Confidential and sensitive data belonging to INSCOM, a joint US Army and NSA command that gathers intelligence for US military and political leaders, were stored on an unprotected cloud server with no password protection.
The leaked NSA data contained classified communications as well as details about the Defense Department’s battlefield intelligence platform.
The leaked database contained many heavily-guarded secrets concerning the US Army’s and the NSA’s intelligence gathering abilities, classified communications with various defence departments, as well as data concerning the Distributed Common Ground System – Army (DCGS-A), an intelligence platform owned and run by the U.S. Defence Department.
More worryingly, the database also contained details about the Red Disk, which is a cloud intelligence platform owned by the Defence Department and is partially integrated into the Pentagon’s DCGS-A program.
The unprotected Amazon Web Services S3 cloud storage bucket was discovered by Chris Vickery, director of cyber risk research at security firm UpGuard in late September, following which he analysed the database and shared his findings with the government in October.
Even though the server was subsequently secured, the leak highlights how sensitive national secrets have been routinely compromised through poor security practices.
‘Plainly put, the digital tools needed to potentially access the networks relied upon by multiple Pentagon intelligence agencies to disseminate information should not be something available to anybody entering a URL into a web browser,’ wrote Dan O’Sullivan from UpGuard.
To summarise, here’s a bullet-point list of critical data that were compromised as a result of of poor cyber security practices on part of U.S. intelligence agencies:
1. Confidential and sensitive data belonging to INSCOM, a joint US Army and NSA command that gathers intelligence for US military and political leaders.
2. A virtual hard drive used for communications within secure federal IT environments.
3. Classified data which are not even shared with the United States’ allies.
4. Confidential data about the the Distributed Common Ground System – Army (DCGS-A), the Defense Department’s battlefield intelligence platform.
5. Confidential data about the Red Disk, a a cloud intelligence platform owned by the Defence Department which is partially integrated into the Pentagon’s DCGS-A program.
Simply put, the unsecured cloud server bucket revealed every single intelligence operation run by the US Army in conjuction with the NSA. As such, if accessed by foreign intelligence agencies or state-sponsored hackers, it could compromise the US Army’s future operations as well as national security.
To make it easier for hackers to monitor and steal such compromised data, those who uploaded such data to the unprotected cloud server chose to name a sub-domain ‘INSCOM’.
What’s more worrying is that this isn’t the first time that sensitive and closely-guarded secrets of the NSA or the US Defence Department have been compromised through poor security practices. According to UpGuard, Pentagon has suffered data breaches in the past from within the US Central Command, US Pacific Command, and the National Geospatial-Intelligence Agency.
‘Regrettably, this cloud leak was entirely avoidable, the likely result of process errors within an IT environment that lacked the procedures needed to ensure something as impactful as a data repository containing classified information not be left publicly accessible.
‘Given how simple the immediate solution to such an ill-conceived configuration is – simply updated the S3 bucket’s permission settings to only allow authorized administrators access – the real question is, how can government agencies keep track of all their data and ensure they are correctly configured and secured?’ O’Sullivan added.
Back in October, the Wall Street Journal reported that a group of hackers were able to breach the home computer of an NSA contractor in 2015 to steal details of sensitive and classified programmes run by the NSA.
Harold Martin, the contractor in question, had Kaspersky Lab software installed on his home computer and by exploiting flaws within the software, Russian hackers were able to steal classified NSA documents and programmes.
In May, Microsoft had also lashed out at the NSA and other intelligence agencies for stockpiling cyber-attack weapons which were later stolen and used by hackers with disastrous consequences.
“The governments of the world should treat this attack as a wake-up call. They need to take a different approach and adhere in cyberspace to the same rules applied to weapons in the physical world. We need governments to consider the damage to civilians that comes from hoarding these vulnerabilities and the use of these exploits,” Microsoft said.