Netgear router bug let hackers steal classified documents on drones, tanks

Netgear says exploit that led to stolen documents was fixed a long time ago

router exploit hacker steal military reaperdrone01
A U.S. Air Force MQ-9 Reaper drone. EthanMiller/GettyImages

Hackers have managed to gain entry to classified documents on an Air Force captain’s computer after they exploited a known flaw in a Netgear router. Although the full extent of the data theft is still being quantified, the maintenance documents for the MQ-9 Reaper drone were stolen, as well as training manuals for the M1 Abrams tank, and defense tactics for tackling improvised explosive devices, were all found for sale on the dark web, Ars Technica reported. Netgear has since clarified to Digital Trends that the exploit used in the attack was fixed a long time ago in several firmware updates to its hardware.

Making sure to update your passwords (save them in a password manager) and firmware for any device connected to the internet is a must for many reasons, but security is the biggest one. As with many military organizations though, it appears that the U.S. Air Force fell behind on its updates, and a hacker was able to gain entry to a closed network in May through a Netgear router that had not been updated to fix a long-known exploit. Simply changing the admin password on the router would have fixed that flaw, too, but since it had not been altered, a hacker was able to gain entry and made off with a number of classified materials.

“Netgear has previously released a firmware that fixes this issue. We ensure that remote services are disabled by default, and passwords are required to be configured during device setup,” Netgear senior product security program manager Lisa Napier told Digital Trends. She also said Netgear customers were all notified via email when firmware updates were released, and that it encouraged automated updates to ensure hardware remained up-to-date.

Those are steps the Air Force appears not to have taken. This hack was only discovered when threat intelligence company Recorded Future found the stolen documents for sale on the dark web. Training manuals, maintenance documents, course books, and even footage from border patrol drones and surveillance cameras were all in possession by the party claiming to be responsible for the hack. While not all of it was highly classified or sensitive information, some of it most certainly was and that raises serious questions about the Air Force’s digital security.

Even more so is the fact that the Air Force captain whose system was compromised as part of the attack, had only recently completed a “Cyber Awareness Challenge” in February — three months before the hack took place. Clearly, there are lessons still to be learned.

The most positive takeaway from this event is that Recorded Future’s Insikt Group claims to have discovered the name and country of residence of the person(s) responsible for the hack, so it may be that some justice is meted out in the future. It claims to be working with law enforcement as part of the ongoing investigation.

Updated on July 13: Added the official statement from Netgear.

Product Review

Packed with features, the Ring Spotlight Cam Wired makes home security a breeze

With an integrated spotlight, crystal-clear video, and color night vision, this device makes home security a cinch. Here's why we like the Ring Spotlight Cam Wired as a great choice for outdoor home security.
Smart Home

The Nest Secure included a microphone no one knew about — except Google

The Nest Secure home security system has had a microphone this entire time that no one knew about, except Google. The company claims the mic was never turned on, but customers are outraged.
Home Theater

The first reactions to Captain Marvel are out of this world

Academy Award winner Brie Larson will play Captain Marvel in the upcoming Marvel Studios movie hitting theaters in March 2019. Here's everything we know about Marvel's first female-led superhero movie.
Gaming

Take to the virtual skies with these free flight simulators

You don't have to spend the entirety of your paycheck to become a virtual ace, at least when it comes to flight simulation. Our list of the best free flight simulators will let you unleash your inner Maverick.
Web

Rid yourself of website notification requests in just a few easy steps

Wish you knew how to block browser and website notifications? You can do it on a case by case basis, but that can become dull after the 10th site has asked for your approval. Here's how to block them outright.
Computing

Don't take your provider's word for it. Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.
Computing

Decades-old Apple IIe computer found in dad’s attic, and it still works

A New York law professor went viral last weekend after he discovered an old Apple IIe computer sitting in his dad's attic. In a series of tweets, he showed that the vintage machine still works perfectly fine after 30 years.
Computing

Logitech’s G MX518 gaming mouse pairs classic looks with all-new tech

Logitech is relaunching one of its most popular classic gaming mice, the MX518. Now called the G MX518, it sports upgraded internals that give it a 16,000 DPI optical sensor and new and improved memory.
Computing

Microsoft could be planning a laptop with foldable screen, hints patent filing

Filed in late 2017 and titled "Bendable device with Display in Movable Connection With Body," the patent filing explains a new mechanism for laptops which can eliminate a hinge and allow the screen to fold shut from the inside,
Deals

From Chromebooks to MacBooks, here are the best laptop deals for February 2019

Whether you need a new laptop for school or work or you're just doing some post-holiday shopping, we've got you covered: These are the best laptop deals going right now, from discounted MacBooks to on-the-go gaming PCs.
Computing

Is AMD's Navi back on track for 2019? Here's everything you need to know

AMD's Navi graphics cards could be available as soon as July 2019 — as long as it's not delayed by stock problems. Billed as a successor to Polaris, Navi promises to deliver better performance to consoles, like Sony's PlayStation 5.
Deals

Here are the best Chromebook deals available in February 2019

Whether you want a compact laptop to enjoy some entertainment on the go, or you need a no-nonsense machine for school or work, we've smoked out the best cheap Chromebook deals -- from full-sized laptops to 2-in-1 convertibles -- that won't…
Computing

RTX might be expensive, but the 16 series could have the best Nvidia Turing GPUs

Set to debut at a step below the RTX 2060 on the price and performance spectrums, the GTX 1660 Ti and its other 16-series brethren could be Nvidia's killer mid-range cards of 2019 — especially with Tensor Core-powered DLSS.
Computing

Ryzen 3000 chips will be powerful, and they might be launched as early as July

AMD's upcoming Ryzen 3000 generation of CPUs could be the most powerful processors we've ever seen, with higher core counts, greater clock speeds, and competitive pricing. Here's what we know so far, based on both leaks and the recent…