You can find all sorts of things for sale on the dark web: names, addresses and log-in credentials are common, but more sensitive information tends to be rare and expensive.
Insikt Group, part of security research firm Recorded Future, was surprised, then, to find a seller claiming to have ‘highly sensitive' information about the USA's MQ-9 Reaper military drone - for just $150.
Military documents tend to be one of those 'rare and expensive' propositions, so the offer could have been written off as a hoax. However, Insikt Group analysts confirmed the documents' validity after establishing contact, as well as learning how they were obtained.
The hacker told the analysts that s/he had exploited a known FTP vulnerability in Netgear routers. They used the Shodan search engine to scour the internet for high-profile vulnerable routers - of which there are still many, despite the flaw being exposed more than two years ago.
The attacker gained access to the computer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at a base in Nevada. Ironically, this individual had recently completed the Cyber Awareness Challenge, but had still failed to change the FTP password from its default setting.
Using the compromised router, the hacker was able to steal documents including Reaper maintenance course books and the list of airmen assigned to Reaper AMU. Although these aren't classified, they could still give an adversary an advantage in combat against the drone.
As well the Reaper manuals, the threat actor was also selling another set of military documents, apparently stolen from someone working at the Pentagon or in the US Army.
Insikt says that this second set included ‘more than a dozen various training manuals [describing] improvised explosive device defeat tactics; an M1 ABRAMS tank operation manual; a crewman training and survival manual; and tank platoon tactics'.
‘The fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information in a week's time is a disturbing preview of what a more determined and organised group with superior technical and financial resources could achieve', the Group said.
Freshly launched 11nm Qualcomm silicon will come with Adreno 612 GPU
Are pinning down the exact rate of expansion of the Hubble constant
RISC OS 5 to form the basis of RISC OS Open after Castle Technology sells to RISC OS Developments
A smartphone maker fiddling its benchmarking scores? That's unusual, isn't it?