Netgear router bug let hackers steal classified documents on drones, tanks

Netgear says exploit that led to stolen documents was fixed a long time ago

router exploit hacker steal military reaperdrone01
A U.S. Air Force MQ-9 Reaper drone. EthanMiller/GettyImages

Hackers have managed to gain entry to classified documents on an Air Force captain’s computer after they exploited a known flaw in a Netgear router. Although the full extent of the data theft is still being quantified, the maintenance documents for the MQ-9 Reaper drone were stolen, as well as training manuals for the M1 Abrams tank, and defense tactics for tackling improvised explosive devices, were all found for sale on the dark web, Ars Technica reported. Netgear has since clarified to Digital Trends that the exploit used in the attack was fixed a long time ago in several firmware updates to its hardware.

Making sure to update your passwords (save them in a password manager) and firmware for any device connected to the internet is a must for many reasons, but security is the biggest one. As with many military organizations though, it appears that the U.S. Air Force fell behind on its updates, and a hacker was able to gain entry to a closed network in May through a Netgear router that had not been updated to fix a long-known exploit. Simply changing the admin password on the router would have fixed that flaw, too, but since it had not been altered, a hacker was able to gain entry and made off with a number of classified materials.

“Netgear has previously released a firmware that fixes this issue. We ensure that remote services are disabled by default, and passwords are required to be configured during device setup,” Netgear senior product security program manager Lisa Napier told Digital Trends. She also said Netgear customers were all notified via email when firmware updates were released, and that it encouraged automated updates to ensure hardware remained up-to-date.

Those are steps the Air Force appears not to have taken. This hack was only discovered when threat intelligence company Recorded Future found the stolen documents for sale on the dark web. Training manuals, maintenance documents, course books, and even footage from border patrol drones and surveillance cameras were all in possession by the party claiming to be responsible for the hack. While not all of it was highly classified or sensitive information, some of it most certainly was and that raises serious questions about the Air Force’s digital security.

Even more so is the fact that the Air Force captain whose system was compromised as part of the attack, had only recently completed a “Cyber Awareness Challenge” in February — three months before the hack took place. Clearly, there are lessons still to be learned.

The most positive takeaway from this event is that Recorded Future’s Insikt Group claims to have discovered the name and country of residence of the person(s) responsible for the hack, so it may be that some justice is meted out in the future. It claims to be working with law enforcement as part of the ongoing investigation.

Updated on July 13: Added the official statement from Netgear.

Computing

Facebook wants to own your face. Here’s why that’s a privacy disaster

(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity. Scanning your face is easier than remembering a password, that’s for sure. But while facial recognition technology has gone mainstream with…
Computing

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.
Computing

Google Chrome now consumes more memory due to a new Spectre fix

Version 67 of Google’s Chrome browser for Windows, Mac, Linux, and Chrome OS now includes a new security feature called Site Isolation. It protects web surfers against Spectre-based attacks on the internet, but for a price.
Mobile

Apple fixes its battery drain issue with iOS 11.4.1 update

Apple's iOS 11 is the latest version of the company's mobile operating system, but it still has some issues to be worked out. We've searched the internet to find the biggest iOS 11 problems, along with some potential solutions.
Emerging Tech

Awesome Tech You Can’t Buy Yet: Laptop screen extenders and self-healing tents

Check out our roundup of the best new crowdfunding projects and product announcements that hit the Web this week. You can't buy this stuff yet, but it sure is fun to gawk!
Mobile

ZTE resumes business once again as U.S. lifts ban on suppliers

Chinese telecommunications giant ZTE announced that it was ceasing operations following a ban imposed by the U.S. Department of Commerce. After making key changes, ZTE will soon return to business. Here's everything you need to know.
Computing

VR is in a tailspin, and the sales numbers prove it

VR is the future! Except if you look at the data. Sales of the biggest VR headsets, including the HTC Vive, PlayStation VR, and Oculus Go, are all declining. What does it mean for the state of VR, and where do we go from here?
Photography

These point-and-shoot cameras make your smartphone pics look like cave paintings

If your smartphone camera just isn't giving you the results you're looking for, maybe it's time to step up your game. The latest and greatest point-and-shoot cameras offer large sensors, tough bodies, and long lenses - something no phone…
Product Review

The MacBook Pro has been updated with 8th-gen processors, but is it worth buying?

The MacBook Pro is a controversial laptop these days -- and that's unfortunate. Due to some divisive changes Apple made to the functionality of the MacBook Pro, fans are more split. Does the 8th-gen refresh change that?
Cars

Tesla has shortened its Model 3 wait time to just one to three months

Production of the Tesla Model 3 has officially begun. Tesla's long-awaited entry-level model is far cheaper than the Model S and will compete head-to-head with the Chevrolet Bolt EV. We drove it and concluded it lives up to the hype.
Movies & TV

The best shows on Netflix in July, from ‘Arrested Development’ to ‘Mad Men’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Computing

The launch of the new MacBook Pro has been a complete disaster

Apple has flubbed what should've been a simple processor bump for the MacBook Pro. From issues with pricing and CPU throttling to the keyboard, the MacBook Pro is in an even worse position than before the update.
Computing

Millions of health records may be at stake in ransomware attack

LabCorps revealed that it was a victim of a data breach, and the FBI confirmed it was notified of a ransomware attack. With millions of health records at stake, it's still unclear what information, if any, the attackers accessed.
Computing

Installing fonts in Windows 10 is quick and easy -- just follow these steps

Want to know how to install fonts in Windows 10? Here's our guide on two easy ways to get the job done, no matter how many you want to add to your existing catalog, plus instructions for deleting fonts in the process.
Computing

Congressman says we should be banned from mining, using cryptocurrency

Congressman Brad Sherman believes the government should prohibit U.S. citizens from mining and using cryptocurrency. As a medium of exchange, cryptocurrencies facilitate narcotics trafficking, terrorism, and tax evasion.
Computing

Apple quietly confirms 2018 MacBook Pro keyboard ships with anti-debris design

Apple appears to have a permanent fix in place to address the MacBook Pro's sticky key problem when it announced the 2018 refresh. But the fix won't be coming to the company's older notebooks, leaving existing owners out in the cold.
Computing

Tired of choosing between Windows and Mac? Check out these Chromebooks instead

We've compiled a list of the best Chromebooks -- laptops that combine great battery life, comfortable keyboards, and the performance it takes to run Google's lightweight Chrome OS. From Samsung to Acer, these are the Chromebooks that really…
Mobile

Fuchsia could eventually replace Android, but it's years away from doing so

Details have emerged about a new operating system Google's developers are working on dubbed Fuchsia OS. Here's everything we know about Google's mysterious new operating system so far.