The experts from the security firm UpGuard have discovered another S3 bucket containing documents from INSCOM, that is a joint US Army and NSA agency.
A couple of weeks ago sensitive data from the US Army’s CENTCOM and PACOM divisions was exposed on an unsecured Amazon S3 bucket, experts from the security firm UpGuard found terabytes of US military social media surveillance.
Now the same team from UpGuard have discovered another S3 bucket containing documents from INSCOM, that is a joint US Army and NSA agency involved in intelligence, security, and information operations.
The S3 server contained a small number of files and folders, three of which were available for the download.
“Critical data belonging to the United States Army Intelligence and Security Command (INSCOM), a joint US Army and National Security Agency (NSA) Defense Department command tasked with gathering intelligence for US military and political leaders, leaked onto the public internet, exposing internal data and virtual systems used for classified communications to anyone with an internet connection.” reads the blog post published by UpGuard.
“Set to allow anyone entering the URL to see the exposed bucket’s contents, the repository, located at the AWS subdomain “inscom,” contained 47 viewable files and folders in the main repository, three of which were also downloadable. “
One of the files was an image of a virtual machine in Oracle Virtual Appliance (.ova) format. It was a Linux-based operating system and an attached virtual hard drive likely used for receiving Defense Department data from a remote location.
The experts were not able to access the data likely because it cannot be accessed without connecting to Pentagon systems.
The experts were able to analyzed the metadata of files stored on the virtual hard drive, they discovered that the SSD image was containing a huge trove of highly sensitive files, some of which were classified with the TOP SECRET and NOFORN (NO FOReign Nationals) security classifiers.
According to UpGuard, this was the first time it discovered classified information left freely accessible on Amazon S3 servers.
Another a folder in the same virtual machine image suggests that the system was also part of the Red Disk, a cloud computing platform that was part of the Distributed Common Ground System-Army (DCGS-A) intelligence platform.
“The exposed data also reveals sensitive details concerning the Defense Department’s battlefield intelligence platform, the Distributed Common Ground System – Army (DCGS-A) as well as the platform’s troubled cloud auxiliary, codenamed “Red Disk.”” continues the post.
The second downloadable file discovered by the experts is a plaintext ReadMe document stored on the virtual hard drive. The ReadMe file provides indications of instruction for the contents of the .ova and information on the location of additional Red Disk packages.
The third downloadable file was a compressed .jar titled “rtagger,” that seems to be a training snapshot for labeling and categorizing classified information, as well as assigning such data to “regions.”
(Security Affairs – NSA, data leak)
The post Top Secret US Army and NSA documents left exposed on Amazon S3 bucket appeared first on Security Affairs.