Air Force probes sensitive data leak


The U.S. Air Force is currently investigating how and why a hard drive containing a trove of sensitive files and data was online and publicly accessible to anyone with an internet connection.

According to MacKeeper Security Research Center, the unsecured drive was discovered during a regular security audit of connected devices using the search engine. The drive allegedly belongs to an Air Force officer "who didn't realize that it was not secured," MacKeeper wrote in a release detailing its discovery of the drive.

MacKeeper said the drive contained "backup data" with files that included names and social security numbers of hundreds of service members – including high-ranking officers -- as well as a document listing details of open investigations into service members for allegations of sexual harassment, discrimination and other claims.

"One example is an investigation into a major general who is accused of accepting $50,000 a year from a sports commission that was supposedly funneled into the National Guard," said MacKeeper. "There were many other details from investigations that neither the Air Force or those being investigated would want publically leaked."

According to MacKeeper, the drive also contained a file with "Defense Information Systems instructions for encryption key recovery."

"This is a comprehensive step by step guide of how to regain access to an encryption key and all of the urls where someone can request information regarding a Common Access Card and Public Key Infrastructure," wrote MacKeeper.

The organization said the drive contained the owner's Joint Personnel Adjudication System account information that included the login, user ID and password, which would allow anyone access to the system containing personnel security investigation data.

"The database also included a copy of the North Atlantic Treaty Organization Information Security Training Manual and many other documents that may or may not be publically available," said MacKeeper.  

Upon discovering the drive, MacKeeper informed the Air Force and the drive was taken offline. MacKeeper said it could not determine if anyone other than the MacKeeper research team had accessed the drive and its contents.

The story of the MacKeeper discovery was first reported by ZDNet.

"There was a span of several hours between notification and shutdown," MacKeeper researcher Bob Diachenko told FCW. "I'm interpreting that to mean there was some difficulty in locating the physical device or figuring out what firewall rules were allowing it to communicate publicly."

Diachenko said the device was "part of DOD/USAF network infrastructure, but apparently by some configuration mistake it was put outside the firewall and became visible."

He said his team was not able to communicate directly with the owner of the drive, but they are cooperating with the USAF as they continue to investigate the incident.

"We are aware of the media reports and given the nature, take them extremely seriously," Air Force spokesman Zachary Anderson told FCW. "We continue to investigate the matter."

House Armed Services chairman Mac Thornberry (R-Texas) grimaced when FCW asked on March 16 if he was aware of the incident.

"I don't know about it," he said with a sigh. "Yes, I will look into it."

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


  • Congress
    U.S. Capitol (Photo by M DOGAN / Shutterstock)

    Funding bill clears Congress, heads for president's desk

    The $1.3 trillion spending package passed the House of Representatives on March 22 and the Senate in the early hours of March 23. President Trump is expected to sign the bill, securing government funding for the remainder of fiscal year 2018.

  • 2018 Fed 100

    The 2018 Federal 100

    This year's Fed 100 winners show just how much committed and talented individuals can accomplish in federal IT. Read their profiles to learn more!

  • Census
    How tech can save money for 2020 census

    Trump campaign taps census question as a fund-raising tool

    A fundraising email for the Trump-Pence reelection campaign is trying to get supporters behind a controversial change to the census -- asking respondents whether or not they are U.S. citizens.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.