An Cosantóir the official magazine of the Irish Defence Forces and Reserve Defence Forces.
Issue link: https://digital.jmpublishing.ie/i/1078329
www.military.ie THE DEFENCE FORCES MAGAZINE | 25 The danger warning signs of social engineering are not so different to the military environment you have been trained in. Apply that training online. Because online is now the real world. As the Roman Virgil said of the Trojan War, "Trust not their presents, nor admit the horse". Great advice from thousands of years ago to how we should live in cyberspace. Looking back to Ancient Greece, around 1200 BC: After failing to breach the City of Troy with regular kinetic warfare, the ancient Greeks construct a huge wooden horse, loading it with Special Forces soldiers and then giving the pretence of 'abandoning' it to flee. To the Trojans this symbol of Greece now becomes a captured war trophy and is paraded into the city by the jubilant but unknowing. Troy falls as a direct result of social engineering. Fast-forward three thousand years: This subterfuge and deception isn't so different to the social engineering of today, employed by those aiming to breach Defence Forces' security. They will try targeting information including your identity, banking information, address, family, your role, colleagues' names, your location in Ireland or when deployed overseas, information about weapons systems, tactics, plans, operations, and our allies. They will have researched you in cyberspace - the online world in which we all now live - creating a detailed picture of you to target Defence Forces and ultimately the security of the State. How is this done? BREACHING DEFENCE FORCES THROUGH SOCIAL ENGINEERING PHISHING / SPEAR PHISHING: We've all received emails request- ing our banking details. While some such bogus 'phishing' emails are easy to spot, much trickier are those appearing to be from the Defence Forces claiming your security has been breached, requir- ing a password reset. The email's 'From' address is faked making it appear it was sent by a trusted source. Identifying spear phishing, where you're specifically targeted by name, is incredibly difficult. Emails might ask you to download a file which actually contains a virus, or lead you to a website to reveal password details. Always check the legitimacy of any message where any action is requested. VISHING / SMISHING: You receive a call or text claiming to be an officer. The caller has conducted an online reconnaissance on the officer they're purporting to be and on you, making the call/text highly convincing. If you are unsure if you recognise the caller, end the conversation. Do not click on anything or call back any unknown number. To verify a call, only return calls to numbers you have on file and from a different phone before taking any action requested. TAILGATING: Entering barracks, a man in a hi-vis who's 'here to fix the heating' is waiting at the entrance barrier. Of course we let him in; he is carrying a tool bag after all. But that 'contractor' is an ad- versary. That tool bag contains a bug he will plant to listen-in, and a device he will attach to a computer gaining access to all DF info. And all because we didn't want to appear rude and verify the identity. CYBER BLACKMAIL: Information gathered in cyberspace is used to force you to do something against your will. One of the most sinister forms is sexual extor tion. The victim meets someone online. They star t communicating on camera, send- ing videos and photos. But it turns out they are not who they claimed. They are acting on behalf of a hostile state, terrorist or other nefarious actor. They threaten to send these im- ages to friends, family and your CO. They demand you con- duct some task such as provide a password, access control pass, operational information, or place a 'key-logger' on a DF computer. While it might seem easier to give in, don't ever go down that path, as you'll be forever beholden. And if you are blackmailed halt all contact immediately - they are power- less if they can't communicate. Call your CO right away. You'll never be blamed for repor ting such a situation. But infinitely better to avoid in the first place. Always be cautious. Every single thing about a person you meet online could be faked. The results of cyber blackmail elsewhere, especially sexual ex- tor tion, has been catastrophic for organisations and victims. Avoid cyber blackmail by listening to your instinct. The danger warning signs of social engineering are not so differ- ent to the military environment you have been trained in. Apply that training online. Because online is now the real world. As the Roman Virgil said of the Trojan War, "Trust not their pres- ents, nor admit the horse". Great advice from thousands of years ago to how we should live in cyberspace. Next month: The In- ternet of Things - and how it is perma- nently changing the military and warfare.