UPDATED 21:39 EDT / NOVEMBER 19 2017

CLOUD

Defense Department contractor leaves spying program data exposed on AWS cloud

The details of a global spying operation headed by the Department of Defense have been exposed after security researchers discovered data pertaining to the program on three publicly available Amazon Web Services Inc. servers.

The data, discovered by the team at UpGuard Inc., consists of at least 1.8 billion scraped online posts from individuals across the globe. They were seemingly gathered by CENTCOM and PACOM, the U.S. Central and Pacific military commands groups, respectively, in what appears to be a program of gathering and analyzing data from social media.

Although some of the data appeared vague and random, other parts were clearly security-related, with posts pertaining to politics in places like Pakistan and Iraq, as well ISIS and other jihadi groups.

Spying by the Department of Defense is hardly a startling revelation, but as UpGuard pointed out, much of the data was scraped from U.S. citizens within the United States itself, raising concerns as to the legality of the Pentagon spying on U.S. citizens, as well as raising privacy concerns.

The exposure of the data was said to have been caused by a contractor uploading the data to an Amazon S3 storage instance and then making its setting public. That means the data was freely available to anyone who knew where it was located, without the need for a password. Amazon, which sets these S3 “buckets” private by default, says best practice calls for restricting access to only those who absolutely need it.

Whether the contractor intentionally set up the S3 instance this way for convenience or did so in error is not clear at this stage, but if it was in error, it would be far from the first case. Barely a month goes by without yet another enterprise user having their data accessed because of an AWS S3 instance set to public access.

Recent cases of companies failing to secure their AWS S3 instances include Accenture PLC, Verizon Communications Inc.Dow Jones & Co., military contractor TigerSwan and defense contractor Booz Allen Hamilton Inc.

As the news of Department of Defense data first hit Friday, the state-funded Australian Broadcasting Corporation media network, also had data leaked because of a “misconfigured” AWS S3 instance.

Referring to that story specifically, Carl Wright, chief revenue officer at AttackIQ Inc., told SiliconANGLE that these cases should serve as a wake-up call for enterprises when it comes to cloud security.

“Many organizations are rapidly adopting cloud based services because of the fluid and elastic benefits it creates for the business,” Wright said. “It is imperative, as they embrace these capabilities, that they continuously use validation to ensure constantly changing cloud assets are secure and properly configured. This incident was easily avoidable and continues to highlight the lack of investment today, in effective security controls validation.”

Photo: Department of Defense

A message from John Furrier, co-founder of SiliconANGLE:

Show your support for our mission by joining our Cube Club and Cube Event Community of experts. Join the community that includes Amazon Web Services and Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger and many more luminaries and experts.

Join Our Community 

Click here to join the free and open Startup Showcase event.

“TheCUBE is part of re:Invent, you know, you guys really are a part of the event and we really appreciate your coming here and I know people appreciate the content you create as well” – Andy Jassy

We really want to hear from you, and we’re looking forward to seeing you at the event and in theCUBE Club.

Click here to join the free and open Startup Showcase event.