DoD Files Found on Publicly Accessible Amazon Server

Exterminator

Level 85
Thread author
Verified
Top Poster
Well-known
Oct 23, 2012
12,527
An “unintentional mistake” has been blamed by contractor Booz Allen Hamilton (BAH) for more than 60,000 US Department of Defense files that were left publicly exposed in an Amazon S3 repository.

Noted security researcher Chris Vickery, now a part of UpGuard’s Cyber Resilience Team, discovered the files, said to be related to a US National Geospatial-Intelligence Agency (NGA) project.

The agency typically handles satellite and drone surveillance imagery.

“In short, information that would ordinarily require a Top Secret-level security clearance from the DoD was accessible to anyone looking in the right place; no hacking was required to gain credentials needed for potentially accessing materials of a high classification level,” wrote his colleague, cyber resilience analyst, Dan O’Sullivan.

“Unprotected by even a password, the plaintext information in the publicly exposed Amazon S3 bucket contained what appear to be the Secure Shell (SSH) keys of a BAH engineer, as well as credentials granting administrative access to at least one data center’s operating system.”

However, in a statement sent to the BBC, Booz Allen Hamilton claimed no classified data was stored in the S3 bucket.

"We have confirmed that none of those usernames and passwords could have been used to access classified information,” it noted.

"Our client has said they've found no evidence that classified data was involved, and so far our forensics have indicated the same.”

However, the speed with which the NGA responded may indicate the seriousness of the incident.

After trying and failing to get a response from Booz Allen Hamilton’s Chief Information Security Officer (CISO), Vickery notified the DoD agency and within nine minutes the repository was apparently secured.

This isn’t the first time BAH’s security processes have been found wanting.

Previous employees at the contractor include Edward Snowden and Harold Martin; the latter indicted earlier this year for allegedly hoarding top secret documents over a 20-year period.
 
  • Like
Reactions: Parsh

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top