A Department of Defense (DOD) email server reportedly leaked internal military communications inadvertently across the internet for roughly two weeks before it was discovered by an independent cybersecurity researcher and subsequently secured.
The DOD’s Special Operations Command (USSOCOM) has since launched a probe into the incident, Special Operations Command (SOCOM) spokesperson Ken McGraw told The Epoch Times.
The open server was secured on Feb. 20 by the DOD, McGraw said, adding that the command “initiated an investigation into information we were provided about a potential issue with the command’s Cloud service.”
“The only other information we can confirm at this point is no one has hacked US Special Operations Command’s information systems,” McGraw added.
Sensitive Information on Server
A misconfiguration with the DOD server allegedly hosted on Microsoft Azure’s government cloud left it accessible with a password, meaning that it could be accessed by anyone on the internet via the server’s correct IP address, according to Tech Crunch.The exposed server was part of an internal mailbox system that stored around three terabytes of military emails, some of which dated back years and mainly related to USSOCOM, the report said.
Such data included the sensitive personal and health information of federal employees that were being vetted for security clearance, according to TechCrunch.
While the information accessible on the server was personal in nature, none of the data that was viewed by TechCrunch appeared to be classified, it said.
Sen said on Twitter on Feb. 21 that he had reported the exposed server and that it has since been secured.
No-Fly List Exposed
It is unclear if anyone else was able to access the exposed server and the data on it within the two-week period that it was unsecured.“Should any incidents be discovered during these regular operations, we fully mitigate, protect, and defend our networks and systems. Any information or insight is shared with relevant agencies and partners if appropriate,” the spokesperson added.
This is not the first time that databases belonging to the U.S. government have allegedly been exposed.
That server was also found through the search engine Shodan.
A Department of Defense Spokesperson told the Epoch Times in an emailed statement: “The Department of Defense DoD is aware of the potential exposure of DoD unclassified, commercially cloud-hosted data to the Internet over the past two weeks. The affected server was identified and removed from public access on February 20.”
“U.S. Cyber Command and Joint Force Headquarters-Department of Defense Information Network continue to work with affected DoD entities and the Cloud Service Provider to assess the scope and impact of this potential data exposure. The DoD Chief Information Officer in coordination with JFHQ-DODIN is working with the CSP to understand the root cause of the exposure and why this problem was not detected sooner. DOD CIO will direct changes in CSP security measures as required based on any findings and recommendations. We will notify any DoD personnel affected by the incident appropriately and following Federal Law and DoD Policy. DoD takes this matter very seriously and will incorporate all lessons learned from this event to strengthen its cybersecurity posture.”
