In May, a hacker perusing vulnerable systems with the Shodan search engine found a Netgear router with a known vulnerability—and came away with the contents of a US Air Force captain’s computer. The purloined files from the captain—the officer in charge (OIC) of the 432d Aircraft Maintenance Squadron’s MQ-9 Reaper Aircraft Maintenance Unit (AMU)at Creech Air Force Base, Nevada—included export-controlled information regarding Reaper drone maintenance.
The hacker took the documents to a Dark Web marketplace, where he planned on selling them for a few hundred dollars. And it’s there that analysts from Recorded Future, an information security threat intelligence company, discovered them.
The vulnerability, which makes it possible for an attacker to remotely execute commands and gain access to the root directory of the router via FTP, was disclosed by Netgear over a year ago. Discoverable by searching Shodan for devices with Internet Protocol port 21 open and response text including “214-ADMIN_LOGIN,” the vulnerability allowed attackers to compromise routers and then gain access to the local network. They could then either grab files passing over the network or gain access to devices on it.