Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password

Sensitive files linked to the National Geospatial-Intelligence Agency -- which works with the nation's intelligence agencies to analyze aerial data -- were apparently left on a public Amazon server by an employee of Booz Allen Hamilton, one of the nation's top defense contractors, reports Gizmodo. From the article: A cache of more than 60,000 files was discovered last week on a publicly accessible Amazon server, including passwords to a US government system containing sensitive information, and the security credentials of a lead senior engineer at Booz Allen Hamilton. What's more, the roughly 28GB of data contained at least a half dozen unencrypted passwords belonging to government contractors with Top Secret Facility Clearance. The exposed credentials could potentially grant their holders further access to repositories housing similarly sensitive government data. Countless references are made in the leaked files to the US National Geospatial-Intelligence Agency (NGA), which in March awarded Booz Allen an $86 million defense contract. Often referred to as the Pentagon's "mapmakers," the combat support agency works alongside the Central Intelligence Agency, the National Reconnaissance Office, and the Defense Intelligence Agency to collect and analyze geospatial data gathered by spy satellites and aerial drones. The NGA on Tuesday confirmed the leak to Gizmodo while stressing that no classified information had been disclosed.

Re:Accident

[DickBreath]

Especially if no harm was done.

> The NGA on Tuesday confirmed the leak to Gizmodo while stressing
> that no classified information had been disclosed.

So no harm, no foul fowl.

> “NGA takes the potential disclosure of sensitive but unclassified information
> seriously and immediately revoked the affected credentials,”
> an agency spokesperson said.

I feel safer already. They closed the barn door after it came to their attention that the horse had escaped.

> The Amazon server from which the data was leaked was “not directly
> connected to classified networks,” the spokesperson noted.

That makes me wonder how the information got there then. It must have been some really strange kind of unintentional accident if there is no possible connection between the networks.

> Typically, US government servers hosted by Amazon are segregated into
> what’s called the GovCloud—a “gated community” protected by advanced
> cryptography and physical security. Instead, the Booz Allen bucket was found
> in region “US-East-1,” chiefly comprised of public and commercial data.

So however these 60,000 files weighing in at 28 GB, and "contain[ing] at least a half dozen unencrypted passwords belonging to government contractors with Top Secret Facility Clearance", must have gotten there through some amazing series of unintentional accidents.

Will wonders ever cease?

Re:An accident?

[Zontar_Thing_From_Ve]

Accidentally, on porpoise?

I had the exact same thought. Let's see if any action at all is taken against this engineer.

> . . . an employee of Booz Allen Hamilton
Isn't that the company Snowden worked for?

Yes.

Re:Accident

[gnick]

> The Amazon server from which the data was leaked was “not directly
> connected to classified networks,” the spokesperson noted.

That makes me wonder how the information got there then. It must have been some really strange kind of unintentional accident if there is no possible connection between the networks.

I don't understand the confusion. The Amazon server was never connected to a classified network and no classified information was leaked. It would be a really strange accident if data had migrated off of a classified network. That didn't happen.