The United States Defense Department has ideas about a dramatic strategy for defending Taiwan against a Chinese military offensive that would involve deploying an “unmanned hellscape” consisting of thousands of drones buzzing around the island nation. Meanwhile, the US National Institute of Standards and Technology announced a red-team hacking competition this week with the AI ethics nonprofit Humane Intelligence to find flaws and biases in generative AI systems.
WIRED took a closer look at the Telegram channel and website known as Deep State that uses public data and secret intelligence to power its live-tracker map of Ukraine’s evolving front line. Protesters went to Citi Field in New York on Wednesday to raise awareness about the serious privacy risks of deploying facial recognition systems at sporting venues. The technology has increasingly been implemented at stadiums and arenas across the country with little oversight. And Amazon Web Services updated its instructions for how customers should implement authentication in its Application Load Balancer, after researchers found an implementation issue that they say could expose misconfigured web apps.
But wait, there’s more! Each week, we round up the security and privacy news we didn’t cover in depth ourselves. Click the headlines to read the full stories. And stay safe out there.
US Navy officials confirmed to Military.com this week that pants for the standard Navy Working Uniform (NWU) are out of stock at Navy Exchanges and are in perilously low supply across the sea service’s distribution channels. The Navy’s Exchange Service Command is “experiencing severe shortages of NWU trousers” both in stores and online, according to spokesperson Courtney Williams. Sailors have been noticing out-of-stock notifications online, which state that pants are “not available for purchase in any size.” Williams said that current stock around the world is at 13 percent and that the top priority right now is providing pants to new recruits at Recruit Training Command in Illinois, the Naval Academy Preparatory School in Rhode Island, and the officer training schools.
The shortage seems to have resulted from issues with the Defense Logistics Agency’s pants pipeline. Military.com reports that signs currently inside Navy Exchanges say the shortage is “due to Defense Logistics Agency vendor issues.” Williams said the Command has “been in communication with DLA on a timeline for the uniform’s production and supply chain.”
Mikia Muhammad, a spokesperson for the Defense Logistics Agency, told Military.com that the first pants restocks are scheduled for October, but these supplies will go to recruits and training programs. She said that Navy exchanges should expect “full support” beginning in January.
A joint statement on Monday by the FBI, the Office of the Director of National Intelligence, and the Cybersecurity and Infrastructure Security Agency formally accused Iran of conducting a hack-and-leak operation against Donald Trump’s presidential campaign. Trump himself had accused Iran in a social media post on August 10, following a report from Microsoft on August 9 about Iranian hackers targeting US political campaigns. The Iranian government denies the accusation.
“The [Intelligence Community] is confident that the Iranians have through social engineering and other efforts sought access to individuals with direct access to the presidential campaigns of both political parties,” the US agencies wrote. “Such activity, including thefts and disclosures, are intended to influence the US election process.”
Politico reported on August 10 that Iran had breached the Trump campaign, and an entity calling itself “Robert” had contacted the publication offering alleged stolen documents. The same entity also contacted The New York Times and The Washington Post hawking similar documents.
The popular flight-tracking service FlightAware said this week that a “configuration error” in its systems exposed personal customer data, including names, email addresses, and even some Social Security numbers. The company discovered the exposure on July 25 but said in a breach notification to the attorney general of California that the situation may date as far back as January 2021. The company is mandating that all affected users reset their account passwords.
The company said in its public statement that the exposed data includes “user ID, password, and email address. Depending on the information you provided, the information may also have included your full name, billing address, shipping address, IP address, social media accounts, telephone numbers, year of birth, last four digits of your credit card number, information about aircraft owned, industry, title, pilot status (yes/no), and your account activity (such as flights viewed and comments posted).” It also said in its disclosure to California, “Additionally, our investigation has revealed that your Social Security Number may have been exposed.”
Since European law enforcement agencies hacked the end-to-end encrypted phone company Sky in 2021, the communications they compromised have been used as evidence in numerous EU investigations and criminal cases. But a review of court records by 404 Media and Court Watch showed this week that US agencies have also been leaning on the trove of roughly half a billion chat messages. US law enforcement has used the data in multiple drug-trafficking prosecutions, particularly to pursue alleged smugglers who transport cocaine with commercial ships and speedboats.