Army Spent $100 Million On Intelligence System It Never Used, NSA Leak Says
An unsecured, public database maintained in part by the United States National Security Agency contained information about a $100 million Army intelligence project that was never deployed.
The publicly accessible database, which was discovered by security researcher Chris Vickery of security firm Upguard, contained more than 100 gigabytes of data from the now-defunct “Red Disk” program.
Hosted on the Amazon Web Services storage server that was unlisted but public and viewable without a password was a disk image that could be unpacked to reveal thousands of files relating to Red Disk, a cloud-based intelligence sharing program that was developed by the U.S. Army's Intelligence and Security Command (known as INSCOM), a division of both the Army and the NSA.
Red Disk was intended to be a customizable cloud system that would provide the Pentagon with on-demand intelligence from the battlefield. The program would provide constant satellite images from the battlefield and video feeds from drones eyeing enemy fighters, according to a report from Foreign Policy .
The system would also support other intelligence that may be relevant to the military’s decision makers. Information from classified reports and top secret reports would be made available through the system, as well as signals intelligence, radar, audio databases, and biometric analysis. Some of the information was intended to be provided directly from the NSA.
The massive amount of raw data collected for the Red Disk program was to be processed by an NSA software system called NiFi, which was designed to sort and organize massive data sets into indexed, searchable information.
Red Disk was designed to allow an analyst to quickly pull any relevant intelligence, which would be redacted based on the user’s security clearance. One document from the leak showed how an analyst could use the system to target people of interest including terrorists by pulling intel from ground troops and drone footage.
Despite the lofty goals set for the military project, Red Disk never saw the light of day. After dumping more than $93 million into the program, the Pentagon discontinued funding for Red Disk and the program was never deployed. The failed program sparked an Army investigation to determine if the funding for Red Disk was improperly spent.
While Red Disk never came to be and the existence of its files online mostly serve as a reminder of the program’s failure, it remains troubling that the program was exposed in a server that had no protection and allowed anyone who found the domain where it was hosted to view it.
Documents contained within the Red Disk cache also contained sensitive information, including private keys used for the system to access other servers maintained by the intelligence community. The keys belonged a Invertix, a third-party firm that worked with INSCOM to develop Red Disk.
The NSA, INSCOM and Invertix—now Altamira Technologies—have yet to acknowledge or comment on the public-facing server.
The incident is just the latest example of information from the U.S. intelligence community being left unprotected online. Earlier this month, files from the U.S. Defense Department were discovered in a public-facing cloud storage server.
© Copyright IBTimes 2024. All rights reserved.