News briefs: U.S. Air Force downplays breach, hackers compromise

»The U.S. Air Force is downplaying the impact of a virus that compromised systems used to control its remotely piloted weapons, known as drones. Deemed nothing more than a “nuisance,” the malware was detected in September on systems at a Nevada base. The Air Force denied that the malware was a keylogger capable of capturing pilots' strokes as missions are conducted over Afghanistan and Pakistan.

»The White House issued an executive order implementing changes within government to better protect against insider threats. The order follows a seven-month review surrounding the handling of classified information, prompted by the disclosure of classified U.S. diplomatic cables by whistleblower site WikiLeaks. The order states that individual government agencies “bear the primary responsibility” for ensuring that classified information is safeguarded. It also creates a task force to develop a government-wide program to detect and prevent insider threats, and reduce vulnerabilities through which secret data can be compromised.

»Hackers compromised, the official website for the popular open-source MySQL database, to distribute malware to visitors. Those who visited the site while it was infected were redirected to a domain that attempted to install malware on their machines via the Black Hole exploit pack, according to Wayne Huang, CEO of web application firm Armorize. The download attempted to launch a number of exploits against users' browsers and plug-ins. If successful, users' machines silently were hit with malware. The site has since been cleaned.

»The Federal Trade Commission (FTC) settled its first-ever case against a text-message spammer. The agency announced that its agreement with the defendant, Phil Flora, bars him from sending or aiding others in the delivery of unsolicited text messages that promote a commercial product. Flora, of Huntington Beach, Calif., is alleged to have sent a “mind-boggling” amount of SMS spam, according to a complaint filed in February by the FTC. Specifically, he delivered more than 5.5 million unsolicited text messages, and sold consumers' wireless numbers to third parties.

»The home page of Harvard University was defaced by activists in support of the embattled regime in Syria. The site temporarily featured a picture of the country's flag with a photo of Syria President Bashar el-Assad. A statement from the Cambridge, Mass.-based college said the attack appeared to be carried out by “a sophisticated individual or group.” Some experts, however, questioned whether the attack could be considered advanced, since defacements have been commonplace on the web for more than a decade. 

»After successfully disrupting several botnets in the past, Microsoft, with the help of security firm Kaspersky, took down another one. The Kelihos botnet consisted up of approximately 41,000 infected computers worldwide and was capable of sending 3.8 billion spam emails per day, according to Richard Boscovich, senior attorney with Microsoft's Digital Crimes Unit. It was used to steal users' personal information and promote everything from counterfeit drugs to fraudulent stock scams to sites promoting the sexual exploitation of children.

»The Federal Trade Commission in December plans to hold a workshop to investigate the privacy and security implications of facial-recognition technology. The workshop, which is free and open to the public, seeks to bring together consumer-protection groups, privacy experts and industry and academic leaders. The meeting is expected to address such topics as whether consumers should consent to the collection and use of their images. Facial recognition products can provide an added security layer at places like airports, or automate photo tagging on sites, such as Facebook, but critics worry they also could be used for intrusive surveillance. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.