Cybersecurity

Air Force probes sensitive data leak

 

The U.S. Air Force is currently investigating how and why a hard drive containing a trove of sensitive files and data was online and publicly accessible to anyone with an internet connection.

According to MacKeeper Security Research Center, the unsecured drive was discovered during a regular security audit of connected devices using the Shodan.io search engine. The drive allegedly belongs to an Air Force officer "who didn't realize that it was not secured," MacKeeper wrote in a release detailing its discovery of the drive.

MacKeeper said the drive contained "backup data" with files that included names and social security numbers of hundreds of service members – including high-ranking officers -- as well as a document listing details of open investigations into service members for allegations of sexual harassment, discrimination and other claims.

"One example is an investigation into a major general who is accused of accepting $50,000 a year from a sports commission that was supposedly funneled into the National Guard," said MacKeeper. "There were many other details from investigations that neither the Air Force or those being investigated would want publically leaked."

According to MacKeeper, the drive also contained a file with "Defense Information Systems instructions for encryption key recovery."

"This is a comprehensive step by step guide of how to regain access to an encryption key and all of the urls where someone can request information regarding a Common Access Card and Public Key Infrastructure," wrote MacKeeper.

The organization said the drive contained the owner's Joint Personnel Adjudication System account information that included the login, user ID and password, which would allow anyone access to the system containing personnel security investigation data.

"The database also included a copy of the North Atlantic Treaty Organization Information Security Training Manual and many other documents that may or may not be publically available," said MacKeeper.  

Upon discovering the drive, MacKeeper informed the Air Force and the drive was taken offline. MacKeeper said it could not determine if anyone other than the MacKeeper research team had accessed the drive and its contents.

The story of the MacKeeper discovery was first reported by ZDNet.

"There was a span of several hours between notification and shutdown," MacKeeper researcher Bob Diachenko told FCW. "I'm interpreting that to mean there was some difficulty in locating the physical device or figuring out what firewall rules were allowing it to communicate publicly."

Diachenko said the device was "part of DOD/USAF network infrastructure, but apparently by some configuration mistake it was put outside the firewall and became visible."

He said his team was not able to communicate directly with the owner of the drive, but they are cooperating with the USAF as they continue to investigate the incident.

"We are aware of the media reports and given the nature, take them extremely seriously," Air Force spokesman Zachary Anderson told FCW. "We continue to investigate the matter."

House Armed Services chairman Mac Thornberry (R-Texas) grimaced when FCW asked on March 16 if he was aware of the incident.

"I don't know about it," he said with a sigh. "Yes, I will look into it."

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Nominate Today!

Nominations for the 2018 Federal 100 Awards are now being accepted, and are due by Dec. 23. 

Featured

Reader comments

Tue, Mar 21, 2017 2RUFF4U

Makes you wonder if this was an 'accident" or an intentional breach intended for someone in particular to "find" this data and sensitive material. The continuing WiKi leaks and security loses occurring everyday give rise to the belief that maybe, just maybe, progress has led to sloppy and careless security. The fast push to the "cloud" (I read other peoples servers here) to "save" money and create "open" networks has opened a virtual Pandora's data box ripe for anyone to take anything they want. Encryption does not ensure security or stability when all our data in in some one else's hands. Usually you can find encryption keys in the midst of the very data and "secrets" people are trying to hide in plain sight. Serious concerns with the data breaches have not tempered our security. It would appear that there are those in places of high level of trust who are intent on breaking down the "American way of life" and giving out the secret and sensitive information that will eventually compromise our very existence. I hope not, but I see derth and destruction in the wings and it is scary.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group