A hacker used a basic security vulnerability to access highly sensitive files relating to the US military’s spy drones and tanks.
Security firm Recorded Future discovered a criminal attempting to sell the secret information for only a few hundred dollars on a dark web forum.
The documents, which were advertised at between $150 and $200, included technical details of the MQ-9 Reaper drone.
The drone has been used for unmanned surveillance missions for the military and other organizations including border control.
Source: https://www.databreaches.net/a-dumb-security-flaw-let-a-hacker-download-us-drone-secrets/
TPRM report: https://scoringcyber.rankiteo.com/company/us-army
"id": "usa11891122",
"linkid": "us-army",
"type": "Vulnerability",
"date": "07/2018",
"severity": "60",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Defense',
'location': 'United States',
'name': 'US Military',
'type': 'Government Organization'}],
'attack_vector': 'Exploitation of Basic Security Vulnerability',
'data_breach': {'data_exfiltration': True,
'sensitivity_of_data': 'Highly Sensitive',
'type_of_data_compromised': 'Technical documents'},
'description': 'A hacker exploited a basic security vulnerability to access '
'highly sensitive files relating to the US military’s spy '
'drones and tanks. The documents included technical details of '
'the MQ-9 Reaper drone, which were being sold on a dark web '
'forum for a few hundred dollars.',
'impact': {'data_compromised': ['Technical details of the MQ-9 Reaper drone']},
'initial_access_broker': {'data_sold_on_dark_web': True},
'motivation': 'Financial Gain',
'references': [{'source': 'Recorded Future'}],
'response': {'third_party_assistance': ['Recorded Future']},
'threat_actor': 'Unknown Hacker',
'title': 'US Military Spy Drone and Tank Information Breach',
'type': 'Data Breach',
'vulnerability_exploited': 'Basic Security Vulnerability'}