NOW: Huge Security Flaw Endangers US Military

( – BREAKING NOW: According to an article just published by TechCrunch, the U.S. Department of Defense has finally secured an exposed server responsible for spilling internal military emails to the open internet for two consecutive weeks.

The exposed server was hosted on Microsoft’s Azure government cloud, which is specifically reserved for Department of Defense customers. The cloud is physically separated from other commercial customers and can be used to share sensitive but unclassified government data.

The exposed server was part of an internal mailbox system that stored approximately three terabytes of military emails, many of which pertained to the U.S. Special Operations Command (USSOCOM). This military unit conducts special operations.

However, a misconfiguration left the server without a password, making the sensitive mailbox data inside easily accessible to anyone with an internet connection and knowledge of the IP address.

The server was discovered over the weekend by Anurag Sen, a good-faith security researcher well-known for finding sensitive data inadvertently published online. He provided the details to TechCrunch so that they could alert the U.S. government.

The server was full of internal military email messages dating back several years, some containing sensitive personnel information.

One of the exposed files included a completed SF-86 questionnaire filled out by federal employees seeking a security clearance and containing highly sensitive personal and health information. These questionnaires are valuable to foreign adversaries as they contain important background information on security clearance holders.

Despite the sensitive nature of the data, none of it appeared to be classified, which would be consistent with USSOCOM’s civilian network, as classified networks are inaccessible from the internet.

A listing on Shodan, a search engine that crawls the web for exposed systems and databases, indicated that the mailbox server was first detected spilling data on February 8. The cause of the exposure is likely due to a misconfiguration caused by human error.

TechCrunch reached out to USSOCOM on Sunday morning during a U.S. holiday weekend, but the exposed server wasn’t secured until Monday afternoon.

A senior Pentagon official confirmed that they had passed the details of the exposed server to USSOCOM, and the server was inaccessible soon after.

A spokesperson for USSOCOM confirmed that an investigation, which began on Monday, is underway. The spokesperson also stated that “at this point, no one hacked U.S. Special Operations Command’s information systems.”

It is not known if anyone other than Sen found the exposed data during the two-week window that the cloud server was accessible from the internet, and the Department of Defense did not respond to a request for information on their ability to detect any evidence of improper access or data exfiltration from the database.

Recent Posts