ibusinesslines.com March 19, 2018

NSA breach spills over 100GB of top secret data

29 November 2017, 11:18 | Melissa Porter

Metadata from one of the files found inside the leaked VM image file

Metadata from one of the files found inside the leaked VM image file

The military unit, which reports directly to the Army Deputy Chief of Staff for Intelligence, provides an array of intelligence-gathering capabilities, including the interception and analysis of communications and electronic signals, and conducts information and electronic warfare worldwide.

The objective of the Red Disk project, to which most of the leaked data reportedly pertains, was to lend cloud computing capabilities to a USA military intelligence network known as the Distributed Common Ground System (DCGS), with the goal of allowing troops virtually anywhere in the world to access and exchange intelligence in real time.

It isn't the first time UpGuard has found sensitive-looking information exposed over a misconfigured Amazon cloud server.

A trove of USA military data, described by security researchers as being "highly sensitive", was reportedly unearthed on a publicly accessible Amazon server two months ago.

Upguard security expert Chris Vickery notified the Pentagon of the data exposure in late September and was informed on October 10 that the exposed data was secured, said the report. UpGuard pointed out that the storage server included 47 viewable files and folders in the main repository, where three were downloadable.

NSA has reported yet another leak where a virtual disk image of a hard drive containing "highly sensitive" contents related to a United States Army Intelligence system was left online on a public Amazon Web Services (AWS) server.

Red Disk is the Pentagon's "distressed" cloud-based intelligence sharing system.

Aside from information about Red Disk, the files included other classified information, including how the USA military can target possible terrorists with weapons. The system that the Army uses is stated to be the largest and that it struggles to scale with the demand.

Researchers say the breach further exposed the private keys of a former intelligence contractor - Invertix, now called Altamira Technologies - which specialises in surveillance and reconnaissance.

To make it easier for hackers to monitor and steal such compromised data, those who uploaded such data to the unprotected cloud server chose to name a sub-domain "INSCOM".

The project has since been discontinued, with reports noting it crashed a lot and hindered solider operations leading to Red Disk never getting fully deployed. Last but not the least, Vickery reiterated that this exposure of data was "entirely avoidable" in the long list of government leaks reported a year ago.

'Given how simple the immediate solution to such an ill-conceived configuration is - simply updated the S3 bucket's permission settings to only allow authorized administrators access - the real question is, how can government agencies keep track of all their data and ensure they are correctly configured and secured?' O'Sullivan added.

Other News

Trending Now

Thousands of holiday season flights short crew members after scheduling glitch
The system is supposed to allow pilots to bid based on seniority for vacation time, according to a report from CBS in Dallas . However, the union filed a grievance, stating "management unilaterally created their solution in violation of the contract".

Robots Could Take Up 800 million Jobs By 2030: Mckinsey Report
Jobs are at risk across a number of sectors, from machine operation to data collection, due to the varied application of emerging automated technologies.

Heads roll at London Stock Exchange
Shares awarded under LSE's long-term incentive plan and deferred bonus plan will vest, subject to performance conditions. Rolet will be replaced in the interim by Chief Financial Officer David Warren, it said in a statement on Wednesday.

MLS expansion plans continue with four cities in running to join league
As part of the league's expansion to 28 teams, the four cities were among 12 that submitted bids for expansion slots in January. The Motor City's bid is being led by Quicken Loans Founder and Chairman Dan Gilbert and Detroit Pistons and Founder Tom Gores.

Croatia's economy climbs 3.3 percent year-on-year
The bureau, an agency of the Commerce Department, will release its third and final estimate of third-quarter GDP on December 21. With that said, goods exports grew just 1.6 percent in the third quarter, down from 2.2 percent in the second quarter.

Tennessee interested in Purdue's Jeff Brohm for head-coaching job
The Vols are reportedly "closing in" on a deal with Purdue head coach Jeff Brohm , according to WNML's Jimmy Hyams . The Vols are trying to put an end to a whirlwind coaching search to replace Butch Jones, who was sacked November 12.

Philando Castile's Girlfriend Reaches $800K Settlement
Reynolds, who live-streamed the gruesome aftermath of the shooting in July 2016, would receive $675,000 from the city of St. A statement on the city's website says the settlement resolves Reynolds' claims of "emotional distress and false arrest".