Not too long ago, comedian and political commentator John Oliver featured a damning segment on the state of nuclear facilities in the United States. In it, we discovered that what are arguably the most sensitive military locations in the country – the nuclear silos and launch sites – have comically bad security procedures and that the American people have at least had a couple of close calls with armageddon due to negligence so far.
This may sound too hard to digest, but it’s all here if you’re interested:
Less than a week ago, a cybersecurity research firm called Recorded Future found that a hacker had gotten access to military facilities and managed to steal highly sensitive data – including manuals on Raptor drones and Abrams tanks.
The hacker was selling copies of the documents he had procured – training manuals, maintenance reference, lists of airmen, military survival manuals, among other things – on the dark web when he was spotted by the cybersecurity research firm, who then proceed to contact him in order to find out how he had acquired these documents.
Akin to the story above, the shocking thing in this story is the embarrassingly simple manner in which security is exposed.
The hacker used a search engine for internet-connected devices called Shodan to find a specific type of router which, without the right update, featured a vulnerability that he was able to exploit.
After finding the routers, the hacker would proceed to try different default passwords to access them. Most routers ship with pretty mundane default passwords – such as ‘admin’, ‘1234’, or 4 zeros; most users never change that password, including a certain captain working at a military facility.