Hackers love to sell phone numbers, passports, and other personally identifiable information on the deep web, but last month one person was looking to make a quick buck off of a few military maintenance manuals.
On June 1st, Recorded Future’s Insikt Group discovered someone attempting to sell military documents on the deep and dark web. The person had recently registered an account on a hacking forum and published screenshots of what he had dug up. Through weeks of investigation, analysts were able to determine that the documents were authentic and the hacker had obtained them by gaining access to a Netgear router located at the Creech Air Force Base through a previously disclosed FTP vulnerability. In 2016, cybersecurity researchers found a similar vulnerability in Netgear routers with remote data access capabilities.
After successfully gaining access to the router, the hacker was able to infiltrate a captain’s computer and steal a cache of sensitive documents. This included maintenance books and a list of airmen assigned to the base’s Reaper maintenance unit. “While such course books are not classified materials on their own,” Recorded Future said, “in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts.”
The MQ-9 Reaper is a drone capable of operating both autonomously and remotely. It’s regarded as one of the most advanced and deadliest drones the United States has ever developed. The Pentagon, Department of Homeland Security, CIA, and NASA all currently use the drones.
The captain whose computer was hacked had just completed a cyber safety course in February and “should have been aware of the required actions to prevent unauthorized access,” Recorded Future said.
After the Reaper document leak, the hacker put another set of military documents up for sale that appeared to be from either a US Army official or the Pentagon. These included over a dozen training manuals and survival manuals along with tank platoon tactics.
While communicating with the hacker, he told Recorded Future that he frequently “entertains” himself by watching live streams of sensitive footage from airplanes and border surveillance cameras. “The actor was even bragging about accessing footage from a MQ-1 Predator flying over Choctawhatchee Bay in the Gulf of Mexico,” the group said. The hacker acted alone and had “moderate technical skills,” but was able to identify these security vulnerabilities throughout the course of a week, Recorded Future said.
The military has yet to determine the extent of the breaches, but will be investigating the attack. “[This is a] disturbing preview of what a more determined and organized group with superior technical and financial resources could achieve,” the group stated.