[HACKING] Steal of military documents following a default FTP password unchanged

     The American security company “Recorded Future” discovered that a hacker had put confidential military documents on sale on an online forum for a hundred dollars each. This unclassified but sensitive information generally concerns technical data sheets (strengths and weaknesses) on UAVs and aircraft. You can find books for the maintenance of the Reaper MQ-9 drones, one of the most advanced drones used by the US Air Force, the CIA or NASA. Also training manuals on commentary deployment tactics for improvised explosive devices (IEDs), and an ABRAMS M1 tank user manual.

To track Netgear Nighthawk R7000 routers, the hacker simply acted using Shodan to get a vulnerable device list. With this password, he was able to access some of these routers located in military installations. He also had access to specific aircraft locations such as the 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at Creech AFB in Nevada. The pirate also boasted information and images of an MQ-1 Predator flying over Choctawhatchee Bay in the Gulf of Mexico. Since 2016, vulnerabilities have been reported since 2016 by researchers on these Netgear routers. In response, Netgear has set up a support page to change the default password in the user manual in the section on personal FTP servers adding, “that a simple change of password will protect against this potential vulnerability“.

Military data is often subject to cyber attacks because of its level of confidentiality and the security issues it represents. Although the data is confidential and unclassified, all this information is available on the darknet and is within reach of anyone. This strategic information offers any adversary to become aware of the technical capabilities and weaknesses of aircraft. The military base’s IT teams by adopting better security practices, changing the router’s default FTP credentials, could have avoided this incident.