US military used fake 'Edward Snowden killed' story in phishing email to test staff cybersecurity
The phishing email was sent out shortly after Snowden's massive NSA intelligence leak in 2013.
The US Marine Corps reportedly used a fake story about the death of famous American whistleblower Edward Snowden in a phishing email to test its personnel's cyber defences in 2013, and they apparently fell for it.
In an in-depth interview with former Marine Corps Captain Robert Johnston, BuzzFeed News reports that the former official directed the Corps' Red Team that challenged their cyber defences.
According to the Marine Corps, its Red Team may "play the devil's advocate or Napoleon's corporal in order to outrate the enemy" to improve effectiveness and challenge the way its staff goes about its "business".
In June 2013, former National Security Agency (NSA) contractor Snowden famously leaked thousands of classified documents to reporters, revealing the extent and scale of mass surveillance programmes in the US and UK. The unprecedented leaks sparked major public and political discourse over government surveillance, privacy rights and data protection.
He is currently living in Moscow to avoid extradition to the US where he could face up to 30 years in prison, if convicted under the Espionage Act of 1917.
Shortly after news of the massive intelligence leak broke, Johnston's Red Team reportedly sent out phishing emails to 5,000 people within the military to test out its cybersecurity. The phishing email included a malicious link for unsuspecting users to click on which installed malware.
The subject of the email read, "SEAL team six conducts an operation that kills Edward Snowden."
Johnston revealed that the phishing attack was so successful that they had to shut down the campaign due to the significant click-through rate.
"We actually had to shut down the operation," he told BuzzFeed News. "The phishing attack was too successful. The click rate was through the roof."
In 2015, Johnston went on to lead the Marine Corps' newly-formed Cyber Protection Team 81 as part of the military's Cyber Command, or Cybercom. After leaving the Marine Corps later in November, he joined CrowdStrike, the cybersecurity firm that investigated the damaging cyberattack that hit the Democratic National Committee (DNC) in 2016.
He left CrowdStrike in July 2016 to start his own cybersecurity firm Adlumin in Washington DC.
One source close to the DNC told BuzzFeed News, "He was indispensable."
"CrowdStrike did a remarkable job helping the DNC remediate our system post hacking," former DNC chair Donna Brazile said. "Sadly, we should have known more, but that's all part of history."
Meanwhile, many privacy rights advocates and supporters have called for Snowden to be pardoned or extended leniency based on moral grounds arguing that his actions, while admittedly illegal, were not for personal benefit but for change and reform.
However, many government officials, military service members and veterans have argued that he betrayed the US and endangered national security by divulging the government's surveillance practices.
Snowden also commented on the report of the phishing email test, saying, "There was a time I'd have been surprised the government writes fan fiction about murdering its critics."