[ad_1]
A hacker who found sensitive US military documents tried to sell them on a dark web forum – only to find that there were no buyers. The hacker was forced to lower his price to $ 150.
After a team of undercover analysts from the Insikt group of Recorded Future joined the forum users on the web, they came across the hacker who was exploiting a simple vulnerability on the routers of Netgear brand.
Through this exploit, the hacker was able to access documents belonging to a member of the US Air Force stationed at Creech Air Force Base in Nevada, and documents belonging to another member of the US Air Force. American army.
Sensitive files included a maintenance manual for the MQ-9A Reaper drone, a list of Airmen assigned to a Reaper drone unit, manuals on the suppression of improvised explosive devices and a manual of the M1 Abrams tank.
Although the documents do not appear to be classified, it was still forbidden for the information to be "released in another nation without specific authorization" and was intended for "military purposes only".
The hacker also used live footage from surveillance cameras at the US-Mexico border and NASA bases, as well as a MQ-1 Predator flying over the Gulf of Mexico.
The hacker claimed to have stolen "classified" Pentagon information, but Insikt Group analysts say their interactions with the hacker portrayed a less sophisticated image. After establishing a relationship with other users on the web forum, the analysts discussed with the hacker and discovered that he possessed "above the amateur" abilities and that he was not the only one. he may have been part of a group within a larger group.
"I would not say that they possess very advanced threat stakeholder skills," said Business Insider Andrei Barysevich, a researcher at Recorded Future. "They have enough knowledge to realize the potential for a very simple vulnerability and use it consistently."
Analysts say that they have a "good level of trust" in the hacker's identity and that they coordinate with homeland security officials in their investigation. A representative of DHS declined to comment on the case and the unit of drones of the Air Force concerned did not respond to requests for comment.
He was not afraid of the Reaper
The hacker was perhaps not fully aware of the nature of the information that he possessed. At one point, he complained that he was unable to find buyers interested in the records – which he believed to be very valuable. He ultimately lowered his price.
"I'm expecting about $ 150 or $ 200 to be classified information," he said, according to a transcript.
In a quick sell attempt, he was also "proactive in giving" samples to the analysts, which in turn allowed them to determine who the documents were stolen from. "[It] clearly shows that he had no idea how much these data could cost and where and to whom to sell them," analyst Barysevich said. "He was trying to get rid of it as soon as possible."
After the Barysevich team alerted US officials, vulnerable computers were taken offline. This move finally cut off the attacker's access to the files.
The hacker, who lives in a poor South American country, said that his Internet connection was slow and that, as his bandwidth was limited, he had not downloaded as much as he could. information that he had hoped. to find a willing buyer.
Instead, he relied on screenshots and shared them with analysts, who say that they believe he was still unable to find a Buyer.
Password deadlock
The Netgear router vulnerability, which dates back to 2016, allowed hackers to remotely access private files if a user's password was obsolete . Despite several firmware updates and countless articles on the subject, thousands of routers remain vulnerable.
A simple search on Shodan, a search engine for devices connected to the Internet, reveals more than 4,000 routers sensitive to the attack.
"We are literally talking about thousands of systems," said Barysevich. "And many of them seem to be exploited by government employees."
Hackers, like the one met by the Barysevich team, scanned large segments of the Internet by country, identified routers that had a standard port used by private servers, and then used the password by default to discover private files.
It's hard to match the content of files with their owners, but that's not exactly the goal. It's a brute-force method with one goal in mind: to find valuable data and exploit it.
"Sadly, very few understand the importance of securely securing wireless access points [WAP] let alone using strong passwords and understand how to detect phishing emails" , said Recorded Future in a report.
"The fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information within a week is a disturbing glimpse of what a more determined and organized group with higher technical and financial resources could reach. "
Source link