Hacked! – Browser Password Leads to Military Data Breach

Airman 1st Class Steven (left) and Airman 1st Class Taylor prepare an MQ-9 Reaper for flight during exercise Combat Hammer, May 15, 2014, at Creech Air Force Base, Nev.

A recently published article indicates a significant weakness in cybersecurity for the United States military. An article was published Tuesday by cybersecurity firm Recorded Future explaining how they found sensitive military material being offered on the dark web.

The blog post on the firm’s website explains that, while monitoring the dark web’s notorious hacking forums, they encountered an English-speaking hacker in possession of the documentation for the MQ-9 Reaper Drone. The documents provided in reference to this highly advanced unmanned aircraft included the maintenance course material as well as the list of airmen currently assigned to the Reaper AMU (Aircraft Maintenance Unit).

First MQ-9 arriving at Creech AFB, March 2007
First MQ-9 arriving at Creech AFB, March 2007

The firm reached out to the individual offering these documents, seeking further information. The seller informed the cybersecurity team that the papers were discovered by using a popular search engine used to find internet-connected devices, Shodan, specifically to find routers which haven’t been properly configured.

This means that the hardware was still using the default password, creating a gap in its defenses. Due to the individual’s openness in explaining the backstory as well as their low price and inaccurate description of the products, asking $150-$200 for “classified information,” the research paints the picture of either an inexperienced or careless hacker.

Researcher Andrei Barysevich told Buzzfeed: “We felt like he has no true understanding of the value of this information, he has no idea how to sell it, he was just trying to get rid of it.”

Training drone control station
Training drone control station

Recorded Future followed up on this incident with an investigation which found an additional 4,000 exposed devices. Barysevich added that “the exposure could be much bigger than these documents being stolen” as the exploit used to acquire them via Netgear routers has been known since 2016.

The same seller had more than just the drone papers to offer, however, as he later posted another listing for “More than a dozen various training manuals [that] describe improvised explosive device defeat tactics, an M1 ABRAMS tank operation manual, a crewman training and survival manual, and tank platoon tactics,” according to Recorded Future, who also notes that these are not classified materials but they are intended to be available only to the military and its contractors.

Tankers drive an M1A1 Abrams through the Taunus Mountains north of Frankfurt during Exercise Ready Crucible
Tankers drive an M1A1 Abrams through the Taunus Mountains north of Frankfurt during Exercise Ready Crucible

Recorded Future has contacted the authorities and co-operation is ongoing. The hacker had revealed directly which captain of the aircraft maintenance squadron the breached router had belonged to. Although the target’s identity was not revealed publicly, a redacted copy of a recently completed cyber awareness challenge was included in the report.

The rest of the documents mentioned appear to have come from another source, although analysts indicate that they seem to have come from the Pentagon or a United States army official.

These reports come out amidst a growing concern about cyberattacks, especially state-sponsored ones. The internet search engine giant Google has been the target of cyber-attacks originating out of China which many suspect have been sponsored by the Chinese government. Meanwhile, the recent American election has led to allegations of election interference by Russian agents.

148th Fighter Wing F-16s performing air patrol over the Pentagon
148th Fighter Wing F-16s performing air patrol over the Pentagon

Ted Schlein, general partner at venture capital firm Kleiner Perkins Caufield & Byers, has written articles supporting the formation of a new Department of Cybersecurity in the United States. “We were once dominant in this realm, both technically and with our knowledge and skill sets. That playing field has been leveled,” he says, remarking on the nature of the cyber theatre of global affairs. He continues to point out that “This is unacceptable, untenable and will ultimately lead to potentially dire consequences.”

Mr. Schlein argues that domestic political forces are impacting the formation of this new department which is more than necessary today. Despite the setbacks, he is optimistic that the new department would have a marked impact on the ability of the United States to defend itself from such attacks.

He finished his article with the vital warning: “Strengthening our cyberdefense is as vital as having a powerful standing army to defend ourselves and our allies. Russia, China and others have invested in their cyberwar capabilities to exploit our systems almost at will.”

Read another story from us: The Early Days Of Drones – Unmanned Aircraft From WWI & WWII

Although it remains to be seen what actions the United States government and military will take to counter-act these breaches and security risks, what is clear is the growing and urgent need to modernize the way we perceive our presence in the global cybersphere.

Jeremy Lyons

Jeremy Lyons is one of the authors writing for WAR HISTORY ONLINE