A South America-based hacking crew stole an export-controlled U.S. Air Force manual for the MQ-9 Reaper unmanned aerial vehicle and tried to sell it for $150 — thanks to an unidentified Air Force captain who had the document sitting on his home network, stuck behind a default password.
The document was found for sale on the dark web last month, but no one ended up buying it, despite its rock-bottom price, according to Kevin Poulsen at The Daily Beast. Titled “MQ-9A Reaper Block 5 (UHK97000-15) RPA Maintenance Event 1 Delta Training,” the document, though unclassified, offered technical data on the drone that could potentially be used by adversaries to defeat it. (Built by General Atomics, the MQ-9 Reaper is slated to be in the Air Force inventory into the 2030s. It’s also used by the Navy, Customs and Border Protection, several foreign militaries, and others.)
“This document contains technical data whose export is restricted,” the pilfered manual says, adding: “Comply with distribution statement and destroy by any method that will prevent disclosure of the contents or reconstruction of the document.”
Andrei Barysevich at cybersecurity firm Recorded Future, who first spotted the document on June 1, wrote an analysis of the hacker group’s methods, which were fairly unsophisticated. The group used the Internet of Things search engine Shodan to find open, unsecured networks, before connecting and pilfering them of documents.
The drone manual came from a captain at the 432nd Aircraft Maintenance Squadron out of Creech Air Force Base in Nevada, the analysis said.
Besides getting hold of the Reaper docs, the hacker also apparently grabbed content from some other military source (or sources) that includes M1 Abrams tank training manuals, and a manual meant to educate soldiers on how to mitigate the risk of improvised explosive devices.