1. TechSpot is dedicated to computer enthusiasts and power users. Ask a question and give support. Join the community here.
    TechSpot is dedicated to computer enthusiasts and power users.
    Ask a question and give support.
    Join the community here, it only takes a minute.
    Dismiss Notice

A hacker stole US drone and tank documents because nobody changed the default router password

By William Gayde · 9 replies
Jul 12, 2018
Post New Reply
  1. A computer hacker was able to infiltrate the computer network of a Nevada Air Force base because nobody changed the default password of a Netgear router on its network. The hacker then made off with sensitive documents about the Air Force's MQ-9 Reaper drone and put them up for sale on a dark web marketplace.

    The documents were discovered online by security research firm Recorded Future who spoke with the hacker to confirm their validity. They determined the breach took place as a result of a well known Netgear router vulnerability and a default FTP password on that router.

    The stolen documents themselves are not classified, but could still pose a security threat if they fell into the wrong hands.

    To find the vulnerable router, the hacker used a service called Shodan which is essentially a search engine for finding internet connected devices around the world. There are still thousands of routers online that are still vulnerable to this type of attack.

    Once the attacker found the device, it was trivial to compromise it since the IT department at the Air Force base had not patched the router. From here, the attacker gained access to the router's root directory and the ability to remotely execute commands. This gave the hacker access to the computer of the Officer in Charge at the base and all the documents on it. Ironically, one of the documents the hacker exfiltrated showed that the Officer had recently completed a "Cyber Awareness Challenge."

    Upon further questioning, the hacker also offered up documents on IED defenses, M1 Abrams tank operation, tank tactics, and more. It's not clear where these documents came from, but based on the information they contain, it's likely they were stolen from the Pentagon or a US Army official.

    The government is aware of the leak and is investigating. Although they believe they have the hacker's name and country of origin, they haven't made that information public.

    Update: Netgear has released the following statement to us in response to the issue

    NETGEAR has previously released a firmware that fixes this issue. We ensure that remote services are disabled by default, and passwords are required to be configured during device setup.

    Details can be found on the firmware release notes articles # 29959, 29461, and 27635. Customers can be notified of the new firmware by checking the Router Update page, desktop, and mobile genie app. NETGEAR has also proactively notified our registered customers via email.

    In general:

    1. Secure by default – we don’t enable services unless configured by the consumer.

    2. Easier security updates – making it very easy for customers to keep their system up to date with auto updates or single button upgrades.

    3. Email notifications to registered customers urging them to update to latest software including security fixes.

    Permalink to story.

  2. aMerkuri

    aMerkuri TS Enthusiast Posts: 55   +19

    I bet it was Russian hackers
  3. Capaill

    Capaill TS Evangelist Posts: 893   +497

    I bet it was American hackers bouncing it through Russian, Chinese, N Korean and Iranian VPNs and using a username like MohamedFTW.
  4. jobeard

    jobeard TS Ambassador Posts: 12,874   +1,526

    First, ALL router default passwords are well known AND accessible online -- DUH!

    Second, this is a common mistake for home users, and this case shows even the pros get into a rush and fail to complete the setup :sigh:
  5. Oscar Gaitan

    Oscar Gaitan TS Rookie

    This could all have been avoided with a system set in place. I won't go into detail. I wondering if it was a contractor, DOD, or military member that installed that appliance.
  6. cartera

    cartera TS Evangelist Posts: 379   +121

    Someone just got hired.
    JaredTheDragon likes this.
  7. psycros

    psycros TS Evangelist Posts: 2,706   +2,500

    For a middle school level intrusion? I doubt it. More likely someone just got fired.
  8. Bluescreendeath

    Bluescreendeath TS Maniac Posts: 138   +216

    It's incredibly hard to fire someone in the federal government. Low performers/problem employees just get bounced around or transferred into different departments.
  9. PinothyJ

    PinothyJ TS Guru Posts: 490   +38

    Um, why is there such thing as default passwords? It is 2018, right? If you can print a sticker with a serial number that coincides with the box, the hardware, and the sticker, why can't they do the same with the password?
  10. Uncle Al

    Uncle Al TS Evangelist Posts: 5,374   +3,770

    You know, the military and government has led so many drives to get people to do simple password maintenance you would think by now they would REQUIRE any company selling the government ANY kind of software write in a more robust password system to prevent this from happening .... of course if our super duper government lawyers are too lazy to include it in the contracts .... we will have pinpointed the real problem!

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...