Booz Allen Hamilton Leaves U.S. Government Files On Unprotected Amazon Server
Sensitive government information related to a U.S. military project were left on an unprotected server by a defense contractor, Gizmodo reported. More than 60,000 files, including security credentials and passwords to a government system containing sensitive information, were publicly accessible on an Amazon server that was not protected by a password.
The nearly 28GB of data was left exposed by a contractor at Booz Allen Hamilton — one of the top defense contractors in the U.S. and once considered to be the most profitable spy operation in the world.
Read: Why Did Anonymous Hack Booz Allen Hamilton, Release 90K U.S. Military E-mails?
Included in the trove of data were unencrypted passwords belonging to contractors with Top Secret Facility Clearance. Those credentials could be used to gain access to additional sensitive government data.
Within the leaked documents are references to the U.S. National Geospatial-Intelligence Agency (NGA), which serve as the “mapmakers” for the Pentagon. Booz Allen Hamilton won an $86 million defense contract for the project, which involves collecting and analyzing geospatial data collected from satellites and drones.
The NGA also regularly works with the CIA, National Reconnaissance Office and the Defense Intelligence Agency.
Read: Air Force Hack: Unsecured Drive Leaks U.S. Military Applications, Social Security Numbers, More
The server containing files from Booz Allen Hamilton contractors was discovered last week by cyber risk analyst Chris Vickery of cyberresilience platform UpGuard. Vickery found the files from the contractor on a server that contained mostly public and commercial data.
The presence of the information caught the analyst off guard as US government servers hosted by Amazon are usually kept on separate space called GovCloud, which is protected by digital and physical security protocols.
The NGA confirmed the existence of the unprotected data to Gizmodo. “NGA takes the potential disclosure of sensitive but unclassified information seriously and immediately revoked the affected credentials,” an NGA spokesperson told the publication. According to the contractor, the Amazon server “not directly connected to classified networks” and noted no classified information was disclosed.
The unsecured server is just the latest example of an unsecured server revealing potentially sensitive information. Earlier this year, a backup drive that was not password protected resulted in the leak of sensitive documents pertaining to members of the U.S. Air Force.
Booz Allen Hamilton told Gizmodo the files that were publicly available on the server have since been secured and the organization is carrying out a “detailed forensic investigation” that has thus far found “no evidence” that any classified information was compromised.
Booz Allen Hamilton was previously the employer of former National Security Agency contractor and whistleblower Edward Snowden, who copied and released classified government information without authorization.
In 2011, the contractor reportedly was hacked by Anonymous. More than 90,000 emails were stolen, along with login credentials for a number of personnel working for government organizations pertaining to the military and national security.
© Copyright IBTimes 2024. All rights reserved.