- Jul 22, 2014
- 2,525
Ten days after an Amazon S3 server exposed data from the US Army's CENTCOM and PACOM divisions, security researchers have identified another S3 server instance that leaked files from INSCOM, a joint US Army and NSA agency tasked with conducting intelligence, security, and information operations.
Just like the last Army leak, the exposed servers were found by the UpGuard team, who identified an S3 server hosting a small number of files and folders, three of which were freely downloadable.
Researchers find VM holding classified information
Of these three, researchers said that one was an Oracle Virtual Appliance (.ova) file that was an image of a virtual machine running a Linux-based operating system and an attached virtual hard drive.
Researchers were not able to boot the OS or access any of the files stored on the virtual hard drive. This was most likely because the OS boot-up process was conditioned to accessing services that were only accessible from the Department of Defense's (DOD) internal network, a classic method of securing sensitive systems.
Nonetheless, the metadata of files stored on the virtual hard drive allowed researchers to determine the SSD image held troves of highly sensitive files, some of which were classified with the TOP SECRET and NOFORN (NO FOReign Nationals) security classifiers.
..
...
UpGuard, who previously found other US government information exposed online, said this was the first time it discovered classified information left freely accessible on Amazon S3 servers.
"Regrettably, this cloud leak was entirely avoidable, the likely result of process errors within an IT environment that lacked the procedures needed to ensure something as impactful as a data repository containing classified information not be left publicly accessible," said the UpGuard team. "Given how simple the immediate solution to such an ill-conceived configuration is [...] the real question is, how can government agencies keep track of all their data and ensure they are correctly configured and secured?"
Just like the last Army leak, the exposed servers were found by the UpGuard team, who identified an S3 server hosting a small number of files and folders, three of which were freely downloadable.
Researchers find VM holding classified information
Of these three, researchers said that one was an Oracle Virtual Appliance (.ova) file that was an image of a virtual machine running a Linux-based operating system and an attached virtual hard drive.
Researchers were not able to boot the OS or access any of the files stored on the virtual hard drive. This was most likely because the OS boot-up process was conditioned to accessing services that were only accessible from the Department of Defense's (DOD) internal network, a classic method of securing sensitive systems.
Nonetheless, the metadata of files stored on the virtual hard drive allowed researchers to determine the SSD image held troves of highly sensitive files, some of which were classified with the TOP SECRET and NOFORN (NO FOReign Nationals) security classifiers.
..
...
UpGuard, who previously found other US government information exposed online, said this was the first time it discovered classified information left freely accessible on Amazon S3 servers.
"Regrettably, this cloud leak was entirely avoidable, the likely result of process errors within an IT environment that lacked the procedures needed to ensure something as impactful as a data repository containing classified information not be left publicly accessible," said the UpGuard team. "Given how simple the immediate solution to such an ill-conceived configuration is [...] the real question is, how can government agencies keep track of all their data and ensure they are correctly configured and secured?"
Last edited:
