Detect MOD data on an unmonitored server for Amazon

Jun

1

2017

Sensitive government information linked to a US Defense Department Pentagon military project appeared on an unsecured Amazon server, which was returned to a multibillion-dollar company contracted by the Department of Defense that could have been accessed by anyone for failing to protect it with a password, In what was described as the most profitable espionage operation in the world.

More than 60,000 files have been discovered over the past week on an Amazon server accessible to the public, including passwords for the US government system containing sensitive information and security credentials for senior engineers at Booz Allen Hamilton, one of the largest contractors In the country in terms of intelligence and defense.

The files included nearly 28 GB of data containing at least dozens of unencrypted passwords owned by government contractors that can be used in high-secrecy enterprises, and the author’s discovered credentials are likely to grant access to repositories that provide sensitive government data.

The leaked files contain countless references to the US National Geographic Intelligence Agency, which in March awarded Booz Allen a $ 86 million defense contract.

The US National Geographic Intelligence Agency works with several US defense agencies, including the Pentagon, the CIA, the National Reconnaissance Office and the Defense Intelligence Agency, to collect and analyze geospatial data collected by spy satellites and drones.

The breach was discovered last week by Chris Vickery, a cyber risk analyst at UpGuard. Chris immediately contacted Booz Allen Hamilton and the National Geographic Intelligence Agency (NGA) via e-mail to alert them. In ten minutes.

According to UpGuard, the information, which usually requires a security clearance at the highest level of the Department of Defense, was accessible by anyone looking in the right place, and there was no need for piracy to obtain the necessary credentials to access the classified material High level.

“There was no confidential information available on the server but there were enough credentials to allow anyone who wanted to cause harm to do so easily,” the company said. “The agency takes seriously the issue of potential disclosure of sensitive information But not confidential, and immediately revoked the affected credentials. “

Viewing:-130

In: Technology & Gadgets Asked By: [17459 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »