Sensitive Military Drone Docs Found for Sale on the Dark Web

Elias Hubbard
July 12, 2018

Security researchers from Recorded Future said that the stolen documents included technical details of the MQ-9 Reaper drone that has been used for unmanned surveillance missions for the military and border control.

The Pentagon reportedly thwarts tens of millions of digital attacks daily, ranging from what appear to be bored, amateurish hackers looking to cause trouble to advanced nation states hoping to pilfer classified secrets.

"Not only is it super low and super cheap, we've never seen documents of this magnitude being sold on the Dark Web", he says.

But there was no evidence the mystery hacker was tied to a foreign country or specifically was seeking to steal military documents, the firm told the Wall Street Journal. Especially when simple hacks leave the military vulnerable.

While the documents aren't confidential, they are still highly sensitive.

This story was updated at 9:46 a.m. Wednesday to reflect comment from the Air Force. He ulimately lowered his price.

"I expect about $150 or $200 for being classified information" he said, according to a transcript.

The analysts said they notified officials at the Department of Homeland Security (DHS) of their findings and that the hacker was ultimately blocked from selling of the documents. "He was attempting to get rid of it as soon as possible". Although they believe they have the hacker's name and country of origin, they haven't made that information public. As a result, they allegedly didn't download everything which was available until a buyer had been found.

The issue with Netgear routers using a set of default FTP credentials is known since 2016 when a security researcher raised the alarm about it. Netgear responded by putting up a support page with information on how users could change their routers' default FTP password.

The security analysts found that there were more than 4,000 routers around the world vulnerable to the same attack, even though the warning has been out for two years. "Another thing he [the hacker] was claiming to have access to was a broad range of live CCTV cameras, including those installed on surveillance planes and across the US-Mexico border and checkpoints, highways, and the drone that surveys the Gulf of Mexico", Barysevich says. "And many of them appear to be operated by government employees". The hacker used this FTP password to gain access to some of these routers, some of which were located in military facilities, he said.

It's hard to match the contents of the files with their owners, but that's not exactly the point.

"The fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information in a week's time is a disturbing preview of what a more determined and organized group with superior technical and financial resources could achieve", Andrei Barysevich, Recorded Future's director of advanced collection, said in a blog post.

"I've been personally investigating the dark web for nearly 15 years, and this is the first time I've uncovered documents of this nature", wrote Andrei Barysevich, director of advanced collection at Recorded Future, in his report.

Other reports by Click Lancashire

Discuss This Article