A hacker is selling stolen U.S. military drone documents on the dark web for as little as $150, a cybersecurity firm has revealed.
The documents, which include sensitive data on the MQ-9 Reaper unmanned aerial vehicle, surfaced last month on an underground hacker forum.
“It is not uncommon to uncover sensitive data like personally identifiable information (PII), login credentials, financial information, and medical records being offered for sale on the dark web,” writes Andrei Barysevich, director of advanced collection at Recorded Future. “However, it is incredibly rare for criminal hackers to steal and then attempt to sell military documents on an open market.”
Barysevich says analysts with Recorded Future posed as potential customers and learned the hacker had used Shodan, a search engine that finds devices connected to the internet, to look for routers with a known vulnerability.
The search led the hacker to the computer of an Air Force captain assigned to the 432d Aircraft Maintenance Squadron at Nevada’s Creech Air Force.
The hacker was able to obtain “Reaper maintenance course books and the list of airmen assigned to Reaper AMU” due to the captain’s failure to change his router’s default FTP password.
Recorded Future also notes the captain had just completed a “Cyber Awareness Challenge” that would have made him knowledgeable on such vulnerabilities.
“Despite it being two years since the vulnerability was first acknowledged, the problem remains widespread,” Barysevich said. “During our recent research, Recorded Future identified more than 4,000 routers susceptible to the attack.”
Aside from the drone documents, the hacker also advertised more than a dozen military training manuals on topics including “improvised explosive device defeat tactics” and the M1 ABRAMS tank.
“While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircraft,” said Barysevich.
The hacker also claimed to be monitoring the live feeds of border surveillance cameras and airplanes on the southern U.S. border during his downtime, providing pictures to Recorded Future of alleged aircraft footage.
Although none of the documents obtained by the hacker are classified, Barysevich says the open sale of such content is incredibly rare.
“I’ve been personally investigating the dark web for almost 15 years, and this is the first time I’ve uncovered documents of this nature,” Barysevich said.
While such sensitive data would normally be the target of nation-state hackers, the sale itself, as well as the low asking price, suggests the hacker is merely seeking financial benefit.
The Air Force confirmed knowledge of the report Wednesday and said it was looking into the matter.
“We’re aware of the reporting and there is an investigation into the incident,” a spokeswoman said.