The US Department of Defense has blocked a server that leaked internal US military emails on the Internet for the past two weeks. The unprotected server was hosted in the government’s Microsoft Azure cloud, intended for the Department of Defence customers. This cloud uses servers physically separate from other commercial clients and can therefore be used to exchange sensitive but unclassified government data. The server, part of the internal mail system, contained about three terabytes of internal emails, many of which belonged to the United States Special Operations Command (USSOCOM). The absence of passwords allowed anyone to access sensitive data simply by knowing the server’s IP address.
The problem was discovered by security researcher Anurag Sen, who informed TechCrunch journalists of his discovery so they could help alert the US government of the leak. According to the search engine Shodan, the mail server was first seen in the public domain on 8 February 2023. It needs to be clarified why this happened. Most likely, someone’s negligence and misconfiguration were to blame. The server seemed to have been full of internal military mail for many years. Some of the e-mails contained confidential personnel information, and one of the files even included a completed SF-86 questionnaire filled out by federal employees seeking security clearance. Journalists explain that these questionnaires contain important personal information and health data needed to screen people before they are cleared to work with sensitive data.
Sensitive pieces of information
The questionnaires also contain biographical information about people accessing classified information, valuable information for foreign intelligence agencies. After journalists contacted USSOCOM, the server was secured and disappeared from public access on Monday. USSOCOM spokesman Ken McGraw said an investigation into the incident is ongoing. “At this time, we can confirm that no one breached the US Special Operations Command’s information systems,” McGraw said. However, whether anyone other than Sen discovered this server and the data stored on it is yet to be known.
Even if it was not a hacker attack in this case, various private and governmental companies worldwide have warned global governments of the increase in hacker campaigns aimed at breaching the servers of military organizations, especially those close to or part of NATO. At the time of writing, a pro-Russian cyber group Noname057 claimed on Telegram to have conducted a DDoS (Denial of Service) attack with botnets on several Italian institutions and companies, including ministries. The collective cited the visit of the Italian Prime Minister, Giorgia Meloni, to Kyiv as the reason for the attack. This new frontier of digital warfare presents a unique set of challenges for governments and international organizations seeking to regulate themselves internally to impose acceptable levels of risk on their country systems.
