In recent news, documents have been found for sale on the dark web containing sensitive information relating to the U.S. Air Force. These documents were featured for as low as $100 to $200 and were found by Information Security Analysts while trawling through the dark web searching for criminal activity. These analysts posed as potential buyers before confirming the validity of the documents in question. The documents were identified to contain information about the MQ-9 Reaper drone widely used by the Air Force, Border Protection, NASA, the CIA and several other countries.
How does something this sensitive end up for sale on the dark web?
The method behind this attack was surprisingly simple. Instead of being an elaborate, planned attack used to compromise infrastructure, the attacker instead gained this confidential information by accessing a Netgear router located at the Creech Air Force base. This router featured default credentials for the FTP server used to share files. After gaining access to the network, the attacker then stole a handful of sensitive documents relating to the MQ-9 Reaper drone.
The captain who suffered this breach had recently completed a Cyber Awareness Challenge, which was discovered after the attacker found a certificate on his computer, to improve Cyber Security best practice. However, the captain failed to set a new password for the FTP server that hosted these sensitive documents.
So, what can we learn from this?
Training and awareness of Cyber Security is incredibly important. However, it is equally valuable to take the information you learn on these courses, create a list of actions applicable to your business and implement them immediately. Many security incidents are not as elaborate and strategised as you may think, you have a lot more control over the security of your data.