The Patriot Files Forums  

Go Back   The Patriot Files Forums > Military News > DoD

Post New Thread  Reply
 
Thread Tools Display Modes
  #1  
Old 02-21-2023, 12:10 PM
Boats's Avatar
Boats Boats is offline
Senior Member
 

Join Date: Jul 2002
Location: Sauk Village, IL
Posts: 21,784
Exclamation Pentagon Left Server Hosting Sensitive Data Open For Anyone To Access

Pentagon Left Server Hosting Sensitive Data Open For Anyone To Access
By: Micaela Burrow = Daily Caller News Foundation - 02-21-23
Re: https://dailycaller.com/2023/02/21/p...ensitive-data/

The Department of Defense (DOD) is investigating a data server that potentially left sensitive but unclassified information exposed on the internet for two weeks, TechCrunch reported Tuesday.

A good-faith cyber researcher stumbled upon the open server while conducting a vulnerability test over the weekend, finding terabytes of DOD email content exposed to anyone on the internet, TechCrunch reported. DOD secured the server Monday afternoon, but it remains unclear whether malign actors accessed the emails, which contained personal information of DOD employees.

Data contained on the server dated back several years and was connected to an internal mailbox storing three terabytes of military emails, TechCrunch reported. Some of those emails enclosed information relating to U.S. Special Operations Command (USSOCOM).

The server began leaking data as early as Feb. 8 and was likely left exposed through human error, according to the outlet. A misconfiguration removed the password feature, meaning anyone with knowledge of the server’s IP address could access its contents.

“[What] we can confirm at this point is no one hacked U.S. Special Operations Command’s information systems,” U.S. Special Operations Command spokesperson Tim McGraw told TechCrunch. He said DOD initiated an investigation Monday.

The outlet did not review every email, but it did find at least one SF-86 questionnaire prospective federal employees must complete in order to obtain a security clearance. Those forms include sensitive health and personally identifying information and if obtained by an adversary can yield valuable information into the DOD workforce and potentially compromise personnel.

None of the data appeared to be classified, according to TechCrunch. Classified networks are blocked off from the internet for security reasons.

The researcher, Anurag Sen, provided the information to TechCrunch, which then notified USSOCOM on Sunday morning. After the outlet notified DOD of the exposed server, a senior Pentagon official told TechCrunch that DOD relayed the information to USSOCOM.

The DOD spokesperson did not provide details of whether DOD has the capability to detect whether unknown actors have accessed and extracted data based on a TechCrunch query.

The exposed server was one of several segmented servers hosted on Microsoft’s Azure, a cloud service specifically designed for DOD customers that physically separates servers from those intended for commercial use.

The DOD did not immediately respond to the Daily Caller News Foundation’s request for comment.

Tags: Department Of Defense - microsoft - pentagon special operations command
----------------------------------------------------------------------------------------------------
Personal note: We all know shit happens - but at that level - wow! Bummer!
How much data was pulled off - was not disclosed. Somebody is going to get
spanked for this - but who was the last on on line in the system maybe didn't
log off properly - or got dis-tracked and forgot to shut it down? Still so much
for security at one of our highest levels. How much may have been gleened
off the system is unknown per this posting???
-
__________________
Boats

O Almighty Lord God, who neither slumberest nor sleepest; Protect and assist, we beseech thee, all those who at home or abroad, by land, by sea, or in the air, are serving this country, that they, being armed with thy defence, may be preserved evermore in all perils; and being filled with wisdom and girded with strength, may do their duty to thy honour and glory; through Jesus Christ our Lord. Amen.

"IN GOD WE TRUST"
sendpm.gif Reply With Quote
Sponsored Links
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On

All times are GMT -7. The time now is 05:15 PM.


Powered by vBulletin, Jelsoft Enterprises Ltd.