U.S. Military Data Stolen as a Result of the Failure to Change Default FTP Passwords

By Richard Anderson

U.S. military computers have been accessed by a hacker and sensitive military documents have been stolen and listed for sale on online hacking forums.

The U.S. defense breach was made possible due to a simple error – the failure to change the default FTP password on a Netgear router. Cybersecurity firm Recorded Future found out about the documents being sold online, which include maintenance course e-books explaining how MQ-9 reaper drones should be serviced, information on common deployment tactics for IEDs, a manual for an M1 ABRAMS tank, a document that includes tank platoon tactics, and crewman and survival training manuals. Surprisingly, given the sensitive nature of the material, the hacker is selling the data for between $150 and $200.

According to Recorded Future, who made contact with the seller, finding and gaining access to the data was straightforward. The hacker used the Shodan search engine to find Netgear routers that were known to use a default FTP password. Those routers were then accessed using the default password.

The hacker reported that some of the routers were in military facilities, one of which was the 432d Aircraft Maintenance Squadron Reaper AMU OIC at Creech AFB in Nevada. In that case, once access to the router was gained, the hacker was able to access computers through the router, including one used by a captain where manuals were found. A list of airmen assigned to the Reaper AMU was also obtained. Various other computers were accessed and other sensitive military information was stolen.

The incident underscores the importance of changing all default passwords, including router passwords – A basic security best practice that many companies fail to do. If default credentials are not changed, gaining access to routers, and connected computers, is straightforward and finding those vulnerable routers is easy with a search engine such as Shodan.

Twitter Facebook LinkedIn Reddit Link copied to clipboard

Posted by

Richard Anderson

Richard Anderson is the Editor-in-Chief of NetSec.news