Data Leak Exposes Classified Intelligence-Sharing Programs
The National Security Agency (NSA) is once again facing scrutiny after security researchers revealed that over 100 gigabytes of sensitive data were left online on an unlisted but public Amazon Web Services (AWS) storage server.
Cyber resilience firm UpGuard discovered the publicly accessible S3 storage bucket in the AWS domain “inscom” on September 27, and reported their findings in a blog post published this week. INSCOM is the US Army’s Intelligence and Security Command, which also works within the NSA. The main repository contained 47 viewable files, three of which were downloadable.
This leak revealed information about legacy defense projects developed to help government teams share and process intelligence and surveillance data. The projects included the Defense Department’s Distributed Common Ground System-Army (DCGS-A) and a connected venture called “Red Disk”, which was a supposed to become a cloud intelligence platform. They were highly classified projects that the US government spent billions to develop.
According to UpGuard, “among the most compelling downloadable assets revealed from within the exposed bucket is a virtual hard drive used for communications within secure federal IT environments, which, when opened, reveals classified data labeled NOFORN—a restriction indicating a high level of sensitivity, prohibited from being disseminated even to foreign allies.”
The researchers found evidence linking the data to a now-defunct defense contractor called Invertix, which was known to work with INSCOM. The information held private keys used for accessing further systems and also hashed passwords, all connected to Invertix.
Unfortunately, this is only the latest in a series of incidents involving the government and unsecured servers. In June, a defense contractor left classified intelligence data on a misconfigured S3 server, while data from the Pentagon’s online web-monitoring was also left exposed on a cloud server in early November. Other non-military organizations have also had problems with misconfigured and unsecured servers. Just this month, almost fifty thousand records containing PII were exposed in Australia because of an overlooked server issue.
This report also brings to light another security issue: third-party contractors. In any business, securing the supply chain is a necessity. Suppliers that handle sensitive parts of enterprise operations should be held to a higher security standard. When it comes to issues like customer data and privacy, strict policies for third-party contractors—from choosing the right vendor to monitoring their performance—are absolutely necessary.
Trend Micro Deep Security as a Service is optimized for AWS, Azure, and VMware to protect servers instantly. It reduces strain on your overburdened IT department by offloading security set up, management, and system updates to Trend Micro. Deep Security as a Service can start securing servers immediately without system installation or configuration.
Organizations should also choose the right cloud security solution for their organizations based on what can give them the most protection. Trend Micro Deep Security for Cloud can provide proactive detection and prevention of threats, while Hybrid Cloud Security provides optimal security for hybrid environments that incorporate physical, virtual, and cloud workloads.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.
- Ransomware Spotlight: TargetCompany
- Email Threat Landscape Report: Cybercriminal Tactics, Techniques That Organizations Need to Know
- Preventing an Imminent Ransomware Attack With Early Detection and Investigation
- Inside the Halls of a Cybercrime Business
- Securing Cloud-Native Environments with Zero Trust: Real-World Attack Cases