Army Knowledge Online issues

Posted by on December 13, 2005

Yesterday Blackfive posted an article about the AKO phishing site. It seems that the enemy has taken down the malicious content and replaced it with a redirect to the official AKO site.

This causes a couple of interesting new problems. With the help of Milblogs everyone is scared to death to go to the link provided in the email they receive from the bad guys. But now, the link provided in the email resolves to the CORRECT AKO site. Looks like it’s forwarding/redirecting to the actual site now.

So, we have a site that is impersonating another site for the purposes of credential theft. Once the impersonating site is compromised the bad guys just redirect to the REAL site. So what happens in 6 weeks or so when the hype is slowed down and b0b.org turns off their redirect? Same code will do the same thing, same warnings go out saying the same thing, and we run the very serious risk of boy crying wolf or the appearance there of.

Army folks, you stay vigilant out there. This domain is owned by an individual in Canada and, one would assume, is in control of his website. The individual seems to be a respected developer, having had contributed content to CPAN. I would hate to see a solid Perl developer run out of town because he’s secretly scamming folks.

So…if the individual in question would like to clear his name, here’s the opportunity. Is this person running a site attempting to defraud members of the United States Army of their credentials? I somehow doubt it but would LOVE to hear it straight from him.

UPDATED: I heard from him and he did the right thing. He’s just a reseller so he’s not directly at fault here. Again, he did the right thing and that’s all I’m prepared to say publically.

Last modified on December 13, 2005

Categories: American Warriors, InfoSec
1 Comment »

« | Home | »

One Response to “Army Knowledge Online issues”

  1. Small Town Veteran Says:

    URGENT WARNING: FAKE AKO SITE — Wrap-up

    See my previous post here. I just tried the original phishing link out of curiosity and got a 404 error. Pilgrim at Confessions of a Pilgrim has a good wrap-up post on the situation here. Short version: problem solved.

%d bloggers like this: