The US Department of Defense Forgot to Protect Their Mail Server

At the beginning of this week, the US Department of Defense blocked a server that, over the past two weeks, has been exposing internal emails from the US military to everyone on the Internet.

Let me remind you that we also wrote that “No Fly List” – A List of People Who Are Forbidden to Board the Planes, Published on a Hacker Forum, and that The FBI found no evidence of Russia’s fight against extortionists.

Also the media wrote that Cryptographer Ryuk was attacked by the US Department of Defense contractor.

The unsecured server was hosted in the Microsoft Azure government cloud, intended for clients from the Department of Defense. This cloud uses servers that are physically separate from other commercial clients and can therefore be used to exchange sensitive but unclassified government data.

Left without a password, the server is part of the internal mail system and contains about three terabytes of internal letters, many of which belonged to the US Special Operations Command (USSOCOM). The absence of a password allowed anyone to access sensitive data simply by knowing the server’s IP address.

The problem was discovered by security researcher Anurag Sen, who informed TechCrunch journalists about his discovery so that they could help warn the US government about the leak.

According to the search engine Shodan, the mail server was first seen in the public domain on February 8, 2023. It is not entirely clear why this happened. Most likely, the fault was someone’s negligence and incorrect configuration.

The publication writes that the server has been filled with internal military mail for many years. Some of the letters contained confidential information about personnel, and one of the files even contained a completed SF-86 questionnaire, which is filled out by federal employees who want to obtain security clearance.

The journalists explain that these questionnaires contain important personal information and health data needed to screen people before they are allowed to work with sensitive data. The questionnaires also contain biographical information about persons who have access to classified information, which can be valuable information for foreign intelligence agencies.

TechCrunch notes that the editors could not find secret data among the letters, since secret USSOCOM networks are still inaccessible via the Internet.

After the journalists contacted USSOCOM, the server was properly protected, and it disappeared from public access last Monday. USSOCOM spokesman Ken McGraw said an investigation into the incident is ongoing.

At the moment, we can confirm that no one has hacked into the information systems of the US Special Operations Command.says McGraw.
However, it is not known whether anyone other than Sen managed to discover this server and the data stored on it. The journalists asked the representative of the Ministry of Defense if the department had the technical capabilities to make sure that there was no unauthorized access and data leakage (for example, some kind of logs), but the press secretary did not answer this question.
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button