NSA leaves secret docs on the cloud, WITHOUT A PASSWORD

Another day, another NSA leak: this time 'Top Secret' docs were on the cloud without a password.

@anthony256
Published Tue, Nov 28 2017 8:42 PM CST   |   Updated Sat, Aug 8 2020 10:29 AM CDT

For a spy agency that has the word 'security' in its title, the National Security Agency seems to be worse than a teenager downloading MP3s from LimeWire. The NSA has been busted again exposing top secret data to people, this time on the cloud.

NSA leaves secret docs on the cloud, WITHOUT A PASSWORD | TweakTown.com

UpGuard Director of Cyber Risk Research Chris Vickery discovered back on September 27 an Amazon Web Services S3 cloud storage bucket that was configured for totally open public access. This means that anyone can enter the URL and see what's inside of trhe bucket, which was located on the AWS subdomain "inscom". This folder had 47 viewable files and other folders inside, three of which could be downloaded.

INSCOM is the intelligence command that is controlled by both the US Army, and the NSA. The worst part of this news is that the folder wasn't password protected, which seems awfully stupid (there are worse words) of the NSA.

Inside of the folder is some super-secret NSA contents, with an Oracle Virtual Appliance (.ova) that was titled "ssdev". Vickery loaded this file in VirtualBox discovering that it contained a virtual HDD with a Linux-based OS that he reports was "likely used for receiving Defense Department data from a remote location. While the virtual OS and HD can be browsed in their functional states, most of the data cannot be accessed without connecting to Pentagon systems - an intrusion that malicious actors could have attempted, had they found this bucket".

Vickery discovered that there were hundreds of gigabytes of data from something called Red Disk, an Army intelligence program, that was completely open - without any password protection. The disk image itself belonged to the US Army's Intelligence and Security Command (INSCOM).

UpGuard also found:

  • Virtual hard drive used for classified communications within secure federal IT environments
  • Details concerning the Defense Department's battlefield intelligence platform known as DCGS-A
  • Information on Red Disk, "a troubled Defense Department cloud intelligence platform"
  • Private keys belonging to Invertix, a defense contractor that works with INSCOM

It's almost unbelievable that there was top secret information from the US Army and the NSA, all available on a public platform and without any password protection. Unbelievable.

Anthony is a long time PC enthusiast with a passion of hate for games built around consoles. FPS gaming since the pre-Quake days, where you were insulted if you used a mouse to aim, he has been addicted to gaming and hardware ever since. Working in IT retail for 10 years gave him great experience with custom-built PCs. His addiction to GPU tech is unwavering.

Related Tags

Newsletter Subscription

Latest News

View More News

Latest Reviews

View More Reviews

Latest Articles

View More Articles