Last month, while tracking dark web marketplaces, threat intel team Insikt Group of the security firm Recorded Future discovered that someone was selling alleged US military documents. A hacker was asking for “$150 to $200” for non-classified yet sensitive materials on the US Air Force’s Reaper drone, and posted an additional bundle of information on US Army vehicles and tactics for sale.
According to Insikt’s report, the team verified the documents after contacting the hacker. They learned that the intruder used an FTP vulnerability in Netgear routers that’s been known for two years to break into a computer at the Creech Air Force Base in Nevada. The hacker took documents about the MQ-9 Reaper drone, including maintenance course books and a list of airmen assigned to fly it. Again, those aren’t classified documents, but they do provide insight to the unmanned aircraft.
The hacker put a separate bundle of sensitive information up for sale, which included an M1 Abrams battle tank maintenance manual, training materials and IED mitigation tactics. While security firm Recorded Future didn’t ascertain where the intruder secured this cache, they surmised it was stolen from the Pentagon or a US Army official.
The hacker was able to access the Reaper documents through a computer whose FTP password hadn’t been updated since its factory setting. It wasn’t even the only flaw identified in Netgear’s products that year, and it goes to show how a single unaddressed security weakness can be exposed to yield sensitive materials.