Hackers who stole a US Air Force drone manual were caught trying to sell it on the dark web, a security firm has reported. The discovery was made on June 1 by Recorded Future’s Insikt Group, which was monitoring for “criminal actor activities” on the parts of the Internet where few people venture. The documents reportedly were associated with the USAF’s MQ-9, an unmanned aerial vehicle more commonly known as a UAV or drone.
The discovery was detailed yesterday in a long post by Recorded Future, which said the individual claiming to have the drone is an “English-speaking hacker.” Experts working with Insikt Group confirmed the existence and validity of these documents, as well as the location and name of someone said to potentially be involved with the group behind the theft, though that information has not been revealed publicly.
Perhaps more concerning is Recorded Future’s revelation of a potentially larger breach. According to the company, the “threat actor” said there was another data breach, which involved “a large number of military documents” stolen from an unknown (or, at least, unidentified) military officer.
That set batch of documents is said to have a maintenance manual for the M1 Abrams, as well as documentation on a crew survival course, a tank platoon training course, and documents on IED mitigation tactics. The security researchers name vulnerable Netgear routers with improper FTP login credentials as the point of vulnerability exploited by the hackers.
The firm shared select screenshots from certain documentation, including what appears to be an introductory slide on a course pertaining to the MQ-9 Reaper UAV. The hacker was seeking only “about $150 or $200” for the documentation. The firm says it is working with law enforcement during its investigation of the matter.
SOURCE: Recorded Future