Last month, while tracking dark web marketplaces, threat intel team Insikt Group of the security firm Recorded Future discovered that someone was selling alleged US military documents. A hacker was asking for "$150 to $200" for non-classified yet sensitive materials on the US Air Force's Reaper drone, and posted an additional bundle of information on US Army vehicles and tactics for sale.
According to Insikt's report, the team verified the documents after contacting the hacker. They learned that the intruder used an FTP vulnerability in Netgear routers that's been known for two years to break into a computer at the Creech Air Force Base in Nevada. The hacker took documents about the MQ-9 Reaper drone, including maintenance course books and a list of airmen assigned to fly it. Again, those aren't classified documents, but they do provide insight to the unmanned aircraft.
The hacker put a separate bundle of sensitive information up for sale, which included an M1 Abrams battle tank maintenance manual, training materials and IED mitigation tactics. While security firm Recorded Future didn't ascertain where the intruder secured this cache, they surmised it was stolen from the Pentagon or a US Army official.
The hacker was able to access the Reaper documents through a computer whose FTP password hadn't been updated since its factory setting. It wasn't even the only flaw identified in Netgear's products that year, and it goes to show how a single unaddressed security weakness can be exposed to yield sensitive materials.
Update 5:30PM 7/12/18: Netgear reached out to confirm that they had already released a fix that patches the vulnerability. If your router is affected, the company released a statement:
NETGEAR has previously released a firmware that fixes this issue. We ensure that remote services are disabled by default, and passwords are required to be configured during device setup.
Details can be found on the firmware release notes articles # 29959, 29461, and 27635. Customers can be notified of the new firmware by checking the Router Update page, desktop, and mobile genie app. NETGEAR has also proactively notified our registered customers via email.