Essential or personal documents of military detailing restricted data on tanks and drones have been disclosed for sale purpose on the dark web after they were stolen through exploiting known vulnerabilities.
In last month the company declared that recorded Future made contact with a specific attempting to sell a cache of information the included data was maintenance books and lists of airmen that is assigned to the MQ-9 Reaper drone. The documents are not technically classified but could be of interest to a foreign power.
But apparently, it is more worrying matter that how the hacker arranged the facilities to access the information.
The firm revealed that by using the Shodan’s essential and famed search engine, the actors scanned the huge segments of the internet for high-profile misconfigured routers that use a standard port 21 to hijack all of the important and valuable documents from compromised devices.
In 2016, the flaw in this concern was first declared in Netgear routers and can be locked down by modifying the inbuilt file transfer protocol authentication details.
Although, Recorded Future claims to have clarified on the 4000 routers still covered from this type of attack.
By using the above-given way, first the attacker infiltrated the computer system of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, that is stationed at the Creech AFB in Nevada, and stole a history of important files or documents.
The military captain whose computer system was compromised recently completed the Cyber Awareness Challenge and should have been known about the required actions to block unauthorized or unwanted access. In this case, configure the file transfer protocol password.
Recorded Future then observed the same cyber-criminal trying to sell essential data that appeared to have been stolen from the US military or a Pentagon official.
This included that a dozen different type of training manuals represent about the improvised damage device defeat strategies, an M1 ABRAMS tank operation manual, a crewman training and survival manual, and tank platoon strategies.
Actually, this incident should be known as something of a wake-up call to the US military in that it highlights what a single hacker with moderate technical skills was able to achieve in just a week.