Military Documents Stolen Because Someone Forgot to Update the Router Password

16

Photo: Getty

You too can have better cybersecurity than the U.S. military just by properly setting up your router.

Research analysts have discovered what they believe to be sensitive documents relating to the Pentagon’s drone, tank, and tactical programs for sale on the dark web. The manuals were obtained through a common exploit that could have been avoided with a simple password update, according to the researchers.

Cybersecurity firm Recorded Future reported its findings on Tuesday in a blog post outlining its discovery process. While monitoring hacking forums on the dark web, the firm’s analysts came across an English-speaking hacker who was offering documentation related to the MQ-9 Reaper drone—the military’s preferred unmanned aircraft for offensive missions. The documents included Reaper maintenance course books and the list of airmen assigned to Reaper AMU.

The analysts made contact with the person offering the documents and found someone who was either careless or inexperienced. The seller told the researchers that they had discovered the documents through a popular search engine for internet-connected devices, Shodan, to locate routers that don’t have the proper configuration set up. They asked for $150-$200 due to the documents “being classified information.” According to Record Future, they aren’t classified but are only available internally for the use of the military and contractors. Still, they could offer adversaries an opportunity to “assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts,” the researchers wrote. Speaking with BuzzFeed News, one of the analysts, Andrei Barysevich, explained that the price was unusually low: “We felt like he has no true understanding of the value of this information, he had no idea how to sell it, he was just trying to get rid of it.”

The same seller later advertised another cache of documents that included “more than a dozen various training manuals [that] describe improvised explosive device defeat tactics, an M1 ABRAMS tank operation manual, a crewman training and survival manual, and tank platoon tactics,” Recorded Future wrote. Once again, these were not believed to be classified materials but most were said to only be available to the military and its contractors.

Recorded Future got in contact with authorities and continues to work with them on the case. In the first instance, involving the documents related to drones, the hacker told analysts exactly which captain of an aircraft maintenance squadron was the target. The victim was not identified publicly, but a redacted copy of a certificate acknowledging the captain’s recent completion of a “Cyber Awareness Challenge” is included in the report. The source of the second document dump was not identified, but analysts say, “they appear to be stolen from the Pentagon or from a U.S. Army official.”

Barysevich told Buzzfeed that, “the exposure could be much bigger than these documents being stolen.” That’s because they were obtained by exploiting a vulnerability in Netgear routers that the company warned about in 2016. By default, the routers are susceptible to malicious attacks and need to be updated with a user-created password. Recorded Future found over 4,000 devices internet-connected devices that are still vulnerable in its latest scan. If you’re using a Netgear router, you can find step-by-step instructions for protecting yourself here.

[Recorded Future via BuzzFeed]