Someone stole U.S. military documents containing information about combat drones and they probably weren’t even trying.
A hacker used what Wired called a “dumb security flaw” to access top-secret documents stored on Air Force computers and then put that information up for sale on the dark web for a mere couple hundred dollars. This isn’t the first time this has happened either. Last month, Chinese hackers gained access to U.S. submarine warfare plans after gaining access to a U.S. Navy contractor’s computer.
This attack is made more concerning by its clumsiness. The hacker doesn’t appear to be very sophisticated and wasn’t even targeting the U.S. military. Instead he or she exploited a two-year-old security flaw that the Air Force knew about after scanning the Internet for similar vulnerabilities. Moreover, the asking price for the information indicates the hacker didn’t know the value of what he or she had stumbled upon.
A senior researcher at Recorded Future, the cybersecurity firm that found the documents for sale, told the Wall Street Journal that the success of an apparent amateur raises concerns about what more-sophisticated hackers could be stealing from the military.
One of the stolen documents was a certificate saying the captain whose computer the hacker likely accessed had completed cybersecurity training.