A vulnerable Netgear router was found in the Shodan search engine, surprisingly the machine connected to the router turned out to be a US AirForce Captains’ Terminal.
The officer was in-charge of 432d Aircraft Maintenance Squadron’s MQ-9 reaper. The Hacker stole the Aircraft manuals with the intention of selling it on the dark web for a few hundred dollars. Analysts from RecordedFuture Found the data on the internet and reported it to relevant government agencies.
This vulnerability in NetGear routers allow the attacker to execute the remote commands and also allow the access to the root directory of the router using FTP, the vulnerability was disclosed a year ago.
The router was discoverable to Shodan search engine because port 21 of the router was exposed including the “214-ADMIN_LOGIN” which is the vulnerability that allowed the hackers to compromise the router. The vulnerability allowed hackers to grab the files that are being passed over the network. Thousands of routers are potentially vulnerable to this attack based on the search results from the Shodan search engine.
According to a survey conducted from ArsTechnica, there are 1368 routers that are vulnerable to this attack. In most cases changing the admin password will reduce the likelihood of attacker gaining access to the network. The analysts from RecordedInsikt Group found that data is on sale on Dark Web and in June they confirmed the validity of the information and reported a compromise of the information.
The individual selling the records later offered additional reports from an unknown source, including US Army documents explaining tactics for defeating improvised sensitive device attacks, M1 ABRAMS tank operation, tank crew training and survival as well as tank platoon tactics.