Security firm reveals another NSA leak

NSA army data army data online USA army data online unprotected army communications system US army data online top secret US indian express news

NSA army data army data online USA army data online unprotected army communications system US army data online top secret US indian express news

All three files contained national security data, some of it explicitly classified and marked "TOP SECRET".

Ten days after an Amazon S3 server exposed data from the US Army's CENTCOM and PACOM divisions, security researchers have identified another S3 server instance that leaked files from INSCOM, a joint US Army and NSA agency tasked with conducting intelligence, security, and information operations.

Earlier this month, researchers at UpGuard reported that U.S. military intelligence gathering data had been stored on a misconfigured Amazon Web Services S3 server that wasn't password protected and was publicly viewable.

Just like the last Army leak, the exposed servers were found by the UpGuard team, who identified an S3 server hosting a small number of files and folders, three of which were freely downloadable. According to the report, the unsecured storage server was discovered by Chris Vickery, the director of cyber risk research at UpGuard, on 27 September 2017.

Other data found in the AWS S3 instance included an Open Virtual Appliance file, which contained a virtual hard drive and configuration data for a Linux-based virtual machine that could have been used by hackers to obtain access to the Pentagon. It also housed sensitive details about the Army's Distributed Common Ground System, a battlefield intelligence system that allows commanders in the field real-time access to classified operational intelligence.

More news: CDC: US HIV diagnoses improving, but progress varies
More news: Scarlet fever rates in England hit highest level in 50 years
More news: It's Jimmy G time: Garoppolo to make first start for 49ers Sunday

The files show that the program, called Red Disk, was meant to handle and transfer documents, videos, and audio between intelligence employees.

NSA referred questions to the intelligence command, which did not immediately respond to a request for comment. However, the system was reportedly slow, hard to use and would crash often. Poor security on AWS servers led to exposed data tied to the Pentagon, Verizon, Dow Jones and almost 200 million American voter records. ZDNet reported that Red Disk was never completely deployed and has since been considered a failure.

"Plainly put, the digital tools needed to potentially access the networks relied upon by multiple Pentagon intelligence agencies to disseminate information should not be something available to anybody entering a URL into a web browser", UpGuard said in a blog post. He informed the United States government about the "breach" in October.

However, it remains unclear as to how long the US Army's S3 bucket remained publicly exposed before it was discovered and secured. Last but not the least, Vickery reiterated that this exposure of data was "entirely avoidable" in the long list of government leaks reported a year ago.

IBTimes UK has reached out to Vickery for further clarity on the matter and is awaiting a response.

Recommended News

We are pleased to provide this opportunity to share information, experiences and observations about what's in the news.
Some of the comments may be reprinted elsewhere in the site or in the newspaper.
Thank you for taking the time to offer your thoughts.