Posted on June 2, 2017 at 4:14 PM
Sensitive US Military Data Found on an Unsecured Server Belonging to Amazon
A shocking discovery was made recently when a bunch of sensitive data related to US intelligence agencies and military projects was found to be just sitting unprotected on an Amazon server. The data didn’t even have a password protection.
This data numbered tens of thousands of documents and was discovered accidentally by an analyst from UpGuard. The documents were mostly connected to the US NGA (National Geospatial-Intelligence Agency), which is a combat support agency for the US military. Upon further investigation of the discovered data, it was discovered that the mistake lies with one of the defense and intelligence contractors, Booz Allen Hamilton.
The data left on the server also included the login info that, if used, could have allowed access to even more sensitive data. It’s said that Booz Allen has a relatively big presence when it comes to the intelligence agencies connected to the US. They have around 22,600 workers, and up to 69% has a clearance with the intelligence agencies of the US. They also profited on the contracts and made around $1.3 billion only in 2016’s fiscal year.
NGA has stated that they’ve closed all potential vulnerabilities immediately after they’ve discovered that the data is publically available. It’s also stated that the data that was left on the server isn’t confidential, despite the fact that it was sensitive in nature. The incident was taken very seriously, and the situation will be carefully evaluated before any further action is taken.
Booz Allen also confirmed that the data wasn’t classified, and the credentials also couldn’t have been used for accessing the classified data. Booz Allen says that their clients were notified about the situation as soon as the mistake was discovered and that the investigation will be conducted.
The firm itself has quite the history, and it’s well known for being the same one that Edward Snowden, the famous NSA whistleblower was a part of. They’ve been connected to the reports of leaked data before as well. Back in 2011, a hacking group with a connection to AntiSec has claimed to have hacked the server owned by a consulting firm, and that the internal data from the firm was released. The said data supposedly included over 90,000 email addresses connected to the military personnel.
Also, there was another incident, during which a contractor that worked for Booz Allen was arrested for hiding secret documents that could have caused a lot of damage to the national security of the United States if released.