WELCOME TO EHOST.COM.NP

Wednesday, May 31, 2017

US Defense Contractor left Sensitive Files on Amazon Server Without Password

ads space

Sensitive files linked to the United States intelligence agency were reportedly left on a public Amazon server by one of the nation’s top intelligence contractor without a password, according to a new report.

UpGuard cyber risk analyst Chris Vickery discovered tens of thousands of documents from a US military project for the National Geospatial-Intelligence Agency (NGA) left unsecured on Amazon cloud storage server for anyone to access.

The documents included passwords to a US government system containing sensitive information, and the security credentials of a senior employee of Booz Allen Hamilton, one of the country’s top defense contractors.

Although there wasn’t any top secret file in the cache Vickery discovered, the documents included credentials to log into code repositories that could contain classified files and other credentials.

Master Credentials to a Highly-Protected Pentagon System were Exposed

Roughly 28GB of exposed documents included the private Secure Shell (SSH) keys of a Booz Allen employee, and a half dozen plain text passwords belonging to government contractors with Top Secret Facility Clearance, Gizmodo reports.

What’s more? The exposed data even contained master credentials granting administrative access to a highly-protected Pentagon system.

The sensitive files have since been secured and were likely hidden from those who didn’t know where to look for them, but anyone, like Vickery, who knew where to look could have downloaded those sensitive files, potentially allowing access to both highly classified Pentagon material and Booz Allen information.

“In short, information that would ordinarily require a Top Secret-level security clearance from the DoD was accessible to anyone looking in the right place; no hacking was required to gain credentials needed for potentially accessing materials of a high classification level,” Vickery says.

Vickery is reputed and responsible researcher, who has previously tracked down a number of exposed datasets on the Internet. Two months ago, he discovered an unsecured and publicly exposed database, containing nearly 1.4 Billion user records, linked to River City Media (RCM).

Vickery is the one who, in 2015, reported a huge cache of more than 191 Million US voter records and details of nearly 13 Million MacKeeper users.

Both NGA and Booz Allen are Investigating the Blunder

The NGA is now investigating this security blunder.

“We immediately revoked the affected credentials when we first learned of the potential vulnerability,” the NGA said in a statement. “NGA assesses its cyber security protections and procedures constantly with all of its industry partners. For an incident such as this, we will closely evaluate the situation before determining an appropriate course of action.”

However, Booz Allen said the company is continuing with a detailed forensic investigation about the misstep.

“Booz Allen takes any allegation of a data breach very seriously, and promptly began an investigation into the accessibility of certain security keys in a cloud environment,” a Booz Allen spokesperson told Gizmodo. 

“We secured those keys, and are continuing with a detailed forensic investigation. As of now, we have found no evidence that any classified information has been compromised as a result of this matter.”

Booz Allen Hamilton is the same consulting firm that employed whistleblower Edward Snowden when he disclosed the global surveillance conducted by the NSA. It is among top 100 US federal contractor and once described as “the world’s most profitable spy organisation.”

Source link

ads space
ADS SPACE

0 comments:

Post a Comment

Categories

Article How-to All Posts WordPress Android Web design Blogger Plugins CSS Google JQuery Plugins Programming Reviews Web Hosting Blogger Blogging Blogging Tips Tricks Web Development Facebook Git Internet Make Money Online Social Plugins Tips Tips and Tricks Tools Tutorials Windows WordPress Plugins Blogging Tips and Tricks Freebies GSM Google Analytics HTML How To's JavaScript Plugin Development S.E.O SEO SMS SmartPhone Social Media Tips amp; Tricks Top-Most Updates Webmaster Tools Whatsapp Applications Apps Blogger Basics Documentary Downloads Entertainment Gadgets Games Gmail Google AdSense Guest Post IPhone Make Money Blogging SVN Security Softwares Web Hosting Tips and Tricks Wordpress Tips Wordpress Tips and Tricks hostgator iOS Advertising Networks Advertising Technology Affiliates Antivirus Audience amp; Traffic Biography Blog post Blog post Blogger Blogger Errors Blogger Tips Blogger Tools Blogger Widget Blogosphere Bogger Widgets CSS selectors CSS symbols CSS3 Computer amp; Internet Content Writing Coupon Codes Data amp; Analytics Deleted blog Design DoubleClick for Publishers Email and newsletter marketting Email marketing Excel Tips Excel Tips and Tricks Facebook Tricks Feed Feedburner Feedburner subscribers Font Fun GitHub Giveaways Gmail primary inbox Gmail tabs Google sign-in Guides HTML amp; CSS HTML5 Infographics Inspirational Instagram Internet Marketing Internet Tips amp; Tricks Job Listings Knowledge Life Hacks Lists Make-Money Monetization amp; Conversion Monetize Navigation Online Marketing Other PHP Tutorials Passport Publishing amp; Content Quotes RSS Sidebar Smartphones Social Networking Status Tech Tech Blog Technology Telegram Themes UI / UX User Psychology amp; Research VB.Net Web Tools Web browser Widget Windows Tips Windows-10 ad viewability admin notice blogging tools bluehost cherry-pick clone cors custom scrollbar customizer dismissible notices duplicate post feed title git branch git clone gpg gpg2 hybridauth iPad icon font notice responsive wordpress theme same origin policy scrollbar signed git commit smartsvn theme customizer vcs wordpress theme wordpress themes

Blog Archive