US military data found unprotected on Amazon web server


Amazon Web Services logo over image of serversImage copyright Amazon / Thinkstock

More than 60,000 sensitive US military files have been found on a publicly accessible Amazon server by a security researcher.

The files contained passwords for US government systems and the security credentials of a senior engineer at defence contractor Booz Allen Hamilton (BAH).

They were discovered by Upguard analyst Chris Vickery.

In a statement, BAH said no classified data had been stored on the server.

“We have confirmed that none of those usernames and passwords could have been used to access classified information,” the contractor added.

The files were connected to a project for the US National Geospatial-Intelligence Agency (NGA), which deals with satellite and drone surveillance imagery.

‘Unintentional mistake’

BAH said it believed the incident was the result of “an unintentional mistake”.

“As soon as we learned of this mistake, we took action to secure the areas and alerted our client and began an investigation.

“Our client has said they’ve found no evidence that classified data was involved, and so far our forensics have indicated the same”, the company said.

Mr Vickery told the BBC he found the data during “a routine search for publicly accessible Amazon [simple storage service] buckets”.

“I wasn’t very surprised at finding yet another publicly exposed bucket until I realised the data it contained was related to a government project”.

He emailed BAH’s chief information security officer about the files on 24 May.

“When I hadn’t heard back from him by the following day, I forwarded the same notification email to the NGA”, he explained.

“The email went out at 10:33 PST (17.33 GMT) on 25 May. The bucket was secured at 10:42 PST.

“The fact that it was closed off nine minutes after I sent the ‘escalated’ email would be a very big coincidence indeed.”

View the original article: http://www.bbc.co.uk/news/technology-40124146

On 26 May, a US government agency contacted UpGuard to ask that it preserve all the data Mr Vickery downloaded; UpGuard said it had been asked not to reveal which agency made the request.

In the same category are

Church to discuss same-sex blessing Image copyright PA Image caption Priests and churches would not be forced to bless same-sex marriages or civil partnerships The Church of England ...
Home Office u-turn over stroke survivor’s wife’s visa Image caption Leah Waterman cares for her husband Simon who can barely speak and needs 24-hour help The wife of a stroke survivor who was told she...
What it’s like being black and working class at Cambridge Chelsea Kwakye is not your typical Cambridge University student. Her mum is a nurse, her dad works in a post office depot, she went to a state school ...
Apple hit with trademark lawsuit over iPhone X ‘animoji’ feature NEW YORK (Reuters) - A Japanese software company is suing Apple Inc (AAPL.O) in a U.S. court over the trademark for the term “animoji”, alleging the U...
Brexit: UK will struggle to change UK borders in time, says watchdog Image copyright Getty Images The government will struggle to deliver the "huge changes" required to the UK's borders in time for Brexit, Meg Hillier...
Middlesbrough modified Kodi box trader gets suspended jail term Image caption Brian Thompson had previously said he wanted to know whether he was doing anything illegal A trader who sold TV boxes which allowed ...

Dont forget to “Like” us on Facebook


Need something to share, visit our sister site for the

‘News in the last 30 days”

in a clear concise package ….

 

If you are an artist or interested in art, visit our art website and read about todays artscene and browse some of our artist profiles

 

Comment on this story