Hacker tried to sell stolen US Air Force drone data for a mere $200

11 Jul 2018

Reaper drone in flight. Image: OrdinaryJoe/Shutterstock

While selling valuable data on the deep web is commonplace, the low price offered for US military information is raising eyebrows.

Threat intelligence firm Recorded Future’s Insikt Group was monitoring online criminal activity on the deep web when it came across an attempted sale of what appeared to be highly sensitive documents originating from the US Air Force, containing details about a particular model of Reaper drone.

According to Insikt Group, an English-speaking hacker claimed to have access to export-controlled documents relating to the MQ-9 Reaper drone and was attempting to sell them for only $200.

Reaper: A lethal weapon

One of the most advanced and lethal military technology tools created in recent decades, Reaper drones are used by the US Air Force, the CIA, NASA and military forces in other countries.

The hacker gained access to the documents using an FTP vulnerability in Netgear routers and used the bug to steal a cache of sensitive documents from an air force base in the state of Nevada.

Documents obtained included a list of airmen associated with the Reaper drone and maintenance course books. If obtained by someone outside of the military, the dossier could provide them with the upper hand in terms of finding weaknesses in the unmanned aircraft.

“While such course books are not classified materials on their own, in unfriendly hands they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts [sic],” wrote Andrei Barysevich, report author.

Insecure routers have been a hot topic in the infosec world of late, VPNFilter being a prime example.

Hacker engaged with researchers

The hacker allegedly said he watched live footage from border surveillance cameras and planes when not on the hunt for his latest target.

Insikt Group said that US law enforcement and other state agencies are investigating the incident. Apparently, the captain whose machine was hacked had just completed a cybersecurity training course in February of this year and “should have been aware of the required actions to prevent unauthorised access”, researchers said.

“[This is a] disturbing preview of what a more determined and organised group with superior technical and financial resources could achieve,” warned the team.

Updated, 1.58pm, 11 July 2018: This headline was updated to clarify that the hacker attempted to sell the data for $200. An earlier version of the headline suggested that he was successful in his attempt.

Ellen Tannam was a journalist with Silicon Republic, covering all manner of business and tech subjects