UPDATED 23:04 EST / JULY 10 2018

INFRA

Hacker found selling confidential U.S. military drone and tank documents on the darknet

A hacker tried to sell sensitive U.S. military documents relating to Reaper drones and tanks on the shady part of the internet called the darknet, security firm Recorded Future Inc.’s Insikt Group has discovered.

The material included Air Force maintenance training materials for the MQ-9A Reaper drone and the list of airmen assigned to the drone maintenance squad, along with an M1 Abrams tank operation manual, crewman training and survival manual, tank platoon tactics and documentation on improvised explosive mitigation tactics.

The person selling the material was first detected June 1. Insikt then made contact with the hacker, who is said to have bragged about accessing live footage from a Predator flying over Choctawhatchee Bay in the Gulf of Mexico.

The hacker said the drone data had been obtained by exploiting an FTP vulnerability in Netgear routers, specifically a failure of a captain stationed at the Creech AFB in Nevada to set a password. The tank data is believed to have been stolen from the Pentagon or a U.S. Army official in a similar fashion. In both cases, the hacker said he had identified the vulnerabilities via Shodan, a search engine for “internet of things” devices.

“It’s incredibly rare for criminal hackers to try to sell military documents on an open market like this,” a spokesperson for Recorded Future said in an email. “Insikt Group notified the affected organizations who blocked access to the data, blocking the sale. However, it’s unclear if any the data was downloaded, copied or shared with others. While the course books aren’t classified material on their own, they could provide adversaries the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircraft.”

The General Atomics MQ-9 Reaper drone is used by all arms of the U.S. military along with the Central Intelligence Agency, Customs and Border Protection and foreign militaries, including Australia, the U.K., France, Germany and a range of others in both surveillance and hunter-killer operations. The M1-A Abrams tank is used by the U.S. Army and Marine Corps as well as the armies of Egypt, Kuwait, Saudi Arabia, Australia and Iraq.

“As current compromises have shown, even those who should be adept to common security hygiene practices are not immune to rudimentary attacks, resulting in incidents with dire consequences,” the full report said in its conclusion. “Although private industries have really stepped up their security efforts in recent years, investing heavily both in the infrastructure and workforce education, the government is consistently lagging behind when it comes to the security training of its employees and protection of state secrets.”

Photo: U.S. Air Force 

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU