Hacker Touts Stolen Drone Docs on Dark Web

Hacker Touts Stolen Drone Docs on Dark Web

Sensitive military documents detailing restricted information on tanks and drones have been discovered for sale on the dark web, after they were stolen by exploiting known vulnerabilities.

In June, Recorded Future made contact with an individual attempting to sell a cache of information including maintenance books and lists of airmen assigned to the MQ-9 Reaper drone.

The materials are not technically classified but could be of interest to a foreign power, the firm said.

More worrying was how the hacker managed to access the information.

“Utilizing Shodan’s popular search engine, the actors scanned large segments of the internet for high-profile misconfigured routers that use a standard port 21 to hijack all valuable documents from compromised machines,” the firm revealed.

The flaw in question was first revealed in Netgear routers in 2016 and can be locked down by changing the default FTP authentication credentials. However, Recorded Future claimed to have identified over 4000 routers still exposed to this kind of attack.

“Utilizing the above-mentioned method, the hacker first infiltrated the computer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada, and stole a cache of sensitive documents,” it added. “The captain whose computer was compromised recently completed the Cyber Awareness Challenge and should have been aware of the required actions to prevent unauthorized access. In this case, setting the FTP password.”

Recorded Future then observed the same cyber-criminal attempting to sell information which appeared to have been stolen from the US military or a Pentagon official.

This included “a dozen various training manuals describe improvised explosive device defeat tactics, an M1 ABRAMS tank operation manual, a crewman training and survival manual, and tank platoon tactics.”

The incident should serve as something of a wake-up call to the US military in that it highlights what a “single hacker with moderate technical skills” was able to achieve in just a week.

Source: Information Security Magazine