Stolen US Military Drone Data Sold on Dark Web, Researchers Say

July 12, 2018 Updated: July 12, 2018

A hacker tried to sell sensitive documents about a U.S. military drone on the dark web, says a cybersecurity firm. The material was allegedly stolen from an Air Force captain’s computer.

The documents, while not classified, included a maintenance course book about the MQ-9 Reaper drone and a list of airmen assigned to the drone’s maintenance unit. The drone, capable of operating by remote control or autonomously, is used by the U.S. military and other agencies to conduct surveillance, reconnaissance, and offensive strikes.

“While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts,” said Andrei Barysevich from Recorded Future, the U.S.-based threat intelligence group that first identified the advertisement.

Law enforcement agencies are investigating the breach, according to the group.

“We’re aware of the reporting and there is an investigation into the incident,” Erika Yepsen, an Air Force spokeswoman told the Wall Street Journal.

Just last month, Chinese hackers allegedly stole large amounts of sensitive information from a U.S. Navy contractor, including plans to build a supersonic anti-ship missile. Officials said the Defense Department’s inspector general was investigating the major breach, reported the Journal.

Researchers from Recorded Future’s Insikt Group monitoring the dark web—an area of the world wide web that is not easily accessible to the public—identified the hacker’s listing on June 1. They made contact with the buyer to discuss the potential purchase and were able to verify the authenticity of the documents after weeks of communications.

The hacker appeared to not know the value of the documents, asking for as little as $150. He also told researchers he enjoyed watching drone footage when he was not hunting for his next victim, the report said.

While hackers often sold sensitive personal information on the dark web, such as login details and financial information, researchers noted this was not the case for military material.

“It is incredibly rare for criminal hackers to steal and then attempt to sell military documents on an open market,” Barysevich said in his blog.

The hacker who acted alone allegedly accessed the officer’s computer by exploiting a vulnerability in Netgear routers. Two years ago, security analysts warned that Netgear routers were vulnerable to attack if users did not change the default FTP login details.

According to Barysevich, the hacker possessed “moderate technical skills,” and his apparently successful exploits were “a disturbing preview of what a more determined and organized group with superior technical and financial resources could achieve.”

The hacker also listed another set of military documents, including training materials on how to contain an improvised explosive device, tank platoon tactics, and a tank operation manual. Recorded Future said it did not know how the hacker obtained the material, but it appeared likely to have been stolen from the Pentagon or from a U.S. Army official.