Top-secret US Army intelligence accidentally posted to public AWS bucket

William Gayde

TS Addict
Staff member

Security is hard but you'd at least expect some level of protection to be made when dealing with top-secret military intelligence. Unfortunately, it appears that this wasn't exactly the case for some data shared between the US Army and the NSA. Security firm UpGuard has discovered a publicly accessible AWS S3 bucket that contains classified information on the Distributed Common Ground System - Army as well as details of communications with federal IT environments.

The discovery was actually made back in September but has just now been made public. Among the 47 viewable files in the bucket were details of a cloud-based program called Red Disk. This program was developed in haste to better deliver intelligence to troops through the use of laptops and tablets. It was never formally finished and many have viewed it as defense contractors siphoning off money from the military in times of emergency.

The information publicly available also included a virtual hard drive with files classified as NOFORN. That means its details are so secretive that not even US allies can view it. Thankfully, most of the data can't actually be viewed without connecting to the Pentagon's internal network. It did, however, contain encryption keys and hashed passwords used by former contractors.

This isn't the first time top-secret information has been inadvertently made public online as UpGuard discovered a similar case a while back. While this was likely just a simple misconfiguration of the privacy settings and permissions, the researchers view it as a symptom of a much bigger problem.

They concluded that "given how simple the immediate solution to such an ill-conceived configuration is—simply update the S3 bucket’s permission settings to only allow authorized administrators access—the real question is, 'how can government agencies keep track of all their data and ensure they are correctly configured and secured?'." It's a question that is not easily answered.

Permalink to story.

 

cliffordcooley

TS Redneck
What do you expect from someone who probably played Pokemon Go? My point is if you have those types, you will have these types of irresponsible accidents.

Might as well label them a traitor. So they can join the ranks of Edward Snowden and be placed in the Hall of Fame.
 

Skjorn

TS Guru
What do you expect from someone who probably played Pokemon Go? My point is if you have those types, you will have these types of irresponsible accidents.

Might as well label them a traitor. So they can join the ranks of Edward Snowden and be placed in the Hall of Fame.
All types of people play pokemon go. That statement is just awful. So the Army should prevent anyone who has ever played Pokemon GO from signing up and joining. Where tf do people get this weird crap from?