Pentagon Accidentally Exposed Internet Surveillance Data

Remigio Civitarese
Novembre 20, 2017

It's hardly a secret that the Defense Department collects social media data. The data from only one bucket is estimated to contain 1.8 billion posts gathered over a period of eight years. The online storage misconfiguration allowed anyone with a free Amazon AWS account to browse and even download the data.

The security firm was able to gain access to the data because a contractor used by the Defense Department stored it in a way that was accessible by anyone with an AWS account.

The three buckets had the subdomain names "centcom-backup", "centcom-archive", and "pacom-archive", which provide an indication of what they signify. Researchers at UpGuard have revealed that the United States military's Central Command and Pacific Command left "at least" 1.8 billion collected internet posts exposed on a misconfigured Amazon Web Services S3 server.

This was discovered by UpGuard security researcher Chris Vickery. Given the enormous size of these data stores, a cursory search reveals a number of foreign-sourced posts that either appear entirely benign, with no apparent ties to areas of concern for US intelligence agencies, or ones that originate from American citizens, including a vast quantity of Facebook and Twitter posts, some stating political opinions. Numerous posts captured from Facebook or Twitter seem to be political commentaries made by American citizens or other benign posts with no value for national security.

This also brings us to some previous discoveries, which showed that the increasing amount of benign data collected from internet users across the world with no clear value for security, is actually paralyzing intelligence efforts.

Beyond the privacy issues the data collection itself creates, UpGuard was surprised by how little care the Pentagon and its third-party vendors took in securing this intelligence data. However, the exposure still raises concerns about both the government's approach to security and the kind of information it's collecting. It's unclear how long these servers have been unsecured.

The DoD has since confirmed the data leak to CNN. It didn't make the storage servers private.

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE