US military information leak found after data exposed for two weeks

by Jacob Fuller

Vicky Arias, FISM News

A security researcher over the weekend discovered a major cybersecurity leak on a server used by the nation’s Department of Defense (DOD).

Large caches of sensitive information contained in military emails were exposed on the internet for two weeks before the discovery was made and fixed.

The data was stored using Microsoft’s Azure cloud service and, through an apparent oversight, was set up without a password. As a result, anyone with the server’s IP address and using a web browser would’ve had access to the emails, some of which reportedly dated back for years, according to TechCrunch, who first reported the story.

The DOD on Monday stopped the breach.

Anurag Sen, the independent researcher who found the leak, discovered that up to three terabytes of sensitive military emails, much of it pertaining to the United States Special Operations Command (USSOCOM), had leaked.

The nation’s Special Operations Forces (SOF) carry out unique military campaigns including counterterrorism, unconventional warfare, and hostage rescues.

Part of the leak included one SF-86 questionnaire, which is a form filled out by individuals requesting national security positions or for those needing “access to classified information.” It’s part of a vetting process that extensively checks the backgrounds of these individuals and records highly personal information including financial, criminal, and mental health histories.

Although sensitive information was leaked, there are currently no findings that data categorized as classified was breached.

Ken McGraw, Special Operations spokesperson, told CNN that the unit “can confirm at this point … no one has hacked U.S. Special Operations Command’s information systems.”

According to the TechCrunch report, “it’s not known if anyone other than Sen found the exposed data during the two-week window that the cloud server was accessible from the internet.” The outlet “asked the Department of Defense if it has the technical ability, such as logs, to detect any evidence of improper access” but an answer wasn’t provided.

Although it doesn’t appear that the leak was tied to a hack, the U.S. government’s ability, or lack thereof, to secure its cyber networks is a crucial concern, as cyberterrorists routinely threaten the safety of the nation.

In 2021, Sen. Ted Cruz (R-Texas) questioned the Department of Justice regarding America’s “weakness to China” and Russia on the issue of cybersecurity.

“China has repeatedly used ransomware and cyberattacks to harm America,” Cruz said.

Not only has it attacked pipelines in an effort to cause physical damage, just [in 2021] hackers affiliated with the Chinese government attacked tens of thousands of computers across tens of thousands of organizations, including a significant number of small businesses, towns, cities, and local governments. Once again, unfortunately, the Biden administration responded to extreme threats with extreme weakness.

Cruz continued his inquiry, asking why sanctions hadn’t been imposed on China as a result of cyberattacks.

“And let me ask anyone on the panel,” Cruz said. “Do you have an answer as to why the administration has not sanctioned China for repeated cyberattacks over and over and over again against the United States?”

The press release reported that “no response” was given.