When you are one of the top defense contractors, paid $86 million to handle classified data, what is something you should probably not do with that data?
If you said leave it out in the open with no password protection, you would be right.
But that’s exactly what Booz Allen Hamilton did.
Highly sensitive US military files were left on a publicly accessible Amazon server with no password protection by a top defense contractor.
The 60,000 files were tied to a US military project and contained passwords for government systems that likely contained classified information.
The documents were discovered by Chris Vickery, an analyst at security firm Upguard, on the Amazon cloud server last week.
They were connected to a project for the US National Geospatial-Intelligence Agency (NGA).
The data in the files suggests they were uploaded by a senior engineer at the firm.
NGA confirmed the leak to Gizmodo but said no classified information had been disclosed and have since been secured.
A spokesperson said:
“NGA takes the potential disclosure of sensitive but unclassified information seriously and immediately revoked the affected credentials.”
They noted that the Amazon server was “not directly connected to classified networks.”
Vickery, a cyber security analyst, discovered the files while running a scan for Amazon’s publicly accessible cloud storage devices. FROM HIS HOME!
Not only did Vickery locate the military data, he also found the security credentials, which included the private password, of the Booz Allen employee.
“Exposing a private key belonging to a Booz Allen IT engineer is potentially catastrophic for malicious intrusion possibilities,” Vickery said.
Booz Allen has stated they are doing a thorough investigation of the incident and stressed that no classified information has been leaked.