A classified toolkit for potentially accessing US military intelligence networks was left exposed to the public internet, for anyone to find, according to security researchers today. A Linux-based virtual machine designed to safely receive and handle secret material, and connect to protected Pentagon computers, was discovered …
Tell me Evgeni and the Millions of Russian Hackers were involved somehow. Please. Pretty please. Can't we blame yet another stupidity resulting from abject incompetence on them somehow? No. Pity.
In any case, this explains why Amazon now has to provide a "Secret Region". Frankly, that is the only way the agency files can be kept safe. Quite clearly, they themselves do not have the competence to do so.
No no it's clearly Sarah Palin, pal of the Trump who can see Russia through her window. As such interesting and very astonishing as it seems to imply Trump can't be totally stupid as he can detect even something even more so. So lets wait and see if Trump is a Russia or Linux user.
What does Kaspersky have to do with any of this?
I admire your flawless logic: Kaspersky isn't involved in this security breach, therefore Kaspersky is, by definition, innocent of any security breach, known or unknown. Q.E.D.
You should tell your employer to come up with better bullshit next time. You seem much too eager to bring up Kaspersky for no obvious reason. A.k.a. the lady doth protest too much.
I have to wonder how much else is out there, not just on S3, which gets all the attention, but also all the other services where material is shareable via a web URL and access control is not baked into the client in the same way as it is on the server.
- Google docs
- SharePoint (not sure about this one, maybe AD auth makes it happen magically, but I never understood it)
Dollars to donuts if someone went poking around the URL space for these servers they would find things they should not.
Yet another one.
Despite the default being unable to do this, and Amazon even adding color coded flags to alert you when you change it.
Who or whatever could be doing this?
Once is an accident, twice is a coincidence, three times is stupidity, but constantly? Geez, who keeps pissing off the BOFH?
Forget for a moment it being on a unsecured bucket. Why is such material even in the cloud on a 3rd party hosting resource?
The rules are, once its uploaded somewhere outside your ownership and direct control, you have lost control. Simple as.
This fail cant be fixed by clickying a few flags on the container, only obscured a little.
So the USDoD built SIPRNET (as opposed to MILNET/NIPRNET) and various "high side"/TS networks with all kinds of bells and whistles. The problem with using these dedicated/hardened networks, and what these tools were trying to address, was how to get actionable intelligence quickly to/from the field. The more hoops to jump through, the older the intel gets, and the less useful/valuable it is. (insert misattributed Forrest quote "fustest with the mostest" here)
Labeling the container "INSCOM" in the clear wasn't *quite* as stupid as labeling it SIPR or somesuch, but I can see a lot of scenarios where it would be nice to, while you're really forward deployed, be able to get to tools, and the only thing you need is the local dishwalla (or whatever the Iraqi/Afghan/ME equivalent is) and a suitably hardened IronKey or somesuch.
Ah well, you (hopefully) learn something new every day, hopefully at somebody else's expense :-)
First off... equipment/software used for encrypted communication isn't classified as long as the keys aren't valid. The keys are changed quite often or valid for one use, so the chance they are still valid isn't likely.
It also doesn't make sense this is placed in a cloud, and not installed on a laptop.
Don't rule out the chance this is a honeypot of sorts. Run the applications at your own risk.
This post has been deleted by its author
Biting the hand that feeds IT © 1998–2019