At the beginning of last month, the darknet had its first in military data offering. In a bizarre sale of hacked military documents, a cyber-security monitoring network, Recorded Future, chanced on what could prove vulnerabilities in military devices. In a strange twist, the hacker offered the data for a measly $100 – $150.
The Inskit Group from Recorded Future monitors the deep web for illegal activities. A top researcher in the organization, Andrei Baryseevich, revealed when commenting on the matter that he has been watching the darknet for 15 years but has never come across such an offer. He says most of the data sold are income generating such as; social security numbers, bank information, usernames and passwords among others. The offer for hacked military data was unprecedented for him.
Inskit Group engaged a newly registered member on a hacker’s forum on the darknet for a week. The man had posted screenshots of the data of which the group was able to verify as authentic after several communications. He went on further to reveal how he acquired the data.
According to the man, he managed to hack into a captain’s computer where he acquired documents relating to UQ model of the MQ-9 Reaper drone. The drone is used for autonomous and remote controlled operations by US military agencies including; Homeland Security, the US Navy, US Customs, US Air Force, NASA, CIA and armies from other countries.
The data phished, detailed operations and maintenance of the MQ-9 drone and the list of authorized personnel who have rights to manage it. The hack targeted a computer belonging to a captain who heads the station for servicing Reaper drones at the Creek Air Force Base in Nevada.
The man who committed the action was all too willing to disclose his methods. He unsuspectingly revealed to the cyber security agents that he had found a vulnerability in a Netgear router servicing computers at the Nevada base. He employed simple hacking procedures through his computer. It is the simplicity of the hack that has had the cyber watchdog concerned.
More Military Data on Sale
Further engagements with the businessman revealed that he had more military data which he offered through the same platform on the deep web. The additional materials were training materials on how to neutralize explosive devices, how to operate an M1 Abrams tank and tactics of tank combat. The source of these later documents was unknown but suspected to have originated from either the US Military or the Pentagon.
The Netgear router vulnerability was discovered two years ago. The manufactures warned of it but to date, there are about 4,000 routers without proper upgrades. This was seen as a reluctance and lack of proactivity in the military. While the documents were not classified, it raised several concerns on the safety of military data. Keeping in mind that the man used rudimentary means to complete the hack, there are unsettling questions on how much of a sophisticated hack would really be required.
Similarly, the data was presented for trade on the deep web. If found in the wrong hands, enemies could use it to figure out the strengths and weaknesses of what is said to be one of the world’s most advanced aircraft technologies. This could have far reaching consequences.
The failure to upgrade the routers could be a mere case of negligence. Part of the documents acquired from the captain’s computer revealed that the captain had recently completed a training on Cyber Awareness Challenge. He, however, failed to set up a password for the FTP server which was hosting sensitive files.
The darknet revelation is not an isolated case. In mid-June, reports surfaced that there had been data theft in the Ministry of Internal Security. The Department of Homeland Security, however, refused to comment on the matter concerning insufficient protection of security devices, making them susceptible to hacks through normal internet connections.
Previously, there was a controversy concerning leaked military data from NSA staff. The leaks were published on wikileaks by Edward Snowden. Baryservich called for improvement on strategies towards ensuring the security of sensitive military data.
Meanwhile, investigations remain ongoing on the activities of the man. It is not clear whether he acted alone or on behalf of another country. It is however, more probable that he acted on his own. It is also not known if he just chanced on the router vulnerability or specifically targeted the military device.