Hacker sells stolen US drones documents in dark web

Share this…


You never know what you can expect to find in the dark web for sale

Just a few hours ago, some documents were released about someone selling remote access linked to security systems at a major international airport for $10.

As if that wasn’t enough security alerts, it was just known that a hacker was found selling confidential U.S. Air Force documents on the dark web for prices between $100 and $200.

Information security and secure data destruction specialists reported that today they discovered a hacker trying to sell secret documents about the MQ-9 Reaper drone, used in U.S. federal agencies, for just a few hundred dollars in a dark web forum last month.

Brought to the scene in 2001, the MQ-9 Reaper drone is currently used by the Air Force, the Navy, Customs and Border Protection, NASA, the CIA and the armies of several other countries, as reported by experts in secure data destruction from the International Institute of Cyber Security.

Information security analysts found this during their regular work of monitoring on dark web for criminal activities. They impersonated potential buyers and contacted the hacker before confirming the validity of the documents involved.

Use of FTP credentials predetermined

Secure data destruction experts discovered that the hacker managed to get the confidential documents by accessing a Netgear router located at the Creech Air Force Base that used the default FTP login settings to share files.

The authentication vulnerability on the Netgear routers that exploited the hacker to access the confidential military data was initially discovered two years ago, plus it is thought that more than 4K routers have not yet updated their firmware and are vulnerable to an attack on similar conditions.

After gaining access to the network, the hacker infiltrated a captain’s computer established at the Creech Air Force Base in Nevada, and stole a cache of confidential documents, including the drone’s maintenance instructions and a list of planes possibly connected to it.

Ironically, a certificate found in the data file reveals that the captain, whose system was compromised, recently completed the Cyber Awareness Challenge, but he omitted to set a new password for the FTP server that hosts confidential files.

It is still undetermined how spread the attack is.

The hacker interaction process allowed analysts to discover more leaked military information, including a large number of military documents from an unidentified officer, a M1 ABRAMS tank operation manual, and a training course for platoons, on sale by the same hacker.

Experts in secure data destruction discovered locating data from an individual possibly related to the group behind the attack.