Companies like GE are usually the ones dealing with a breached vendor, but the electronics giant may have been the point of compromise in a recent theft of DARPA files. A known hacker has claimed to have pulled off a data theft caper that victimized GE, and that may have included classified military files.
The hack was claimed by IntelBroker, an independent operator that has pulled off some legitimate high-profile data theft jobs over the past year. While GE is still investigating and there are some questionable elements to the claim, the highly sensitive nature of the data that might have been stolen forces stakeholders to take the incident very seriously.
GE still investigating data theft claim
Confirmation of the data theft will be important, as there are some oddities about it that raise questions. Not the least of which is that the hacker has been asking only $500 for what might be secrets about the US military’s combat aviation program, and even at that price they seem to have been struggling to find an interested buyer. One might also assume that this stems from an internal database left visible to the public internet, as that is how IntelBroker has hit upon their previous scores.
But while GE is probably a harder target for data theft than most, it is not impenetrable. It has had at least two known incidents already in the past few years: an attack on a third party contractor in 2020 that resulted in sensitive employee data being exposed, and insider theft dating back before that involving an engineer funneling company secrets to China.
DARPA has a number of different research branches. If the data theft turns out to be legitimate, the claim of GE Aviation being involved would likely mean the files are part of the Aerospace Projects Office (APO) that was just formed in 2015. This branch of DARPA is directly involved with US Air Force and other military air programs.
That means that everyone involved has to assume that these secrets were actually stolen, even if the circumstances are somewhat questionable. It could be a potential national security issue depending on exactly what was taken.
DARPA theft raises numerous questions
IntelBroker’s initial offer for sale of the stolen data popped up on commonly used underground marketplace BreachedForums in early November. That didn’t go so well, judging by a November 22 post indicating no one had stepped forward to buy and that access to GE would now be included for the asking price. IntelBroker’s level of experience has been questioned by security researchers before for their tendency to go to a dark web forum to sell potentially valuable stolen data, rather than using Telegram or some sort of independent portal.
The hacker has enough of a track record to at least make the data theft plausible, however. IntelBroker has previously breached footwear outfit Dr. Martens, The Body Shop, Volvo, and the Weee! grocery chain, in some cases stealing millions of records of personal information. The threat actor was also behind the attack on Washington’s DC Health Link insurance program earlier this year, something that potentially exposed private information of members of Congress.
GE has only said that it is investigating the incident and that it would take appropriate measures to ensure the security of its systems.