New NSA Leak Exposes Red Disk, the Army's Failed Intelligence System (zdnet.com) 67
Zack Whittaker, reporting for ZDNet: The contents of a highly sensitive hard drive belonging to a division of the National Security Agency have been left online. The virtual disk image contains over 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk." The disk image belongs to the US Army's Intelligence and Security Command, known as INSCOM, a division of both the Army and the NSA. The disk image was left on an unlisted but public Amazon Web Services storage server, without a password, open for anyone to download. Unprotected storage buckets have become a recurring theme in recent data leaks and exposures. In the past year alone, Accenture, Verizon, and Viacom, and several government departments, were all dinged by unsecured data.
Mandatory Protection? (Score:2)
Whatever happened to the DoD Orange Book levels? I would have thought that they'd have mandatory protection on all their data.
A.
Re:Mandatory Protection? (Score:5, Interesting)
Nearly all classified information is mundane garbage that nobody cares about. This "red disk" is a good example. TFA says it contains "sensitive information" but fails to list a single item of any significance.
I had a "secret" clearance for decades, and I would regularly see classified reports about stuff that had been in the newspaper months before. Even more ridiculous, some of these reports were reporting that a newspaper had reported on a report that was not supposed to be reported on.
More than 5 million Americans have security clearances. There are huge warehouses and data centers filled with "secrets". Meanwhile, our national debt is $20.5 trillion dollars.
Re: (Score:2)
I had a "secret" clearance for decades, and I would regularly see classified reports about stuff that had been in the newspaper months before. Even more ridiculous, some of these reports were reporting that a newspaper had reported on a report that was not supposed to be reported on.
I had a DoE Q clearance for a little over a decade with SCI for part of that. I did see information that was classified published publicly. I also saw information published publicly that would have been classified if it was accurate. Confirmation of the information, true or false, was classified as it should be.
Nearly all classified information is mundane garbage that nobody cares about.
I'll agree with that, but there are very important exceptions.
Re: (Score:3)
Good idea. No secrets. We'll just publish our nuclear weapon designs online so that everyone's on a level playing field.
Re: (Score:2)
Now if that is what they were trying to secure things would not be so bad but we all know what they are really trying so hard to secure, all the corruption and graft going on at the highest level and all the purposefully generated bullshit to feed it. Nuclear weapon design, yeah because why, with out the industrial and technical capacity even with the design you can not make one and with the industrial and technical capacity you can make your own. When it comes to nuclear weapons, size counts for fuck all,
Re: (Score:1)
It's so cute that you think that would actually make the world less safe than it is right now.
Re: (Score:2)
This is the exact opposite of what Sun Tsu said in The Art of War. It's hilariously wrong even if the US military is struggling to classify information in an effective manner. I've never heard this cute little quote but I suspect you lifted it from somewhere.
Where in the world did you hear this?
Re: (Score:2)
Exactly. Sun Tsu understood warfare long ago, and his teachings are as relevant today as they were in his lifetime. Of course, to further ensure the success of your operation when secrecy is a necessary condition, it's best to mislead all other parties, the enemy, your and their media, your domestic opposition, even possibly some of your command structure* and other units of your forces, allies, and otherwise uninvolved parties. They will be desperate for information, you should control that information whe
Re: (Score:2)
Now that's in top 10 of my "so stupid it can't be real" list this year. Hope you like sharing room with Trump, the North Korea news agency, "SJWs", anti-SJWs and misc. conspiracy theorists.
Re: (Score:2)
Is effective troll! You should get promotion.
Re: (Score:2)
Yeah, those Normandy landing were a complete washout, weren't they, Kamerad?
Re: (Score:2)
That has to be the dumbest statement I've heard in a long time. Try Pearl Harbor, the assassination of Admiral Yamamoto, the landings on Normandy, all of which were maintained as secrets until they happened (and the way the assassination of Yamamoto was carried out--by the US reading the Japanese code--remained a secret for long after). Certainly some military operations fail because someone broke the secrecy; the the Germans lost the Battle of the Atlantic in large part because of that. But it's not a f
Re: (Score:2)
Nearly all classified information is mundane garbage that nobody cares about.
I'll agree with that, but there are very important exceptions.
Indeed. But of course as a Q Clarence guy, you know that 1000 little pieces of "mundane" but related secrets equals one very interesting not so mundane secret...
Link (Score:1)
Link where?
Remind me (Score:5, Insightful)
The people managing this data are the same ones many politicians think should be given a master key to all of our sensitive personal information, right?
Re: (Score:2)
No he makes a good point. The most fearful, career climbing, anal retentive weasels of our military and intelligence communities can't keep secrets and they're trying to convince us that master keys on all our data will only be used with the tightest of safeguards.
Even if it wasn't a lie, all evidence indicates that they will fail to keep any sort of master keys from the hands of criminals or hostile governments.
Unmanaged (Score:5, Interesting)
More likely it was a bunch of contractors involved in a particular project that was unsuccessful and abandoned, leaving it "unmanaged". With the project over, and no people around that was involved anymore, probably no one even knew it it was out there. This is a common problem for large organizations that try to minimize the amount of IT staff on-hand, and outsource everything externally (not the leak necessarily, but the apparent lack of institutional awareness/knowledge). However on the books it looks like the employee footprint is smaller, which I guess is the point.
Re: (Score:2)
More likely they just hired idiots. If the s3 bucket was ever managed at all it should never have been exposed without some access management in place. Amazon doesn't even make it hard.
Re: (Score:2)
It seems more likely that abandoned projects would have lost/forgotten passwords, not zero security at all on cloud services.
I get passwords set to "password" or blank for internal-facing only systems, I see that about once in a while when I end up confronting mystery systems at clients. But most of the time the problem is nobody knows what the password is.
Re: (Score:2)
Re: Unmanaged (Score:3)
Re: (Score:2)
Saddest part ... (Score:2)
...
New NSA Leak ...
Intentional? (Score:5, Insightful)
Seriously... In this day and age, do you really think that this is an accident? Unless more info is know, I'm inclined to believe that this is fully intentional, and any idiot that attempts to run this software is going to get what he deserves.
Re: (Score:2)
Its the 1950-70's. Vast amounts of data is been collected in real time globally. Total encryption would slow down translation and searching.
What to do with all that data been kept on a secure base? Keep it in plain text so everyone with the correct clearance could read, search the globally collected material. From any other base or agency in the USA. While the UK was still sorting paper work and index cards the USA had real time, networked digital searching
Re: (Score:2)
If the Visigoths (whoever they might be) invaded the US and brought it down, who would be the new Big Guy On The Block? You'd rather live with them dominating you?
no! (Score:2)
Re: (Score:2)
I've got a bad feeling about this...
systematic problem in IT (Score:2)
Re: (Score:2)
On the flip side, it is very difficult to quantify and otherwise rate the benefits of the various contra
Think how much grief Snowden could have avoided... (Score:2)
... if he'd just put his info up anonymously this way. But instead he wanted to make sure there was journalistic curation by mejoro media orgs to limit info to stuff that proved his point about legal violations by NSA and other govt branches.
Have to think he's bitter now.
A Picture Is Worth a Thousand Words (Score:3)
http://www.jklossner.com/humannature/ [jklossner.com]
John Klossner hit this on the head back in 2006.
Re: (Score:2)
Why don't we ever see leaks from other countries?
Because they kill their leakers?
Re: (Score:2)
They don't use network computer in the same way for mil projects.
A super computer can do calculations for mil systems.
Dont put your entire mil system on an internet facing network for the NSA, CIA, GCHQ to read from in real time.
Other nations have finally understood what the NSA and GCHQ did to their security in the 1950-1990's.
Other nations spend millions on human spies entering the USA, UK over generation
Govt Program Naming Note. (Score:2)
I vaguely remember seeing references and a diagram of Red Disk. As a data point, in general the communities will keep extending projects outwards along the same naming dimension, so expect programs named "gold disk," "blue disk," etc.
Projects actually never fail in the way you'd think. Everyone learns a whole lot, then moves on to the next iteration.
Red Disk itself was one of the first attempts at what's now called a data lake, I think. You can probably dig it out of google if you cared. There were one or t
Let's stop pretending we went to the moon (Score:2)
Honeypot? (Score:1)
Consider the possibility that this is information/disinformation they WANT to be out, without the responsibility of actually releasing it. Just a thought.