HomeTECHNOLOGYMisconfigured government mail server spilled sensitive military data for weeks

Misconfigured government mail server spilled sensitive military data for weeks


Related stories

Explore 101Desires.com for the Pinnacle of Technical Updates

Unlock the full potential of Google Workspace with 101Desires.com...

TrendzGuruji.me Cyber: Empowering Your Digital Fortress for Unbeatable Cyber Resilience in 2024

TrendzGuruji.me Cyber is a fast-growing platform that's changing the...

Terry Lee Flenory Age, Life, and Other Interesting Facts (2023)

Detroit, Michigan native Terry Lee Flenory is a successful...

The SWGoH Web Store: Your Path to Galactic Domination (Updated 2023)

Star Wars: Galaxy of Heroes, also known as SWGoH,...

Emma Argues with Principal Figgins: A Clash of Wills

Introduction Emma had always been a diligent student, dedicated to...


What just happened? A misconfigured mailbox server used by the US government for military e-mails has been secured after being open to the Internet for the past couple of weeks. The exposed server was discovered by good-faith security researcher Anurag Sen, who alerted TechCrunch so they could pass along the notice to government officials. According to the publication, the exposed server was hosted on Microsoft’s Azure government cloud for Department of Defense personnel.

Such servers are reportedly stored separately from machines used by other commercial clients. In this instance, the mailbox contained around three terabytes of internal military e-mails featuring data that is sensitive but not classified.

One e-mail seen by TechCrunch included a completed SF-86 questionnaire, a form used by those seeking to obtain or retain a security clearance in order to access classified information. These types of questionnaires are full of sensitive information and are highly desirable to foreign adversaries.

In 2015, hackers broke into the US government’s Office of Personnel Management (OPM) and were able to access sensitive information on nearly four million current and former federal employees. At the time, it was described as one of the largest thefts of government data ever seen.

TechCrunch notes that government networks responsible for handling classified information are not accessible from the Internet.

Data from Shodan suggests the server started leaking information on February 8. It is unclear if anyone else besides the security researcher accessed the mailbox, which was accessible using only a web browser and knowing the server’s IP address. TechCrunch believes human error is to blame for the exposure.

TechCrunch contacted the US Special Operations Command, or USSOCOM, on Sunday regarding the exposed server (USSOCOM is responsible for overseeing special operations by the Army, Navy, Marine Corps and Air Force). On Tuesday (Monday was a holiday in the US), USSOCOM spokesperson Ken McGraw said an investigation was under way and confirmed that nobody had hacked their system. The exposed server has since been secured.

Image credit: Maksim Goncharenok, Amol Tyagi


Source link


- Never miss a story with notifications

- Gain full access to our premium content

- Browse free from up to 5 devices at once

Latest stories