Game of Drones: Hacker stole sensitive documents to MQ 9B Reaper drone and sell in a dark web marketplace
The hacker stole the cache of sensitive documents from a computer used by a captain at the 432nd Aircraft Maintenance Squadron, stationed at the Creech Air Force Base in Nevada , by taking advantage of vulnerability in the base’s Netgear router. The documents included Reaper maintenance course books and a list of airmen assigned to a Reaper maintenance unit. He then advertised them on a dark web marketplace for as little as $150 worth of bitcoin. Though the documents were not classified, their exposure is still a major security concern, said researcher Andrei Barysevich, who added it was “incredibly rare” for hackers to attempt to sell such documents on the open market. If they fell into the wrong hands, for example, it could give U.S. enemies a tactical advantage, and the leak also reveals significant vulnerabilities in the U.S. military’s cybersecurity policies, the researchers said.
“The fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information in a week’s time is a disturbing preview of what a more determined and organized group with superior technical and financial resources could achieve,” Barysevich said. The Reaper, regarded as one of the most lethal pieces of military technology deployed in the past two decades, is sophisticated enough to read a license plate number from two miles away and carries both laser-guided bombs and air-to-ground missiles. The Air Force did not respond to a request for comment about the breach, but a law enforcement investigation is ongoing according to Recorded Future’s report. The breach will be a worry for the Air Force at a time when the threat of cyberattack from a variety of actors is at an unprecedented level. But what makes the theft of the Reaper documents even more egregious is the fact the captain involved, who was not identified in the report, had just completed the Cyber Awareness Challenge, which is part of the mandatory cybersecurity training that military personnel have to undertake.
The researcher added that in online conservations the hacker also admitted to stealing another cache of military documents, featuring more than a dozen various training manuals describing improvised explosive device defeat tactics, an M1 Abrams tank operation manual, a crewman training and survival manual, and tank platoon tactics. It is for this type of incident that from our company we insist on the need for very careful safety rules when it comes to unmanned vehicles because it is a technology that has already demonstrated its potential in every way. So we hope that this officer of the United States Air Force will have him repeat the Cyber Awareness Challenge course but at the North Pole.