Special Ops, Not So Special.
Ron Sharon
Redefining Possibilities | Experienced Tech & Cybersecurity Leader | Transforming Careers & Minds in the Digital World | Founder of Throwing The Box
Military's Email Leaks Due to Unprotected Server
The US military's Special Operations Command (SOCOM) is investigating a potential data leak after an independent cybersecurity researcher discovered a trove of unclassified email data was exposed to the internet. Anurag Sen found the leak on February 8 and reported it to TechCrunch, which alerted the US government.
The leak was caused by a misconfiguration of a cloud server hosted on Microsoft's Azure government cloud, which the Department of Defense uses to share sensitive, unclassified data. The server was not password-protected, meaning anyone with the IP address could access the data via a web browser.?
The mailbox system stored approximately three terabytes of internal military emails, with many messages concerning SOCOM, the US military unit tasked with special operations.
The exposed data included information dating back years, with some containing sensitive personnel information. One file had a completed SF-86 questionnaire, completed by federal employees seeking a security clearance and containing personal and health information.
These questionnaires are used to vet individuals before they handle classified information, making the information valuable to foreign adversaries. It is not known whether anyone other than Sen accessed the exposed data during the two-week window before the server was secured.
领英推荐
It is not uncommon for large organizations to inadvertently expose internal data to the internet. Still, this is a worrying incident as it is a Department of Defense email server. The leak highlights how powerful organizations can unwittingly expose potentially sensitive internal data by incorrectly configuring their computer servers.
SOCOM spokesperson Ken McGraw confirmed an investigation had been launched but stated that there is no evidence of anyone hacking US Special Operations Command's information systems. McGraw also confirmed that the exposed data is unclassified, which is consistent with SOCOM's civilian network, as classified networks are not accessible from the internet.
This incident serves as a reminder that organizations can still fall victim to data breaches, no matter how powerful or sophisticated.?
Ensuring that computer servers are correctly configured is essential to preventing these incidents. As more data is digitized and stored in the cloud, organizations must remain vigilant to keep their data secure.
CTO & Co-Founder at PhishCloud Inc.
2 年Looks like the US Military could use a refresher on Cybersecurity 101. Better luck next time! ?? #cybersecurity #dataprotection?
Making Continuous PCI DSS Compliance Affordable, Actionable, & Achievable | PCI-P | CISA | Former PCI ISA | International speaker
2 年The hits just keep on coming. Just a few weeks ago the NoFly list was exposed because an airline didn’t change the server’s vendor defaults. ??♀???♀?
Intermediate Cybersecurity Engineer @ MITRE | CISSP | CGRC | AWS SAA | ISA/IEC 62443 Cybersecurity Fundamentals Specialist (CFS)
2 年The sheer idiocy is unreal.
There sure should be water tight internal policy on server configuration with religious instructions to follow. Server misconfiguration is a treasure throbe for bad guys. The prayers of an hacker is that there is one server among the hundreds of thousands of servers that must have experienced configuration fatigue from it's handler and was misconfigured. Well we are thankful it was realized early, they can do an enterprise - wide server configuration assessment to see if their are any additional leaks anywhere.