Independent analysts claim they have discovered a hacker attempting to sell files relating to a U.S military drone on the dark web. , the research firm Recorded Future (RF) it is “100 percent certain” that the documents relating to the sale are authentic.
Recorded Future’s , "a team of veteran threat researchers that back up the intelligence analysts, engineers, and data scientists" at RF, found an English-speaking hacker who claimed to have access to documents relating to the MQ-9 Reaper unmanned aerial vehicle (UAV). The MQ-9 is one of the Air Force's most prominent drones, playing a large role in Iraq and other fields of combat like Yemen. The Air Force hopes to keep the MQ-9 in service through the 2030s.
Insikt Group made direct with the hacker, who responded. Over a period of weeks the group was able to discern that the hacker, who remains anonymous, was able to hack a computer of the 432d Aircraft Maintenance Squadron's Reaper Aircraft Maintenance Unit Officer In Charge (AMU OIC). Known as the 432nd Wing, the unit was the first in the military dedicated entirely to UAV operations. They're based out of Creech Air Force Base in southern Nevada.
The hacker used the Shodan search engine, which can let users find specific types of computers around the globe, to find a weakness in the 432nd. After searching the globe for misconfigured routers that use a standard port 21, the hacker found the computer in Nevada.
The captain whose computer was hacked, Inskit notes, had recently completed a Cyber Awareness Challenge. Yet he did not set his computer's FTP password, which allowed files like Reaper maintenance course books and the list of airmen assigned to Reaper AMU to slide easily into the hacker's hands. This was, in Inskit's words, a "rudimentary attack."
The files aren't classified, but they are generally only available to U.S. government agencies and their private contractors.
RF reached out to the Department of Homeland Security about the breach, the agency . The Air Force is "aware of the reporting and there is an investigation into the incident."
The military is a consistent target of hacking. Last year, U.S soliders suddenly had their smartphone geolocation tools turned on without their consent. This action, it later turned out, was triggered by somebody in Moscow.