Latest in Internet

Image credit: Omar Sobhani / Reuters

US military drone documents are selling for $150 on the dark web (updated)

Info on the Air Force's Reaper UAV is on sale, along with other sensitive documents.
480 Shares
Share
Tweet
Share
Save

Sponsored Links

Omar Sobhani / Reuters

Last month, while tracking dark web marketplaces, threat intel team Insikt Group of the security firm Recorded Future discovered that someone was selling alleged US military documents. A hacker was asking for "$150 to $200" for non-classified yet sensitive materials on the US Air Force's Reaper drone, and posted an additional bundle of information on US Army vehicles and tactics for sale.

According to Insikt's report, the team verified the documents after contacting the hacker. They learned that the intruder used an FTP vulnerability in Netgear routers that's been known for two years to break into a computer at the Creech Air Force Base in Nevada. The hacker took documents about the MQ-9 Reaper drone, including maintenance course books and a list of airmen assigned to fly it. Again, those aren't classified documents, but they do provide insight to the unmanned aircraft.

The hacker put a separate bundle of sensitive information up for sale, which included an M1 Abrams battle tank maintenance manual, training materials and IED mitigation tactics. While security firm Recorded Future didn't ascertain where the intruder secured this cache, they surmised it was stolen from the Pentagon or a US Army official.

The hacker was able to access the Reaper documents through a computer whose FTP password hadn't been updated since its factory setting. It wasn't even the only flaw identified in Netgear's products that year, and it goes to show how a single unaddressed security weakness can be exposed to yield sensitive materials.

Update 5:30PM 7/12/18: Netgear reached out to confirm that they had already released a fix that patches the vulnerability. If your router is affected, the company released a statement:

NETGEAR has previously released a firmware that fixes this issue. We ensure that remote services are disabled by default, and passwords are required to be configured during device setup.

Details can be found on the firmware release notes articles # 29959, 29461, and 27635. Customers can be notified of the new firmware by checking the Router Update page, desktop, and mobile genie app. NETGEAR has also proactively notified our registered customers via email.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
480 Shares
Share
Tweet
Share
Save

Popular on Engadget

The 2019 Engadget Holiday Gift Guide

The 2019 Engadget Holiday Gift Guide

View
YouTube's Rewind 2019 video learns from last year's mistakes

YouTube's Rewind 2019 video learns from last year's mistakes

View
Apple may ditch the Lightning port on a 2021 iPhone

Apple may ditch the Lightning port on a 2021 iPhone

View
Google's powerful Recorder app now works on older Pixel phones

Google's powerful Recorder app now works on older Pixel phones

View
Are the Radeon RX 5700 and 5700 XT ideal GPUs for your gaming PC?

Are the Radeon RX 5700 and 5700 XT ideal GPUs for your gaming PC?

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr