You never know what you will find on the hidden Internet ‘Dark Web.’
It has been reported that a hacker was found selling sensitive US Air Force documents on the dark web for between $150 and $200.
Cybercrime tracker Recorded Future today reported that it discovered a hacker attempting to sell secret documents about the MQ-9 Reaper drone used across federal government agencies for only a few hundred dollars on a Dark Web forum last month.
First introduced in 2001, the MQ-9 Reaper drone is currently used by the U.S. Air Force, the U.S. Navy, U.S. Customs and Border Protection, NASA, the CIA, and the militaries of several other countries.
The tech intelligence’s Insikt Group analysts found the hacker during their regular monitoring of the dark web for criminal activities.
They posed as potential buyers and engaged the newly registered hacker before confirming the validity of the compromised documents.
Default FTP Credential Allowed Hacker to Steal Sensitive Data
Insikt Group analysts learned that the hacker managed to obtain the sensitive documents by gaining access to a Netgear router located at the Creech Air Force Base that was using the default FTP login settings for file sharing.
The authentication vulnerability in Netgear routers that hacker exploits to access the sensitive military data was initially discovered two years ago, and according to Recorded Future, more than 4,000 routers still haven’t updated their firmware, and are susceptible to attack.
After gaining access to the network, “the hacker first infiltrated the computer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada, and stole a cache of sensitive documents, including Reaper maintenance course books and the list of airmen assigned to Reaper AMU,” the researchers said.
Ironically, a certificate found in the data archive reveals that the captain, whose system was compromised, recently completed the Cyber Awareness Challenge, but he did not set a password for an FTP server hosting sensitive files.
The extent of the breaches has yet to be determined.
“The fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information in a week’s time is a disturbing preview of what a more determined and organized group with superior technical and financial resources could achieve,” the group said.
Further interactions with the hacker allowed the analysts to discover other leaked military information, including a large number of military documents from an unidentified officer, an M1 ABRAMS tank operation manual, and a tank platoon training course, up for sale from the same threat actor.
Researchers identified the name and country of residence of an individual associated with a group they believe to be responsible for the illicit sale of US military manuals.
Although the Insikt Group analysts have not identified the country responsible for the attack, they said the group is assisting “law enforcement in their investigation” of the trade in classified documents.