The National Geospatial-Intelligence Agency (NGA) retained over 60,000 classified documents from a US military project on an Amazon cloud storage server that were not authenticated, according to well-known security researcher Chris Vickery.
One of the country's top defence contractors for intelligence reportedly left the data unattended on a public Amazon server.
Passwords for a US government system holding private data and the security credentials of a senior worker at the largest defence contractor, Booz Allen Hamilton, are contained in the files.
That the archive is the most troubling aspect of the finding Master credentials that allowed for administrative access to a highly secure Pentagon system were also present in the released data.
Source: https://securityaffairs.com/59615/data-breach/defense-contractor-data-leak.html
TPRM report: https://scoringcyber.rankiteo.com/company/nga
"id": "nat199211123",
"linkid": "nga",
"type": "Data Leak",
"date": "06/2017",
"severity": "85",
"impact": "3",
"explanation": "Attack with significant impact with internal employee data leaks"{'affected_entities': [{'industry': 'Defense',
'location': 'United States',
'name': 'National Geospatial-Intelligence Agency (NGA)',
'type': 'Government Agency'},
{'industry': 'Defense',
'location': 'United States',
'name': 'Booz Allen Hamilton',
'type': 'Defense Contractor'}],
'attack_vector': 'Unsecured Cloud Storage',
'data_breach': {'number_of_records_exposed': '60,000',
'sensitivity_of_data': 'High',
'type_of_data_compromised': ['Classified Documents',
'Passwords',
'Security Credentials']},
'description': 'The National Geospatial-Intelligence Agency (NGA) retained '
'over 60,000 classified documents from a US military project '
'on an Amazon cloud storage server that were not '
'authenticated, according to well-known security researcher '
"Chris Vickery. One of the country's top defence contractors "
'for intelligence reportedly left the data unattended on a '
'public Amazon server. Passwords for a US government system '
'holding private data and the security credentials of a senior '
'worker at the largest defence contractor, Booz Allen '
'Hamilton, are contained in the files. That the archive is the '
'most troubling aspect of the finding Master credentials that '
'allowed for administrative access to a highly secure Pentagon '
'system were also present in the released data.',
'impact': {'data_compromised': ['Classified Documents',
'Passwords',
'Security Credentials']},
'references': [{'source': 'Chris Vickery'}],
'title': 'Unsecured Classified Documents on Amazon Cloud Server',
'type': 'Data Exposure',
'vulnerability_exploited': 'Lack of Authentication on Cloud Storage'}