US security contractor left top secret data in open cloud storage

By

Booz Allen Hamilton in new info leak scandal.

United States government security contractor Booz Allen Hamilton left a trove of top secret data on Amazon Web Services' Simple Storage Service (S3) accessible to anyone who knew where to look for it.

US security contractor left top secret data in open cloud storage

Researcher Chris Vickery discovered the store of sensitive military intelligence information. He analysed the data and believes it related to a project that BAH and fellow security contractor Metronome worked on for the US National Geospatial-Intelligence Agency (NGA).

The NGA is tasked with providing geospatial intelligence to the US military, including satellite surveillance of hostile territories such as North Korea, as well as battlefield imagery and tracking of missiles and aircraft.

The data in the AWS S3 bucket was stored in plain text, with no encryption or password protection.

Vickery found domain registration information and other credentials in the stored data that linked the files to BAH and Metronome.

He also discovered the digital secure shell (SSH) keys belonging to a BAH engineer in the collection of files, along with login details for full administrative access to at least one data centre's operating system.

Upon discovering the top secret data cache, Vickery alerted BAH but received no response from the government contractor.

Vickery escalated the issue to NGA which immediately replied and requested the data be secured and safeguarded until it could be securely and permanently deleted.

Booz Allen Hamilton has figured prominently in recent data leaks involving US intelligence agencies.

In 2013, former BAH employee Edward Snowden started disseminating top secret documents he had taken from the US National Security Agency. The leaks revealed sensitive operational information on US and its Five-Eyes intelligence partners, including Australia and New Zealand.

This year, BAH staffer Harold Martin was indicted for hoarding a large amount of NSA software and classified documents in his home.

Martin had collected the data over the past 20 years, unnoticed by his employer or the NSA. He faces decades in prison if found guilty.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
cloudedward snowdensecurityunited states

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Victoria's Secret pulls down website amid security incident

Victoria's Secret pulls down website amid security incident
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?