Hacker Selling US Military Secrets On Dark Web

Highly sensitive US military data is being offered for sale online, after a hacker exploited certain Netgear routers located in ‘military facilities’.

This was the revelation from US threat intelligence firm Recorded Future, which discovered the documents for sale on the dark web whilst it was “monitoring criminal activity on deep and dark web forums and marketplaces.”

It said that the documents had been stolen because military IT departments had not changed the default FTP password on certain Netgear routers.

Netgear R7000

Military secrets

Among the military documents stolen by the hacker, include maintenance course books for servicing MQ-9 Reaper drones, and various training manuals describing deployment tactics for improvised explosive devices (IED)s.

Also for sale are an M1 ABRAMS tank operation manual, a crewman training and survival manual, and a document detailing tank platoon tactics.

And to rub salt in the wound, the hacker is asking between $150 and $200 for the lot, far less than usual for such sensitive data.

“On June 1, 2018, while monitoring criminal actor activities on the deep and dark web, Recorded Future’s Insikt Group identified an attempted sale of what we believe to be highly sensitive US Air Force documents,” blogged the firm. “Specifically, an English-speaking hacker claimed to have access to export-controlled documents pertaining to the MQ-9 Reaper unmanned aerial vehicle (UAV).

According to Recorded Future, it engaged with the hacker and “confirmed the validity of the compromised documents.”

The hacker also acknowledged another breach involving a large number of military documents from an unidentified officer. Those documents contained a second dataset including the M1 Abrams maintenance manual, a tank platoon training course, a crew survival course, and documentation on improvised explosive device (IED) mitigation tactics.

Default passwords

Insikt Group analysts then apparently learned that the hacker used a widely known tactic of gaining access to vulnerable Netgear routers with improperly setup FTP login credentials.

Essentially, the hacker used Shodan, a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. Using this search engine the hacker tracked down specific types of Netgear routers that use a known default FTP password.

The hacker used this FTP password to gain access to some of these routers, some of which were apparently located in military facilities.

One such military facility was the 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada.

The issue concerning Netgear routers using a set of default FTP credentials has been known since 2016 when a security researcher raised the alarm about it.

And in 2017 as many as 31 Netgear routers were found to be subject to a vulnerability that could give an attacker access to the system and the management panel – and potentially set up a botnet.

Security researcher Simon Kenin at Trustwave discovered two separate flaws when he wanted to reset his own router but had forgotten the password to the web panel

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Craig Wright Sentenced For Contempt Of Court

Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…

2 days ago

El Salvador To Sell Or Discontinue Bitcoin Wallet, After IMF Deal

Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…

2 days ago

UK’s ICO Labels Google ‘Irresponsible’ For Tracking Change

Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…

2 days ago

EU Publishes iOS Interoperability Plans

European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…

3 days ago

Momeni Convicted In Bob Lee Murder

San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…

3 days ago