The US Department of Defense (DoD) has been affected by a data breach after a huge volume of its critical intelligence data was exposed on a publicly accessible server.
UpGuard, a cybersecurity company in the US, has discovered that more than 100GB of data belonged to the US Army Intelligence and Security Command (INSCOM), a joint US Army and National Security Agency (NSA) Defense Department command, according to media sources.
The INSCOM is responsible for gathering intelligence data for US military and political leaders.
The DoD information was leaked on to a public Amazon Web Services S3 cloud storage bucket.
The server contained a total of 47 viewable files and folders in the main repository, three of which were also downloadable.
The leaked files include sensitive details about the DoD’s battlefield intelligence platform, the distributed common ground system – army (DCGS-A) and the platform’s troubled cloud auxiliary, Red Disk.
These files also contain private keys used for accessing distributed intelligence systems and hashed passwords that can be used to further access internal systems.
Commenting on the data leak, UpGuard stated: “Plainly put, the digital tools needed to potentially access the networks relied upon by multiple Pentagon intelligence agencies to disseminate information should not be something available to anybody entering a URL into a web browser.
“Although the UpGuard Cyber Risk Team has found and helped to secure multiple data exposures involving sensitive defence intelligence data, this is the first time that clearly classified information has been among the exposed data.”
Additionally, UpGuard found a virtual hard drive and Linux-based operating system that could be used for receiving DoD data from a remote location.