The U.S. Department of Defense secured the exposed server on Monday after it was leaking internal military emails to the open internet for the past two weeks. This exposes a potentially sensitive information that could have been accessed by hackers and other malicious individuals. The department is investigating how this occurred and whether any specific individuals were responsible for this unauthorized release of sensitive data.
The Microsoft Azure cloud is a popular platform for hosting sensitive government data. Services such as restrictedshared folders and virtual machines allow government employees to have separate accounts that don’t affect the operations of other customers. While this setup can be helpful in protecting unclassified data, it poses a risk when an exposed server is part of an internal mailbox system. This system was used to store emails from U.S. Special Operations Command, which contains information regarding special military operations and may be classified.
The security breach at the mail server left sensitive email data vulnerable to anyone on the internet. The lack of a password left the server open to attack, even though it was configured with standard security measures such as firewalls and antivirus software.
Anurag Sen, a security researcher who has found sensitive data published online in the past, found the exposed server over the weekend. After investigating further, he determined that it was belonged to a government entity and reported it to TechGround so that we could alert US authorities.
The stolen questionnaire file exposed in the 2015 federal data breach contained sensitive personal information for federal employees seeking security clearance, thus exposing them to potential espionage by foreign adversaries. Particularly valuable to malicious actors was the extensive background information on security clearance holders which could be used to exploit individuals before accessing sensitive government intelligence.
It seems that USSOCOM has a well-secured civilian network that is separate from its classified networks. This could help to ensure the security of their personnel and information.
The exposure of email data from a mailbox server on Shodan indicates that hackers remain focused on compromising sensitive information stored on systems connected to the internet. Despite increased security measures implemented by businesses, attackers are still able to find ways to exploit vulnerabilities and access sensitive data.
The Pentagon has confirmed that a server containing sensitive, detailed information on military operations was left exposed for weeks during the U.S. holiday weekend, potentially putting troops and equipment at risk. USSOCOM was made aware of the issue on Sunday morning but failed to secure the server until Monday afternoon, leaving it accessible to anyone who happened to stumble upon it. The Pentagon is currently investigating how this could have happened, and whether any damage has been done as a result.
The spokesperson said in an email that the investigation is currently underway, but that it appears no one had hacked into Special Operations Command’s information systems. This comes as a relief to many people who worry about the security of these networks, and shows just how careful organizations have to be when it comes to protecting their data.
In the two weeks after an Army database containing personally identifiable information was publicly exposed on the internet, forensic investigators attempted to determine who accessed and exfiltrated the data. However, it is not known if anyone other than Sen found the exposed data during that time window. The Department of Defense has said it does not have any logs that would indicate improper access or data exfiltration from the database.