The Complex

Threat of the week: local news sites

We've told you how even companies with good IT security can have their networks penetrated if they are doing business with firms that have poor security. It's time to look at the individual version of this. Everyone knows that visiting naughty websites is a great way to infect your computer with a virus. Now you can add local news sites to the list.

That's right; thieves are injecting local news websites with malware that infects visitors' machines. Once on the infected computer, the malware transmits the users' online banking information to a server owned by the criminals. You can guess what happens next.

The attackers find which banks have weak online banking security by scanning a range of IP addresses to see which ones use a specific type of website login that is known to be vulnerable, Jason Rebholz, a consultant with cyber security firm Mandiant told Killer Apps. (He didn't disclose the specific login.) Then they install a Java exploit onto local media sites in the area that the bank is in so that they can collect informaton from its likely customers.

The hackers are going after local news stations because in many cases, they don't have very good IT security and they have lots of traffic, according to Rebholz.

"They found something local through those scans and the popped it that way," said Rebholz, who notes that this type of malware isn't limited news sites, those are just the only cases he has seen. (And of those, he's seen less than ten cases.)  "Judging by what their budget would be for IT security and what I've seen in other industries, usually the [smaller businesses] security is an afterthought, it's not something that they're going to do right away.

For hackers, "it's all about going after the low hanging fruit," he added.

As is often the case with security breaches, the news stations may have failed to perform even basic security tasks such as updating their software in time to prevent hackers from taking advantage of known flaws in the software.

Getty Images

National Security

Meet China's new-old killer drones

When you think of drones that will likely be used in a conflict between two advanced militaries, you usually imagine brand new, unmanned stealth jets. But China appears to be taking a different approach. It's converting its ancient Shenyang J-6 fighters -- copies of the Soviet Union's 1950s-vintage MiG-19, the world's first operational supersonic fighter -- into unmanned jets. (Yes, China is also develping brand new drones.)

Converting old fighters into remote controlled jets is nothing new. The U.S. has used retired fighters as unmanned target practice drones for decades. However, China plans to use the old fighters as ground attack jets. We've been hearing about the unmanned J-6 project for a long time now. What's caught people's attention is that China has apparently massed dozens of the jets at airbases in Fujilan province, close to, you guessed it, Taiwan.

While the fighters may not be the most advanced drones in the world and no knows how accurate their weapons would be, they would pose one more challenge to Taiwanese air defense in the event of war with the mainland. Imagine waves of the unmanned jets tying up air defenses while more advanced jets and missiles attack.  As this article from 2010 points out, the J-6 drones could be used in conjunction with the Israeli-made Harpy UAVs that are specifically designed to defeat ground-based radars to "punch holes" in the island's air defenses.

Converting manned fighters into drones isn't hard. The U.S. even converted B-17s Flying Fortress into unmanned plane to collected radiation samples from the air over the nuclear blasts during the Operations Crossroads nuclear bomb tests in 1946. In the case of the Air Force's QF-4 Phantom drones, the jets' guns are removed and black boxes connected to the flight control systems are installed in the vacant gun compartments -- allowing ground operators to control the planes. Want to learn how the U.S. converts its old fighters into drones? Click here.

Wikimedia Commons