Massive US Military Social Media Spying Archive Left Wide Open In AWS S3 Buckets

An anonymous reader quotes a report from The Register: Three misconfigured AWS S3 buckets have been discovered wide open on the public internet containing "dozens of terabytes" of social media posts and similar pages -- all scraped from around the world by the U.S. military to identify and profile persons of interest. The archives were found by veteran security breach hunter UpGuard's Chris Vickery during a routine scan of open Amazon-hosted data silos, and these ones weren't exactly hidden. The buckets were named centcom-backup, centcom-archive, and pacom-archive. CENTCOM is the common abbreviation for the U.S. Central Command, which controls army operations in the Middle East, North Africa and Central Asia. PACOM is the name for U.S. Pacific Command, covering the rest of southern Asia, China and Australasia.

"For the research I downloaded 400GB of samples but there were many terabytes of data up there," he said. "It's mainly compressed text files that can expand out by a factor of ten so there's dozens and dozens of terabytes out there and that's a conservative estimate." Just one of the buckets contained 1.8 billion social media posts automatically fetched over the past eight years up to today. It mainly contains postings made in central Asia, however Vickery noted that some of the material is taken from comments made by American citizens. The databases also reveal some interesting clues as to what this information is being used for. Documents make reference to the fact that the archive was collected as part of the U.S. government's Outpost program, which is a social media monitoring and influencing campaign designed to target overseas youths and steer them away from terrorism.

Why use AWS?

Why doesn't the military store their own stuff?

Re:Why use AWS?

[DaHat]

Same reason they don't build their own airplanes, ships, guns, etc...

Re:Why use AWS?

[AHuxley]

The US mil really likes its Military–industrial complex. https://en.wikipedia.org/wiki/...–industrial_complex
Think of a world that allowed to US mil to spend millions on its own internal, secure networks.
Thats billions in build and long term support contracts lost to the shareholders and outside contractors.
What the US mil could secure for millions has been given to contractors to look after for billions. That money is gone. The once very secret and secure US mil data is.... ????

Re:Why use AWS?

[DivineKnight]

Money? That and if this happened on a military install, they'd be sporting an even larger black eye than they currently have ("You trusted Amazon? What's wrong with you?" vs. "Our nation's elite military 'cyber-warriors' can't secure a simple database from opportunistic h@x0rs...how the hell are they going to protect us from {enemy}?"). The first one is a gaff, the second one is a congressional inquisition into 'what exactly do you do with all that money we give you.'

Re:Why use AWS?

[MartinG]

That's not a great comparison.

Making their own planes and guns would be like making their own processors and hard drives. They would never do that.

The question was more about why they store their data on somebody elses computers. This would be like keeping their guns in someone elses warehouse, where that somebody makes the keys and locks to that warehouse.

Re: Why use AWS?

His too stupid what?

It's like I was telling them

[WillAffleckUW]

If it's in the cloud, even the secure cloud, it's open.

You may not think it is, but it is.

And, yes, other nations do - and will - have access to it.

Re:It's like I was telling them

[edtice1559]

As opposed to where? Completely disconnected from the Internet? Because AWS ("the cloud") is certainly a better choice than something you have to secure yourself.

Re:S3 buckets are locked down by default

[guruevi]

a) Amazon buckets didn't always come that way, it took some pressure for Amazon to accept that this was a poor default setting.
b) In most of these cases, it's simply incompetence - I can't get OAuth to work, let's just set it to public and hope nobody guesses the bucket name.

Told someone today...

[Chewbacon]

...as my company switches to AWS Workspaces, someone asked me what AWS is. I explained it and summarized: it's a very powerful and capable platform, yet its users are perfectly capable of powerfully shooting themselves in both feet.

Re:But!

[AHuxley]

They have placed their human spies deep within the command and policy setting structures of the US and UK mil, governments.
Why worry about "social media" when US and UK gov policy is been created by decades of well placed spies.
Other nations don't worry about social media in the same way the USA wasted billions trying to "sway" people.
"Social media" does not change a persons faith and what their faith will always command them to do.
Smart nations, faiths, cults, criminals just line their spies up at UK and UK job fairs and recruiting efforts on university campuses.
Over decades some move up to upper and middle management passing any efforts at detection by MI5, FBI.
A polygraph investigation (the test is just color of law cover for the long term investigation) won't find a person who is not lying and has never been corrupt.
Well placed spies then move to more trusted parts of the UK and UK mil thanks to changes in who needs to be added to the security services. Security is now second place to hiring lots of different people from all over the UK and USA with very different backgrounds. Other governments, cults, faith groups, criminal groups just line their clean, trusted spies up at jobs fairs and note who many of their best students get accepted every decade.
In the past the US and UK really put some thought into getting trustworthy staff. Now its just about virtue signalling that all kinds of applicants are welcome.

Social media spying is not that important for spying, other nations, cults, faiths, gangs, criminal groups have that covered with decades of their own people deep in the US, UK police, security services, special forces and mil.

The other aspect other nations really like using US and UK social media is to find US and UK spies trying to pass as low level UK, USembassy workers in their own nations.
The US and UK will often try and place advanced mil/university graduates with amazing "skills" in with their low ranking embassy staff.
Other nations use years of collected and stored social media to track back over embassy workers education and work history.
Private detectives and contractors who do complex background and reference checks will often be able to show when and how a persons social media was altered or created by US/UK clandestine services to create a fake history for a created embassy worker.
Its hard to pass a created image of a person enjoying a party with no link to the US mil when private detectives have saved images of the same person in a different part of the USA in the mil years ago. Collect it all was low cost and a lot of early social media was saved in real time.

UK Parliamentary data

UK Parliament moved their email and documents into the *Microsoft* cloud in Ireland......

(From Snowden): CIA was/is spying on all its allies, and each day a brief on legislation was prepared for Bush (and later Obama) on who was considering what legislation. If it was bad for the USA, it could be headed off. The joke being that when allied leaders called the President he already knew the details of the legislation they were going to talk about, and already had lined up talking points and counter allies as leverage.

So now all that cloud data is used to inform Donald Trump, his various business partners, and potentially (via the secure link Jared asked the Russians to provide) Trump's Russian friends too.

It's quite staggering that GCHQ would permit the highest law making body in the land to put its data into a cloud they know they and NSA have access to. Exposing the law making process to known foreign surveillance. Theresa May complains of Putin's 100+ propaganda channels trying to stir up racism during the Brexit vote... yet Parliament are exposed to back channel orange.