An amateur South American hacker stumbled onto sensitive information about U.S. military assets. However, lack of experience made the hacker quote a ridiculously low sum for the information, while also making him a target of the U.S. security establishment.
Contacting the hacker
Recorded Future’s analyst team, the Insikt Group, had embedded themselves into the dark web forums and had come into contact with a hacker who was offering sensitive U.S. military secrets for about US$150.
The information on offer included the list of airmen who were assigned to a particular Reaper drone unit, a manual that described how to maintain the MQ-9A Reaper drone, a manual about the M1 Abrams tank, and several manuals that detailed ways to suppress explosive devices.
In addition, the hacker also claimed to have hacked into the surveillance cameras of several NASA bases as well as cameras along the U.S.-Mexico border. He also claimed to have footage of a Predator remotely piloted aircraft that flew over the Gulf of Mexico.
According to Insikt, the inexperienced hacker had no clue as to the value of the materials he had in his possession. And this is why he asked for the ridiculously low sum of US$150 for it. The hacker was also willing to provide samples of the materials as proof that it was actually taken from the U.S. military servers.
Andrei Barysevich, a researcher with Recorded Future, got in touch with U.S. officials and warned them about the leak. And since the hacker had not actually downloaded the data, but had only broken into the servers, the U.S. officials were able to prevent a leak by disconnecting the vulnerable servers and cutting off any chances for the hacker to access the information again. Andrei believes that the only reason the hack did not turn out to be a major breach of U.S. military secrets was due to the inexperience of the hacker.
“The fact that a single hacker with moderate technical skills was able to identify several vulnerable military targets and exfiltrate highly sensitive information in a week’s time is a disturbing preview of what a more determined and organized group with superior technical and financial resources could achieve,” he said in an interview with Vice. The U.S. security establishment is currently keeping tabs on the hacker.
So, what was the vulnerability in U.S. systems that allowed the hacker to break into the servers? The answer lies in a pretty simple flaw in the Netgear routers discovered in 2016. The vulnerability allowed hackers to access any files they wanted as long as the device’s user password was outdated. And despite several attempts by Netgear, the problem persisted.
Senior product security program manager Lisa Napier told The Daily Beast: “Netgear has previously released firmware that fixes this issue… We ensure that remote services are disabled by default, and passwords are required to be configured at device setup.”
It is estimated that almost 4,000 devices are currently vulnerable to the exact same attack launched by the hacker. And a large number of these devices are used by U.S. government employees. Unfortunately, many of the users of these devices do not realize the importance of using strong passwords and securing their wireless network. This literally leaves the device open for attack by even amateur hackers who only need to apply a brute force method to find valuable data so as to exploit it.