Security company finds unsecured bucket of US military images on AWS


“Cyber resilience” company UpGuard claims to have found a publicly-accessible AWS S3 bucket full of classified US intelligence data. The company’s Dan O’Sullivan says colleague Chris Vickery found an “unsecured Amazon Web Services ‘S3’ bucket” and that the firm’s “Analysis of the exposed information suggests the overall project is related to the US National Geospatial-Intelligence Agency (NGA), a combat support and intelligence agency housed within the Department of Defense (DoD).” O’Sullivan’s post says “information that would ordinarily require a Top Secret-level security clearance from the DoD was accessible to anyone looking in the right place; no hacking was required to gain credentials needed for potentially accessing materials of a high classification level.” The post says “domain registrations and credentials within the data set point to private-sector defense firm Booz Allen Hamilton (BAH), as well as industry peer Metronome ” as the likely renters of the bucket.

Read full news article on The Register