The US military has experienced a significant data leak, which released thousands of documents – some classified – of the US Air Force onto the internet.
In total, it is suspected that the personal details of over 4,000 officers, including their names, ranks, addresses and social security numbers were released.
The released information reportedly contains sensitive and personal details of members of the US Air Force in senior positions, or top authority positions.
As some of these men and women have top secret security clearance and so the incident is of national importance.
>See also: What must businesses learn from the Yahoo data breach?
It is suspected that an unsecured backup drive of a lieutenant colonel – who was not named – was the alleged cause of the leak.
This is according to MacKeeper security researchers, who first discovered the breach during a weekly security audit.
The researchers commented: “The most shocking document was a spread sheet of open investigations that included the name, rank, location, and a detailed description of the accusations. The investigations range from discrimination and sexual harassment to more serious claims.”
“One example is an investigation into a Major General who is accused of accepting $50k a year from a sports commission that was supposedly funnelled into the National Guard. There were many other details from investigations that neither the Air Force nor those being investigated would want publicly leaked.”
Commenting on how the data was discovered, Bob Diachenko – security researcher at MacKeeper – told the IBTimes UK in an email: “We conduct weekly security audits using the IOT / open port search engine called Shodan (it is similar to Google, but is a public search engine for connected devices). During the audit we identified an unprotected NAS device (Network Attached Storage) that was publicly streaming data and allowed anyone with Internet connection could have viewed and possibility even downloaded it.”
>See also: The world’s biggest data hacks revealed
Among the leaked documents, according to reports, is a file that has step by step instructions on how to recover encryption keys for Defence Information Systems.
This leak, suggests national security experts, represents the “holy grail” for spies and rival governments.
“Foreign powers might use that information to target those individuals for espionage or to otherwise monitor their activity in the hopes of gaining insight into US national security posture,” Susan Hennessey, a former attorney at the National Security Agency, told ZDNet.
“Still, it is the obligation of the government to keep this kind of information safe, both in order to protect the privacy of those who serve and their families and to protect them against being placed in difficult situations unnecessarily,” Hennessey concluded.
Careless
Lee Munson, security researcher at Comapritech.com asks the question of how something so careless could happen: “what a US lieutenant colonel was doing with an unsecured drive full of personal information in the first place?”
>See also: Six steps to avoid becoming a data breach statistic
“Within the US army, such a basic and avoidable mistake is totally unforgivable, especially considering the nature of what it does and the fact that the leaked data is ripe for blackmailing purposes.”
“The senior officer responsible will, I suspect, be very fortunate indeed not to appear on the next list of open investigations that find their way onto, what I hope, will be a secured backup drive next time around.”
