A hacker is creating havoc by selling highly-sensitive documents about a U.S. military drone on the dark web. The documents were stolen from a captain in the Air Force, according to researchers from cybersecurity firm Recorded Future.
On June 1, an English-speaking hacker, who is part of a larger group of criminals based in South America, began advertising access to export-controlled documents pertaining to the MQ-9 Reaper unmanned aerial vehicle (UAV), a researcher said.
The hacker stole a group of sensitive documents from a computer used by a captain at the 432nd Aircraft Maintenance Squadron, stationed at the Creech Air Force Base in Nevada. He or she took advantage of a vulnerability in the base’s Netgear router. The documents included Reaper maintenance course books and a list of airmen assigned to a Reaper maintenance unit.
The hacker advertised them on a dark web marketplace for as little as $150 worth of bitcoin.
The documents were not classified, but their exposure is still a major security concern, said researcher Andrei Barysevich. He added it was “incredibly rare” for hackers to attempt to sell such documents on the open market.
If these documents fell into the wrong hands, it could give U.S. enemies a tactical advantage, and the leak also reveals significant vulnerabilities in the U.S. military’s cybersecurity policies, the researchers said.
“The fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information in a week’s time is a disturbing preview of what a more determined and organized group with superior technical and financial resources could achieve,” Barysevich said.
The Reaper is regarded as one of the most lethal pieces of military technology deployed in the past two decades. It is sophisticated enough to read a license plate number from two miles away and carries both laser-guided bombs and air-to-ground missiles.
The Air Force has not responded to a request for comment about the breach,
Barysevich said he had identified the name and country of residence of the hacker, and the group he believes to be responsible. He is assisting in the ongoing investigation.
The officer could have averted the hack by simply setting up the login credentials for the router properly to begin with, according to Barysevich.
The researcher added that the hacker also admitted to stealing another grouping of military documents. Those documents featured more than a dozen various training manuals describing improvised explosive device defeat tactics, an M1 Abrams tank operation manual, a crewman training and survival manual, and tank platoon tactics.
The researchers were not able to identify where these documents were stolen from but said they “appear to be stolen from the Pentagon or from a U.S. Army official.”