Classified Pentagon program data mistakenly leaked

Classified Pentagon program data mistakenly leaked

Unsecured S3 buckets are a frequent cause of embarrassing data breaches for many companies and government organisations. That's exactly what happened in late September when Chris Vickery, director of cyber risk research at security company UpGuard, discovered the server.

A trove of United States military data, described by security researchers as being "highly sensitive", was reportedly unearthed on a publicly accessible Amazon server two months ago. The server contained 47 viewable files, three of which were downloadable and exposed national security data. Multiple areas of the drive were marked "Top Secret", with some sections even bearing the "NOFORN" designation, indicating that they were to be kept secret even from the USA government's foreign intelligence allies. As UpGuard's report details, Vickery also found "a virtual hard drive used for communications within secure federal IT environments" and "details concerning the Defense Department's battlefield intelligence platform" known as DCGS-A and information on Red Disk, "a troubled Defense Department cloud intelligence platform" that integrates into Red Disk.

There were also files for use with Red Disk, a Pentagon cloud intelligence programme that has had problems in becoming fully functional.

According to UpGuard, a virtual hard drive and Linux-based operating system were discovered on the leaky server, and though the researchers seemed unaware of its exact objective, the company speculated it may be used to remotely access Defence Department data. The code name designated to the Army intelligence system that the leak was a part of is "Red Disk". This platform was apparently meant to complement the USA military's existing plans for examining and sharing intelligence, surveillance and other classified information. However, the system was reportedly slow, hard to use and would crash often.

Red Disk was reportedly slated to be an effective way for the Pentagon to communicate with deployed soldiers in Afghanistan, share intelligence data such as providing satellite photos, videos from drones, and more. NiFi helped Red Disk to route different kind of data to different computer systems over "geographically dispersed sites" as mentioned in the report.

"Plainly put, the digital tools needed to potentially access the networks relied upon by multiple Pentagon intelligence agencies to disseminate information should not be something available to anybody entering a URL into a web browser", the post said.

"Regrettably, this cloud leak was entirely avoidable", O'Sullivan added.

ZDNet reported that Vickery alerted the government about the breach in October and that the S3 server was eventually secured. What is surprising about this "breach" is the fact that the information about the owner of the server is unknown at the time of writing.

Related:

Comments


Other news