Security News This Week: The Pentagon Got Hacked While You Were at Def Con

The security world doesn’t stop for Def Con, so here’s the big news that happened in the rest of the world.
GettyImages128607371
The PentagonGetty Images

Def Con is underway, and WIRED has been busy breaking news from some of the biggest stories from the conference, such as: hacking a Wi-Fi connected rifle. Hacking and fixing a Tesla. Hacking into a Brinks safe. Hacking into an electric skateboard. Oh, and let’s not forget unlocking cars and opening garages. Or heisting semis by exploiting a satellite flaw.

But of course, the rest of the security world doesn’t stop for security conferences. So whether you were braving the long lines in Vegas or following along at home, here’s the big news that happened in the rest of the world that you should know about this week. As always, to read the full story linked in each post, click on the headlines. And be safe out there!

The Pentagon’s Joint Staff email system—luckily unclassified—was hacked, and Russia may be the culprit, at least according to anonymous US officials cited by NBC News. The anonymous officials say the intrusion took place around July 25th and affected around 4,000 Joint Chiefs of Staff personnel (both military and civilian). It’s not entirely clear why the attack is being attributed to Russia. The Pentagon responded by shutting down the entire unclassified email system and internet during the investigation. The system has been shut down for around two weeks.

Time to upgrade to the latest version of Firefox, now that a critical zero-day vulnerability was found in the wild. The exploit, which was served in an advertisement on a Russian news site, lets attackers create malicious PDF files that inject JavaScript code into local files. The attacker can search for, read, and steal sensitive files—including password and key data—on the victims’ computers. The exploit, which leaves no trace when it has run on a local machine, targets Windows and Linux machines. (Changing the affected passwords and keys would be wise.) Mozilla released emergency security updates on Friday. They’re available for Mac users, too.

The Fourth Circuit Court of Appeals overturned a previous ruling that said investigators only need a court order to access cell phone location data. A divided court ruled that officials must get a search warrant, a higher standard of evidence. The ruling came from a case in which two men were convicted for armed robberies based on cell phone location data obtained without a warrant. The decision rejects the so-called “third party doctrine,” a legal theory that people who voluntarily give information to third parties, such as phone companies, do not have a reasonable expectation of privacy and are not protected by the 4th Amendment. Since the ruling conflicts with decisions made by other appeals courts, it is likely to end up in the Supreme Court.

Fox News moderators coined a new technical term on Thursday during the first Republican debate when asking candidates whether they would tear down so-called cyberwalls in an effort to catch terrorists. It’s possible that the term refers to smartphone encryption, since misguided politicians on both side of the aisle continue to insist that there’s a way for Apple and Google to allow the government backdoor access to data on locked devices but keep it safe from everyone else—something that the companies themselves explain is technically impossible. Although candidate Carly Fiorina favored tearing down cyberwalls in a targeted way, she explained that law enforcement is struggling with processing the data it already has, so “tearing down more cyberwalls” is probably unnecessary. Senator Lindsey Graham, on the other hand, wants to tear the cyberwalls down.