The dark web drug trade might have depleted in recent months, but all manner of other black market trades continue to thrive in the underbelly of the internet. On Wednesday, researchers at cybercrime tracker Recorded Future reported that a hacker was trying to flog documents about the Reaper drone used across federal government agencies for between $150 and $200. It appeared they'd successfully hacked into at least two computers belonging to U.S. military personnel and the theft could have a significant impact on American campaigns abroad, Recorded Future warned.
The company spoke directly with the hacker, learning the documents had been obtained by using a previously-disclosed vulnerability in Netgear routers. Using the Shodan search engine, the attacker found a large number of vulnerable devices and was able to retrieve a number of documents by targeting all of them, Recorded Future reported, having spoken with the doc dealer directly.
Through this scattershot approach, the hacker obtained access to the computer of a captain at a Reaper station at the Creech Air Force Base in Nevada. They then stole Reaper maintenance course books and a list of airmen assigned to controlling the drone. Such texts aren’t classified but could be used “to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts,” Recorded Future said.
More documents were later put up for sale from the same hacker, including more than a dozen training manuals describing how to defeat improvised explosive devices, how to operate an M1 Abrams tank and a file on tank platoon tactics. Though Recorded Future couldn’t elicit the source of those docs from the hacker, the company said it appeared the files had been taken from a U.S. Army staffer.
Recorded Future researcher Andrei Bareseyvich said that whilst the stolen documents weren’t classified, they were still highly sensitive. “The same docs on defeating IEDs could’ve been sold to terrorist groups around the world and now they’d be able to learn how to trick the U.S. Army and to learn what methods what they use,” he told Forbes.
The theft was reported to DHS in mid-June, Bareseyvich said. He claimed the agency “considered this very alarming,” but didn’t know the state of the government’s investigation into the matter. The DHS declined to comment, referring Forbes to the Pentagon.
A Department of Defense spokesperson said: “We will not comment on documents that were allegedly stolen, and cannot verify.”
Lax military security
Of real concern to Bareseyvich was the apparent lack of security on military personnel computers, which had apparently been left open on the web, allowing any attacker easy access.
“We know it was super easy to accomplish,” said Bareseyvich. “It begs another question if they were using personal computers to access sensitive military documents, well maybe this is a bigger problem.” He pointed to recent leaks from staff at the NSA, whether back when Edward Snowden walked out with a massive data cache or the more recent theft of cyberweapons by the so-called Shadow Brokers. The CIA has had its problems with leaks of sensitive code in recent months too, when Wikileaks obtained a batch of files describing its digital arsenal.
“Maybe government agencies should start looking into their own policies,” Bareseyvich added. “Right now it seems to be a bigger problem than we had anticipated.”
