The US Department of Defense Forgot to Protect Their Mail Server

At the beginning of this week, the US Department of Defense blocked a server that, over the past two weeks, has been exposing internal emails from the US military to everyone on the Internet.

Also the media wrote that Cryptographer Ryuk was attacked by the US Department of Defense contractor.

The unsecured server was hosted in the Microsoft Azure government cloud, intended for clients from the Department of Defense. This cloud uses servers that are physically separate from other commercial clients and can therefore be used to exchange sensitive but unclassified government data.

Left without a password, the server is part of the internal mail system and contains about three terabytes of internal letters, many of which belonged to the US Special Operations Command (USSOCOM). The absence of a password allowed anyone to access sensitive data simply by knowing the server’s IP address.

The problem was discovered by security researcher Anurag Sen, who informed TechCrunch journalists about his discovery so that they could help warn the US government about the leak.

According to the search engine Shodan, the mail server was first seen in the public domain on February 8, 2023. It is not entirely clear why this happened. Most likely, the fault was someone’s negligence and incorrect configuration.

The publication writes that the server has been filled with internal military mail for many years. Some of the letters contained confidential information about personnel, and one of the files even contained a completed SF-86 questionnaire, which is filled out by federal employees who want to obtain security clearance.

The journalists explain that these questionnaires contain important personal information and health data needed to screen people before they are allowed to work with sensitive data. The questionnaires also contain biographical information about persons who have access to classified information, which can be valuable information for foreign intelligence agencies.

TechCrunch notes that the editors could not find secret data among the letters, since secret USSOCOM networks are still inaccessible via the Internet.

After the journalists contacted USSOCOM, the server was properly protected, and it disappeared from public access last Monday. USSOCOM spokesman Ken McGraw said an investigation into the incident is ongoing.