{"id":179,"date":"2017-12-24T15:02:46","date_gmt":"2017-12-24T10:02:46","guid":{"rendered":"http:\/\/www.chmosama.com\/blog\/?p=179"},"modified":"2017-12-24T15:06:35","modified_gmt":"2017-12-24T10:06:35","slug":"broken-aws-storage-spills-military-secrets","status":"publish","type":"post","link":"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/","title":{"rendered":"Broken AWS Storage Spills Military Secrets Again"},"content":{"rendered":"<p><strong>Broken AWS Storage Spills Military Secrets Again<\/strong><\/p>\n<p style=\"text-align: justify;\">For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online. This time it was nearly 100 GB of critical data belonging to the United States Army Intelligence and Security Command (INSCOM).<\/p>\n<p style=\"text-align: justify;\">Some of the data included information labeled \u201ctop secret\u201d and \u201cNOFORN\u201d (no foreign nationals) and mostly pertained to a project called Red Disk, a proposed plan to offer cloud-computing capabilities to a U.S. military intelligence network known as the Distributed Common Ground System (DCGS).<\/p>\n<p style=\"text-align: justify;\">\u201cINSCOM\u2019s web presence provides troubling indications of gaps in their cybersecurity \u2013 exemplified by the presence of classified data within this publicly accessible data repository,\u201d wrote UpGuard in a report outlining <a href=\"https:\/\/www.upguard.com\/breaches\/cloud-leak-inscom\" rel=\"noopener\">its findings on Tuesday<\/a>.<\/p>\n<p style=\"text-align: justify;\">The data was found on an Amazon S3 storage bucket publicly accessible to the internet. According to UpGuard, the AWS storage bucket belonged to a now-defunct third-party defense contractor named Invertix, a past INSCOM partner.<\/p>\n<p style=\"text-align: left;\">Requests for comment made to INSCOM were not returned. The NSA an U.S. Army referred all questions on the matter to INSCOM. INSCOM is an intelligence command overseen by both the U.justify. Army and the NSA.<\/p>\n<p style=\"text-align: justify;\">The data leak follows a number of previous embarrassing leaks for the Defense Department where sensitive data was also left on publicly accessible servers. Last week, UpGuard reported it found a massive archive of 1.8 billion publicly accessible social-media posts on the Amazon S3 storage buckets that belonged to a Pentagon contractor.<\/p>\n<p style=\"text-align: justify;\">UpGuard Director of Cyber Risk Research, Chris Vickery, is credited with finding both leaky servers. According to the UpGuard, the INSCOM data was found on Sept. 27, 2017, on an AWS storage bucket configured for public access.<\/p>\n<p style=\"text-align: justify;\">\u201cSet to allow anyone entering the URL to see the exposed bucket\u2019s contents, the repository, located at the AWS subdomain \u2018inscom,\u2019 contained 47 viewable files and folders in the main repository, three of which were also downloadable,\u201d UpGuard reported Tuesday. UpGuard said that three of the downloadable files contained \u201chighly sensitive\u201d data that was explicitly classified.<\/p>\n<p style=\"text-align: justify;\">Aside from information about Red Disk, a virtual hard drive and the Linux-based operating system was also publicly accessible. The hard drive contains six partitions, varying in size from 1 GB to 69 GB.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" src=\"http:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/nov282017-1-1.png\" alt=\"\" width=\"617\" height=\"285\" class=\"aligncenter size-full wp-image-182\" srcset=\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/nov282017-1-1.png 617w, https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/nov282017-1-1-300x139.png 300w\" sizes=\"auto, (max-width: 617px) 100vw, 617px\" \/><\/p>\n<p style=\"text-align: justify;\">\u201cThe largest file is an Oracle Virtual Appliance (.ova) file titled \u201cssdev,\u201d which, when loaded into VirtualBox, is revealed to contain a virtual hard drive and Linux-based operating system likely used for receiving Defense Department data from a remote location,\u201d researchers said.<\/p>\n<p style=\"text-align: justify;\">\u201cWhile the virtual OS and HD can be browsed in their functional states, most of the data cannot be accessed without connecting to Pentagon systems \u2013 an intrusion that malicious actors could have attempted, had they found this bucket,\u201d researchers noted.<\/p>\n<p style=\"text-align: justify;\">Also exposed were private keys used for accessing distributed intelligence systems, belonging to Invertix administrators, as well as hashed passwords which, if still valid and cracked, could be used to further access internal government systems.<\/p>\n<p style=\"text-align: justify;\">Just how sensitive is the data exposed is unclear.<\/p>\n<p style=\"text-align: justify;\">\u201cIt is unnecessary to speculate as to the potential value of such an exposed bucket to foreign intelligence services or malicious individual actors; the care is taken to classify sections of the exposed virtual drive as \u2018Top Secret\u2019 and \u2018NOFORN\u2019 provide all the indications necessary to determine how serious this data was taken by the Defense Department,\u201d UpGuard wrote.<\/p>\n<p style=\"text-align: justify;\">The leak is just the latest in a long string of incidents where data has been exposed to the public internet via misconfigured servers. As of September 2017, IBM X-Force said 1.3 billion records tied to 24 incidents have been exposed. Accenture, Verizon, Dow Jones and Deep Root Analytics are just a few of the firms in the past year when it comes to the millions of private records and sensitive enterprise data exposed on cloud backends this year.<\/p>\n<p style=\"text-align: left;\">UpGuard said it worked with INSCOM to remove and secure the data.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Broken AWS Storage Spills Military Secrets Again For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online. This time it was nearly 100 GB of critical data belonging to the United States Army Intelligence and [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":180,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[33],"tags":[43,44],"class_list":["post-179","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-article","tag-government","tag-privacy"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.3 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Broken AWS Storage Spills Military Secrets Again - Blog - Choudhary Muhammad Osama<\/title>\n<meta name=\"description\" content=\"For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Broken AWS Storage Spills Military Secrets Again - Blog - Choudhary Muhammad Osama\" \/>\n<meta property=\"og:description\" content=\"For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/\" \/>\n<meta property=\"og:site_name\" content=\"Blog - Choudhary Muhammad Osama\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/chmosama\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/chmosama\" \/>\n<meta property=\"article:published_time\" content=\"2017-12-24T10:02:46+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2017-12-24T10:06:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/mil-sec.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1000\" \/>\n\t<meta property=\"og:image:height\" content=\"667\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Choudhary Muhammad Osama\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@ChMuhammadOsama\" \/>\n<meta name=\"twitter:site\" content=\"@ChMuhammad\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Choudhary Muhammad Osama\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/\",\"url\":\"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/\",\"name\":\"Broken AWS Storage Spills Military Secrets Again - Blog - Choudhary Muhammad Osama\",\"isPartOf\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/mil-sec.jpg\",\"datePublished\":\"2017-12-24T10:02:46+00:00\",\"dateModified\":\"2017-12-24T10:06:35+00:00\",\"author\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7\"},\"description\":\"For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/#primaryimage\",\"url\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/mil-sec.jpg\",\"contentUrl\":\"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/mil-sec.jpg\",\"width\":1000,\"height\":667},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.chmosama.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Broken AWS Storage Spills Military Secrets Again\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#website\",\"url\":\"https:\/\/www.chmosama.com\/blog\/\",\"name\":\"Blog - Choudhary Muhammad Osama\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.chmosama.com\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7\",\"name\":\"Choudhary Muhammad Osama\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g\",\"caption\":\"Choudhary Muhammad Osama\"},\"description\":\"This is Choudhary Muhammad Osama, a highly accomplished Penetration Tester, Security Analyst and Linux Administration enthusiast, with extensive experience in implementing, maintaining, securing and pentesting web applications and networks.\",\"sameAs\":[\"https:\/\/www.chmosama.com\",\"https:\/\/www.facebook.com\/chmosama\",\"https:\/\/x.com\/ChMuhammadOsama\"],\"url\":\"http:\/\/www.chmosama.com\/blog\/author\/chmosama\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Broken AWS Storage Spills Military Secrets Again - Blog - Choudhary Muhammad Osama","description":"For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/","og_locale":"en_US","og_type":"article","og_title":"Broken AWS Storage Spills Military Secrets Again - Blog - Choudhary Muhammad Osama","og_description":"For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online.","og_url":"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/","og_site_name":"Blog - Choudhary Muhammad Osama","article_publisher":"https:\/\/www.facebook.com\/chmosama","article_author":"https:\/\/www.facebook.com\/chmosama","article_published_time":"2017-12-24T10:02:46+00:00","article_modified_time":"2017-12-24T10:06:35+00:00","og_image":[{"width":1000,"height":667,"url":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/mil-sec.jpg","type":"image\/jpeg"}],"author":"Choudhary Muhammad Osama","twitter_card":"summary_large_image","twitter_creator":"@ChMuhammadOsama","twitter_site":"@ChMuhammad","twitter_misc":{"Written by":"Choudhary Muhammad Osama","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/","url":"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/","name":"Broken AWS Storage Spills Military Secrets Again - Blog - Choudhary Muhammad Osama","isPartOf":{"@id":"https:\/\/www.chmosama.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/#primaryimage"},"image":{"@id":"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/#primaryimage"},"thumbnailUrl":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/mil-sec.jpg","datePublished":"2017-12-24T10:02:46+00:00","dateModified":"2017-12-24T10:06:35+00:00","author":{"@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7"},"description":"For the second time in ten days, researchers at UpGuard released sensitive data belonging to the United States Defense Department that was stored insecurely online.","breadcrumb":{"@id":"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/#primaryimage","url":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/mil-sec.jpg","contentUrl":"https:\/\/www.chmosama.com\/blog\/wp-content\/uploads\/2017\/12\/mil-sec.jpg","width":1000,"height":667},{"@type":"BreadcrumbList","@id":"https:\/\/www.chmosama.com\/blog\/broken-aws-storage-spills-military-secrets\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.chmosama.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Broken AWS Storage Spills Military Secrets Again"}]},{"@type":"WebSite","@id":"https:\/\/www.chmosama.com\/blog\/#website","url":"https:\/\/www.chmosama.com\/blog\/","name":"Blog - Choudhary Muhammad Osama","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.chmosama.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/1e5073e7a2fb381ec0503b87b16ba4c7","name":"Choudhary Muhammad Osama","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.chmosama.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/3d3ebe72135073f739b9d6cc1c93ea0a0f40e9393eb5305a78f0d70435ad2f6c?s=96&d=mm&r=g","caption":"Choudhary Muhammad Osama"},"description":"This is Choudhary Muhammad Osama, a highly accomplished Penetration Tester, Security Analyst and Linux Administration enthusiast, with extensive experience in implementing, maintaining, securing and pentesting web applications and networks.","sameAs":["https:\/\/www.chmosama.com","https:\/\/www.facebook.com\/chmosama","https:\/\/x.com\/ChMuhammadOsama"],"url":"http:\/\/www.chmosama.com\/blog\/author\/chmosama\/"}]}},"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/179","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/comments?post=179"}],"version-history":[{"count":5,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/179\/revisions"}],"predecessor-version":[{"id":232,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/posts\/179\/revisions\/232"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/media\/180"}],"wp:attachment":[{"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/media?parent=179"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/categories?post=179"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.chmosama.com\/blog\/wp-json\/wp\/v2\/tags?post=179"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}