Slashdot Mirror

← Back to Stories (view on slashdot.org)

Top Defense Contractor Left Sensitive Pentagon Files on Amazon Server With No Password (gizmodo.com)

Posted by msmash on from the what's-happening dept.

Sensitive files linked to the National Geospatial-Intelligence Agency -- which works with the nation's intelligence agencies to analyze aerial data -- were apparently left on a public Amazon server by an employee of Booz Allen Hamilton, one of the nation's top defense contractors, reports Gizmodo. From the article: A cache of more than 60,000 files was discovered last week on a publicly accessible Amazon server, including passwords to a US government system containing sensitive information, and the security credentials of a lead senior engineer at Booz Allen Hamilton. What's more, the roughly 28GB of data contained at least a half dozen unencrypted passwords belonging to government contractors with Top Secret Facility Clearance. The exposed credentials could potentially grant their holders further access to repositories housing similarly sensitive government data. Countless references are made in the leaked files to the US National Geospatial-Intelligence Agency (NGA), which in March awarded Booz Allen an $86 million defense contract. Often referred to as the Pentagon's "mapmakers," the combat support agency works alongside the Central Intelligence Agency, the National Reconnaissance Office, and the Defense Intelligence Agency to collect and analyze geospatial data gathered by spy satellites and aerial drones. The NGA on Tuesday confirmed the leak to Gizmodo while stressing that no classified information had been disclosed.

50 of 88 comments (clear)

  1. An accident? by DickBreath · · Score: 4, Interesting

    Accidentally, on porpoise?

    > . . . an employee of Booz Allen Hamilton

    Isn't that the company Snowden worked for?

    --

    I'll see your senator, and I'll raise you two judges.
    1. Re:An accident? by DickBreath · · Score: 2

      I'm sure those helpful Russians have made a backup of this information, just as they would with Hillary's email server and Trump's insecure phones.

      --

      I'll see your senator, and I'll raise you two judges.
    2. Re: An accident? by Anonymous Coward · · Score: 1

      FORMER top defense contractor.

      -FTFY

    3. Re:An accident? by Zontar_Thing_From_Ve · · Score: 3, Informative

      Accidentally, on porpoise?

      I had the exact same thought. Let's see if any action at all is taken against this engineer.

      > . . . an employee of Booz Allen Hamilton
      Isn't that the company Snowden worked for?

      Yes.

    4. Re:An accident? by DontBeAMoran · · Score: 2

      What the hell is a "porpoise"?

      --
      #DeleteFacebook
    5. Re:An accident? by Anonymous Coward · · Score: 5, Funny

      A porpoise is a fully aquatic marine mammal of the family Phocoenidae, but that is not important right now.

    6. Re:An accident? by anegg · · Score: 1

      I believe that the inquiry actually was concerned about whether marine mammals were involved. That would be a truly disturbing development, perhaps their first move in a bid to destabilize the US government, taking advantage of the current turmoil at the top of the executive branch.

    7. Re:An accident? by lgw · · Score: 2

      Either that, or it was a case of too much Booze, not enough Allen Hamilton. Never attribute to malice what can be explained by drunken carelessness?

      --
      Socialism: a lie told by totalitarians and believed by fools.
    8. Re:An accident? by DickBreath · · Score: 2

      > What the hell is a "porpoise"?

      A better question is: what is a 'covfefe'?

      I don't think it is something you grab someone by.

      --

      I'll see your senator, and I'll raise you two judges.
    9. Re:An accident? by Cro+Magnon · · Score: 1

      > What the hell is a "porpoise"?

      A better question is: what is a 'covfefe'?

      I don't think it is something you grab someone by.

      Isn't it a drink to keep you from falling asleep while tweeting?

      --
      Slow down, cowboy! It has been 4 hours since you last posted. You must wait another few hours.
    10. Re:An accident? by Quince+alPillan · · Score: 1
      Per wikipedia:

      Porpoises are a group of fully aquatic marine mammals that are sometimes referred to as mereswine, all of which are classified under the family Phocoenidae, parvorder Odontoceti.

      https://en.wikipedia.org/wiki/Porpoise

      It's close to pedantic in the dictionary.

    11. Re:An accident? by HiThere · · Score: 1

      It is a good question. Often when "classified material" becomes public knowledge, say by being declassified, it becomes blatantly obvious that there was never any valid reason to classify it. But there really *are* significant secrets that actually shouldn't be revealed. However I don't include internal political advantage as a valid reason.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    12. Re:An accident? by dbIII · · Score: 1

      It's very important to have a porpoise before attempting time travel or you end up with a pair of ducks.

    13. Re:An accident? by DickBreath · · Score: 1

      Tiny hands are common accessories for tiny minds.

      --

      I'll see your senator, and I'll raise you two judges.
    14. Re:An accident? by DickBreath · · Score: 1

      Being president while under the influence of covfefe.

      Maybe covfefe is a Russian code word that when used on Twitter is intended to trigger some action, such as Putin hinting that Russian private citizens might have had some involvement in influencing US elections.

      I can think up crazy insane theories just well as the alt-right nutjobs. Maybe better.

      --

      I'll see your senator, and I'll raise you two judges.
  2. Suitable Punishment by DatbeDank · · Score: 5, Insightful

    Refuse to allow Booz any new government contracts for their incompetence. (Won't happen)

    1. Re:Suitable Punishment by DickBreath · · Score: 3, Insightful

      Sir, what you suggest might negatively affect the economies of several congressional districts.

      --

      I'll see your senator, and I'll raise you two judges.
    2. Re:Suitable Punishment by DickBreath · · Score: 2

      > Sensitive files tied to a US military project were leaked by a multi-billion dollar firm
      > once described as the world’s most profitable spy operation, Gizmodo has confirmed.

      I think that should indicate it won't happen.

      --

      I'll see your senator, and I'll raise you two judges.
    3. Re:Suitable Punishment by chispito · · Score: 1

      Refuse to allow Booz any new government contracts for their incompetence. (Won't happen)

      Good call, then only the companies whose stupid actions haven't been caught yet will get all the contracts. You probably think this is an exceptional level of incompetence, but it is not. Enumerating unsecured, exposed and supposedly temporary dev systems is a very common and lucrative way to collect bug bounties.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    4. Re:Suitable Punishment by chispito · · Score: 1

      Sir, what you suggest might negatively affect the economies of several congressional districts.

      Booz Allen is all over the place. I count 71 offices in 28 states (I counted quickly; I could be a bit off). Most of the stuff that applies to the Pentagon are going to naturally be in their DC, Maryland, and Virginia locations, I suspect. But there are sure to be a lot of wheels for them to grease nonetheless.

      --
      The Daddy casts sleep on the Baby. The Baby resists!
    5. Re:Suitable Punishment by sconeu · · Score: 1

      Actually, if a company is flagged with a sufficient number* of security violations, the US.gov will drop current contracts and refuse to issue new ones that require access to classified data.

      * The definition of a "sufficient number" is probably extremely flexible.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    6. Re:Suitable Punishment by Chris+Mattern · · Score: 1

      That number for a contractor with as much influence as Booz Allen Hamilton being approximately one googleplex.

    7. Re:Suitable Punishment by barc0001 · · Score: 1

      No problem. Strangely work that would have gone their way is now instead going to a new corporate entity named AllenBooz which is totally separate and not at all connected.

    8. Re:Suitable Punishment by dbIII · · Score: 1

      That's what were are told is supposed to happen, but has it every happened?

    9. Re:Suitable Punishment by sconeu · · Score: 1

      When I held a clearance (thank the FSM I don't anymore), it was drilled into us.

      --
      General Relativity: Space-time tells matter where to go; Matter tells space-time what shape to be.
    10. Re:Suitable Punishment by dbIII · · Score: 1

      When I held a clearance (thank the FSM I don't anymore), it was drilled into us.

      That's interesting to read but not anything like an answer.
      Has anyone else heard of a case where the threat was followed through on? All I keep hearing about is fuckups of this type that get ignored when contracts are renewed. I've seen a few myself and fruitlessly argued to ditch the contractor but not in a security situation.

  3. Mapmaker mapmaker by turkeydance · · Score: 1

    Make me a map, Find me a find, catch me a catch...FOTR

    1. Re:Mapmaker mapmaker by DickBreath · · Score: 1

      > Make me a map, Find me a find, catch me a catch...FOTR

      . . . . and in the darkness bind them...LOTR

      --

      I'll see your senator, and I'll raise you two judges.
  4. Re:Accident by DickBreath · · Score: 3, Informative

    Especially if no harm was done.

    > The NGA on Tuesday confirmed the leak to Gizmodo while stressing
    > that no classified information had been disclosed.

    So no harm, no foul fowl.

    > “NGA takes the potential disclosure of sensitive but unclassified information
    > seriously and immediately revoked the affected credentials,”
    > an agency spokesperson said.

    I feel safer already. They closed the barn door after it came to their attention that the horse had escaped.

    > The Amazon server from which the data was leaked was “not directly
    > connected to classified networks,” the spokesperson noted.

    That makes me wonder how the information got there then. It must have been some really strange kind of unintentional accident if there is no possible connection between the networks.

    > Typically, US government servers hosted by Amazon are segregated into
    > what’s called the GovCloud—a “gated community” protected by advanced
    > cryptography and physical security. Instead, the Booz Allen bucket was found
    > in region “US-East-1,” chiefly comprised of public and commercial data.

    So however these 60,000 files weighing in at 28 GB, and "contain[ing] at least a half dozen unencrypted passwords belonging to government contractors with Top Secret Facility Clearance", must have gotten there through some amazing series of unintentional accidents.

    Will wonders ever cease?

    --

    I'll see your senator, and I'll raise you two judges.
  5. Re:Doesn't matter by DickBreath · · Score: 3, Insightful

    Triangle. Congress critters control taxpayer money used by the military. The military uses private contractors in those congress critters' districts. Those private contractors control the money given to congress critters, thus completing the triangle.

    --

    I'll see your senator, and I'll raise you two judges.
  6. hillary defense by Elric55 · · Score: 1, Troll

    let's see how well the hillary defense holds up on this one.

    1. Re:hillary defense by DickBreath · · Score: 2

      I've heard the Hillary defense many times. I'm not sure how it would apply here. Or maybe I'm thinking of the wrong Hillary defense.

      The Hillary defense goes something like this: . . . . bu, bu, but Hillary's email servers! And Hillary this, and Obama that and Hillary something else! What about those? It's so unfair!

      --

      I'll see your senator, and I'll raise you two judges.
    2. Re:hillary defense by lgw · · Score: 4, Interesting

      The actual Hillary defense would hold up quite well, and always will: you have more dirt on everyone important involved in the process than what you're accused of. Hard to pull off if you weren't recently married to someone with access to the classified dossiers of every congresscritter and senior bureaucrat, however.

      Heck, the only reason Obama was able to take the primary was that he came out of nowhere, so the Clintons didn't have any dirt on him.

      --
      Socialism: a lie told by totalitarians and believed by fools.
  7. It is intentional. by 140Mandak262Jamuna · · Score: 1

    This guy should go to jail.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  8. Re:Yeah, but did they INTEND to leak classified in by DickBreath · · Score: 2

    Intent does not change the color of the pregnancy test stick.

    Intent does not bring people back to life after collision with drunk driver.

    Intent is not going to undo the results that will follow from putting a clown circus in power.

    The road to somewhere is paved with good intentions.

    --

    I'll see your senator, and I'll raise you two judges.
  9. WTF? by hackel · · Score: 4, Insightful

    Why do documents with plain-text user credentials exist ANYWHERE, for ANY REASON in the first place? Is the government (or at least the NGA) really that completely incompetent? This is shocking! I don't care that it was leaked. We need to assume that is ALWAYS going to happen. I care that such documents were ever created in the first place.

    1. Re:WTF? by avandesande · · Score: 1

      Maybe for first log in?

      --
      love is just extroverted narcissism
    2. Re:WTF? by Anonymous Coward · · Score: 1

      First you have to understand that the large majority of Booz employees are ex/retired military officers. These are the types that feel that rules should apply to everyone but themselves. But it is okay because they all were a tie and that makes them Professionals.

    3. Re:WTF? by dbIII · · Score: 1

      Because average people cannot cope with passwords. They just can't.

      Then train them to be better than average.

  10. Re:Accident by gnick · · Score: 3, Informative

    > The Amazon server from which the data was leaked was “not directly
    > connected to classified networks,” the spokesperson noted.

    That makes me wonder how the information got there then. It must have been some really strange kind of unintentional accident if there is no possible connection between the networks.

    I don't understand the confusion. The Amazon server was never connected to a classified network and no classified information was leaked. It would be a really strange accident if data had migrated off of a classified network. That didn't happen.

    --
    He's getting rather old, but he's a good mouse.
  11. Intentionally left by aglider · · Score: 1

    Possible options:
    Idiotic contractors
    Idiotic employers
    Any blend of the above

    --
    Sent as ripples into the electromagnetic field. No single photon has been harmed in the process.
  12. So... by argStyopa · · Score: 3, Insightful

    ...quick question: did this numbskull ACTUALLY GET FIRED?

    Because what I'm finding in our firm's dealing with government and contractors is that very, very few people are ever *actually* held accountable for fuckups.

    And I'm talking about people from congresscritters and senior presidential staff on down.

    --
    -Styopa
    1. Re:So... by Fire_Wraith · · Score: 2

      From what I've seen, the only thing that really has any impact is loss of clearance. Otherwise, they turn around and wind up with a new job for another contracting company at a different agency. I've known and worked with people in the government/contracting world who were either fired or quit just ahead of being fired, that were right back in another job at the drop of a hat.

    2. Re:So... by OverlordQ · · Score: 1

      > ..quick question: did this numbskull ACTUALLY GET FIRED?

      Short answer: If it could have any potential to affect their ability to bid on contracts, your ass will be out the door before you realize what you did.

      --
      Your hair look like poop, Bob! - Wanker.
  13. Well, well . . . by hduff · · Score: 1

    An unintentional act of treason . . .

    --
    "I believe in Karma. That means I can do bad things to people all day long and I assume they deserve it." : Dogbert
  14. How was it found?? by dasgoober · · Score: 1

    Was someone just typing in random url's or ip addresses with random sub-directories and .... surprise??

    1. Re:How was it found?? by snookiex · · Score: 1

      That's my weekend hobby, you insensitive clod!

      --
      Open Source Network Inventory for the masses! Kuwaiba
  15. Re:Beltway Bandits by AHuxley · · Score: 1

    If the US uses gov workers thats more union workers and tax money needed to support them.
    If the US gov offers bids to contractors thats full employment in the private sector been paid for by the US tax payer.
    The costs allow US political leadership can cling to its "private" sector policy.
    With private sector workers all looking at the same US product and US data sets, everything is kept in plain text too. So all the contractors can bid and work with gov/mil data.
    If the US gov encrypts its own data then the private sector would have less ability to work with the gov data or bid for work.
    So its all kept open, in plain text and contractor friendly so politicians can say they fully support the private sector.

    --
    Domestic spying is now "Benign Information Gathering"
  16. So where's the torrent? by schleimkeim · · Score: 1

    I hope the people on gizmodo put up a torrent with the files somewhere, because sharing is caring.

  17. Re:Accident by MonteCarloMethod · · Score: 1

    So no harm, no foul fowl.

    Stop trying to make this about fauna you animal!