[German]Big fail that happened to U.S. Department of Defense (DoD) IT administrators. This week Monday, U.S. Department of Defense strategists secured an unprotected server that had been used to leak terabytes of internal U.S. military emails onto the Internet for two weeks. The server was not password protected, the TechCrunch medium has learned from a security researcher.
Advertising
I became aware of the issue overnight via Twitter and a news aggregator, with TechCrunch breaking it all down in this article.
The server in question was hosted in Microsoft's Azure cloud for DoD customers. DoD "customers" use servers that are physically separate from other commercial customers. The servers are used to share sensitive but unclassified government data.
The server, accessible unprotected on the Internet, was part of an internal mailbox system that stored about three terabytes of internal military e-mail. Much of the mail concerned U.S. Special Operations Command (USSOCOM), the U.S. military unit charged with conducting special military operations.
However, a misconfiguration left the server passwordless, so anyone on the Internet with a Web browser could access the sensitive mailbox data if they only knew the IP address. Anurag Sen, a security researcher, found the unprotected server over the weekend and provided TechCrunch with details that could alert the U.S. government. Meanwhile (one day later), the server has been secured.
Advertising
According to Techcrunch, the server contained internal military e-mails, some of which were years old, but some of which contained sensitive personnel information. For example, a completed SF-86 questionnaire was found. This is to be filled out by federal employees if a security clearance is sought. Such questionnaires contain highly sensitive personal and health information to screen the individual. It would be a feast for any intelligence agency to obtain background information on security clearance holders.
China is doing quite a bit of that – in 2015, there was one such data leak by suspected Chinese hackers who pulled millions of sensitive background data from government employees applying for security clearances from the U.S. personnel office. A listing by search engine Shodan shows that that search engine first discovered the server on Feb. 8, 2023. So far, it is unclear why the internal server was publicly accessible via the Internet. That's just the "magic of the cloud", shit happens – this is the penalty of human errors.
