WyzGuys Tech Talk

Many companies and organization are moving their data repositories to the cloud, to places such as Amazon Web Services (AWS).  Hopefully, if your company is moving to the cloud, you are doing a better job securing this information than the Department of Defense or the National Security Agency.

The first story involves a trove of data left on AWS servers, and discovered by security researcher Chris Vickery from UpGuard.  The first question is what the DOD and Centcom were doing running surveillance operations against American citizens on social media platforms?  When the operation was over, this data was left on AWS in a state where it could be access by UpGuard.  Granted, what UpGuard did was technically a violation of computer law, but the point is that if UpGuard could do it, then the same access would be available to be exploited by foreign intelligence organizations and cyber-criminal groups.

UpGuard’s comment on this information:

“The data exposed in one of the three buckets is estimated to contain at least 1.8 billion posts of scraped internet content over the past 8 years, including content captured from news sites, comment sections, web forums, and social media sites like Facebook, featuring multiple languages and originating from countries around the world. Among those are many apparently benign public internet and social media posts by Americans, collected in an apparent Pentagon intelligence-gathering operation, raising serious questions of privacy and civil liberties.”

The second story is about another leak from the NSA.  With the information already leaked by Edward Snowden, and the cyber-underground group The Shadow Brokers, you might think there was little left to lose.  That was not the case.  Another trove of information on AWS was discovered by Chris Vickery and UpGuard.

“On September 27th, 2017, UpGuard Director of Cyber Risk Research Chris Vickery discovered an Amazon Web Services S3 cloud storage bucket configured for public access. Set to allow anyone entering the URL to see the exposed bucket’s contents, the repository, located at the AWS subdomain “inscom,” contained 47 viewable files and folders in the main repository, three of which were also downloadable. The subdomain name provides some indication as to the provenance of the data: INSCOM, an intelligence command overseen by both the US Army and the NSA.

The three downloadable files contained in the bucket confirm the highly sensitive nature of the contents, exposing national security data, some of it explicitly classified.

The largest file is an Oracle Virtual Appliance (.ova) file titled “ssdev,” which, when loaded into VirtualBox, is revealed to contain a virtual hard drive and Linux-based operating system likely used for receiving Defense Department data from a remote location. While the virtual OS and HD can be browsed in their functional states, most of the data cannot be accessed without connecting to Pentagon systems – an intrusion that malicious actors could have attempted, had they found this bucket.”

UpGuard had notified the government of of this find back in October.

The take away here is not about your government spying on you.  It is that if your organization is putting data into Amazon Web Services, make sure everything is properly secured, using strong passwords and two-factor authentication.  It would be better if your information was encrypted, too.

I know that Amazon can be a simple way to spin up servers and web applications for testing, or to build a proof of concept.  Just make sure that you sanitize everything when you are done.

More information:

• TechDirt on DOD surveillance data
• UpGuard on DOD surveillance data
• TechDirt of NSA documents