On Monday, the U.S. Department of Defense shut down a server that had been leaking private emails from the American military to the public internet for the previous two weeks.
The exposed server was housed on a Department of Defense server that was part of Microsoft’s Azure government cloud, which uses servers that are physically isolated from other commercial customers and can therefore be utilized to share private but unclassified government information.
The exposed server was a component of an internal mailbox system that included around three terabytes of internal military emails, much of which were regarding USSOCOM, the American military organization responsible for carrying out special military operations.
Nevertheless, due to a misconfiguration, the server was left without a password, making it possible for anyone with access to the internet to view the private mailbox contents by simply knowing the server’s I.P. address.
Anurag Sen, a trustworthy security researcher well known for finding private information that has unintentionally leaked online, discovered the unprotected server over the weekend and informed TechCrunch so that we could notify the American authorities.
In the Office of Personnel Management of the U.S., there was a data breach in 2015; suspected Chinese hackers stole millions of private background check files of government workers seeking security clearance. The site was crammed with old internal military emails, some containing private information about soldiers.
U.S Military Emails Server Exposed
A filled-out SF-86 form was included in one of the disclosed files. It is filled out by government employees seeking a security clearance and contains extremely sensitive personal and health information for screening people before they are cleared to handle classified information. These employee questionnaires include a good deal of background data on security clearance holders that is useful to foreign foes.
As classified networks are unreachable from the internet, data did not appear to be any of it, which would be consistent with USSOCOM’s civilian network.
The mailbox server was discovered to be leaking data for the first time listing on the search engine Shodan from February 8 says that it scrapes the internet for vulnerable systems and databases. Although the exact circumstances are unclear, it is most likely the result of a configuration error brought on by a human.
As a U.S. holiday weekend was underway, TechCrunch notified USSOCOM on Sunday morning; nonetheless, the vulnerable server was secured on Monday afternoon. The server quickly became inoperable. An upper-level Pentagon officer who was reached via email acknowledged that USSOCOM had been given information about the exposed server.
Ken McGraw, a spokesman for USSOCOM, stated in an email on Tuesday that an inquiry that started on Monday is ongoing. The information systems of U.S. Special Operations Command have not been compromised, we can confirm at this time, said McGraw.
It’s unknown if anyone else except Sen discovered the exposed information during the two weeks that the cloud server was reachable online. The Department of Defense may have the technical capacity to identify any evidence of unauthorized access or data exfiltration from the database using logs, but the representative did not respond.
Conclusion
A server that had been leaking secret US military emails from the American armed forces to the public internet for the past two weeks was shut down by the U.S. (Department of Defense) on Monday. The exposed server was located on a Department of Defense server that was a component of Microsoft’s Azure government cloud, which makes use of physical separation between its servers and other commercial clients to enable the sharing of confidential but unclassified government data.
A portion of an internal mailbox system that included three terabytes of internal military emails, many of which were about USSOCOM, the American army agency in charge of conducting special military operations, was exposed. The exposed server was a part of this internal mailbox system. Nevertheless, a misconfiguration rendered the server passwordless, allowing anyone with an internet connection to examine the contents of a private mailbox by simply knowing the server’s I.P. address.
