/news/ - News

News & Current Events + Happenings

Posting mode: Reply

Check to confirm you're not a robot
Name
Email
Subject
Comment
Password
Drawing x size canvas
File(s)

Remember to follow the rules

Max file size: 350.00 MB

Max files: 5

Max message length: 4096

Manage Board | Moderate Thread

Return | Catalog | Bottom


News & Current Events + Happenings
/news/ deserves actual news. Declaring agendas are not news. Do not post trolling bait threads.
Post quality threads only, and it's voluntary to crosspost them to /pol/
Never mandatory.

Expand All Images


Thanks To Amazon S3 Storage, Stolen US Military Drone Documents Found for Sale on Dark Web Reader 07/11/2018 (Wed) 13:32:46 Id: 021565 [Preview] No. 10894
RELATED:
https://archive.fo/CInHW (US Military Hired Amazon To Store Sensitive Data, Secrets Stolen By China)
https://archive.fo/R7oOo (US Army Data Hacked In 2017, Stored On Amazon S3 Servers)
https://archive.fo/FJWtH (NSA Files Left Exposed Online on Amazon S3 Server, Hacked)
https://archive.fo/pC2Yd (Amazon S3 Servers NOT Secure!)

An unidentified hacker tried to sell purported U.S. military documents containing information about combat drones last month, a cybersecurity research firm said, after they were allegedly stolen from an Air Force officer’s computer.

The hacker sought buyers for maintenance documents about the MQ-9 Reaper drone, a remotely controlled aerial vehicle used by the Pentagon and other parts of the government to conduct offensive strikes or reconnaissance and surveillance operations.

Discovery of the attempted sale of the stolen documents comes amid heightened concern about how U.S. military secrets may be insufficiently protected from hackers. Military officials said last month that the Defense Department’s inspector general was investigating a major security breach after Chinese hackers allegedly stole data pertaining to submarine warfare, including plans to build a supersonic antiship missile.

There was no evidence that the hacker who acquired the Reaper drone documents was affiliated with a foreign country, or that he was intentionally seeking to obtain military documents, said Andrei Barysevich, a senior threat researcher at Recorded Future, the U.S.-based cybersecurity firm that spotted the attempted sale. Instead, the hacker scanned large parts of the internet for misconfigured Netgear routers and exploited a two-year-old known vulnerability, involving default login credentials, to steal files from compromised machines.

Recorded Future said it has notified the Defense Security Service and the Department of Homeland Security about the hacker’s activities. A DHS spokesman said the agency was reviewing the information provided by Recorded Future but deferred further comment to the Air Force. The Air Force and DSS didn’t respond to requests for comment.

Posing as a potential buyer, researchers at the cyber firm contacted the seller, and during weeks of back-and-forth discussions were sent screenshots of the purportedly stolen documents. Those documents included the name of an Air Force captain stationed at the Creech Air Force Base in Nevada from whom the hacker is believed to have obtained the stolen drone files.

The hacker likely didn’t know the value of the documents he had obtained because he was attempting to sell them for as little as $150, Barysevich said. He added that the hacker communicated in flawed English but would occasionally slip into Spanish, which along with other indicators led some of the researchers to think he may be based in South America.

Criminal hackers often attempt to anonymously purchase and sell stolen data on the dark web, but those transactions typically involve information that can be monetized in fraud schemes, such as passwords, usernames or financial records. But the sale of military documents on an open forum is incredibly rare, Barysevich said.

“I’ve been personally researching dark web for 15 years, and I have never seen anything like this,” he said in an interview.

Note, all these files were stored on Amazon S3 Servers which are well known to be vulnerable to hacking. The US military does not care about security of their files, they care about keeping Amazon a monopopoly. This shows brazen disregard of national security interests, not that they give a shit!

https://archive.fo/vpxFF
https://www.wsj.com/articles/stolen-u-s-military-drone-documents-found-for-sale-on-dark-web-researchers-say-1531301401


Reader 07/11/2018 (Wed) 13:39:26 Id: 021565 [Preview] No.10895 del
Serves them right. And if they continue the stupidity they'll keep having their secrets lifted. Why would you store military secrets in a fucking "cloud storage" dumb fucks!? Jesus Christ, even I keep my files more secure than that and I'm a no one. Air-gap your systems, use old-school Unix or Linux systems, store your sensitive stuff OFFLINE and in a locked up Faraday caged area with restricted access like NORMAL militaries do!



Top | Return | Catalog | Post a reply