Analyst: Pentagon server has been "leaking" for weeks
Analyst: Pentagon server has been
Share:

USA: Security analyst Anurag Sen disclosed to TechCrunch on Sunday that the US Defense Department left three terabytes of internal military emails on Microsoft's Azure government cloud unprotected by even a password for more than two weeks.

After the outlet informed US Special Operations Command (USSOCOM) that years' worth of private information was stored on a server that was a component of an internal mailbox system and was freely accessible to anyone with the correct IP address, the vulnerability was finally fixed on Monday.

This information from TechCrunch had been forwarded to USSOCOM, the Pentagon acknowledged on Monday through a senior official.

Also Read: Israeli reforms according to the UN rights chief, would weaken the judiciary

The server held plenty of sensitive personnel information, including the thorough forms filled out by federal employees applying for security clearances, in addition to internal military email messages, some of which were years old. These 136-page SF-86 questionnaires are so sought-after by foreign rivals that Washington suspects Chinese hackers broke into the US Office of Personnel Management and stole millions of them.

Since the USSOCOM's classified networks are not accessible from the internet, it was assumed that none of the information on the exposed server was classified.

Although a USSOCOM spokesman informed TechCrunch via email that "We can confirm at this point...no one hacked US Special Operations Command's information systems," it was unclear why the server was not password-protected.

Also Read:  In a jihadist attack in Mogadishu ten civilians were killed

 

When asked if the Defense Department maintained logs that might have revealed who else besides Sen might have accessed the private information, the spokesman said that an investigation into the vulnerability had been opened on Monday.

According to a listing on Shodan, a search engine for exposed systems and databases, which the outlet cited, the server started leaking data on February 8.

Also Read:  US plans strict restrictions on those seeking asylum

A copy of the US Transportation Security Administration's "no-fly" list was allegedly discovered last month by a Swiss hacker on an unprotected server used by US regional and commuter airline CommuteAir.

Share:
Join NewsTrack Whatsapp group
Related News