Hacker Steals Military Docs Because Someone Didn't Change a Default FTP Password

New submitter secwatcher shares a report: A hacker is selling sensitive military documents on online hacking forums, a security firm has discovered. Some of the sensitive documents put up for sale include maintenance course books for servicing MQ-9 Reaper drones, and various training manuals describing comment deployment tactics for improvised explosive device (IED), an M1 ABRAMS tank operation manual, a crewman training and survival manual, and a document detailing tank platoon tactics. US-based threat intelligence firm Recorded Future discovered the documents for sale online. They say the hacker was selling the data for a price between $150 and $200, a very low asking price for such data. Recorded Future says it engaged the hacker online and discovered that he used Shodan to hunt down specific types of Netgear routers that use a known default FTP password. The hacker used this FTP password to gain access to some of these routers, some of which were located in military facilities, he said.

Re:Never attribute to malice

[MightyMartian]

The fact that FTP is being used at all is a big red flag for me. Unless it's sitting inside a fully encrypted tunnel, an FTP password is so trivial to steal even if it isn't an obvious password. There may be a few cases where one has to use FTP, but where I have been forced to use it (old hardware), it's ringfenced like nuts, and I'm not going to have an FTP server open on the Internet, unless it's some sort of publicly available archive where I don't care who downloads off of it.