Defense contractor stored intelligence data in Amazon cloud unprotected [Updated]

by
Sean Gallagher
from Ars Technica - All content on (#2RDFB)
National_Geospatial-Intelligence_Agency_

Enlarge / NGA headquarters. A trove of top secret data processed by NGA contractor Booz Allen Hamilton was left exposed on a public Amazon cloud instance. (credit: Trevor Paglen)

On May 24, Chris Vickery, a cyber risk analyst with the security firm UpGuard, discovered a publicly accessible data cache on Amazon Web Services' S3 storage service that contained highly classified intelligence data. The cache was posted to an account linked to defense and intelligence contractor Booz Allen Hamilton. And the files within were connected to the US National Geospatial-Intelligence Agency (NGA), the US military's provider of battlefield satellite and drone surveillance imagery.

Based on domain-registration data tied to the servers linked to the S3 "bucket," the data was apparently tied to Booz Allen and another contractor, Metronome. Also present in the data cache was a Booz Allen Hamilton engineer's remote login (SSH) keys and login credentials for at least one system in the company's data center.

[Update, 5:10 PM] UpGuard's post suggested the data may have been classified at up to the Top Secret level. A Booz-Allen spokesperson told Ars that the data was not connected to classified systems. However, the credentials included in the store could have provided access to more sensitive data, including code repositories.

Read 6 remaining paragraphs | Comments

index?i=TfhPwuNDryg:SQy5TbINGlI:V_sGLiPB index?i=TfhPwuNDryg:SQy5TbINGlI:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments