Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Friday December 01 2017, @08:56AM   Printer-friendly
from the cloud-has-a-leak dept.

A contractor misconfigured an Amazon Web Services storage "bucket", exposing top secret information from the U.S. Army's Intelligence and Security Command (INSCOM):

UpGuard's director of cyber risk research, Chris Vickery, discovered the publicly accessible S3 storage "bucket" on September 27 in the AWS subdomain "inscom." INSCOM is the US Army's Intelligence and Security Command, the Army's internal operational intelligence branch based at Fort Belvoir in Virginia. INSCOM is also integrated into the National Security Agency's Central Security Service—connecting the Army's signals intelligence operations to the NSA.

The public bucket was accessible via the Web and had "47 viewable files and folders in the main repository, three of which were also downloadable," UpGuard reported in a blog post today. The largest downloadable file was an Open Virtual Appliance file named "ssdev.ova," which contained a virtual hard drive and configuration data for a Red Hat Linux-based virtual machine. "While the virtual OS and HD can be browsed in their functional states, most of the data cannot be accessed without connecting to Pentagon systems—an intrusion that malicious actors could have attempted had they found this bucket," UpGuard's research team noted.

Still, the contents of the virtual hard drive itself were highly sensitive. Some of the files were marked as "Top Secret/NOFORN"—meaning that they were not to be shared even with US allies. Metadata on the virtual drive shows that "the box was worked on in some capacity by a now-defunct third-party defense contractor named Invertix, a known INSCOM partner," including private encryption keys used for hashed passwords and for accessing DCGS that belonged to Invertix system administrators.

Also at Techdirt, TechCrunch, and The Next Web.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Insightful) by Geezer on Friday December 01 2017, @05:44PM (2 children)

    by Geezer (511) on Friday December 01 2017, @05:44PM (#603979)

    One way or another somebody will find some kind of Russia angle to all this, and the media will go apeshit.

    Maybe somebody at Amazon uses Kaspersky or listens to Borodin.

    Nothing sells papers/clicks like "Teh Rushins dood it!!!1!!1!

    Starting Score:    1  point
    Moderation   +1  
       Insightful=1, Total=1
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3  
  • (Score: -1, Offtopic) by Anonymous Coward on Friday December 01 2017, @06:26PM

    by Anonymous Coward on Friday December 01 2017, @06:26PM (#603992)

    Not to mention triggering old farts before the stories even run!

  • (Score: 2) by maxwell demon on Saturday December 02 2017, @06:47AM

    by maxwell demon (1608) on Saturday December 02 2017, @06:47AM (#604151) Journal

    You mean, it might turn out that Bezos is actually a Russian? Did anyone check his birth certificate? ;-)

    --
    The Tao of math: The numbers you can count are not the real numbers.