The MQ-9 Reaper unmanned aerial vehicle is a scary piece of hardware, capable of unleashing hell on an unsuspecting target from miles away, without ever being seen. It’s the sort of hardware that you don’t want falling into the wrong hands—even the details of how it operates are best kept squirreled away.
So, of course, a group of hackers got their hands on the Reaper’s operating manual with the intention of selling it online to anyone that wants it for $150 a pop. As with most security flaws, the exploit they used was all too human: they accessed the document through an Air Force Captain’s under protected home network:
From Task & Purpose:
Andrei Barysevich at cybersecurity firm Recorded Future, who first spotted the document on June 1, wrote an analysis of the hacker group’s methods, which were fairly unsophisticated. The group used the Internet of Things search engine Shodan to find open, unsecured networks, before connecting and pilfering them of documents.
The drone manual came from a captain at the 432nd Aircraft Maintenance Squadron out of Creech Air Force Base in Nevada, the analysis said.
But that’s not all! As an added bonus, the hackers also managed to snag a manual for ground troops that details how to lessen the threats posed by improvised explosive devices. Where the chances of someone being able to get their hands on a Reaper Drone to pair with a pilfered manual are pretty slim, the information given to grunts on how to keep from getting blown up by IEDs could easily be put to use by an aggressor: if you know what soldiers are looking for when they’re sniffing out a threat, then you understand what to change up in order to potentially provide your attacks with a higher rate of success.
Secure those home networks, folks. Or better, yet, don’t keep your sensitive content in places where anyone with a bit of knowledge can come in and plunder it.
Image via WIkipedia