US security contractor left top secret data in open cloud storage

By on
US security contractor left top secret data in open cloud storage

Booz Allen Hamilton in new info leak scandal.

United States government security contractor Booz Allen Hamilton left a trove of top secret data on Amazon Web Services' Simple Storage Service (S3) accessible to anyone who knew where to look for it.

Researcher Chris Vickery discovered the store of sensitive military intelligence information. He analysed the data and believes it related to a project that BAH and fellow security contractor Metronome worked on for the US National Geospatial-Intelligence Agency (NGA).

The NGA is tasked with providing geospatial intelligence to the US military, including satellite surveillance of hostile territories such as North Korea, as well as battlefield imagery and tracking of missiles and aircraft.

The data in the AWS S3 bucket was stored in plain text, with no encryption or password protection.

Vickery found domain registration information and other credentials in the stored data that linked the files to BAH and Metronome.

He also discovered the digital secure shell (SSH) keys belonging to a BAH engineer in the collection of files, along with login details for full administrative access to at least one data centre's operating system.

Upon discovering the top secret data cache, Vickery alerted BAH but received no response from the government contractor.

Vickery escalated the issue to NGA which immediately replied and requested the data be secured and safeguarded until it could be securely and permanently deleted.

Booz Allen Hamilton has figured prominently in recent data leaks involving US intelligence agencies.

In 2013, former BAH employee Edward Snowden started disseminating top secret documents he had taken from the US National Security Agency. The leaks revealed sensitive operational information on US and its Five-Eyes intelligence partners, including Australia and New Zealand.

This year, BAH staffer Harold Martin was indicted for hoarding a large amount of NSA software and classified documents in his home.

Martin had collected the data over the past 20 years, unnoticed by his employer or the NSA. He faces decades in prison if found guilty.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © . All rights reserved.

Most Read Articles

Log In

  |  Forgot your password?