US military drone documents for sale on the dark web: $150
The hacker leveraged a weakness in Netgear routers that has been general knowledge for more than two years
Insikt Group, part of security research firm Recorded Future, found a seller on a dark web hacking forum last month who claimed to have ‘highly sensitive' information about the USA's MQ-9 Reaper military drone - for just $150.
While personal information and ‘known-working' credentials are commonly sold on such forums, military documents are a much rarer proposition, so the offer might have been written off as a hoax. However, Insikt Group analysts confirmed their validity after establishing contact, as well as learning how they were obtained.
The hacker told the analysts that s/he had exploited a known FTP vulnerability in Netgear routers. They used the Shodan search engine to search the internet for high-profile vulnerable routers - of which there are still many, despite the flaw being exposed more than two years ago.
The attacker gained access to the computer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at a base in Nevada.
Ironically, this individual had recently completed the Cyber Awareness Challenge, and should have known to change the FTP password from its default setting.
Using the compromised router, the hacker was able to steal documents including Reaper maintenance course books and the list of airmen assigned to Reaper AMU. Although these aren't classified, they could still give an adversary an advantage in combat against the drone.
As well the Reaper manuals, the threat actor was also selling another set of military documents, apparently stolen from someone working at the Pentagon or in the US Army.
Insikt says that this second set included ‘more than a dozen various training manuals [describing] improvised explosive device defeat tactics; an M1 ABRAMS tank operation manual; a crewman training and survival manual; and tank platoon tactics'.
‘The fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information in a week's time is a disturbing preview of what a more determined and organised group with superior technical and financial resources could achieve', the Group said.