The hidden side of the Internet called the Dark Web can always surprise you because you never know what you will find there. So if you want to get some secret information, the Dark Web is the right place to go. For instance, someone is selling access to a major Airport’s Security System for just ten dollars. It has been reported that sensitive U. S. Air Force documents are available on the dark web for up to $200.
According to Recorded Future, an English-speaking cybercriminal was trying to sell secret documents about MQ-9 Reaper drone, which was used across federal government institutions, for only a couple of hundred dollars.
The MQ-9 Reaper drone was first launched in 2001. Today the drone is used by the U.S. Customs and Border Protection, U.S. Air Force-Navy, NASA, Central Intelligence Agency, as well as militaries operating in other countries.
Recorded Future’s Insikt Group was able to identify the hacker during their monitoring of the hidden Internet. The newly registered hacker claimed to have access to the compromised sensitive documents.
Insikt Group analysts learned that the attacker used a widely known tactic of gaining access to vulnerable Netgear routers with improperly setup FTP login credentials.
The default FTP credentials were used
The hacker gained access to a Netgear router which is located at the Creech Air Force Base by applying the default FTP credentials.
The bug in Netgear routers, which was exploited by the cybercriminal was originally identified two years ago. However, over four thousand routers still have not been patched or updated. Thus, they are still vulnerable to cyber attacks.
According to the researchers, “the hacker first infiltrated the computer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada, and stole a cache of sensitive documents, including Reaper maintenance course books and the list of airmen assigned to Reaper AMU.”
It is worth mentioning that the data archive reveals that the captain who was responsible for the compromised system did not protect the FTP server hosting files with the password, even though he had recently completed the Cyber Awareness Challenge.
The military response teams will determine the exact ramifications of both breaches. However, the fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information in a week’s time is a disturbing preview of what a more determined and organized group with superior technical and financial resources could achieve.
What is more, the hacker was able to leak other sensitive military information, such as an M1 ABRAMS tank operation manual, a tank platoon training course and a huge volume of other military documents. These documents were also on sale at the Dark Web from the same hacker.
Insikt Group was able to identify the country of residence of the hacker and even his name. However, the country which is actually responsible for the attack is unknown.