Hacker Sold Stolen U.S. Military Machine Drone Documents On Night Spider Web For Merely $200

You never know what you lot volition discovery on the hidden Internet 'Dark Web.'

Just close an lx minutes agone nosotros reported close mortal selling remote access linked to safety systems at a major International aerodrome for $10.

It has been reported that a hacker was constitute selling sensitive USA Air Force documents on the nighttime spider web for betwixt $150 too $200.

Cybercrime tracker Recorded Future today reported that it discovered a hacker attempting to sell cloak-and-dagger documents close the MQ-9 Reaper drone used across federal authorities agencies for solely a few hundred dollars on a Dark Web forum final month.

First introduced inwards 2001, the MQ-9 Reaper drone is currently used past times the U.S. Air Force, the U.S. Navy, U.S. Customs too Border Protection, NASA, the CIA, too the militaries of several other countries.

The tech intelligence's Insikt Group analysts constitute the hacker during their regular monitoring of the nighttime spider web for criminal activities. They posed every bit potential buyers too engaged the newly registered hacker earlier confirming the validity of the compromised documents.

Default FTP Credential Allowed Hacker to Steal Sensitive Data

Insikt Group analysts learned that the hacker managed to obtain the sensitive documents past times gaining access to a Netgear router located at the Creech Air Force Base that was using the default FTP login settings for file sharing.

The authentication vulnerability inwards Netgear routers that hacker exploits to access the sensitive state of war machine information was initially discovered 2 years ago, too according to Recorded Future, to a greater extent than than 4,000 routers nevertheless haven't updated their firmware, too are susceptible to attack.

After gaining access to the network, "the hacker start infiltrated the figurer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB inwards Nevada, too stole a cache of sensitive documents, including Reaper maintenance course of study books too the listing of airmen assigned to Reaper AMU," the researchers said.

Ironically, a certificate constitute inwards the information archive reveals that the captain, whose organization was compromised, of late completed the Cyber Awareness Challenge, only he did non gear upwardly a password for an FTP server hosting sensitive files.

The extent of the breaches has yet to survive determined.

"The fact that a unmarried hacker amongst moderate technical skills was able to position several vulnerable state of war machine targets too exfiltrate highly sensitive information inwards a week’s fourth dimension is a disturbing preview of what a to a greater extent than determined too organized grouping amongst superior technical too fiscal resources could achieve," the grouping said.

Further interactions amongst the hacker allowed the analysts to discovery other leaked state of war machine information, including a large release of state of war machine documents from an unidentified officer, an M1 ABRAMS tank functioning manual, too a tank platoon preparation course, upwardly for sale from the same threat actor.

Researchers identified the advert too province of residence of an private associated amongst a grouping they believe to survive responsible for the illicit sale of USA state of war machine manuals.

Although the Insikt Group analysts accept non identified the province responsible for the attack, they said the grouping is assisting "law enforcement inwards their investigation" of the merchandise inwards classified documents.