Submitted via IRC for Fnord666
In May, a hacker perusing vulnerable systems with the Shodan search engine found a Netgear router with a known vulnerability—and came away with the contents of a US Air Force captain's computer. The purloined files from the captain—the officer in charge (OIC) of the 432d Aircraft Maintenance Squadron's MQ-9 Reaper Aircraft Maintenance Unit (AMU)at Creech Air Force Base, Nevada—included export-controlled information regarding Reaper drone maintenance.
The hacker took the documents to a Dark Web marketplace, where he planned on selling them for a few hundred dollars. And it's there that analysts from Recorded Future, an information security threat intelligence company, discovered them.
The vulnerability, which makes it possible for an attacker to remotely execute commands and gain access to the root directory of the router via FTP, was disclosed by Netgear over a year ago. Discoverable by searching Shodan for devices with Internet Protocol port 21 open and response text including "214-ADMIN_LOGIN," the vulnerability allowed attackers to compromise routers and then gain access to the local network. They could then either grab files passing over the network or gain access to devices on it.
[...] Analysts from Recorded Future's Insikt Group discovered the data for sale on the Dark Web on June 1. They engaged the individual selling the information and "confirmed the validity of the compromised documents," Recorded Future's Andrei Barysevich wrote in a report on the compromise. "Insikt Group identified the name and country of residence of an actor associated with a group we believe to be responsible. We continue to assist law enforcement in their investigation."
The individual selling the documents also later offered additional documents from an unknown source, including US Army documents describing tactics for defeating improvised explosive device attacks, M1 ABRAMS tank operation, tank crew training and survival, and tank platoon tactics. While Insikt's researchers speculated these might have been part of another breach, the documents themselves are not classified—and many of them are available through the Army's own publications website or other sources.
(Score: 2) by pvanhoof on Sunday July 15 2018, @08:59AM (3 children)
Kids. Don't use Wifi routers without first putting OpenWRT on it.
(Score: 2) by legont on Monday July 16 2018, @01:28AM (2 children)
Not part of windows distro, sorry, can't do.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 2) by Freeman on Monday July 16 2018, @03:00PM (1 child)
I know of no routers that run windows on the hardware. That sounds like a giant nightmare.
Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"
(Score: 2) by legont on Tuesday July 17 2018, @12:21AM
That was intended as a joke. If seriously, all new security that happens around my work is windows based. The folks who do it came from the government background and don't know anything else. I totally agree - it is a nightmare.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.
(Score: 4, Interesting) by Anonymous Coward on Sunday July 15 2018, @04:31PM (1 child)
we spend an absurd amount of money on "defense" yet we have officers(who should know better) using consumer routers (probably) with their malware ridden windows computers. we could have developed all kinds of hardened FOSS protocols, OSes, etc just with the money they waste on shit that will never be useful. another good example of why i don't pay the income tax.
(Score: 2) by legont on Monday July 16 2018, @01:32AM
Everything the US government has is protected by windows. They don't know how to work with anything else.
"Wealth is the relentless enemy of understanding" - John Kenneth Galbraith.