UNCLASSIFIED

Cyber Awareness Challenge 2022 Case Studies

Case Studies
Henry Kyle Frese
Henry Kyle Frese worked as a counterterrorism analyst for the Defense Intelligence Agency (DIA) from
2018 to 2019. During that time, a journalist with whom Frese had a romantic relationship authored eight
articles containing classified intelligence, which were published by a news outlet. The information published
was classified as Top Secret/SCI and outside of the scope of Frese’s job duties. However, on at least 30
separate occasions, Frese conducted searches on classified government systems regarding these topics.
In 2020, Frese was sentenced to 30 months in prison for leaking classified information to two journalists in
2018 and 2019.

My Selfie, My Location
A military artillery unit was taken out by a selfie during a 2020 force-on-force training exercise. A bored
participant took the selfie, which showed the unit and revealed their geo-location.

Always exercise caution with what is in the background of any photos you take in a work setting and be
cognizant of your device’s geo-tagging settings. When in doubt, it’s best to not take or post photos in a
work setting.

The Malware is in the Mail

In 2020, criminal group FIN7 sent thumb drives containing malicious code to victims via the U.S. Postal
Service. Primarily targeting the hospitality and retail sectors, the group used social engineering tactics,
such as attaching letters and even gift cards claiming to be from major technology retailers, to prompt
recipients to insert the drives. Once inserted, the code permitted unauthorized access to sensitive data.

Fake Websites
During the COVID pandemic, scammers created fake websites claiming to sell cleaning and disinfecting
products. The websites included the names, logos, and product images of well-known brands to gain the
consumers’ confidence, but the purchased products were not delivered. Always exercise caution with
unfamiliar websites.

COVID Phishing Attempts

The COVID pandemic brought a dramatic increase in phishing e-mails, with one research group reporting
an increase of more than 600 percent. Social engineers saw opportunity in the mass shift to telework that
stress-tested our technological infrastructure and how we communicate and remain in touch with each
other. For example, spear phishing attempts purporting to be related to personnel actions or organizational
updates became more believable due to greater reliance on e-mail than ever before. It is essential to
critically evaluate messages that you receive and to appropriately report suspicious messages.

1
UNCLASSIFIED