Sensitive documents about US military drones and manuals describing how to handle insurgents have been offered for sale on the dark web.
Cyber-security company Recorded Future said some of the data had been stolen from a US Air Force captain’s computer.
The cache includes maintenance guides for MQ-9 Reaper drones and many training manuals for troops deployed outside the US.
Police are now trying to track down the hacker who stole the files.
They are acting on evidence gathered by Recorded Future, which said its “engagement” with the hacker had helped it identify them and where they lived.
The company’s Andrei Barysevich also revealed the hacker had many more documents available than just the few they were publicly offering for sale.
The drone files were stolen via a well-known bug on a router the captain used.
He had failed to update the device, leaving it open to a “hijack” attack that then gave outsiders access to the network it connected to.
Ironically, the captain had completed a “cyber-awareness challenge” shortly before the documents were stolen.
The other documents seemed to have been stolen from a separate source, said Mr Barysevich.
They included tactics to defeat improvised explosive devices, an M1 Abrams tank manual and one covering ways to fight with tanks.
The conversations with the hacker revealed that he had deep access to US military networks and often watched supposedly live footage shot by drones on operations.
None of the stolen information was classified but much of it was subject to strict US government controls designed to limit who could read and use it.
The price being asked for the documents has not been disclosed by Recorded Future.