Sensitive DoD Data Discovered on Unprotected Server

Researcher found unsecured repository of 60,000 documents of sensitive US data on a publicly exposed Amazon Web Services "S3" bucket used by government contractor Booz Allen Hamilton.

Dark Reading Staff, Dark Reading

June 2, 2017

1 Min Read

Security credentials and password information that could potentially yield access to sensitive Department of Defense military documents were among the 60,000 files found on an unsecured Amazon cloud server used by government contractor Booz Allen Hamilton, according to a Gizmodo report.

UpGuard cyber risk analyst Chris Vickery made the discovery of the unsecured documents, which contained a number of references to the DoD's combat support and intelligence agency US National Geospatial-Intelligence Agency (NGA). No passwords were needed to access the publicly exposed information, according to the report.

Although the NGA stressed that no classified information had been disclosed in the incident, the information could have provided a potential path for attackers to obtain highly sensitive data. An attacker could have found not only passwords to US government systems that store sensitive information, but unencrypted passwords for at least six government contractors who had a high-level of security clearance.

The documents also contained security credentials for a Booz Allen lead senior engineer, which would have provided his private SSH keys, according to the report.

Read more about the NGA incident here.

About the Author(s)

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights