US defence contractor Booz Allen Hamilton stored classified and sensitive defence data on Amazon's unprotected S3 cloud storage.
The stored data was publicly accessible and was connected to a US department responsible for battlefield satellite and drone surveillance imagery.
The classified data stored on Amazon Web Services' S3 storage service was first spotted by Chris Vickery, an analyst at security firm UpGuard. Soon after the discovery, Vickery contacted the chief information security officer at Booz Allen Hamilton as well as the US National Geospatial-Intelligence Agency (NGA). The NGA cut off access to the stored data within nine minutes of being informed by Vickery.
Details of 16,000 weapon licence-holders exposed in US cyber-attack
The information security team at Booz Allen Hamilton (BAH) reportedly responded to an e-mail by Vickery more than 24 hours after they were first contacted.
"After receiving no response from BAH to his initial notification, Vickery escalated his notification attempts by sending an email to the NGA at 10:33 AM PST, Thursday, May 25th. Nine minutes later, at 10:42 AM PST, the file repository was secured — an impressively speedy response time from a major US intelligence agency," noted Dan O'Sullivan, Cyber Resilience Analyst at UpGuard.
The National Geospatial-Intelligence Agency have since stated that even though the data stored in Amazon's publicly-available cloud storage was not classified or directly connected to classified networks, it was still potentially sensitive data and that they take such disclosures very seriously.
Government mull killing off enterprise encryption of customer data
"Due to the diligent work of Chris Vickery on behalf of UpGuard, and the rapid response of the NGA to his notification, a potentially catastrophic breach of systems dealing with the most sensitive corners of the US military-industrial apparatus was averted," O'Sullivan added.
The data uploaded to the unprotected cloud storage contained information on Booz Allen Hamilton engineer's remote login (SSH) keys as well as login credentials for another system owned by the contractor. If discovered by malafide hackers, the login credentials could have been used to unearth more sensitive and classified data connected to US defence departments.
This isn't the first time that Booz Allen Hamilton has been under the spotlight for data breach incidents. World-famous whistleblower Edward Snowden was an employee of the contractor when he released 10,000 classified documents related to the National Security Agency (NSA) in 2013. Another Booz Allen Hamilton employee, Hal Martin was recently arrested for stealing and leaking classified NSA data.
OneLogin data breach: Hackers decrypt secured user data, apps and keys
"This incident demonstrates yet again how damaging insider threats can be, even when the threat itself could come from carelessness as much as any actual malicious intent. The problem is that most enterprise defences – such as firewalls or anti-virus – aren’t designed to protect against internal threats. If the analyst who discovered the breach hadn’t been so diligent, who knows how long the problem might have continued for?" said Piers Wilson, Head of Product Management at Huntsman Security.
"Leaving classified data unprotected on the cloud is a monumental breach and that’s why it’s so important to have a way of monitoring systems – not only for the organisation’s own workers but for any contractors that are employed. Organisations need to ensure nothing untoward is taking place regarding such sensitive data or that, when it does, it is immediately flagged up to security analysts who are able to take action – without burying those analysts in false alarms,” he added.
Main Image Source: North Country Public Radio