[ISN] DOD bars use of HTML e-mail, Outlook Web Access

From: InfoSec News (alerts@private)
Date: Fri Dec 22 2006 - 23:28:06 PST


http://www.fcw.com/article97178-12-22-06-Web

By Bob Brewin
Dec. 22, 2006

Due to an increased network threat condition, the Defense Department is 
blocking all HTML-based e-mail messages and has banned the use of 
Outlook Web Access e-mail applications, according to a spokesman for the 
Joint Task Force for Global Network Operations.

An internal message available on the Internet from the Defense Security 
Service (DSS) states that JTF-GNO raised the network threat condition 
from Information Condition 5, which indicates normal operating 
conditions, to Infocon 4 in the face of continuing and sophisticated 
threats against Defense Department networks.

Infocon 4 usually indicates heightened vigilance in preparation for 
operations or exercises or increased monitoring of networks due to 
increased risk of attack.

The JTF-GNO mandated use of plain text e-mail because HTML messages pose 
a threat to DOD because HTML text can be infected with spyware and, in 
some cases, executable code that could enable intruders to gain access 
to DOD networks, the JTF-GNO spokesman said.

In an e-mail to Federal Computer Week, a Navy user said that any HTML 
messages sent to his account are automatically converted to plain text.

The JTF-GNO spokesman declined to say why the command raised the threat 
level except to say that Infocon levels are adjusted to reflect 
worldwide social and political events and activities. He said the 
current threat level does not bar the use of attachments, including 
Power Point slides used for briefings.

He also declined to tell FCW what other restrictions on e-mail that 
JTF-GNO has imposed. But a December 2006 newsletter of the Colorado 
National Guard said that under Infocon 4, Guard members receiving 
e-mails from any unknown source, including mail received from 
unrecognized Department of Defense accounts, should be viewed as 
potentially harmful.

The Colorado Guard newsletter also alerted personnel to be vigilant 
against e-mail phishing attempts to gain personal information.

The ban on use of Outlook Web mail will hit thousands of users at Robins 
Air Force Base, Ga., according to an internal message available on the 
Internet. The ban on the use of Outlook Web Access will significantly 
impact the way we presently conduct business, due to the fact that that 
Web mail is the primary means of e-mail access for 4,500 employees at 
the base, according to the message.

Robins has developed a work-around for these users to access Outlook 
directly by logging on to government computers with their common access 
cards, the internal message said.

JTF-GNO raised the DOD network threat level to Infocon 4 in mid-November 
after an attack on the networks at the Naval War College (NWC) required 
NWC to take its systems offline. The JTF-GNO spokesman said at the time 
that the increase in threat conditions had no relation to the attack 
against NWC.


_____________________________
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn
 



This archive was generated by hypermail 2.1.3 : Fri Dec 22 2006 - 23:34:14 PST