EXPOSED AMAZON S3 SERVERS RESULTED IN INTELLIGENCE LEAKS FROM PENTAGON

Due to a misconfiguration, huge amounts of information stored in Amazon S3 Servers were exposed to the public, including intelligence from Pentagon.

Amazon S3, or Simple Storage Service, is storage for the Internet, similar to Google Drive.  It is designed to make web-scale computing easier for developers.

Amazon S3 has web services interface that can be used to store and retrieve any amount of data, at any time, from anywhere on the web.  It gives any developer access to the same highly scalable, reliable, fast, inexpensive data storage infrastructure that Amazon uses to run its own global network of web sites.

Unfortunately, during the past year, there has been a surge in data breach reports regarding Amazon S3 servers left accessible online, and which were inadvertently exposing private information from all sorts of companies and their customers.

In almost all cases, the reason was that companies, through their staff, left Amazon S3 drives, or “buckets”, configured to allow public access.  This implies that anyone with a link to the S3 server could access, view, or download its content.

On 17 November 2017, it was discovered that the leaked information did not only involve private companies, but also millions of data collected as intelligence information by the Pentagon.

The collection of data which was consequently exposed is managed by a third-party private firm named as VendorX, a firm that is not widely known, yet believed to be collaborating with the US Defense Department.

Three folders or buckets with subdomain were particularly leaked, namely: “CENTCOM-backup,” “CENTCOM-archive,” and “pacom-archive”.  CENTCOM refers to the US Central Command, based in Tampa, Fla. and responsible for US military operations from East Africa to Central Asia, including the Iraq and Afghan Wars. PACOM is the US Pacific Command, headquartered in Aiea, HI and covering East, South, and Southeast Asia, as well as Australia and Pacific Oceania.

The information uncovered in one of the three drives or buckets is evaluated to contain no less than 1.8 billion posts of scratched web content in the course of recent years, including content caught from news, comments, web discussions, and online networking platforms like Facebook, highlighting various dialects and starting from nations around the globe.  These tremendous measures of data is generally ordered and arranged to be searchable.  The information ranges from Middle East, South East, South Asia, East Asian and Australia.

Furthermore, a particular folder in the leaked information discusses what seems to be a tool called US Army’s “Coral Reef” Intelligence Software.  The Coral Reef program allows users of intelligence to better understand relationships between persons of interest as a component of the Distributed Common Ground System-Army (DCGS-A) intelligence suite.

The problem rests in the governments’ confidence in the belief that if they’re the only ones knowing the database’s URL, they are safe.  This always proves to be false.  Attackers can obtain these URLs using particular attacks on corporate networks, accidental employee leaks, or by brute-forcing domains for hidden URLs.

Regardless of the cause of the massive leak, the Pentagon is faced in a great dilemma.  They shall be held responsible for unauthorized collection of vast information globally, and for negligently exposing sensitive credentials to the public.  The leaked information must be dealt with corresponding action immediately before it falls to malicious attackers who may exploit such massive data breach.

 

 

Manny Cuevas

My name is Manny Cuevas a Security Researcher / Engineer for about 15 years that focuses on Web and Mobile applications and other platforms from the Island of Sulu, Philippines. I’m also a scientist, inventor and a top ranked hacker in the world that bypass all security systems.

 

Leave a Reply

Your email address will not be published. Required fields are marked *