Cybersecurity

Booz Allen, NGA probe intel leak

Shutterstock image (by wk1003mike): cloud system fracture. 

Edward Snowden, Hal Martin and now another Booz Allen Hamilton employee could be involved in the leak of sensitive intelligence data -- though in the latest case, it appears it could be accidental.

As Gizmodo first reported, on May 24 Chris Vickery, a cyber risk analyst at UpGuard, discovered a trove of sensitive U.S. government data in an unsecured Amazon Web Services S3 bucket. He determined the data related to the National Geospatial-Intelligence Agency and appeared to have been uploaded by someone at BAH.

"Information that would ordinarily require a Top Secret-level security clearance from the DOD was accessible to anyone looking in the right place," UpGuard colleague Dan O'Sullivan wrote in a blog post. "No hacking was required to gain credentials needed for potentially accessing materials of a high classification level."

O'Sullivan stated that Vickery reported the find to BAH, and when the firm did not respond, he alerted the NGA, which promptly locked down the data.

"NGA confirmed an incident had occurred and that it did not involve access to classified information," the NGA said in a statement.

"NGA takes the potential disclosure of sensitive but unclassified information seriously and immediately revoked the affected credentials. The DevOps (.io) environment is separate from our production and not directly connected to classified networks in order to provide a level of standoff from operations."

NGA added that it will evaluate the situation before determining any course of action.

"It's important to note that a misconfiguration, properly reported and addressed, does not disqualify industry partners from doing business with NGA, though we reserve the right to address any violations or patterns of non-compliance appropriately," the statement continued.

BAH released a statement saying that it "promptly began an investigation into the accessibility of certain security keys in a cloud environment. We secured those keys, and are continuing with a detailed forensic investigation. As of now, we have found no evidence that any classified information has been compromised as a result of this matter."

The government has requested that UpGuard preserve the data it downloaded during the discovery, O'Sullivan wrote.

This situation is reminiscent of another case earlier this year when a security researcher at MacKeeper discovered an unsecured Air Force hard drive during a routine audit of publicly connected devices.

That drive contained backup data that included names and Social Security numbers of hundreds of service members and high ranking officers, as well as other sensitive documents, including a file with "Defense Information Systems instructions for encryption key recovery."  

MacKeeper researcher Bob Diachenko told FCW at the time that the device was "part of DOD/USAF network infrastructure, but apparently by some configuration mistake it was put outside the firewall and became visible."

Note: This article was updated on May 31 to clarify that the newly disclosed leak involved sensitive but not classified data. Additionally, the spelling of Dan O'Sullivan's name was corrected.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.