WASHINGTON, D.C. (Family and Morale, Welfare and
Recreation Command) -- More than 10,000 Soldiers, civilians and
family members with military e-mail addresses received an e-mail March
30 promising free tickets to area theme parks, with a link to a Web
site that appeared to belong to the Family and Morale, Welfare and
Recreation Command. (FMWRC).
These e-mails were sent without the knowledge or consent of the
FMWRC or installation Morale, Welfare and Recreation offices.
These e-mails were "phishing" e-mails developed by
the Army Computer Emergency Response Team (ACERT) in a Global Computer
Network Defense exercise, Bulwark Defender 08 (BD08) to test the
defensive posture of the Army LandWarNet.
FMWRC officials were not alerted to the exercise in advance
because the unit "limits the number of trusted agents" in
phishing exercises of this type, according to ACERT officials.
FMWRC reacted decisively by informing their patrons that the
offer was not legitimate, distributing a press release to media
outlets worldwide in an effort to warn as many customers as possible,
and coordinating through Army legal and information technology offices
to have the bogus Web site shut down.
When ACERT officials confirmed the e-mail and Web site were
part of their exercise, FMWRC began coordinating with ACERT to prepare
messages and media responses addressing the phishing scam, and more
importantly, the breach of trust it represents to MWR customers.
"From the outside, looking in, the customer has no way of
knowing FMWRC was not involved in this exercise," said Laurie
Pugh, Public Affairs Officer for FMWRC. "We have no idea how many
of our customers this exercise has alienated."
FMWRC routinely sends e-mail messages to its customers and
press releases to installation newspapers, inviting patrons to visit
the official Web site to learn about new offers and promotions.
"The Family and MWR Command has spent decades and millions
of dollars establishing our brand as one that can be recognized and
trusted by Soldiers and
families," Pugh said. "We have yet
to determine how much of that trust has been undermined by this
The e-mail and Web site created by ACERT were convincing enough
to entice more than 3,000 people to click through, in part because of
the use of the MWR Web graphics and logo, and in part because patrons
are used to receiving similar messages.
"It's important to be alert to potential phishing
attempts," Pugh said. "But it's also important for FMWRC to
be able to use e-mail and our Web site as an effective marketing
All legitimate e-mails from FMWRC will come from a .mil
address, and links will direct patrons to
http://www.armymwr.com. When in
doubt, do not click through the e-mail.
directly into a Web browser and see if the offer is advertised on
FMWRC's official Web site.
ACERT officials sent a follow-up e-mail to the original 10,000
recipients of the "phishing" e-mail describing the exercise
and asserting the e-mail was non-malicious.
Their second e-mail reads, in part:
"For those individuals responding to the ACERT Phishing
attempts regardless of what you submitted, no personal data was
collected or transmitted.
"This exercise illustrates how hackers can turn the
popularity of a trusted resource such as the MWR Web site against
unwitting personnel by using real information and activities openly
available on the Internet. We apologize for any inconvenience or false
hope these e-mails may have caused."
"As users of Army network and information systems, you
play an integral role in the Information Assurance and Network
Security posture for the Army.
"As you know, phishing e-mails are a common method used by
Hackers to infiltrate Army networks and systems."
"Your ability to identify and respond to phishing attempts
is paramount to the defense of critical information systems that make
up the Army LandWarNet. Soon, you will receive another e-mail from the
ACERT that will provide education on how to identify
"phishing" attempts as illegitimate."
"We appreciate your participation in this exercise.
Everyone plays a part in the security of the Army networks and
"It is important for everyone to know the MWR brand can be
trusted, so please forward this e-mail to anyone you may have shared
the original "phishing" e-mail with."
Anyone with questions or comments in the conduct of the
exercise should contact the ACERT at (703) 706-1113.