The Patriot Files Forums

The Patriot Files Forums (http://www.patriotfiles.com/forum/index.php)
-   DoD (http://www.patriotfiles.com/forum/forumdisplay.php?f=185)
-   -   Pentagon Left Server Hosting Sensitive Data Open For Anyone To Access (http://www.patriotfiles.com/forum/showthread.php?t=1522591)

Boats 02-21-2023 12:10 PM
Pentagon Left Server Hosting Sensitive Data Open For Anyone To Access
 
Pentagon Left Server Hosting Sensitive Data Open For Anyone To Access
By: Micaela Burrow = Daily Caller News Foundation - 02-21-23
Re: https://dailycaller.com/2023/02/21/p...ensitive-data/

The Department of Defense (DOD) is investigating a data server that potentially left sensitive but unclassified information exposed on the internet for two weeks, TechCrunch reported Tuesday.

A good-faith cyber researcher stumbled upon the open server while conducting a vulnerability test over the weekend, finding terabytes of DOD email content exposed to anyone on the internet, TechCrunch reported. DOD secured the server Monday afternoon, but it remains unclear whether malign actors accessed the emails, which contained personal information of DOD employees.

Data contained on the server dated back several years and was connected to an internal mailbox storing three terabytes of military emails, TechCrunch reported. Some of those emails enclosed information relating to U.S. Special Operations Command (USSOCOM).

The server began leaking data as early as Feb. 8 and was likely left exposed through human error, according to the outlet. A misconfiguration removed the password feature, meaning anyone with knowledge of the server’s IP address could access its contents.

“[What] we can confirm at this point is no one hacked U.S. Special Operations Command’s information systems,” U.S. Special Operations Command spokesperson Tim McGraw told TechCrunch. He said DOD initiated an investigation Monday.

The outlet did not review every email, but it did find at least one SF-86 questionnaire prospective federal employees must complete in order to obtain a security clearance. Those forms include sensitive health and personally identifying information and if obtained by an adversary can yield valuable information into the DOD workforce and potentially compromise personnel.

None of the data appeared to be classified, according to TechCrunch. Classified networks are blocked off from the internet for security reasons.

The researcher, Anurag Sen, provided the information to TechCrunch, which then notified USSOCOM on Sunday morning. After the outlet notified DOD of the exposed server, a senior Pentagon official told TechCrunch that DOD relayed the information to USSOCOM.

The DOD spokesperson did not provide details of whether DOD has the capability to detect whether unknown actors have accessed and extracted data based on a TechCrunch query.

The exposed server was one of several segmented servers hosted on Microsoft’s Azure, a cloud service specifically designed for DOD customers that physically separates servers from those intended for commercial use.

The DOD did not immediately respond to the Daily Caller News Foundation’s request for comment.

Tags: Department Of Defense - microsoft - pentagon special operations command
----------------------------------------------------------------------------------------------------
Personal note: We all know shit happens - but at that level - wow! Bummer!
How much data was pulled off - was not disclosed. Somebody is going to get
spanked for this - but who was the last on on line in the system maybe didn't
log off properly - or got dis-tracked and forgot to shut it down? Still so much
for security at one of our highest levels. How much may have been gleened
off the system is unknown per this posting???
-


All times are GMT -7. The time now is 07:09 AM.

Powered by vBulletin, Jelsoft Enterprises Ltd.