Security intelligence outfit Recorded Future said the documents had been found by its Insikt Group while monitoring the activities of criminals on the deep and dark web.
Researcher Andrei Barysevich wrote that an English-speaking hacker claimed to have access to documents that were not supposed to be exported.
When someone says “military grade” anything, remember that classified documents were stolen from an open FTP server run by a guy who’d just received his military issued cyber security awareness award. pic.twitter.com/LKoSmD3Qep— the grugq (@thegrugq) 12 July 2018
While the name and country of residence of an individual associated with a group believed to be responsible were ascertained, this information was only for sale, the company said. Presumably, it would also be provided to law enforcement.
One of the Reaper maintenance training documents.
After engaging the hacker in conversation, the company learned that the documents had been obtained by gaining access to a military network through Netgear routers on which the default password for FTP had not been changed.
Regarding the MQ-9 drone, Barysevich wrote: "Manufactured by General Atomics, the MQ-9 Reaper is regarded as one of the most advanced and lethal military technology (devices) commissioned in the past two decades.
"According to open sources, Reaper was first introduced in 2001 and is currently used by the US Air Force, the US Navy, the CIA, US Customs and Border Protection, NASA, and the militaries of several other countries."
The original advertisement posted on the dark web.
After the hacker gained access through the routers, he/she then traversed the internal network to locate the documents that were put up for sale.
The company said it had identified more than 4000 Netgear routers with unchanged FTP credentials on the Web.
Screenshots: courtesy Recorded Future