back to article US military manuals hawked on dark web after files left rattling in insecure FTP server

Sensitive US Air Force documents have leaked onto the dark web as part of an attempted sale of drone manuals. Threat intel firm Recorded Future picked up on an auction for purported export-controlled documents pertaining to the MQ-9 Reaper drone during its regular work monitoring the dark web for criminal activities last month …

Silver badge
Black Helicopters

Capt. from 432d AMU

If the compromised box was off base the capt. will be having an interesting chat with their boss.(possibly about next assignments mop & bucket requirements).

If it was on base the hackers had better be really good at hiding.

10
0
Anonymous Coward

Of course, that's the stuff they found ...

and a little tip for anyone in OutThereLand ... don't even think about trying to hawk stuff like this. It's subtly marked, meaning the source will be found.

4
8
Silver badge

Re: Of course, that's the stuff they found ...

It's marked with the original source, sure (i.e. the legitimate owner who was hacked), but that's no impediment to the thief who is selling it anonymously, nor to the buyers who know that they shouldn't be reading such documents.

12
1
Silver badge

Re: Of course, that's the stuff they found ...

I expect the source who really cares could apply obfuscation of the kind that accomplishes the much harder task of getting material everyone knows - e.g. episodes of a popular TV series - past Youtube copyright filters.

As for finding the source, they can blame whomsoever is (politically) convenient for any kind of military leak. If anyone asks for evidence, can't tell you because National Security.

0
0

Not really a big deal

Looking at the source article, these were not even For Official Use Only documents, just a mix of ITAR-regulated stuff (so, not for export) and similarly unclassified material.

This is embarrassing, and somebody might earn a mild reprimand, but not the sort of thing any sort of scandal is made from.

13
0
Silver badge

Unencrypted?

If these documents are genuinely classified/sensitive then why weren't they encrypted too?

2
1
Silver badge
FAIL

Re: Unencrypted?

They were encrypted but the passwords were in a file called passwords.txt (I used to keep mine in a readme.txt file on the assumption that no-one ever reads them)

13
0
Silver badge
Joke

Re: Unencrypted?

I have my password on the login banner. They even less likely to be read.

10
0
Bronze badge

Re: Unencrypted?

Safest place of all would be in a document called EULA

13
0

Well for the record....

You can get a lot of these things around military bases and the Russians and Chinese damn well know it.

Manuals show up at flea markets and used book stores.

I have even seen night vision devices and and electronic sites at pawn shops.

6
2
Silver badge

Re: Well for the record....

Documents have had a habit of leaking off site for decades now. I remember some security training years ago that emphasized that internal documents, even unclassified ones, stay on site. So the real question is not that they are on the Dark Web but how did they escape.

0
0
Paris Hilton

Re: Well for the record....

"I have even seen night vision devices and and electronic sites at pawn shops."

Pwn shops shirley...?

Paris, knows all about porn shops... (allegedly)

2
0
Facepalm

Routers default FTP password is susceptible to attack?

"Two years ago researchers warned that Netgear routers with remote data access capabilities were susceptible to attack if the default FTP authentication credentials were not updated .. Recorded Future identified more than 4,000 routers susceptible to attack."

Describing accessing a device using the default credentials as an 'attack' is stretching it.

12
0

Re: Routers default FTP password is susceptible to attack?

Yes, its like leaving your doors open and claiming you have had a break in...

The word attack does create the conjecture that some effort is required to be engaged which does not appear to be the case...

2
0
Silver badge
Stop

Please tell me they at least changed the default password on the Reaper drones.

6
0
Trollface

Wait, what default passwords?

7
0
Silver badge
Pirate

the default password on the Reaper drones.

Gr1m

9
0
Anonymous Coward

Re: the default password on the Reaper drones.

DEADBEEF

0
0
Silver badge

Re: the default password on the Reaper drones.

Gr1m

That, or Ch!11!

0
0
Anonymous Coward

Good stuff...

If you are working a Tamiya and want to design the mold for the 1:35 Predator Drone (complete with maintenance operator team)

Don't even need to Think In Russian.

8
0
Facepalm

during its regular work monitoring the dark web for criminal activities last month.

Seems that Recorded Future is doing a very good job. Is that why the dark web is full of drugs, weapons, fake passports, and child porn?

0
1
Silver badge

At least having read the manual

The hackers will recognise the drone that terminates their activities.

0
0
Silver badge

Probably just as easy...

To get the title and send an order into the Pentagon. They will deliver you a nice printed copy for a small (<$10 sometimes) sum. All you need to know is the proper report/publication number.

Spying made easy. You may even be able to order it on Amazon for some titles, I suspect.

Now where is the ISBN for that......

3
0

ISBN Re: Probably just as easy...

When the US military published a book on battlefield surgery in Iraq &Afghanistan, someone had the bright idea to not give the book an ISBN, so it would be hard to find.

0
0
Anonymous Coward

Stupidity <> security

Anyone who can't just put the user manual online does NOT have a secure system.

Stop blaming the world for your own idiocy.

2
0
Bronze badge

Why do so many idiots post sensitive, proprietary, confidential info on the internet? Are they that damned miserly or stupid to not use secure, dedicated lines?

0
2
Silver badge
Boffin

Oxymoron alert

"insecure FTP server"

Not setting a password is like leaving the door open; anyone can walk in. FTP is an unencrypted protocol, so if you set a password, it can be sniffed; easy enough for a competent hacker.

Good thing this wasn't part of an organisation that needs to defend against elite, nation-state-funded hackers. Oh wait!

3
1
Silver badge

The actor was even bragging about accessing footage from a MQ-1 Predator

I'm not saying he didn't, at the same time he could just be Jay from The Inbetweeners.

3
0

This post has been deleted by its author

Silver badge

Security by obscurity

Really a story?

... they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts[sic]

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018