An unidentified hacker obtained and attempted to sell military drone files on the dark web.
The hacker used a search engine to identify vulnerable devices on the internet, and came across a computer belonging to an Air Force captain at Creech Air Force Base in Nevada, The Hill reported this week.
He obtained sensitive documents from the computer, consisting of manuals for the MQ-9 Reaper military drone, the Abrams tank, and other training materials and documents. He then placed the documents online for the price of $150.
Cybersecurity and threat intelligence group Recorded Future discovered online advertisements for the manuals, along with a list of personnel on the drone maintenance unit and other sensitive information.
Upon contacting the hacker, he admitted retrieving the documents from the Air Force captain’s computer due to unsecured file transfer protocol settings on his Netgear router.
A report by Recorded Future said: “While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts.”
The MQ-9 Reaper, described as a “hunter-killer,” is considered one of the most advanced and deadly pieces of military technology released in the past two decades. It is used by military branches in the U.S. and other nations, along with other agencies such as the CIA and NASA.
While the documents were not considered classified, they are described as “highly sensitive.” It could provide insight to an enemy on the abilities and weaknesses of the drone.
Default FTP Credential Allowed Hacker to Steal Sensitive Data pic.twitter.com/1q4Ey5D8it
— The Hacker News (@TheHackersNews) July 11, 2018
“It is not uncommon to uncover sensitive data like personally identifiable information (PII), login credentials, financial information, and medical records being offered for sale on the dark web. However, it is incredibly rare for criminal hackers to steal and then attempt to sell military documents on an open market,” the report said.
The hacker was also found attempting to sell other military documents, such as a tank platoon training course and a guide on mitigating IEDs. He did not obtain those from the Air Force captain’s computer.
Researchers communicated with the hacker, who spoke English, and verified that the documents were real. The hacker then revealed information about the tactics he used to retrieve the documents.
Director of advanced collection at Record Future – and author of the report – Andrei Barysevich said the hacker is believed to be a member of a South American hacking group, but declined to give further details.
“Right now, the investigation is still ongoing,” he said.
The Air Force is also investigating the incident.