Science

Security researcher finds classified US Army data sitting online with no password

Security researcher finds classified US Army data sitting online with no password”

The National Security Agency still hasn't fixed its leaking problem.

The National Security Agency has suffered another major security breach after a trove of classified and sensitive Army documents were left on a public Amazon Web Services cloud server for anyone to download. This was most likely because the OS boot-up process was conditioned to accessing services that were only accessible from the Department of Defense's (DOD) internal network, a classic method of securing sensitive systems.

The server was unlisted, but it didn't have a password, which meant that anyone who found it could dig through the government's secret documents.

Upguard security expert Chris Vickery notified the Pentagon of the data exposure in late September and was informed on October 10 that the exposed data was secured, said the report.

Files detailing a secret USA intelligence collection program have leaked online, according to new report, marking just the latest embarrassing security lapse involving US spy agencies.

"It was as simple as typing in a URL", Vickery said. Some of the exposed files were marked as Top Secret, and appeared to belong to US Army Intelligence and Security Command (INSCOM), UpGuard said in a Tuesday blog post.

Vickery said it had been so unbelievably easy to access that when he first discovered it, his first thought was, "is this real?"

More news: (PEP) Shares Sold by Cadence Capital Management LLC

This kind of misconfigured storage server is becoming a common cautionary tale in the security world lately.

Over the past several years, the NSA has come under fire following leaks starting in 2013 when Edward Snowden revealed agency information showing widespread surveillance of phone call data and emails.

The agency did not respond to a request for comment. The massive WannaCry ransomware attack spread rapidly because hackers took advantage of a stolen NSA tool. While the data in that leak appeared to consist entirely of collected public internet posts and news commentary, not private information, the team at UpGuard today reports another United States government data leak, this time containing clearly classified information.

Upguard found 47 viewable files and folders in the S3 bucket, three of which were downloadable.

Vickery and O'Sullivan said they believe the exposure happened when the government transferred the data to Invertix and said it demonstrates how poor risk-management protocols for third-party vendors is often a "silent killer" for enterprise cybersecurity.

The Pentagon reportedly spent over $93 million on Red Disk, however, it was never fully deployed.



Like this

loading...
loading...

Latest


29 November 2017
Hariri: What Happened in Saudi Stays in Saudi
Raad would not answer questions about Hezbollah's disassociation from regional conflicts. He did not elaborate on the new arrangement he was proposing.

29 November 2017
Remix Photos From Friends in Direct
What makes Instagram's implementation unique, however, is that users can annotate images originally shared by other users. Instagram has not been shy about competing head-to-head with Snapchat, and a new update today continues that trend.

29 November 2017
Time to Reconsider Alphabet Inc (GOOGL) After Making 52-Week High?
Cantillon Capital Management LLC's holdings in Alphabet were worth $229,772,000 at the end of the most recent reporting period. UBS reiterated a "buy" rating and issued a $1,080.00 target price on shares of Alphabet in a report on Friday, September 8th.

29 November 2017
'It's My Body I Do What I Want'
A few nights ago, Cardi hit up Instagram to show footage of herself slaying a Netherlands crowd with her 2016 "Foreva" anthem. Waka Flocka and Pete Rock also engaged in a war of words on social media concerning the state of the genre.

29 November 2017
Noisy scenes in Punjab Assembly
The AAP also protested the failure to hold a debate on issues such as illegal mining and non-implementation of the debt waiver. Akali and BJP legislators responded with counter-sloganeering against Khaira, but much of it was not audible in the din.

29 November 2017
Arsenal won't sell Ozil, Sanchez in January - Wenger
Germany midfielder Ozil, 29, has had 45 assists since his debut in September 2013, more than any other Premier League player. At the moment, as long as they are here, they have to give their best for the team and for the club.

29 November 2017
England cricketer allegedly headbutted Australian player before Ashes
I got into a very amicable discussion with Jonny and he just greeted me with a headbutt. No one cared then, no one cares now.

29 November 2017
Brokerages Set Ep Energy Corp (EPE) Target Price at $57.5
Perella Weinberg Partners Capital Mngmt Ltd Partnership has invested 0.09% of its portfolio in EP Energy Corp (NYSE: EPE ). The stock of Sanchez Energy Corp (NYSE:SN) earned "Hold" rating by BMO Capital Markets on Tuesday, November 14.

29 November 2017
Big 12 punishes TCU, Baylor players
The incident has resurfaced as TCU and Oklahoma prepare to meet in this weekend's Big 12 championship game. When betting on this game, take the Oklahoma Sooners -7 over the TCU Horned Frogs on Saturday .

29 November 2017
AT&T and Time Warner say proposed merger is 'pro-consumer'
In the 1990s, he worked on House of Representatives panels looking at the Iran-Contra affair and the Whitewater controversy. The deadline is now April 22 or 18 months later, the maximum time allowed by AT&T and Time Warner's agreement.