The news is disconcerting, the hackers may have obtained the documents related to the Reaper drone by hacking into at least two computers belonging to U.S. military personnel.
“Specifically, an English-speaking hacker claimed to have access to export-controlled documents pertaining to the MQ-9 Reaper unmanned aerial vehicle (UAV). Insikt analysts engaged the hacker and confirmed the validity of the compromised documents.” reads the analysis published by Recorded Future.
“Insikt Group identified the name and country of residence of an actor associated with a group we believe to be responsible.”
Experts from Recorded Future contacted the hacker that explained to them that had obtained the documents by exploiting a vulnerability in Netgear routers that was known since 2016.
The hacker used the Shodan search engine to discover vulnerable devices online and targeted them with the available exploit, evidently one of them gave the attacker the access to the precious documents.
The compromised Netgear router was located at Reaper station at the Creech Air Force Base in Nevada and it was simple for the hacker to compromise it.
The hacker stole Reaper maintenance course books and a list of airmen assigned to controlling the drone.
“Utilizing the above-mentioned method, the hacker first infiltrated the computer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada, and stole a cache of sensitive documents, including Reaper maintenance course books and the list of airmen assigned to Reaper AMU.” states Recorded Future.
“While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts.”
The hacker also offered for sale a dozen training manuals describing improvised explosive device defeat tactics, how to operate an M1 Abrams tank, a file on tank platoon tactics, and crewman training and survival manual.
Though Recorded Future couldn’t elicit the source of those docs from the hacker, the company said it appeared the files had been taken from a U.S. Army staffer.
The documents weren’t classified, but Recorded Future pointed out that their content was highly sensitive and could be abused by various threat actors, including terrorist organizations.
Recorder Future reported its discovery to the DHS in mid-June that started an internal investigation.
“We will not comment on documents that were allegedly stolen, and cannot verify.” a said a Department of Defense spokesperson.
If the source of the documents is confirmed, this incident raises the discussion about the lack of security on military personnel computers.
“Maybe government agencies should start looking into their own policies,” concludes Recorded Future researcher Andrei Bareseyvich. “Right now it seems to be a bigger problem than we had anticipated.”
(Security Affairs – Bancor exchange, security breach)