Hacker Steals Military Docs Because Someone Didn’t Change a Default FTP Password
Hacker is selling sensitive military documents on online hacking forums, a security firm has discovered.
Some of the sensitive documents put up for sale include maintenance course books for servicing MQ-9 Reaper drones, and various training manuals describing comment deployment tactics for improvised explosive device (IED), an M1 ABRAMS tank operation manual, a crewman training and survival manual, and a document detailing tank platoon tactics.
Hacker asking between $150 and $200 for the lot
US-based threat intelligence firm Recorded Future discovered the documents for sale online. They say the hacker was selling the data for a price between $150 and $200, a very low asking price for such data.
Recorded Future says it engaged the hacker online and discovered that he used Shodan to hunt down specific types of Netgear routers that use a known default FTP password. The hacker used this FTP password to gain access to some of these routers, some of which were located in military facilities, he said.
Based on the documents and details he shared online and with researchers in private conversations, one such location was the 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada. MQ-9 Reaper drones are some of the most drones around and are used by the US Air Force, the Navy, the CIA, te Customs and Border Protection Agency, NASA, and the militaries of other countries.
The hacker didn’t reveal from where he stole the other documents, but experts believe that based on the information they contain they were most likely taken from the Pentagon or from a US Army official.
Incident caused by use of router default FTP credentials
The incident could have very easily been prevented if the military base’s IT team would have followed best practices and changed the router’s default FTP credentials.
The issue with Netgear routers using a set of default FTP credentials is known since 2016 when a security researcher raised the alarm about it. Netgear responded by putting up a support page with information on how users could change their routers’ default FTP password.
Recorded Future said that at the time of writing, there are more than 4,000 such routers (Netgear Nighthawk R7000) available online via “smart device” search engines like Shodan.
The hacker also bragged about accessing footage from an MQ-1 Predator flying over Choctawhatchee Bay in the Gulf of Mexico. But this isn’t something new, as the US government agencies have been known to leak those feeds once in a while.
Highest Selling Technical Courses of Indian Cyber Security Solutions:
Cybersecurity services that can protect your company:
Other Location for Online Courses: