Hacker Steals Military Docs Because Someone Didn't Change a Default FTP Password

Blanche Robertson
July 12, 2018

Routers are also prized targets because they allow access to web activity, passwords and, potentially, top secret documents.

Cyber-security company Recorded Future said some of the data had been stolen from a US Air Force captain's computer.

Documents that could give an enemy clues into the potential weaknesses of the Pentagon's MQ-9 Reaper drone purportedly have been up for sale on the Internet, a cybersecurity research firm says, amid concerns about whether the USA military is doing enough to protect its data.

During the course of interacting with Insikt Group analysts, the hacker claimed that he spent his down time watching live video footage from US Customs and Border Patrol drones as well as other aircraft and ground-based surveillance cameras. Maintenance manuals and a list of airmen who were assigned to work on repairs were allegedly being sold among a cache of classified data.

The information was exposed after two members of the USA military connected to the internet through Netgear routers that still used the default log-in settings for file sharing.

The security analysts found that there were more than 4,000 routers around the world vulnerable to the same attack, even though the warning has been out for two years.

The security firm, which has reported its findings to United States authorities, said it had engaged with the hacker online and found he had used a program to search for Netgear routers that use a known default File Transfer Protocol (FTP) password.

"The same manual which cost decades to compile, to learn, all of the knowledge we have learned was now for sale", Barysevich said.

One of the files exposed was a certificate saying the captain had successfully completed cybersecurity training.

Papa John's founder reportedly used racial slur during conference call
Papa John's pizza founder John Schnatter has had a long history of running his mouth off and it has finally caught up to him. August 1, 2017. "Our company was built on a foundation of mutual respect and acceptance", the statement said.

Later, the hacker also tried to sell additional military files - including a tank platoon training course and documents on tactics to mitigate improvised explosive devices, or IEDs - though it is unclear where those files originated.

A senior researcher at Recorded Future, the cybersecurity firm that found the documents for sale, told the Wall Street Journal that the success of an apparent amateur raises concerns about what more-sophisticated hackers could be stealing from the military.

The company said it was cooperating with law enforcement's investigation of the data breach. These included potential images from drones and technical documents for other military equipment.

USA officials are now investigating the incident as a result of the reporting, an Air Force spokesman told The Hill.

Instead, he relied on screenshots and shared them with the analysts, who say they believe he was still unable to find a buyer.

The incident is the latest case of insecure routers leading to security vulnerabilities.

The hacker had used Shodan, a search engine for connected devices, to look for routers that were still vulnerable to attacks, Recorded Future said.

Once a device has been located it can be accessed remotely and the File Transfer Protocol system could be accessed using the username "admin" and password "password".

Recorded Future suspects the hacker could be from South America, as the person communicated in broken English and sometimes in Spanish. This is down from 6,000 when the problem was first reported in 2016.

Other reports by

Discuss This Article