Stolen Data on sale on the dark web is not a new thing. US defense agencies fare quite poorly when it comes to protecting data from exposure on the dark web. A report from late last year indicated that US defense agencies were more prone to being hacked than any other agency.
A recent report by a cybersecurity firm Recorded Future has exposed the details of how a hacker stole and attempted to sell US military files on the dark web. The drone is manufactured by General Atomics Aeronautical Systems, Inc., for the US military. The Reaper is an unmanned aerial vehicle used primarily by the U.S. Air Force to surveille and strike targets.
The discovery was made by Recorded Future’s Insikt group, a group of analysts who monitor criminal activities on the dark web. While carrying out their research, the analysts came across a hacker who unlike others who sold stolen credentials such as social security numbers, was actually selling U.S. military information. The hacker was offering the files for as low as $150.
The analysts maintained contact with the English speaking hacker to established trust. Afterward, the hacker disclosed that he stole the data from a captain stationed at the Creech Air Force Base in Nevada. According to the report, the hacker used a long-known vulnerability in Netgear routers. Netgear routers with default FTP authentication credentials are usually not updated and vulnerable to remote access. The vulnerability was made public in 2016 and mitigation measures were offered. However, most users did not update their routers.
The hacker used the Shodan search engine to search for vulnerable devices belonging to high-value personnel. The hacker was able to gain access to the computer of the captain mentioned above. On gaining access, the hacker stole course books on maintenance of the Reaper and a list of airmen assigned to the Reaper’s aircraft maintenance unit. Though not classified, the stolen data is believed to be very sensitive and could lead to the exposure of the capabilities and weaknesses of the Reaper drone to undesired parties.
The hacker had other data for sale that included tank platoon manuals and training documents on survival and improvised explosive devices. The source of these files was not disclosed. Access to this sort of information is restricted to U.S. government agencies and their contractors only.
The analysts disclosed the details of their research to authorities who in turn opened an investigation on the matter, to determine the damage caused by exposure of the files.
Most hackers carry out cyber-attacks on companies with a huge client base that offer a large number of targets. With access to client details, hackers can use phishing emails to lure their targets into disclosing personal information such as credit card details. Another effective technique used by hackers is social engineering, through which targets are tricked into disclosing information that the hacker needs. After stealing credentials, hackers turn to the darknet where they sell the information at throwaway prices.