New Report Warns “Sensitive” US Reaper Drone Data Leaked On Dark Web

Recorded Future’s Insikt Group, a team of veteran threat researchers that support intelligence analysts, engineers, and data scientists, uncovered a treasure trove of sensitive information involving the General Atomics MQ-9 Reaper drone and other military manuals that were stolen from a U.S. Air Force captain’s computer and listed for sale on the dark web.

Insikt analysts engaged the English-speaking hacker June 01, who claimed to have access to export-controlled documents, including technical details of the MQ-9 Reaper drone, deployment tactics for improvised explosive devices (IEDs), M1 ABRAMS tank operation manual, training and survival manual, and tank platoon tactics. The hacker even had a confidential list of airmen assigned to a Reaper Aircraft Maintenance Unit at Creech Air Force Base in Nevada.

The hacker listed the MQ-9 Reaper drone documents for only $150 to $200 on the dark web. The post shows aircraft schematics of the MQ-9 Reaper, which Insikt analysts confirmed the validity of the military documents.

“While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts,” said Andrei Barysevich, Recorded Future’s director of advanced collection.

Recorded Future said it is common to find personally identifiable information (PII), passwords, financial information, and even medical records for sale on the dark web. However, it is rare for hackers to steal and then attempt to sell military documents on an open market. Here is another report that was seized by the hacker:

Insikt analysts communicated with the hacker through the month of June to learn more about how exactly he/she received these sensitive documents. The hacker explained that he/she used Shodan to look for Netgear routers that use default FTP passwords.

The report notes that the US officials previously sent a public service warning urging citizens to change the default settings on their Netgear routers earlier this year, however, it seems the military did not get the memo.

After his Shodan search, the hacker told Insikt analysts that some of these vulnerable routers were located in military facilities that he/she then gained access using the FTP password.

The hacker also had another set of military documents for sale. It appears more than a dozen training manuals, including ones that describe improvised explosive device defeat tactics, an M1 ABRAMS tank operation manual, a crewman training and survival manual, and tank platoon tactics were up for grabs. This time the hacker did not disclose to Insikt analysts where the documents originated from. As with the previous military documents, none represent classified materials, although most can be distributed to U.S. government agencies and their contractors only.

The hacker told Insikt analysts that when he/she was bored — he/she watched sensitive live footage from border surveillance cameras, drones, and airplanes. The hacker even bragged about accessing live footage from an MQ-1 Predator flying over Choctawhatchee Bay in the Gulf of Mexico.

Screenshot of the aircraft video footage showcased by the hacker.

According to Recorded Future, US law enforcement is investigating the breach. The firm said its analysts have a “high degree of confidence” the hacker is from South America.

“The FBI does not confirm or deny the existence of investigations,” Lauren Hagee, an FBI spokeswoman, said in an email to CNN. The Air Force did not respond to requests for comment from CNN.

The hack is the latest in a series of military breaches, including a massive cyber breach that compromised the network of an unidentified Navy contractor that exposed 614 gigabytes of submarine missile secrets to China.

Chinese hackers allegedly stole large amounts of data related to undersea warfare, including top-secret programs to develop supersonic anti-ship missiles for submarines. The data breach occurred earlier this year as the investigation is still ongoing.

While the investigation is still ongoing in both breaches, it seems as the world’s greatest military [US Military] could have a data security problem. Let us hope that the record military spending in 2018 can plug the security gap before more hackers gain access to critical military knowledge.