service from that website?
That being said, I should have known to look at the URL, but I didn't. If only 30% of people signed up for the website, I think it may be actually be a good thing. That means that the training that army does to prohibit things like this is working. The thing here is that you have to acknowledge the difference between military and civilians when forming your opinion. As a civilian you don't often have people giving you free shit, but in the military it's a common occurrence.
I can't think of a really good analogy, but if you received an e-mail from your friend telling you that you could get in on a World of Warcraft expansion early beta test, you click the link, and then a page asks you for your e-mail address and password, there's a good chance that most people wouldn't notice that http://www.worldofwarcraft.blizard.net/beta is not the real server. And since it's just asking for an e-mail and name you probably wouldn't care. I don't know if I've made my point but anyway there it is.
You have a very strange idea of the "average US city", since the current high school completion rate is 86%.
That number includes GEDs; since the military number does as well, it's deceptive to do otherwise. If you want to exclude GEDs, you get 71% for civilians and 71% for the latest batch of army recruits.
Perhaps you got your 50% figure here, which was talking about rates in a minority of cities, excluding GED. Cherry-picking that minority of cities and comparing that to GED-inclusive rates is, obviously, rather disengenuous.
You seem terribly certain of a claim you have no evidence for. Let's look for some, shall we?
The average IQ of an enlisted man in 1998 was apparently 105, based on comparison to a 1980 test. Thanks to the Flynn Effect, IQ in 1998 should average 105 on a 1980 test, meaning the IQ of US military recruits appears to be totally average.
I'm sorry if that interferes with your self-aggrandizing, pro-military chest-thumping, or with the self-aggrandizing, anti-military chest-thumping of the people you're getting irritated by, but the simple fact of the matter is that evidence suggests military folk and civilian folk are just as smart as each other. Rather than "dumb grunts" or "dumb civvies", the only lack of intelligence here appears to be on the part of those making the ill-informed stereotypes.
Step one: disagree with someone complaining about stop-loss.
Step two: launch an abusive tirade with thinly-veiled threats of violence.
Step three: wonder why that didn't make anyone respect soldiers more.
It's almost like you objected to the parent poster not suggesting that soldiers are violent morons, and felt the need to act like a violent moron to make up for it.
I agree with you that some people have an unfairly-poor view of the US military, but you sure as hell ain't helping it any.
Here are some numbers just from the Air Force alone:
- 72 percent of enlisted personnel have some semester hours towards a college degree
- 17 percent of enlisted personnel have an associate's degree or equivalent semester hours
- 5 percent of enlisted personnel have a bachelor's degree
- 0.01 percent have a professional or doctorate degree
And that is just the enlisted. So to those that think that the US military is for dummies. And that military serves no useful purpose please go to Indonesia, Pakistan, Afganistan, or countries in the Horn of Africa and say you know "I don't want to disappoint you but we are getting rid of our military and all that food medicine, free doctor's care , new water wells, electricity, that you have been recieve via our military is not going to be provided to you any more. Oh and those fanatics that have been threating you for years now we aren't going to protect you from any more because we are getting rid of our military." Also include the the following while you are at it. "Oh you know that development of that dam to keep your land from flooding every year that causes disease and destroys your crops well the Corps of Engineers are a part of our military and well thier gone too."
Would it not be the most malevolent idea if some how you opted out of their e-mail and inadvertedly be drafted into military service.
Imagine how that would work.
The Rapture is NOT an exit strategy.