A Department of Defense (DOD) email server reportedly leaked internal military communications inadvertently across the internet for roughly two weeks before it was discovered by an independent cybersecurity researcher and subsequently secured.
The DOD’s Special Operations Command (USSOCOM) has since launched a probe into the incident, Special Operations Command (SOCOM) spokesperson Ken McGraw told CNN on Feb. 21.
USSOCOM, also known as SOCOM, is a unit within the DOD that oversees and coordinates special operations in various military branches, including the Army, Navy, Marine Corps, and Air Force.
The open server was secured on Feb. 20 by the DOD, McGraw said, adding that the command “initiated an investigation into information we were provided about a potential issue with the command’s Cloud service.”
“The only other information we can confirm at this point is no one has hacked US Special Operations Command’s information systems,” McGraw added.
The data leak was first reported by TechCrunch, which said that independent cybersecurity researcher Anurag Sen discovered it and contacted the publication, which then informed USSOCOM.
Sensitive Information on Server
A misconfiguration with the DOD server allegedly hosted on Microsoft Azure’s government cloud left it accessible with a password, meaning that it could be accessed by anyone on the internet via the server’s correct IP address, according to Tech Crunch.
Microsoft, as well as Amazon, Google, and Oracle, were all awarded lucrative cloud contracts with the DOD valued at up to $9 billion in total in December.
The exposed server was part of an internal mailbox system that stored around three terabytes of military emails, some of which dated back years and mainly related to USSOCOM, the report said.
Such data included the sensitive personal and health information of federal employees that were being vetted for security clearance, according to TechCrunch.
While the information accessible on the server was personal in nature, none of the data that was viewed by TechCrunch appeared to be classified, it said.
Sen said on Twitter on Feb. 21 that he had reported the exposed server and that it has since been secured.
“The U.S. Department of Defense was spilling terabytes of internal U.S. military emails to the internet,” Sen wrote.
TechCrunch, citing the search engine Shodan, which gathers information about internet-connected devices and systems, said the unsecured server began leaking data on Feb. 8.
No-Fly List Exposed
It is unclear if anyone else was able to access the exposed server and the data on it within the two-week period that it was unsecured.
Separately, a spokesperson for the U.S. Cyber Command told The Hill: “As a matter of practice and operational security, we do not comment on the status of our networks and systems. Our defensive cyber operators proactively scan and mitigate the networks they manage.”
“Should any incidents be discovered during these regular operations, we fully mitigate, protect, and defend our networks and systems. Any information or insight is shared with relevant agencies and partners if appropriate,” the spokesperson added.
This is not the first time that databases belonging to the U.S. government have allegedly been exposed.
In January, the Transportation Security Administration said it had launched an investigation after a Swiss hacker claimed to have come across a copy of its no-fly list, which lists known or suspected terrorists who are prohibited from flying, on an unsecured server linked to the commercial airline company, CommuteAir.
That server was also found through the search engine Shodan.
The Epoch Times has contacted USSOCOM and Microsoft for comment.
From The Epoch Times
