Pentagon Email Addresses Being Used in Cyber Spoofing Campaign

Unidentified cyber criminals are sending fake emails that are made to appear as if they are coming from the Defense Security Service, a wing of the Pentagon that provides security support for the military, defense agencies, and contractors, Foreign Policy has learned.

“DSS email addresses are being used in a spoofing campaign,” wrote DSS in a blast email, obtained by FP, recommending that private companies “alert their cybersecurity staff” and block incoming messages from DSS addresses.

It’s unclear who the targets of the campaign are, and what the goal of the attack is—though DSS typically works with “cleared industry” to protect classified information. The Under Secretary of Defense for Intelligence leads DSS.

The attack comes one day after President Donald Trump signed a long-awaited cybersecurity executive order, tasking the federal government and the military with shoring up critical infrastructure from digital vulnerabilities.

“No DSS systems have been compromised, and we have no indication that any systems within industry have been compromised as a result of the spoofing,” a spokesman for DSS Public Affairs wrote in an email to FP. “The notification was an opportunity to increase awareness of the possibility of further spoofing attempts.”

Photo credit: SAUL LOEB/Getty Images

Correction, May 12, 2017: This article originally misstated the agency that led the “Hack the Pentagon” program. Defense Digital Services ran the program, not Defense Security Service.