Newsletter IconFacebook IconX IconThreads IconInstagram IconYouTube IconPinterest Icon
Giveaway: Win an ASRock B850 Riptide WiFi and Phantom Gaming PG-850G PSU

NSA leaves secret docs on the cloud, WITHOUT A PASSWORD

Another day, another NSA leak: this time 'Top Secret' docs were on the cloud without a password.

Comments
Gaming Editor
Published
Updated
1 minute & 45 seconds read time
Voice: Default
0:00 / --:--
Use left and right arrow keys to seek audio.

For a spy agency that has the word 'security' in its title, the National Security Agency seems to be worse than a teenager downloading MP3s from LimeWire. The NSA has been busted again exposing top secret data to people, this time on the cloud.

NSA leaves secret docs on the cloud, WITHOUT A PASSWORD | TweakTown.com

UpGuard Director of Cyber Risk Research Chris Vickery discovered back on September 27 an Amazon Web Services S3 cloud storage bucket that was configured for totally open public access. This means that anyone can enter the URL and see what's inside of trhe bucket, which was located on the AWS subdomain "inscom". This folder had 47 viewable files and other folders inside, three of which could be downloaded.

INSCOM is the intelligence command that is controlled by both the US Army, and the NSA. The worst part of this news is that the folder wasn't password protected, which seems awfully stupid (there are worse words) of the NSA.

Inside of the folder is some super-secret NSA contents, with an Oracle Virtual Appliance (.ova) that was titled "ssdev". Vickery loaded this file in VirtualBox discovering that it contained a virtual HDD with a Linux-based OS that he reports was "likely used for receiving Defense Department data from a remote location. While the virtual OS and HD can be browsed in their functional states, most of the data cannot be accessed without connecting to Pentagon systems - an intrusion that malicious actors could have attempted, had they found this bucket".

Vickery discovered that there were hundreds of gigabytes of data from something called Red Disk, an Army intelligence program, that was completely open - without any password protection. The disk image itself belonged to the US Army's Intelligence and Security Command (INSCOM).

UpGuard also found:

  • Virtual hard drive used for classified communications within secure federal IT environments
  • Details concerning the Defense Department's battlefield intelligence platform known as DCGS-A
  • Information on Red Disk, "a troubled Defense Department cloud intelligence platform"
  • Private keys belonging to Invertix, a defense contractor that works with INSCOM

It's almost unbelievable that there was top secret information from the US Army and the NSA, all available on a public platform and without any password protection. Unbelievable.

Comments

Gaming Editor

Email IconX IconLinkedIn Icon

Anthony joined TweakTown in 2010 and has since reviewed 100s of tech products. Anthony is a long time PC enthusiast with a passion of hate for games built around consoles. FPS gaming since the pre-Quake days, where you were insulted if you used a mouse to aim, he has been addicted to gaming and hardware ever since. Working in IT retail for 10 years gave him great experience with custom-built PCs. His addiction to GPU tech is unwavering and has recently taken a keen interest in artificial intelligence (AI) hardware.

Stay Updated

Follow TweakTown for breaking tech news, reviews, and daily updates.

Add TweakTown as a preferred source on GoogleFind TweakTown on Apple News
Newsletter Subscription