Hackers have managed to gain entry to classified documents on an Air Force captain’s computer after they exploited a known flaw in a Netgear router. Although the full extent of the data theft is still being quantified, the maintenance documents for the MQ-9 Reaper drone were stolen, as well as training manuals for the M1 Abrams tank, and defense tactics for tackling improvised explosive devices, were all found for sale on the dark web, Ars Technica reported. Netgear has since clarified to Digital Trends that the exploit used in the attack was fixed a long time ago in several firmware updates to its hardware.
Making sure to update your passwords (save them in a password manager) and firmware for any device connected to the internet is a must for many reasons, but security is the biggest one. As with many military organizations though, it appears that the U.S. Air Force fell behind on its updates, and a hacker was able to gain entry to a closed network in May through a Netgear router that had not been updated to fix a long-known exploit. Simply changing the admin password on the router would have fixed that flaw, too, but since it had not been altered, a hacker was able to gain entry and made off with a number of classified materials.
“Netgear has previously released a firmware that fixes this issue. We ensure that remote services are disabled by default, and passwords are required to be configured during device setup,” Netgear senior product security program manager Lisa Napier told Digital Trends. She also said Netgear customers were all notified via email when firmware updates were released, and that it encouraged automated updates to ensure hardware remained up-to-date.
Those are steps the Air Force appears not to have taken. This hack was only discovered when threat intelligence company Recorded Future found the stolen documents for sale on the dark web. Training manuals, maintenance documents, course books, and even footage from border patrol drones and surveillance cameras were all in possession by the party claiming to be responsible for the hack. While not all of it was highly classified or sensitive information, some of it most certainly was and that raises serious questions about the Air Force’s digital security.
Even more so is the fact that the Air Force captain whose system was compromised as part of the attack, had only recently completed a “Cyber Awareness Challenge” in February — three months before the hack took place. Clearly, there are lessons still to be learned.
The most positive takeaway from this event is that Recorded Future’s Insikt Group claims to have discovered the name and country of residence of the person(s) responsible for the hack, so it may be that some justice is meted out in the future. It claims to be working with law enforcement as part of the ongoing investigation.
Updated on July 13: Added the official statement from Netgear.