A team of security analysts from Insikt Group discovered one hacker who, desperate for cash, tried to sell sensitive US military documents.
Posting on a dark web forum, the individual in question tried to sell a maintenance manual for the MQ-9A reaper drone and other military manuals. He first tried to sell the US Air Force-owned drone manual for $200 and, finding no buyers, he dropped the cost to just $150.
“[It] clearly shows he had no knowledge of how much this data may cost and where and whom to sell it to. He was attempting to get rid of it as soon as possible,”said one Recorded Future analyst.
The hacker claimed to have obtained classified information from the Pentagon and said that he would have gotten even more sensitive documents if his Internet connection was faster.
He also bragged about his access to military information, saying that he was entertained watching live streams of sensitive footage from airplanes and border surveillance cameras.
How did he get in?
In a move that puts the military to shame, the hacker obtained access through a Netgear router from Creech Air Force base using a well-known FTP vulnerability, a router that still used the default log-in settings and didn’t even have the latest firmware.
As all security experts insist, WiFi default passwords should be changed ASAP and software should always be updated so that vulnerabilities like these can’t be exploited.