US defense contractor stored intelligence data on Amazon server without a password

About 28GB of sensitive US intelligence data was discovered on a publicly-accessible Amazon Web Services’ S3 storage bucket. The cache, containing over 60,000 files, was linked to defense and intelligence contractor Booz Allen Hamilton, which was working on a project for the US National Geospatial-Intelligence Agency (NGA). NGA provides satellite and drone surveillance imagery for the Department of Defense and the US intelligence community.

The unsecured data was discovered by Chris Vickery, who now works as a cyber risk analyst for the security firm UpGuard.

According to UpGuard, the “information that would ordinarily require a Top Secret-level security clearance from the DoD was accessible to anyone looking in the right place; no hacking was required to gain credentials needed for potentially accessing materials of a high classification level.”

To read this article in full or to leave a comment, please click here

Network World Security