H4CK3D. Oops. An anonymous hacker got their hands on some highly sensitive information about Reaper drones, more than 100 of which the U.S. military has used in overseas missions for the past decade. The hack was discovered by a group of threat researchers at cybercrime intelligence website Recorded Future in June while monitoring criminal activity on the dark web.
That wasn't all the hacker found. Shortly after getting ahold of the drone documents, the hacker found even more sensitive documents, from tank manuals to IED survival tactics. They then tried sell them on the dark web for as little as $150. $150???
Highly detailed information on how to defeat IEDs could help terrorist groups avoid and outwit the U.S. Army.
This isn't the first time somebody has gotten a hold of sensitive materials from the U.S. military. In February, Russian hackers got very close to stealing highly classified data through phishing attempts that targeted the personal Gmail accounts of defense contractors.
ROUTER VULNERABILITIES. The hacker exploited a common cybersecurity weakness involving Netgear routers that cybersecurity experts discovered in 2016. Netgear's (very popular) routers allow users to plug in data storage devices like USB sticks to access the data stored on those devices from pretty much anywhere with an internet connection. If users don't change the default login settings on these routers, it's really easy for hackers to access the same data.
And they can access an awful lot, much more than you might think. As SFGate points out:
"When people attempt to remotely access their data, they are prompted to enter a user name and password. If customers have not established their own unique log-ins, Netgear routers grant access without requiring a password at all."
All the hacker had to do was to search for the FTP (file transfer) addresses of exposed routers. According to Recorded Future, the documents were most likely taken from a U.S. Army staffer. Probably someone who forgot to change their password.
A DARK WEB MARKET. Hackers regularly uncover and share a ton of classified information on the dark web, but a lot of the time it's mostly for bragging rights. As Recorded Future points out, selling this kind of sensitive data on the open market is very rare. The hacker likely did it just to make a buck. Because why not make some money when you're going through the trouble (though the low price for such valuable information shows the hacker probably didn't know the true value of what they had found).
Creating a monetary incentive to steal sensitive information on the U.S. military could become dangerous pretty quickly. Especially when simple hacks leave the military vulnerable. All we can do is hope the computers at the Pentagon have solid malware protection.
READ MORE: Stolen U.S. Military Drone Documents Found for Sale on Dark Web, Researchers Say [Wall Street Journal]