The Department of Defense probably didn’t want poeple to know that it has been collecting billions of public internet posts from news sites, social media networks, and online forums. The cat was let out of the bag accidentally when it exposed the internet surveillance data on its cloud-based storage server. The online storage misconfiguration allowed anyone with a free Amazon AWS account to browse and even download the data.
This was discovered by UpGuard security researcher Chris Vickery. The Department of Defense was storing the billions of public posts that it had collected on Amazon S3 repositories. It didn’t make the storage servers private. What that means is that anyone with a free Amazon AWS account could access the data.
Vickery first noticed this in September. It was discovered that at least 1.8 billion posts of scraped internet content collected over the past 8 years were stored on these unsecured repositories.
The security researcher has added that he made sure that the repositories that were discovered were secured before this was reported to the media. It’s difficult to say, though, if the data had previously been accessed. It’s unclear how long these servers have been unsecured.
The DoD has since confirmed the data leak to CNN. “We determined that the data was accessed via unauthorized means by employing methods to circumvent security protocols,” said Maj. Josh Jacques, a spokesperson for the U.S. Central Command.
Once alerted, Centcom implemented “additional security measures” to ensure that the data can no longer be accessed without authorization.