After breaking into US military servers, an anonymous hacker began selling sensitive and secret documents online to all takers. When researchers figured out how he gained access, however, the situation became even more embarrassing for the military.
The hacker was discovered on the dark web by a cybersecurity research firm called Recorded Future. Most of his documents were related to the MQ-9 Reaper drone, a large unmanned aircraft that the US military currently uses in a number of conflicts. The documents included training manuals, maintenance reference, and a list of airmen who work with the drones.
Once the hacker was spotted selling copies of the documents on a dark web forum for between $150 and $200, security researchers contacted him in a bid to discover how he got the documents and what else he had. It turns out he had plenty – sensitive documents on the M1 Abrams (the US’ main battle tank), military survival manuals, and US strategies on mitigating IED device impact.
Recorded Future’s analysts also discovered how the hacker accessed the documents and just how shockingly easy it was. Here are the key discoveries from their investigation that will help make your home network more secure than the US military:
The hacker used Shodan, a freely accessible search engine for internet-connected devices, to search for a specific type of router. He chose this specific Netgear router because he knew it possessed a specific vulnerability that he could exploit and because he correctly guessed that most people didn’t care enough to update their router and fix the vulnerability.
However, it wasn’t enough to find the routers. He had to find one he could access, which brings us to our next point…
Although routers can be secured behind robust passwords, manufacturers usually ship them with default log-ins like “Username: admin, password: admin” so their clients can easily log in and change them to something more secure that they’ll remember.
That’s right. In addition to your home router being searchable online, it may also be one of those routers that ships with a default login. If you know the default login, you can easily find anyone using that router and wreak havoc – and that’s exactly what the hacker did.
He must’ve been excited and more than a little surprised to find that one of those unsecured routers belonged to the US Army!
Using one of the routers he hacked, the hacker collected documents from the computer of a specific captain. One of the documents he took was a certificate indicating that the captain had completed a cybersecurity training course earlier in the year.
I’m not sure what’s in the cybersecurity course, but I imagine that it might have helped the captain prevent this embarrassing breach. It’s also unclear whether changing the default password on the router was the captain’s responsibility or not. What is clear, however, is that none of the bases where the breached routers were located took cybersecurity seriously enough.
The nail in the coffin here is the fact that this was a known vulnerability! As early as 2016, security research firms had already revealed that the routers being used by the military could be exploited. It’s safe to assume that the changes required to secure those routers were not implemented.
What should you learn from this debacle? It’s simple: