Hacker Selling US Military Secrets On Dark Web

Highly sensitive US military data is being offered for sale online, after a hacker exploited certain Netgear routers located in ‘military facilities’.

This was the revelation from US threat intelligence firm Recorded Future, which discovered the documents for sale on the dark web whilst it was “monitoring criminal activity on deep and dark web forums and marketplaces.”

It said that the documents had been stolen because military IT departments had not changed the default FTP password on certain Netgear routers.

Netgear R7000

Military secrets

Among the military documents stolen by the hacker, include maintenance course books for servicing MQ-9 Reaper drones, and various training manuals describing deployment tactics for improvised explosive devices (IED)s.

Also for sale are an M1 ABRAMS tank operation manual, a crewman training and survival manual, and a document detailing tank platoon tactics.

And to rub salt in the wound, the hacker is asking between $150 and $200 for the lot, far less than usual for such sensitive data.

“On June 1, 2018, while monitoring criminal actor activities on the deep and dark web, Recorded Future’s Insikt Group identified an attempted sale of what we believe to be highly sensitive US Air Force documents,” blogged the firm. “Specifically, an English-speaking hacker claimed to have access to export-controlled documents pertaining to the MQ-9 Reaper unmanned aerial vehicle (UAV).

According to Recorded Future, it engaged with the hacker and “confirmed the validity of the compromised documents.”

The hacker also acknowledged another breach involving a large number of military documents from an unidentified officer. Those documents contained a second dataset including the M1 Abrams maintenance manual, a tank platoon training course, a crew survival course, and documentation on improvised explosive device (IED) mitigation tactics.

Default passwords

Insikt Group analysts then apparently learned that the hacker used a widely known tactic of gaining access to vulnerable Netgear routers with improperly setup FTP login credentials.

Essentially, the hacker used Shodan, a search engine that lets the user find specific types of computers (webcams, routers, servers, etc.) connected to the internet using a variety of filters. Using this search engine the hacker tracked down specific types of Netgear routers that use a known default FTP password.

The hacker used this FTP password to gain access to some of these routers, some of which were apparently located in military facilities.

One such military facility was the 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada.

The issue concerning Netgear routers using a set of default FTP credentials has been known since 2016 when a security researcher raised the alarm about it.

And in 2017 as many as 31 Netgear routers were found to be subject to a vulnerability that could give an attacker access to the system and the management panel – and potentially set up a botnet.

Security researcher Simon Kenin at Trustwave discovered two separate flaws when he wanted to reset his own router but had forgotten the password to the web panel

Do you know all about security? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Upcoming Honor Smartphones To Feature Google AI Tech

Honor will include Google AI features in upcoming devices, despite geopolitical tensions between Washington and…

27 mins ago

Amazon To Refresh Alexa With AI, Charge Monthly Subscription – Report

Alexa voice assistant to be upgraded with AI capabilities, and users charged a monthly fee…

1 hour ago

Electric Vehicles Twice As Likely To Hit Pedestrians – Study

Study analysed UK road collisions, finds pedestrians twice as likely to be hit by an…

3 hours ago

EU Countries Endorse AI Act, Due Next Month

European countries have officially endorsed the flagship EU AI Act, which is due to come…

5 hours ago

SpaceX Demos First Video Call Of T-Mobile’s Direct To Cell Service

Video call made from one smartphone connected to Starlink satellite, to another phone connected to…

7 hours ago

AI Safety Summit 2024: Tech Firms Agree AI Safety Pledges

Second AI Safety Summit sees major players in the AI space pledge to develop the…

24 hours ago