The logo for the Daily Beast's Obsessed website. It reads: 'Obsessed: What to Watch, Binge, See, & Skip'
DAILY BEAST
Membership call to action crossword iconCrosswordNewsletters
  • Cheat Sheet
  • Obsessed
  • Politics
  • Crime
  • Entertainment
  • Media
  • Innovation
  • Opinion
  • Reality TV
  • U.S. News
  • Scouted
CHEAT SHEET
    POLITICS
    • Biden World
    • Elections
    • Opinion
    • National Security
    • Congress
    • Pay Dirt
    • The New Abnormal
    • Trumpland
    MEDIA
    • Confider
    • Daytime Talk
    • Late-Night
    • Fox News
    U.S. NEWS
    • Identities
    • Crime
    • Race
    • LGBT
    • Extremism
    • Coronavirus
    WORLD
    • Russia
    • Europe
    • China
    • Middle East
    INNOVATION
    • Science
    TRAVEL
      ENTERTAINMENT
      • TV
      • Movies
      • Music
      • Comedy
      • Sports
      • Sex
      • TDB's Obsessed
      • Awards Shows
      • The Last Laugh
      CULTURE
      • Power Trip
      • Fashion
      • Books
      • Royalist
      TECH
      • Disinformation
      SCOUTED
      • Clothing
      • Technology
      • Beauty
      • Home
      • Pets
      • Kitchen
      • Fitness
      • I'm Looking For
      BEST PICKS
      • Best VPNs
      • Best Gaming PCs
      • Best Air Fryers
      COUPONS
      • Vistaprint Coupons
      • Ulta Coupons
      • Office Depot Coupons
      • Adidas Promo Codes
      • Walmart Promo Codes
      • H&M Coupons
      • Spanx Promo Codes
      • StubHub Promo Codes
      Products
      NewslettersPodcastsCrosswordsSubscription
      FOLLOW US
      GOT A TIP?

      SEARCH

      HOMEPAGE
      Techvertical orientation badge

      Hacker Selling Pentagon’s Killer Drone Manual on Dark Web for $150, Cheap

      ‘ANONYMOUS’

      The seller was part of a small hacking crew based in South America that specializes in low-hanging fruit—like home-filing sharing networks that have no password by default.

      Kevin Poulsen

      Kevin Poulsen

      Sr. National Security Correspondent

      Updated Jul. 11, 2018 12:37AM EDT / Published Jul. 10, 2018 8:40PM EDT 

      Photo Illustration by The Daily Beast

      A sensitive training manual for the U.S. military’s lethal MQ-9 Reaper UAV was put up for sale on an underground marketplace last month, after a hacker plucked it from an Air Force captain’s home network using a default password.

      But despite an asking price of only $150, nobody was interested. “I’ve been personally investigating the  dark web for almost 15 years, and this is the first time I’ve uncovered documents of this nature,” says Andrei Barysevich, director of advanced collection at Recorded Future. “This type of document would typically be stolen by nation-state hackers. They wouldn’t be offering it on the dark web, and certainly not for $150.” Developed by General Atomics, the $64 million MQ-9 Reaper is the heavily-armed follow-on to the Predator drone, capable of dropping laser-guided bombs and Hellfire missiles on a target from an altitude of 50 thousand feet. In its unarmed configuration it’s been used by DHS for border surveillance and NASA for weather studies. The stolen Reaper training manual was titled “MQ-9A Reaper Block 5 (UHK97000-15) RPAMaintenance Event 1 Delta Training.” It was unclassified, but the cover bore a lengthy admonishment on safe handling.

      “This information is furnished upon condition that it will not be  released to another nation without the specific authority” of the Air Force, the cover reads. “[T]he recipient will report promptly to the United States, any known or suspected compromises.” The document, and others like it, was pilfered from the home network of an Air Force captain in the 432d Aircraft Maintenance Squadron at Creech Air Force Base in Nevada, says Barysevich. A spokesperson for the squadron did not immediately respond to an inquiry from the Daily Beast on Tuesday. Barysevich says he spotted the manual for sale on a dark web forum in early June. Posing as a potential buyer, he struck up a conversation with the seller, who turned out to be part of a small hacking crew based in South America that specializes in low-hanging fruit. Armed with some rudimentary knowledge and an Internet-of-things search engine called Shodan, the hackers learned to exploit a feature in some Netgear home routers that allow a user to attach an external USB drive and load it up with documents, videos or music that they want to share across their home network. An extra option called the “Personal FTP Server” also makes the files accessible over the public Internet, so the user can fetch them from work or while traveling.If the user switches the Personal FTP Server option on, and doesn’t explicitly set a password for the server, all their shared files are left wide open to anybody who logs in as “anonymous,” with no password required — a mistake evidently made by the Air Force captain. “We reported this to DHS and various law enforcement agencies, and they forwarded the information to the U.S. Air Force,” says Barysevich.

      In 2016, security experts warned that naive Netgear users were unknowingly exposing their private files to the world in this way. Netgear dismissed it as a non-issue, pointing out that the router’s manual includes clear instructions on adding a password. Two years later, Shodan shows that some 4,000 Netgear routers are wide open, down from 6,000 in 2016.

      Reached by the Daily Beast, Netgear said it released a firmware update in 2016 that added a password by default. “Netgear  has previously released firmware that fixes this issue,” says Lisa Napier, senior product security program manager. “We ensure that remote services are disabled by default, and passwords are required to be configured at device setup.”

      Security expert and blogger Robert Graham of Errata Security says it’s ultimately the user’s responsibility to keep their home networks up to date. “What percentage of users ever look at their routers after setting them up?” says Graham. “In the security industry, almost nobody keeps up to date on security advisories for their routers, have verified the configuration is safe, or have updated the firmware.”In addition to the Reaper maintenance course books, the hacker pilfered a list of airmen assigned to the Reaper maintenance unit at Cree AFB. From other open routers he obtained an assortment of tactical training manuals, and an operations manual for the M1 Abrams tank.While nobody was interested in the hacker’s military offerings, “he was selling other information,” says Barysevich. “He’s consistently posting various data sets for sale… Oil and gas industry, health care, cryptocurrencies… He’s still accessing systems pretty much on a daily basis.”

      Kevin Poulsen

      Kevin Poulsen

      Sr. National Security Correspondent

      @kpoulsen

      Got a tip? Send it to The Daily Beast here.

      READ THIS LIST

      DAILY BEAST
      • Cheat Sheet
      • Politics
      • Entertainment
      • Media
      • World
      • Innovation
      • U.S. News
      • Scouted
      • Travel
      • Subscription
      • Crossword
      • Newsletters
      • Podcasts
      • About
      • Contact
      • Tips
      • Jobs
      • Advertise
      • Help
      • Privacy
      • Code of Ethics & Standards
      • Diversity
      • Terms & Conditions
      • Copyright & Trademark
      • Sitemap
      • Best Picks
      • Coupons
      • Coupons:
      • Dick's Sporting Goods Coupons
      • HP Coupon Codes
      • Chewy Promo Codes
      • Nordstrom Rack Coupons
      • NordVPN Coupons
      • JCPenny Coupons
      • Nordstrom Coupons
      • Samsung Promo Coupons
      • Home Depot Coupons
      • Hotwire Promo Codes
      • eBay Coupons
      • Ashley Furniture Promo Codes
      © 2023 The Daily Beast Company LLC