Mercredi, 12 Décembre 2018
Dernières nouvelles
Principale » Pentagon exposed huge internet surveillance data cache

Pentagon exposed huge internet surveillance data cache

20 Novembre 2017

According to the security researchers at UpGuard, an Australian IT company based in the US, the Pentagon is the latest to have made the error of exposing large amounts of sensitive data to the public. Amazon recently added indicators and other measures to make it patently clear that S3 server data is publicly accessible. The data from only one bucket is estimated to contain 1.8 billion posts gathered over a period of eight years.

As numerous posts come from within America, UpGuard says the data collection "raises serious concerns about the extent and legality of known Pentagon surveillance against USA citizens".

The data was apparently collected by a now-defunct "VendorX", which UpGuard said shows third-party vendor risks that could impact even the "highest echelons of the Pentagon". What that means is that anyone with a free Amazon AWS account could access the data.

Pittsburgh police issue warrant for suspect in shooting of rookie officer
Police filed drug and flee/elude charges against Harper who is now in the Westmoreland County Jail. He's accused of killing New Kensington Officer Brian Shaw during a traffic stop Friday night.

The three buckets had the subdomain names "centcom-backup", "centcom-archive", and "pacom-archive", which provide an indication of what they signify. Given the enormous size of these data stores, a cursory search reveals a number of foreign-sourced posts that either appear entirely benign, with no apparent ties to areas of concern for USA intelligence agencies, or ones that originate from American citizens, including a vast quantity of Facebook and Twitter posts, some stating political opinions.

This was discovered by UpGuard security researcher Chris Vickery. Numerous posts captured from Facebook or Twitter seem to be political commentaries made by American citizens or other benign posts with no value for national security. It's hard to say, though, if the data had previously been accessed. This suggests the information may have been collected for surveillance purposes.

Even intelligence gatherers aren't immune to making mistakes that leave data wide open. It's unclear how long these servers have been unsecured. It's not clear whether or not these changes are a direct response to UpGuard's findings and the Pentagon data leak, or if this last event was merely the last straw that prompted Amazon to take action after multiple such leaks came to light in the past few months. It didn't make the storage servers private.

Pentagon exposed huge internet surveillance data cache