U.S. Air Force drone documents found for sale on the dark web for $200

You never quite know what you’ll find on the dark web. In June, a threat intelligence team team known as Insikt Group at security research firm Recorded Future discovered the sale of sensitive U.S. military information in the course of monitoring criminal activity on dark web marketplaces.

Insikt explains that an English-speaking hacker purported to have documentation on the MQ-9 Reaper unmanned aerial vehicle. Remarkably, the hacker appears to have been selling the goods for “$150 or $200.”

According to Insikt Group, the documents were not classified but also contained sensitive materials including “the M1 Abrams maintenance manual, a tank platoon training course, a crew survival course, and documentation on improvised explosive device (IED) mitigation tactics.” Insikt notes that the other set of documents appears to have been stolen from a U.S. Army official or from the Pentagon but the source was not confirmed.

The hacker appeared to have joined the forum explicitly for the sale of these documents and acknowledged one other incident of military documents obtained from an unaware officer. In the course of its investigation, Insikt Group determined that the hacker obtained the documents by accessing a Netgear router with misconfigured FTP login credentials. When the team corresponded with the hacker to confirm the source of hacked drone documents, the attacker disclosed that he also had access to footage from a MQ-1 Predator drone.

Here’s how he did it:

“Utilizing Shodan’s popular search engine, the actors scanned large segments of the internet for high-profile misconfigured routers that use a standard port 21 to hijack all valuable documents from compromised machines.

“Utilizing the above-mentioned method, the hacker first infiltrated the computer of a captain at 432d Aircraft Maintenance Squadron Reaper AMU OIC, stationed at the Creech AFB in Nevada, and stole a cache of sensitive documents, including Reaper maintenance course books and the list of airmen assigned to Reaper AMU. While such course books are not classified materials on their own, in unfriendly hands, they could provide an adversary the ability to assess technical capabilities and weaknesses in one of the most technologically advanced aircrafts.”

Insikt Group notes that it is “incredibly rare” for hackers to sell military secrets on open marketplaces. “The fact that a single hacker with moderate technical skills was able to identify
several vulnerable military targets and exfiltrate highly sensitive information in a week’s
time is a disturbing preview of what a more determined and organized group with superior
technical and financial resources could achieve,” the group warns.

Google reportedly backing out of military contract after public backlash

A controversial Google contract with the U.S. military will not be renewed next year after internal and public outcry against it, Gizmodo reports. The program itself was not particularly distasteful or lucrative, but served as a foot in the door for the company to pursue more government work that may very well have been both.

Project Maven, as the program was known, essentially had Google working with the military to perform image analysis on sensitive footage like that from drones flying over conflict areas.

A small but vocal group of employees has repeatedly called the company out for violating its familiar (but now deprecated) “Don’t be evil” motto by essentially taking a direct part in warfare. Thousands of employees signed a petition to end the work, and several even resigned in protest.

But more damaging than the loss of a few squeaky wheels has been the overall optics for Google. When it represented the contract as minor, and that it was essentially aiding in the administration of open source software, the obvious question from the public was “so why not stop?”

The obvious answer is that it isn’t minor, and that there’s more to it than just a bit of innocuous support work. In fact, as reportage over the last few months has revealed, Maven seems to have been something like a pilot project intended to act as a wedge by which to gain access to other government contracts.

Part of the goal was getting the company’s security clearance fast tracked and thus gaining access to data by which it could improve its military-related offerings. And promises to Pentagon representatives detailed far more than facilitation of garden variety AI work.

Gizmodo’s sources say that Diane Greene, CEO of Google Cloud, told employees today at a meeting that the backlash was too much and that the company’s priorities as regards military work have changed. They must have changed recently, since discussions have been ongoing right up until the end of 2017. I’ve asked Google for comment on the issue.

Whether the expiration of Project Maven will represent a larger change to Google’s military and government ambitions remains to be seen; some managers are surely saying to themselves right now that it would be a shame to have that security clearance go to waste.

US military reviewing tech use after Strava privacy snafu

 The US military has responded to privacy concerns over a heatmap feature in the Strava app which displays users’ fitness activity — and has been shown exposing the location of military facilities around the world — by saying it’s reviewing the rules around usage of wireless devices and apps by its personnel.  Read More

DJI adds an offline mode to its drones for clients with ‘sensitive operations’

 DJI is working on a “local data mode” for its apps that prevents any data from being sent or received from the internet. The feature will be welcomed by many, but it’s hard not to attribute the timing and urgency of the announcement to the recent ban of DJI gear by the U.S. Army over unspecified “cyber vulnerabilities.” Read More

DJI adds an offline mode to its drones for clients with ‘sensitive operations’

 DJI is working on a “local data mode” for its apps that prevents any data from being sent or received from the internet. The feature will be welcomed by many, but it’s hard not to attribute the timing and urgency of the announcement to the recent ban of DJI gear by the U.S. Army over unspecified “cyber vulnerabilities.” Read More

Female Marines group appeals to Sheryl Sandberg to fix Facebook’s revenge porn problem

 With a letter straight to the top, a group of Marines is demanding that Facebook get a grip on the systemic harassment that plagues its female servicemembers. In March, Facebook became the epicenter of the Marines United scandal, which exposed a massive online community where users shared often intimate photos of servicewomen without their consent. While such content isn’t limited… Read More

Marine Corps updates social media guidance to address online misconduct

 As its revenge porn scandal continues to unfurl, the Marine Corps took steps this week to bolster its standards for online behavior. Following a hearing before the Senate Armed Services Committee, Marine Commandant Gen. Robert Neller signed off on a set of guidelines that expand the definition of sexual harassment to include online activity. Just like with offline infractions, Marines deemed… Read More

AWS moves into IT training and job placement with re:Start, a UK cloud skills program

Online education Amazon’s cloud storage business AWS has been gradually expanding into a range of cloud services for people not to simply host their business or app with AWS, but to use the platform for productivity and their own work purposes, too. Today came the latest development on that theme: AWS launched re:Start, a new portal for IT skills training, specifically in cloud computing, and job… Read More