Until last week, you could have purchased one of the U.S.military’s training manuals for the MQ-9 Reaper drone, along with a maintenance manual for the Abrams tank, a guide to defeating IEDs, and other sensitive materials, thanks to a hacker who put the stolen materials up for sale online.
The theft and attempted sale were brought to light by cybersecurity and threat intelligence group Recorded Future, which published a report about the incident and is working with law enforcement personnel on it.
Recorded Future officials said they got involved last week when they noticed a suspicious-looking online advertisement for the manuals, a list of airmen within a unit assigned to the drone’s maintenance, and more. They contacted the thief, who said that he had hacked his way to the materials after an Air Force captain with the 432d Aircraft Maintenance Squadron at Creech Air Force Base in Nevada failed to properly set transfer protocol settings on his NETGEAR router, a widely-known vulnerability. The hacker used a search engine called Shodan that allows users to search unsecured Internet of Things devices and happened upon the captain’s router by chance, whereupon they used the vulnerability to exfiltrate the docs from the captain’s computer, including—awkwardly—his certificate of completion for Cyber Awareness Challenge training.
About a 40-minute drive from Las Vegas, Creech has served as the hub for drone operations over Afghanistan and Iraq since the early 2000s. It remains the U.S. military’s most important remote drone piloting site.
“While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts,” notes Recorded Future’s report on the incident. Such materials are covered by trade restrictions. Their distribution is limited to military personnel and contractors.