The Department of Defense (DOD) is investigating a data server that potentially left sensitive but unclassified information exposed on the internet for two weeks, TechCrunch reported Tuesday.
A good-faith cyber researcher stumbled upon the open server while conducting a vulnerability test over the weekend, finding terabytes of DOD email content exposed to anyone on the internet, TechCrunch reported. DOD secured the server Monday afternoon, but it remains unclear whether malign actors accessed the emails, which contained personal information of DOD employees.
Data contained on the server dated back several years and was connected to an internal mailbox storing three terabytes of military emails, TechCrunch reported. Some of those emails enclosed information relating to U.S. Special Operations Command (USSOCOM).
The server began leaking data as early as Feb. 8 and was likely left exposed through human error, according to the outlet. A misconfiguration removed the password feature, meaning anyone with knowledge of the server’s IP address could access its contents.
“[What] we can confirm at this point is no one hacked U.S. Special Operations Command’s information systems,” U.S. Special Operations Command spokesperson Tim McGraw told TechCrunch. He said DOD initiated an investigation Monday.
#DYK, the DoD’s cyber terrain includes over 15,000 unclassified and classified networks, global cloud environments, all network-enabled devices, weapon systems, data used by warfighters, policymakers, and support personnel.
— U.S. Cyber Command (@US_CYBERCOM) January 3, 2023
The outlet did not review every email, but it did find at least one SF-86 questionnaire prospective federal employees must complete in order to obtain a security clearance. Those forms include sensitive health and personally identifying information and if obtained by an adversary can yield valuable information into the DOD workforce and potentially compromise personnel.
None of the data appeared to be classified, according to TechCrunch. Classified networks are blocked off from the internet for security reasons.
The researcher, Anurag Sen, provided the information to TechCrunch, which then notified USSOCOM on Sunday morning. After the outlet notified DOD of the exposed server, a senior Pentagon official told TechCrunch that DOD relayed the information to USSOCOM.
The DOD spokesperson did not provide details of whether DOD has the capability to detect whether unknown actors have accessed and extracted data based on a TechCrunch query.
The exposed server was one of several segmented servers hosted on Microsoft’s Azure, a cloud service specifically designed for DOD customers that physically separates servers from those intended for commercial use.
The DOD did not immediately respond to the Daily Caller News Foundation’s request for comment.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact [email protected].
Republished with permission from Daily Caller News Foundation
