Failure to change a default router password has led to sensitive military information being stolen.


It’s been discovered that a hacker is selling sensitive military documents online.

Those documents include maintenance course books for servicing MQ-9 Reaper drones, an M1 ABRAMS tank operation manual, a crewman training and survival manual, a document detailing platoon tactics, and IED (improvised explosive device) deployment tactics.

IT US-based threat intelligence firm Recorded Future discovered the documents for sale online and found the hacker to be selling the document lot for only $150-$200.

When Recorded Future engaged the hacker online, they discovered that he used Shodan, an online search engine that lets the user find specific types of computers connected to the internet using a variety of filters. Using Shodan, the hacker searched for specific types of Netgear routers that use a known default FTP password. The hacker then used this FTP password to gain access to some of these routers, included the unsecured routers located in military facilities.

One of the locations that information was accessed from was the 432nd Aircraft Maintenance Squadron Reaper AMU OIC, stationed at Creech AFB in Nevada.

After gaining access to the router at this AFB, the hacker was able to gain access to a captain’s computer and steal the MQ-9 Reaper manual along with a list of airmen assigned to Reaper AMU.

The MQ-9 Reaper drones are used by the US Air Force, Navy, CIA, Customs and Border Protection Agency, NASA, and the militaries of other countries.

The location of where the hacker obtained some of the other documents that were stolen has not been revealed, but they were most likely taken from the Pentagon or from a US Army official.

Andrei Barysevich, Director of Advanced Collection at Recorded Future stated that, “While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts.”

Of course, this entire incident could have been easily prevented if the military base’s IT team had changed the router’s default FTP credentials.

It is crucial, as well as best practice, to always change default passwords to strong, secure, personalized passwords. With hackers becoming more and more skilled at obtaining data, now is the time to make sure all of your information is secure.

This particular security issue was made public in 2016, and Netgear informed the public and their users of the problem as soon as they became aware of it, but that’s not always the case with companies.

So, if you’re unsure if your network and devices are secure, give us a call here at RHYNO Networks, and we can help. (855) 749-6648