US Reaper drone data leaked on dark web, researchers say

An MQ-9 Reaper, armed with GBU-12 Paveway II laser guided munitions and AGM-114 Hellfire missiles, piloted by Col. Lex Turner flies a combat mission over southern Afghanistan. Full Credit: U.S. Air Force Photo / Lt. Col. Leslie Pratt

A hacker penetrated an Air Force captain’s computer to steal sensitive information about US military drones, according to new research by cybersecurity investigators at Recorded Future, a threat intelligence firm.

The documents, while not classified, include a private list of airmen working with MQ-9A Reaper drones and maintenance and course material on the weapons – the US-made deadly unmanned aerial vehicle used around the world to surveille and strike targets.

US law enforcement is investigating the breach, according to Recorded Future’s Insikt Group, which conducted the research. The firm said its researchers have a “high degree of confidence” the hacker is from South America, though it did not elaborate further, citing the ongoing investigation.

“The FBI does not confirm or deny the existence of investigations,” Lauren Hagee, an FBI spokeswoman, said in an email to CNN. The Air Force did not immediately respond to requests for comment.

The attack is the latest in a long line of breaches in military and other public sector domains, including a recent hack of a Navy contractor that exposed a large amount of sensitive data on submarines and undersea weaponry, according to the Washington Post. US officials pointed the finger at China for that theft.

The Pentagon reportedly thwarts tens of millions of digital attacks daily, ranging from what appear to be bored, amateurish hackers looking to cause trouble to advanced nation states hoping to pilfer classified secrets.

The hacker who obtained documents about the Reaper drones tried to sell the documents on the “dark web,” which it is not possible to publicly search. Recorded Future confirmed the authenticity of the documents. Insikt researchers following the deep web message boards and forums made contact with the hacker and discussed the sale. The hacker told researchers they enjoyed watching drone footage in their spare time when not looking for their next victim, according to the new report.

“While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts,” wrote Andrei Barysevich, the author of the new report.

The hacker told the researchers they stole additional military training manuals on explosive devices, a tank operation manual, and a document on tank platoon tactics, though they did not reveal where the materials came from.

The hacker accessed the material on the captain’s computer using a vulnerability in Netgear routers.

Security researchers have for years said that Netgear routers are vulnerable to attack if owners don’t update the default password plugged in when purchased because without changing the password, no login information is necessary.

According to Record Future’s research, thousands of routers remain vulnerable to this kind of attack, despite public warnings from the company and internal military cybersecurity training.

By Jenna McLaughlin