Malicious website poses threat to AF network

by Tech. Sgt. Scott McNabb
24th Air Force Public Affairs

LACKLAND AIR FORCE BASE, Texas ― The discovery of spoofed Air Force websites means Air Force network users must maintain vigilant awareness before entering passwords into Air Force sites.

The 624th Operations Center, located here, is alerting Airmen across the service about malicious websites posing as official Department of Defense and Air Force pages appearing through Web searches.

All Airmen, including military, civilians and Air Force contractors, must ensure links and Uniform Resource Locators (URLs) are legitimate before entering their passwords because those who don’t could render the official sites vulnerable to exploitation and other threats.

“It is vitally important for everyone to watch what they do and where they go on the Net,” said Col. Alan Berry, 624th OC commander. “Any site can be hacked or spoofed at any time. In this case, an unknown actor spoofed our Air Force Portal site and also found a way to elevate their fake site in the search results provided by some common search engines. They are relying on individuals to trust the search engine or act so quickly that they do not recognize their mistake.”

Berry said verifying the link isn’t foolproof either.

“Each person can protect themselves, and by extension the entire Air Force enterprise, by taking a little time and caution to check search results or links for accuracy and authenticity,” he said.

The Air Mobility Command Threat, Analysis, and Response Cell identified the spoofing threat to the 624th OC. Berry said he’s proud of the men and women of his unit, but it takes a team to keep the AFNet safe.

“Tackling this event was much bigger than just the 624th OC,” the commander said. “Multiple units worked this issue and developed the quick actions to counter the spoof attempt. We are the hub for much of those efforts and often the public face, but we are not the only ones working hard to keep our networks safe and available.”

The 624th OC recently issued a Notice to Airmen asking AFNet users to identify the actual Web address, normally listed below the heading of the search result before selecting a link.

The NOTAM also pointed out official sites will normally have a dot-mil or dot-gov extension on the URL address such as the official Air Force website address:

Airmen who find a spoofed Air Force or Department of Defense website should alert the local Information Assurance office immediately.