The creation of fake websites – often known as spoofing – is becoming a major concern for the U.S. military, according to a new article by Rita Boland in SIGNAL Magazine. Spoofing involves individuals making a website that looks on the surface nearly identical to a legitimate one. Many users will not know the difference. The purpose of the spoofing website is to fool the user into sending sensitive information which can be used by the website’s creator. Types of information which can be gained by spoofing websites include login names, passwords, email addresses, addresses, and other private information.
In the article, Boland describes one incident earlier in the year when the U.S. Air Force Portal was spoofed in an attempt to trick servicemembers into entering their login and password information. It is unknown how many Air Force personnel fell for the scam, but the threat is great enough that all the services are paying attention to the problem of website spoofing.
Boland reports that aside from the Air Force, the U.S. Army is also threatened by spoofing attempts, including Army Knowledge Online, one of the most used websites by Army personnel. There is no doubt that many more federal agencies and companies, including those involved in national security work, have and will continue to be targeted by spoofing attacks. The low cost of spoofing (which could be as low as a few hundred dollars) likely make it an appealing method for individuals or foreign agents looking to collect intelligence on the United States.
With the extent of the spoofing threat, it is not hard to see why cybersecurity continues to be one of a few areas immune to budgetary cutbacks. While many federal agencies including the FBI and the Department Of Defense are cutting back on new hires, most if not all are planning on increasing the size of their cybersecurity workforce. Cybersecurity budgets at many of these organizations has so far been spared from the wave of realized or planned budgetary cutbacks.
With official military websites and defense contractors perhaps some of the most likely candidates for spoofing attacks by hackers and foreign governments, it’s of increasing importance for individual users to monitor urls and ensure websites they’re visiting the right website before entering any information.
