HOW WE PROCESS

1 Submit your enquiry.
2 We will get back to you and review your enquiry.
3 We Simulate Penetration testing

If you still have problems, please let us know, by sending an email to [email protected] Thank you!

OPENING HOURS

Mon-Fri 9:00AM - 6:00AM
Sat - 9:00AM-5:00PM
Sunday - Appointment only

US Defense Contractor left Sensitive Files

Posted on by Christian Hendrix
whitehouse - US Defense Contractor left Sensitive Files

US Defense Contractor left Sensitive Files on Amazon Server Without Password

Sensitive files linked to the United States intelligence agency were reportedly left on a public Amazon server by one of the nation’s top intelligence contractor without a password, according to a new report.

UpGuard cyber risk analyst Chris Vickery discovered a cache of 60,000 documents from a US military project for the National Geospatial-Intelligence Agency (NGA) left unsecured on Amazon cloud storage server for anyone to access.

The documents included passwords to a US government system containing sensitive information, and the security credentials of a senior employee of Booz Allen Hamilton, one of the country’s top defense contractors.

Master Credentials to a Highly-Protected Pentagon System were Exposed

Roughly 28GB of exposed documents included the private Secure Shell (SSH) keys of a Booz Allen employee, and a half dozen plain text passwords belonging to government contractors with Top Secret Facility Clearance, Gizmodo reports.

What’s more? The exposed data even contained master credentials granting administrative access to a highly-protected Pentagon system.

The sensitive files have since been secured and were likely hidden from those who didn’t know where to look for them, but anyone, like Vickery, who knew where to look could have downloaded those sensitive files, potentially allowing access to both highly classified Pentagon material and Booz Allen information.

Vickery is reputed and responsible researcher, who has previously tracked down a number of exposed datasets on the Internet. Two months ago, he discovered an unsecured and publicly exposed database, containing nearly 1.4 Billion user records, linked to River City Media (RCM).

“We immediately revoked the affected credentials when we first learned of the potential vulnerability,” the NGA said in a statement. “NGA assesses its cyber security protections and procedures constantly with all of its industry partners. For an incident such as this, we will closely evaluate the situation before determining an appropriate course of action.”

“Booz Allen takes any allegation of a data breach very seriously, and promptly began an investigation into the accessibility of certain security keys in a cloud environment,” a Booz Allen spokesperson told Gizmodo.

sans titre 2 - US Defense Contractor left Sensitive Files

Christian Hendrix

Cybersecurity Analyst at Cybermetrix
Christian is passionate about cybersecurity, personal and fair. he brings new ideas and challenge things that could be better. His is to be responsible for the monitoring and analysing of cyberthreats activity for cybermetrix customers systems and the external environment to identify, understand and react to relevant activity. Passionate about Cybersecurity he brings the most relevants blogs articles for Cybermetrix.
sans titre 2 - US Defense Contractor left Sensitive Files
(Visited 338 times, 1 visits today)
Hack Brief: Dangerous Adware Infects a Quarter Billion PCs
Microsoft Issues WanaCrypt Patch for Windows 8, XP

Cybermetrix cybersecurity group
Our experts will provide the best advice and cybersecurity service in a quick response.

Cybermetrix cybersecurity group
INCIDENT RESPONSE

Our experts will provide the best advice and cybersecurity service in a quick response.

  • SALES ENQUIRY

    04324324///
  • Cyber Incident Helpline

    07804325///
  • EMAIL US

    [email protected]
TOP
Download Free 10 Tips to secure your company PDFGET IT NOW
+