Hackers like to promote cellphone numbers, passports, and different personally identifiable data on the deep net, however final month one individual was trying to make a fast buck off of some army upkeep manuals.
On June 1st, Recorded Future’s Insikt Group found somebody making an attempt to promote army paperwork on the deep and darkish net. The individual had just lately registered an account on a hacking discussion board and printed screenshots of what he had dug up. Via weeks of investigation, analysts had been capable of decide that the paperwork had been genuine and the hacker had obtained them by getting access to a Netgear router positioned on the Creech Air Power Base via a beforehand disclosed FTP vulnerability. In 2016, cybersecurity researchers discovered the same vulnerability in Netgear routers with distant information entry capabilities.
After efficiently getting access to the router, the hacker was capable of infiltrate a captain’s laptop and steal a cache of delicate paperwork. This included upkeep books and a listing of airmen assigned to the bottom’s Reaper upkeep unit. “Whereas such course books are usually not categorised supplies on their very own,” Recorded Future mentioned, “in unfriendly arms, they might present an adversary the flexibility to evaluate technical capabilities and weaknesses in some of the technologically superior aircrafts.”
The MQ-9 Reaper is a drone able to working each autonomously and remotely. It’s considered some of the superior and deadliest drones america has ever developed. The Pentagon, Division of Homeland Safety, CIA, and NASA all at the moment use the drones.
The captain whose laptop was hacked had simply accomplished a cyber security course in February and “ought to have been conscious of the required actions to forestall unauthorized entry,” Recorded Future mentioned.
After the Reaper doc leak, the hacker put one other set of army paperwork up on the market that gave the impression to be from both a US Military official or the Pentagon. These included over a dozen coaching manuals and survival manuals together with tank platoon ways.
Whereas speaking with the hacker, he instructed Recorded Future that he continuously “entertains” himself by watching reside streams of delicate footage from airplanes and border surveillance cameras. “The actor was even bragging about accessing footage from a MQ-1 Predator flying over Choctawhatchee Bay within the Gulf of Mexico,” the group mentioned. The hacker acted alone and had “average technical expertise,” however was capable of establish these safety vulnerabilities all through the course of every week, Recorded Future mentioned.
The army has but to find out the extent of the breaches, however shall be investigating the assault. “[This is a] disturbing preview of what a extra decided and arranged group with superior technical and monetary sources might obtain,” the group acknowledged.
Supply hyperlink – https://www.theverge.com/2018/7/10/17555982/hacker-caught-selling-stolen-air-force-drone-manual-dark-web