Skip to main content
  1. Home
  2. Computing
  3. News

Netgear router bug let hackers steal classified documents on drones, tanks

Netgear says exploit that led to stolen documents was fixed a long time ago

Add as a preferred source on Google

A U.S. Air Force MQ-9 Reaper drone. EthanMiller/GettyImages

Hackers have managed to gain entry to classified documents on an Air Force captain’s computer after they exploited a known flaw in a Netgear router. Although the full extent of the data theft is still being quantified, the maintenance documents for the MQ-9 Reaper drone were stolen, as well as training manuals for the M1 Abrams tank, and defense tactics for tackling improvised explosive devices, were all found for sale on the dark web, Ars Technica reported. Netgear has since clarified to Digital Trends that the exploit used in the attack was fixed a long time ago in several firmware updates to its hardware.

Recommended Videos

Making sure to update your passwords (save them in a password manager) and firmware for any device connected to the internet is a must for many reasons, but security is the biggest one. As with many military organizations though, it appears that the U.S. Air Force fell behind on its updates, and a hacker was able to gain entry to a closed network in May through a Netgear router that had not been updated to fix a long-known exploit. Simply changing the admin password on the router would have fixed that flaw, too, but since it had not been altered, a hacker was able to gain entry and made off with a number of classified materials.

“Netgear has previously released a firmware that fixes this issue. We ensure that remote services are disabled by default, and passwords are required to be configured during device setup,” Netgear senior product security program manager Lisa Napier told Digital Trends. She also said Netgear customers were all notified via email when firmware updates were released, and that it encouraged automated updates to ensure hardware remained up-to-date.

Those are steps the Air Force appears not to have taken. This hack was only discovered when threat intelligence company Recorded Future found the stolen documents for sale on the dark web. Training manuals, maintenance documents, course books, and even footage from border patrol drones and surveillance cameras were all in possession by the party claiming to be responsible for the hack. While not all of it was highly classified or sensitive information, some of it most certainly was and that raises serious questions about the Air Force’s digital security.

Even more so is the fact that the Air Force captain whose system was compromised as part of the attack, had only recently completed a “Cyber Awareness Challenge” in February — three months before the hack took place. Clearly, there are lessons still to be learned.

The most positive takeaway from this event is that Recorded Future’s Insikt Group claims to have discovered the name and country of residence of the person(s) responsible for the hack, so it may be that some justice is meted out in the future. It claims to be working with law enforcement as part of the ongoing investigation.

Updated on July 13: Added the official statement from Netgear.

Jon Martindale
Jon Martindale covers how to guides, best-of lists, and explainers to help everyone understand the hottest new hardware and…
I let Radial menu take over my Mac, and I’m never going back
One mouse jiggle, endless shortcuts. My Mac has never felt this fast.
Radial app running on Mac

I have been testing Radial for the past week, and it's quickly become one of those apps I didn’t know how I could live without. It's a radial menu for macOS that puts your shortcuts, scripts, and automations right where your cursor is, so you never have to go hunting through menus to find what you need.

The app just received its 5.0 update, adding AI actions powered by Claude, window layouts, variables, a redesigned settings interface, a new Atmosphere background effect, and a squircle menu shape. I got to try most of these, and here's what I found.

Read more
Android desktop mode made me miss my laptop in record time
I tried writing and publishing from Google’s phone-to-monitor setup, and the future of mobile computing immediately started sweating.
Computer, Electronics, Laptop

Android 17 desktop mode has a very simple pitch. Plug your phone into a monitor, add a keyboard and mouse, and watch the slab in your pocket pretend to be a computer. I wanted to give that pitch a fair shot, so I tried using it for an actual workday instead of a cute demo.

The goal was boring on purpose: write an article, edit it, build the page in WordPress, upload whatever needed uploading, and publish the thing without running back to my laptop like a coward.

Read more
As AI turbocharges digital abuse, UK agencies urge parents to limit who sees kids’ photos online
The National Crime Agency and Internet Watch Foundation are asking parents to tighten privacy settings as AI-generated abuse material rises.
Social Media

Parents who post pictures of their kids online are being told to rethink the habit. The UK's National Crime Agency and the Internet Watch Foundation have issued new guidance urging families to lock down their social media accounts, warning that publicly shared photos are increasingly being pulled and altered by AI tools to create child sexual abuse material.

The two organizations say most parents have no idea this is happening. Criminals no longer need to contact a child directly to generate such material. They can scrape an ordinary photo and run it through widely available nudify apps.

Read more