The MQ-9 Reaper unmanned aerial vehicle is a scary piece of hardware, capable of unleashing hell on an unsuspecting target from miles away, without ever being seen. It’s the sort of hardware that you don’t want falling into the wrong hands—even the details of how it operates are best kept squirreled away.
So, of course, a group of hackers got their hands on the Reaper’s operating manual with the intention of selling it online to anyone that wants it for $150 a pop. As with most security flaws, the exploit they used was all too human: they accessed the document through an Air Force Captain’s under protected home network:
From Task & Purpose:
Andrei Barysevich at cybersecurity firm Recorded Future, who first spotted the document on June 1, wrote an analysis of the hacker group’s methods, which were fairly unsophisticated. The group used the Internet of Things search engine Shodan to find open, unsecured networks, before connecting and pilfering them of documents.
The drone manual came from a captain at the 432nd Aircraft Maintenance Squadron out of Creech Air Force Base in Nevada, the analysis said.
But that’s not all! As an added bonus, the hackers also managed to snag a manual for ground troops that details how to lessen the threats posed by improvised explosive devices. Where the chances of someone being able to get their hands on a Reaper Drone to pair with a pilfered manual are pretty slim, the information given to grunts on how to keep from getting blown up by IEDs could easily be put to use by an aggressor: if you know what soldiers are looking for when they're sniffing out a threat, then you understand what to change up in order to potentially provide your attacks with a higher rate of success.
Secure those home networks, folks. Or better, yet, don’t keep your sensitive content in places where anyone with a bit of knowledge can come in and plunder it.
Image via WIkipedia
Shelan Faith has an internet-enabled home "security" system from Vivint Home Security; it includes cameras that spy on the interior and exterior of her home, as well as sensors that report on things like when her doors and garage are open or closed.
Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on "bad guys." In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.
If an attacker takes control of a device inside your network -- by exploiting a defect in it or a mistake you made in configuring it or by tricking you somehow -- then they can do all kinds of bad things, like scanning your local network for other vulnerable devices, attacking them and taking control […]
As more companies leverage cloud technology to unite and streamline their operations, the need for capable IT pros increases. But, as any IT guru will tell you, demand alone won’t get your foot in the door to this lucrative field. If you want to cash in on the demand and build a thriving IT career, […]
iOS 12 is finally here, which means now is the best time for aspiring developers to throw their hats into the app development game. While app development can be tricky for some, you can take an intuitive, beginner-friendly approach to understanding app creation and Apple’s latest iOS platform with the iOS 12 & Xcode 10 Bootcamp, […]
It might still be September, but the holiday season will be here before you know it, which means now is the time to think about where you want to vacation to—and what to do once you get there. To this end, we’ve scoured the Web and tracked down a number of travel hacking ebooks, gadgets, […]