Amateur Hacker Steals US Drone Secrets from the Military – All Thanks to a Default Password
Someone has stolen US military documents carrying information about combat drones using what is being called a "dumb security flaw." These documents were then put for sale on the Dark Web for as low as $150.
Security researchers from Recorded Future said that the stolen documents included technical details of the MQ-9 Reaper drone that has been used for unmanned surveillance missions for the military and border control. The documents also included information on deployment tactics for improvised explosive devices (IEDs), M1 ABRAMS tank operation manual, training and survival manual, and tank platoon tactics.
Hacker didn't have to do much to get his hands on these sensitive military documents
After spotting them on the so-called Dark Web, researchers contacted the hacker to learn more about how exactly they received these highly sensitive documents. It turns out they simply used Shodan to look for Netgear routers that use default FTP passwords. US has previously sent a public service warning urging people to change the default details on their Netgear routers (or any router for that matter) but it appears the military wasn't exactly paying attention.
After his Shodan search, hacker discovered that some of these vulnerable routers were located in military facilities that he then got access to using this FTP password. While this bypass was first discovered two years ago, some military computers were still vulnerable as two members of the US military connected to the internet through Netgear routers that used the default log-in settings (username "admin" -password "password") for file sharing.
"Another thing he [hacker] was claiming to have access to was a broad range of live CCTV cameras, including those installed on surveillance planes and across the US-Mexico border and checkpoints, highways, and the drone that surveys the Gulf of Mexico," Andrei Barysevich of Recorded Future told Wired. He added that the hacker said that some of these documents were taken from the computer of an Air Force captain working at a base in Nevada.
Ironically, one stolen document actually reveals that the captain from whom these documents were stolen had successfully completed cybersecurity training.
While the documents aren't confidential, they are still highly sensitive.
“The same docs on defeating IEDs could’ve been sold to terrorist groups around the world and now they’d be able to learn how to trick the U.S. Army and to learn what methods what they use."
The military also unwittingly confirmed the authenticity of these documents when the hacker lost access to the vulnerable machines as soon as researchers reached out to law enforcement about a possible leak.
"We know it was super easy to accomplish,” Bareseyvich said. “It begs another question if they were using personal computers to access sensitive military documents, well maybe this is a bigger problem."
Recorded Future hasn't offered details on the alleged hacker or the dark web marketplace where these documents were spotted. The firm continues to work with the law enforcement to contain the situation.