Oops. American defence contractor leaves sensitive US government files on public server with no password protection
A US defence contractor could be in serious trouble after it emerged that it had left sensitive government information related to an American military project on an unprotected server.
The contractor in question is Booz Allen Hamilton, and it reportedly left more than 60,000 files, including security credentials and passwords to a government system containing sensitive information, on a publicly accessible Amazon server.
And to make matters worse, the data was not even protected by a password.
It was a contractor at Booz Allen Hamilton that left nearly 28GB of data exposed, which included top secret geospatial intelligence and unencrypted passwords belonging to contractors with Top Secret Facility Clearance.
The concern, reported Gizmodo, is that these credentials could be used to gain access to additional sensitive government data.
The leaked data included references to the US National Geospatial-Intelligence Agency (NGA), which act as “mapmakers” for the Pentagon.
The NGA also regularly works with the CIA, National Reconnaissance Office and the Defense Intelligence Agency, and it confirmed the leak to Gizmodo but stressed that no classified information had been disclosed.
“NGA takes the potential disclosure of sensitive but unclassified information seriously and immediately revoked the affected credentials,” an agency spokesperson was quoted as saying. And it seems that the Amazon server from which the data was leaked was “not directly connected to classified networks,” the spokesperson noted.
The discovery that the sensitive data had been left on the unprotected server was revealed by cyber risk analyst Chris Vickery of cyber resilience platform UpGuard.
Vickery revealed that the data also included battlefield imaging in Afghanistan, as well as satellite surveillance of North Korea’s ballistic missile arsenal.
And it seem that after Vickery received no response from Booz Allen Hamilton after he notified them, he contacted the NGA directly, who reacted within 9 minutes to secure the files, “an impressively speedy response time from a major US intelligence agency.”
The analyst noted that Edward Snowden was a former analyst at Booz Allen Hamilton.
This is not the first time that sensitive US military data has been leaked. In March thousands of confidential US Air Force documents were exposed online in a mass military leak through an unsecured internet-connected backup drive belonging to a lieutenant colonel.
Prior to that Wikileaks this year published thousands of classified documents belonging to the Central Intelligence Agency (CIA).
Quiz: Are you a security guru?