U.S. Military Data Thieved as a Consequence of the Failure to Alter Default FTP Passwords

July 13, 2018


U.S. army computers have been retrieved by a hacker and confidential army documents have been thieved and recorded for sale on online hacking forums.

The U.S. security breach was made possible because of a simple mistake – the failure to alter the default FTP password on a Netgear router. Cybersecurity company Recorded Future found out concerning the documents being sold online, which contain maintenance course e-books describing how MQ-9 reaper drones must be repaired, information on usual deployment strategies for IEDs, a manual for an M1 ABRAMS tank, a document that contains tank platoon strategies, and crewman and subsistence training handbooks. Astonishingly, given the secret nature of the material, the hacker is vending the data for between $150 and $200.

As per Recorded Future, who got in touch with the seller, locating and gaining access to the data was open. The hacker utilized the Shodan search engine to locate Netgear routers that were known to utilize a default FTP code word. Those routers were then retrieved utilizing the default password.

The hacker informed that some of the routers were in army services, among them was the 432d Aircraft Maintenance Squadron Reaper AMU OIC at Creech AFB in Nevada. In that instance, when access to the router was achieved, the hacker was capable to access computers via the router, including one used by a captain where guidebooks were found. A list of airmen allocated to the Reaper AMU was also acquired. Different other computers were retrieved and other confidential military information was thieved.

The occurrence emphasizes the significance of altering all default passwords, including router passwords – A basic safety best practice that several firms fail to do. If default identifications are not altered, achieving access to routers, and linked computers, is simple and finding those susceptible routers is easy with a search engine like Shodan.