An unidentified hacker tried to sell stolen US military documents containing "Reaper" combat drone information over the dark web last month, according to cybersecurity research firm Recorded Future who spotted the attempted sale.
The hacker sought buyers for maintenance documents about the MQ-9 Reaper drone, a remotely controlled aerial vehicle used by the Pentagon and other parts of the government to conduct offensive strikes or reconnaissance and surveillance operations. -Wall Street Journal
The discovery comes amid heightened concerns over whether US military secrets are sufficiently protected from hackers - as the Defense Department's Inspector General continues to investigate a major security breach following a cyber-intrusion by Chinese hackers who allegedly stole 614 GB of data pertaining to submarine warfare.
According to the Washington Post, Chinese hackers stole a total of 614 gigabytes of plans for cutting-edge weapons relating to various undersea programs, as well as sensor data, submarine information about cryptographic systems, and an entire library of submarine electronic warfare data.
Andrei Barysevich, a senior threat researcher at Recorded Future said that there was no indication that the hacker who acquired the Reaper drone information was affiliated with a foreign country, or whether they were intentionally looking for military documents. Instead, the hacker found a two-year-old vulnerability on Netgear routers involving login credentials and exploited it.
Barysevich said the hacker’s methods weren’t particularly sophisticated, and that his apparent success should raise concerns about what more advanced hacking groups may be stealing from the U.S. military. -Wall Street Journal
Recorded Future says it notified the Department of Homeland Security and the Defense Security Service about the hacker's activities, while a DHS spokesman said the agency was reviewing the information - deferring further comment to the Air Force.
“We’re aware of the reporting and there is an investigation into the incident,” said Erika Yepsen, an Air Force spokeswoman.
The sale was uncovered after Recorded Future researchers contacted the seller and engaged in discussions over several weeks.
[R]esearchers at the cyber firm contacted the seller, and during weeks of back-and-forth discussions were sent screenshots of the purportedly stolen documents. Those documents included the name of an Air Force captain stationed at the Creech Air Force Base in Nevada from whom the hacker is believed to have obtained the stolen drone files.
The hacker likely didn’t know the value of the documents he had obtained because he was attempting to sell them for as little as $150, Barysevich said. He added that the hacker communicated in flawed English but would occasionally slip into Spanish, which along with other indicators led some of the researchers to think he may be based in South America. -Wall Street Journal
While hackers often attempt to anonymously buy and sell stolen data on the dark web, those transactions are typically for items which can be monetized in fraud schemes - such as bank information, social security numbers, usernames and passwords. The sale of military documents, according to Barysevich, is rare.
“I’ve been personally researching dark web for 15 years, and I have never seen anything like this,” he said in an interview.
While the documents for sale weren't marked "classified," The Journal reports that they could be used by an adversary to evaluate the weaknesses and capabilities of the Reaper drone, according to Recorded Future. Some of the files had "export control" warnings on them, meaning they are not to be transmitted to prohibited countries.
The hacker also advertised a tank operation manual as well as training materials on how to defend against improvised explosive devices (IEDs).