New NSA Leak Exposes Red Disk, the Army's Failed Intelligence System (zdnet.com) 29
Zack Whittaker, reporting for ZDNet: The contents of a highly sensitive hard drive belonging to a division of the National Security Agency have been left online. The virtual disk image contains over 100 gigabytes of data from an Army intelligence project, codenamed "Red Disk." The disk image belongs to the US Army's Intelligence and Security Command, known as INSCOM, a division of both the Army and the NSA. The disk image was left on an unlisted but public Amazon Web Services storage server, without a password, open for anyone to download. Unprotected storage buckets have become a recurring theme in recent data leaks and exposures. In the past year alone, Accenture, Verizon, and Viacom, and several government departments, were all dinged by unsecured data.
Whatever happened to the DoD Orange Book levels? I would have thought that they'd have mandatory protection on all their data.
Nearly all classified information is mundane garbage that nobody cares about. This "red disk" is a good example. TFA says it contains "sensitive information" but fails to list a single item of any significance.
I had a "secret" clearance for decades, and I would regularly see classified reports about stuff that had been in the newspaper months before. Even more ridiculous, some of these reports were reporting that a newspaper had reported on a report that was not supposed to be reported on.
I had a DoE Q clearance for a little over a decade with SCI for part of that. I did see information that was classified published publicly. I also saw information published publicly that would have been classified if it was accurate. Confirmation of the information, true or false, was classified as it should be.
Nearly all classified information is mundane garbage that nobody cares about.
I'll agree with that, but there are very important exceptions.
Good idea. No secrets. We'll just publish our nuclear weapon designs online so that everyone's on a level playing field.
Link where?
The people managing this data are the same ones many politicians think should be given a master key to all of our sensitive personal information, right?
More likely it was a bunch of contractors involved in a particular project that was unsuccessful and abandoned, leaving it "unmanaged". With the project over, and no people around that was involved anymore, probably no one even knew it it was out there. This is a common problem for large organizations that try to minimize the amount of IT staff on-hand, and outsource everything externally (not the leak necessarily, but the apparent lack of institutional awareness/knowledge). However on the books it looks li
Seriously... In this day and age, do you really think that this is an accident? Unless more info is know, I'm inclined to believe that this is fully intentional, and any idiot that attempts to run this software is going to get what he deserves.
... if he'd just put his info up anonymously this way. But instead he wanted to make sure there was journalistic curation by mejoro media orgs to limit info to stuff that proved his point about legal violations by NSA and other govt branches.
Have to think he's bitter now.