• Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
HackRead
  • March 5th, 2021
  • Home
  • Advertise
  • Privacy Policy
  • Contact Us
HackRead
  • Hacking News
    • Leaks
    • WikiLeaks
    • Anonymous
  • Tech
    • Android
    • Apple News
    • BlackBerry
    • Google News
    • Microsoft
    • Motorola
    • Nokia
    • Samsung
    • 3D
  • Cyber Crime
    • Phishing Scam
  • How To
  • Cyber Events
    • Censorship
    • Cyber Attacks
  • Security
    • Malware
  • Surveillance
    • Drones
    • NSA
    • Privacy
  • Explore
    • Gaming
    • Science
    • Viral
  • Follow us
    • Facebook
    • Twitter
    • Linkedin
    • Youtube
Home
Surveillance
NSA

Unprotected S3 Cloud Bucket Exposed 100GB of Classified NSA Data

November 29th, 2017 Waqas Security, NSA, Privacy 0 comments
Unprotected S3 Cloud Bucket Exposed 100GB of Classified NSA Data
Share on FacebookShare on Twitter

Another day another massive trove of sensitive NSA data exposed online – This time, security firm UpGuard’s Cyber Risk team has identified yet another unsecured AWS (Amazon Web Service) S3 cloud storage bucket containing sensitive, confidential data that belongs to the joint command of National Security Agency (NSA) and US Defense Department called the United States Army Intelligence and Security Command (INSCOM).

The server was discovered on September 27th, 2017 by the Director of Cyber Risk Research at UpGuard, Chris Vickery. The bucket is configured to allow public access to exclusive intelligence information gathered by INSCOM for political leaders and US military. The repository is located at the subdomain “inscom” at AWS, and it contains around 47 viewable files and folders out of which three are downloadable as well.

The bucket’s most valuable asset is the downloadable virtual hard drive that was used for recording communications within protected federal IT environments. When opened, the drive displays confidential information titled NOFORN, which indicates that the information is highly sensitive and prohibited from being accessed by even foreign allies. Furthermore, the data bucket also includes sensitive details related to the Defense Department’s Distributed Common Ground System-Army (DCGS-A), a battlefield intelligence program, and Red Disk, the department’s cloud auxiliary.

Reportedly, the bucket contains over 100GB of classified data, and it got exposed to the public only because of adopting careless security practices. According to Vickery, anyone who gets the URL can easily access this treasure trove of valuable, sensitive data. We cannot ignore that unsecured S3 AWS buckets have caused quite an uproar across the Pentagon and US Defense Department lately as these have caused embarrassing data leakages for various governmental institutions most dominantly the NSA.

Unprotected S3 Cloud Bucket Exposed 100GB of Classified NSA Data

Screenshot from the exposed data (Credit: UpGuard)

The blog post from UpGuard read that this cloud leak could have been avoided it the IT-related errors were timely fixed, and much reliable security practices were implemented to ensure that such an “impactful” data repository remains protected.

“Plainly put, the digital tools needed to potentially access the networks relied upon by multiple Pentagon intelligence agencies to disseminate information should not be something available to anybody entering a URL into a web browser. Although the UpGuard Cyber Risk Team has found and helped to secure multiple data exposures involving sensitive defense intelligence data, this is the first time that classified information has been among the exposed data,” stated UpGuard’s post.

The virtual hard drive contains information about a US military project that was codenamed Red Disk. It was actually a failed cloud-based content sharing program that was developed to allow field troops easy access to intelligence data from the Pentagon in real-time.

The data was extremely sensitive as it contained drone images and satellite images too along with hashed passwords for key internal systems of the department and private keys that were provided to Third-party INSCOM defense contractors so that they could access Distributed Intelligence Systems. There are various areas the hard drive that has been marked as Top Secret.

Currently, the NSA hasn’t issued any statement in response to the findings of UpGuard, however, this is the second time in the last couple of months that UgGuard has discovered such a sensitive trove of data. Previously, the company discovered misconfigured Amazon S3 buckets containing US Military’s social media spying campaign.

Top, Featured image via PixaBay/JanBaby

  • Tags
  • Amazon
  • AWS
  • Data
  • Infosec
  • LEAKS
  • Military
  • NSA
  • Pentagon
  • Privacy
  • security
  • Technology
  • USA
  • Vulnerability
Facebook Twitter LinkedIn Pinterest
Previous article macOS High Sierra bug lets anyone unlock Mac without password
Next article Canadian hacker behind 500M Yahoo hack reveals Russian connection​
Waqas

Waqas

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Related Posts
IT Security firm Qualys extorted by Clop gang after data breach

IT Security firm Qualys extorted by Clop gang after data breach

Marketing firm CallX exposed customers data including call recordings

Marketing firm CallX exposed customers data including call recordings

Flaw allowed bypassing verification code, log in to any Microsoft account

Flaw allowed bypassing verification code, log in to any Microsoft account

Newsletter

Get the best stories straight into your inbox!



Don’t worry, we don’t spam

Latest Posts
Top Russian hacker forums Maza, Verified hacked; data leaked online
Hacking News

Top Russian hacker forums Maza, Verified hacked; data leaked online

IT Security firm Qualys extorted by Clop gang after data breach
Cyber Crime

IT Security firm Qualys extorted by Clop gang after data breach

Marketing firm CallX exposed customers data including call recordings
Leaks

Marketing firm CallX exposed customers data including call recordings

HACKREAD is a News Platform that centers on InfoSec, Cyber Crime, Privacy, Surveillance and Hacking News with full-scale reviews on Social Media Platforms & Technology trends. Founded in 2011, HackRead is based in the United Kingdom.

Follow us