Posts

TARGET: Technical Documents for U.S. Air Force Drone Leaked through Router Vulnerability

July 11th – In June 2018, Recorded Future observed a hacker on the Dark Web selling the technical plans and training manual of the MQ-9 Reaper UAV (unmanned aerial vehicle) for $150 to $200. The MQ-9 Reaper was introduced in 2001 by General Atomics and is currently in use by the U.S. Air Force, the U.S. Navy, the CIA, and U.S. Customs and Border Protection.

The hacker was English speaking and appeared to disclose the method of how he or she was able to obtain the sensitive documents from a computer of a captain at 432d Aircraft Maintenance Squadron Reaper stationed at the Creech Airforce Base in Nevada.

In early 2016, security researchers published findings regarding Netgear routers with remote access capabilities were vulnerable if the default FTP credentials were not changed out. Additionally, NetGear routers have a “ReadySHARE Storage” feature that allows individuals on the router’s network to connect USB storage and share the contents of the USB. If an attacker is able to access certain NetGear routers with this feature remotely via FTP, they can access the data stored on the router via the USB share feature. It was disclosed that the attacker was able to obtain a collection of sensitive files from a U.S. Airforce Captain’s computer via FTP remote access.

Beyond the documents stolen, the hacker also has disclosed that he or she is also able to access footage from U.S. border surveillance and can watch footage of certain predator drones flying over the Gulf of Mexico. The individual also disclosed that he or she was not targeting the U.S. Airforce when obtaining the plans for the Reaper, but rather came across information about the vulnerability through doing a search in Shodan (Shodan is a search engine platform used by hackers to identify vulnerabilities and configurations that are internet facing and susceptible for attack). The identity of the hacker has not been disclosed at this time from the sources researched.

Proficio Threat Intelligence Recommendations:

  • Inspect SOHO equipment that might be at remote sites for vulnerabilities or unsafe configurations.
  • Assess blocking well-known social networks that do not have business use to potentially reduce future channels of command and control.
  • Disable USB storage sharing over Wi-Fi if this feature is currently used in the environment.
  • Put security controls in place to guard against unauthorized access of the organization’s sensitive data.

Recorded Future Investigation – Click Here