Science

Security researcher finds classified US Army data sitting online with no password

Security researcher finds classified US Army data sitting online with no password”

The National Security Agency still hasn't fixed its leaking problem.

The National Security Agency has suffered another major security breach after a trove of classified and sensitive Army documents were left on a public Amazon Web Services cloud server for anyone to download. This was most likely because the OS boot-up process was conditioned to accessing services that were only accessible from the Department of Defense's (DOD) internal network, a classic method of securing sensitive systems.

The server was unlisted, but it didn't have a password, which meant that anyone who found it could dig through the government's secret documents.

Upguard security expert Chris Vickery notified the Pentagon of the data exposure in late September and was informed on October 10 that the exposed data was secured, said the report.

Files detailing a secret USA intelligence collection program have leaked online, according to new report, marking just the latest embarrassing security lapse involving US spy agencies.

"It was as simple as typing in a URL", Vickery said. Some of the exposed files were marked as Top Secret, and appeared to belong to US Army Intelligence and Security Command (INSCOM), UpGuard said in a Tuesday blog post.

Vickery said it had been so unbelievably easy to access that when he first discovered it, his first thought was, "is this real?"

This kind of misconfigured storage server is becoming a common cautionary tale in the security world lately.

Over the past several years, the NSA has come under fire following leaks starting in 2013 when Edward Snowden revealed agency information showing widespread surveillance of phone call data and emails.

The agency did not respond to a request for comment. The massive WannaCry ransomware attack spread rapidly because hackers took advantage of a stolen NSA tool. While the data in that leak appeared to consist entirely of collected public internet posts and news commentary, not private information, the team at UpGuard today reports another United States government data leak, this time containing clearly classified information.

Upguard found 47 viewable files and folders in the S3 bucket, three of which were downloadable.

Vickery and O'Sullivan said they believe the exposure happened when the government transferred the data to Invertix and said it demonstrates how poor risk-management protocols for third-party vendors is often a "silent killer" for enterprise cybersecurity.

The Pentagon reportedly spent over $93 million on Red Disk, however, it was never fully deployed.



Like this

loading...
loading...

Latest


29 November 2017
New York Giants drop Eli Manning for Geno Smith against Oakland Raiders
He took over for Hall of Fame quarterback Kurt Warner midway through the 2004 season and hasn't looked back. He has played in 33 regular-season games with 30 starts, including 29 starts in his first two seasons.

29 November 2017
China Lifts Ban on Cut-Price Package Tours to Korea
China's National Tourism Administration on Tuesday lifted a ban on so-called zero-dollar package tours to Korea. The leaders of the two countries are slated to hold a summit in China next month.

29 November 2017
'It's My Body I Do What I Want'
A few nights ago, Cardi hit up Instagram to show footage of herself slaying a Netherlands crowd with her 2016 "Foreva" anthem. Waka Flocka and Pete Rock also engaged in a war of words on social media concerning the state of the genre.

29 November 2017
Noisy scenes in Punjab Assembly
The AAP also protested the failure to hold a debate on issues such as illegal mining and non-implementation of the debt waiver. Akali and BJP legislators responded with counter-sloganeering against Khaira, but much of it was not audible in the din.

29 November 2017
Okeechobee Music Festival lineup: Arcade Fire, Halsey, Travis Scott, Bassnectar, more
Alt-rock superheroes Arcade Fire headline the whole shebang, but they're a rare rock act near the top of the bill. See the full announced lineup below, with more artists expected to be added.

29 November 2017
Arsenal won't sell Ozil, Sanchez in January - Wenger
Germany midfielder Ozil, 29, has had 45 assists since his debut in September 2013, more than any other Premier League player. At the moment, as long as they are here, they have to give their best for the team and for the club.

29 November 2017
New Incident May Tie Russia To 'Health Attacks' On US Diplomats
A recording of what some US embassy workers heard in Havana sounded similar to shrieking crickets but with an electronic twang. Embassy in Uzbekistan have been diagnosed with the conditions that have been observed in Cuba.

29 November 2017
Vornado Realty Trust (VNO) Earning Positive Press Coverage, Study Finds
The Firm operates through four divisions, namely, Post Consumer Brands, Michael Foods Group, Active Nutrition and Private Brands. Sell-side analysts are looking for the company to grow 45.66% over the next year and 23.85% over the next five years.

29 November 2017
Enterprise Products Partners LP (EPD) - Active Stock Momentum
United Kingdom-based Lombard Odier Asset (Europe) Ltd has invested 0.03% in Metlife Inc (NYSE:MET). (NASDAQ:EA) for 70,912 shares. Nomura Holdings Inc decreased its stake in Metlife Inc (MET) by 43.93% based on its latest 2017Q2 regulatory filing with the SEC.

29 November 2017
Stocks inside Traders Spotlight: Lam Research Corporation (LRCX), TETRA Technologies, Inc. (TTI)
The sale was disclosed in a legal filing with the Securities & Exchange Commission, which is accessible through this hyperlink . Municipal Employees Retirement System of MI boosted its position in shares of TETRA Technologies by 13.6% in the third quarter.