For a spy agency that has the word 'security' in its title, the National Security Agency seems to be worse than a teenager downloading MP3s from LimeWire. The NSA has been busted again exposing top secret data to people, this time on the cloud.
UpGuard Director of Cyber Risk Research Chris Vickery discovered back on September 27 an Amazon Web Services S3 cloud storage bucket that was configured for totally open public access. This means that anyone can enter the URL and see what's inside of trhe bucket, which was located on the AWS subdomain "inscom". This folder had 47 viewable files and other folders inside, three of which could be downloaded.
INSCOM is the intelligence command that is controlled by both the US Army, and the NSA. The worst part of this news is that the folder wasn't password protected, which seems awfully stupid (there are worse words) of the NSA.
Inside of the folder is some super-secret NSA contents, with an Oracle Virtual Appliance (.ova) that was titled "ssdev". Vickery loaded this file in VirtualBox discovering that it contained a virtual HDD with a Linux-based OS that he reports was "likely used for receiving Defense Department data from a remote location. While the virtual OS and HD can be browsed in their functional states, most of the data cannot be accessed without connecting to Pentagon systems - an intrusion that malicious actors could have attempted, had they found this bucket".
Vickery discovered that there were hundreds of gigabytes of data from something called Red Disk, an Army intelligence program, that was completely open - without any password protection. The disk image itself belonged to the US Army's Intelligence and Security Command (INSCOM).
UpGuard also found:
- Virtual hard drive used for classified communications within secure federal IT environments
- Details concerning the Defense Department's battlefield intelligence platform known as DCGS-A
- Information on Red Disk, "a troubled Defense Department cloud intelligence platform"
- Private keys belonging to Invertix, a defense contractor that works with INSCOM
It's almost unbelievable that there was top secret information from the US Army and the NSA, all available on a public platform and without any password protection. Unbelievable.
Elon Musk lays off senior Tesla executives, even a production supervisor who lived in his car
AMD CEO Dr. Lisa Su named 2024 CEO of the Year by Chief Executive Magazine
China's black market price of NVIDIA's H100 AI GPU has plummeted, H200 is coming soon
Samsung's new Apple Vision Pro competitor will use OLEDoS panel from Sony for its XR headset
AmpereOne-3 CPU teased: 256 cores, TSMC 3nm process node, PCIe 6.0 support, 12-channel DDR5
Dell UltraSharp 40 5K Curved Thunderbolt Hub Monitor (U4025QW) Review
XPG Core Reactor II VE 850w 80 PLUS Gold ATX 3.0 PSU Review
SteelSeries Arctis Nova 4X Wireless Gaming Headset Review
ACEMAGIC AD08 "Core i9 11900H" Mini PC Review
Lenovo ThinkPad X1 Carbon Gen 12 Review
ASUS ROG Swift Pro PG248QP Gaming Monitor Review - Frames, frames, and more frames
FlexiSpot C7B-Mesh Ergonomic Office Chair Review
Samsung G8 34-inch QD-OLED Gaming Monitor Review - 175Hz for $900
ASRock NUCBOX-155H Mini PC Review
NuPhy Air96 V2 Wireless Mechanical Keyboard Review
Building the Ultimate Home Entertainment Server with an ASUSTOR NAS and Viper Gaming NVMe SSDs
Everything you need to know about the latest ASUS NUC Mini PCs - NUC 14 Pro and ROG NUC
How to Overclock Your GPU and Boost Your PC Gaming with ASUS GPU Tweak III
ASUS's AMD Radeon RX 7000 Series GPU lineup has something for every gamer
ASUS OLED Premium Care defends the ROG Swift OLED PG32UCDM gaming monitor from burn-in