On Monday, the Department of Defense shut down an unprotected server that had been leaking classified U.S. military emails onto the public internet for the previous two weeks. When it comes to sharing sensitive but unclassified government data, Microsoft’s Azure government cloud for Department of Defense customers is the way to go because its servers are physically separated from those used by commercial users.
U.S. Special Operations Command, or USSOCOM, is the branch of the United States military responsible for carrying out special military operations, and many emails pertaining to USSOCOM were stored on the exposed server as part of an internal mailbox system containing about three terabytes of such emails.
Subscribe today to WayneDupree.com and we will keep you up to date with what’s going on in Washington and across the nation. SUBSCRIBE NOW: Just $5.00 a month!
But, due to a configuration error, anyone with knowledge of the server’s IP address can access the private mailbox data stored within using simply a web browser.
Over the weekend, an honest security researcher by the name of Anurag Sen discovered the unsecured server and informed TechCrunch so that we could notify the United States authorities.
The server was stuffed to the gills with years’ worth of private military email conversations, some of which contained classified information about military people. One of the disclosed files was a filled out SF-86 questionnaire, which government employees use to apply for a security clearance and which contains very sensitive personal and health information. Personnel questionnaires like this can yield a wealth of information on clearance holders’ histories that could be useful to hostile nations. In a data breach at the U.S. Office of Personnel Management in 2015, hackers believed to be from China stole millions of sensitive background check files of government employees who sought security clearance.
Considering that USSOCOM’s civilian network is not meant to be accessed over the internet, TechCrunch’s limited access to the data suggests that none of it is secret.
The mailbox server was found to be leaking data for the first time on February 8, according to a listing on Shodan, a search engine that scrapes the web for vulnerable systems and databases. It’s unclear how the mailbox information leaked out onto the public internet, although it probably happened owing to a misconfiguration on someone’s part.
On Sunday morning of a U.S. holiday weekend, TechCrunch contacted USSOCOM, but the vulnerable server wasn’t patched until Monday afternoon. A high-ranking Pentagon official responded to an email inquiry by saying they had informed USSOCOM about the vulnerable system. Soon after that, the server became inoperable.
In an email sent out on Tuesday, USSOCOM spokesman Ken McGraw confirmed that an investigation had begun the previous Monday. “We can confirm at this point that no one compromised U.S. Special Operations Command’s information systems,” McGraw said.
There’s no way to tell if anyone except Sen stumbled onto the exposed data during the two weeks that the cloud server was available on the internet. TechCrunch questioned a Department of Defense spokesman if the agency keeps logs or other records that might indicate unauthorized access to the database or the exfiltration of sensitive information; the spokesperson declined to comment.