Hacker Steals Military Docs Because Someone Didn't Change a Default FTP Password

New submitter secwatcher shares a report: A hacker is selling sensitive military documents on online hacking forums, a security firm has discovered. Some of the sensitive documents put up for sale include maintenance course books for servicing MQ-9 Reaper drones, and various training manuals describing comment deployment tactics for improvised explosive device (IED), an M1 ABRAMS tank operation manual, a crewman training and survival manual, and a document detailing tank platoon tactics. US-based threat intelligence firm Recorded Future discovered the documents for sale online. They say the hacker was selling the data for a price between $150 and $200, a very low asking price for such data. Recorded Future says it engaged the hacker online and discovered that he used Shodan to hunt down specific types of Netgear routers that use a known default FTP password. The hacker used this FTP password to gain access to some of these routers, some of which were located in military facilities, he said.

Re:wow - just wow

[BlueStrat]

who has netgear equipment anymore? who allows default passwords anymore? wow

Yes, but let's make this all about the "hacker" and ignore anything to do with holding any US military or politicians responsible for making the breach possible. After all, cases like that of Lauri Love show that the go-to response by the US government for these sorts of situations is "kill the messenger!" whenever government incompetence and corruption are exposed, and this behavior is not limited to Left or Right. It's natural human behavior that's amplified and given power by having a too-powerful central government

Strat