Security Risk: Pentagon Mail Server Was Open On The Internet
The US Department of Defense is considered one of the world’s “most attractive” targets for hacker attacks and the systems are correspondingly well secured. Or rather, you should be. Because until the beginning of the week, a server was unsecured in the network for two weeks.
The Department of Defense (DoD) houses information and secrets about one of the largest military apparatuses in the world and the US authorities leave nothing to chance here. Security is particularly important. The glitch that TechCrunch has just made public is all the more embarrassing: As the site reports, a (self-inflicted) security gap was closed on Monday of this week that went unnoticed for two weeks.
The server was open in the network
Because the misconfiguration of a server meant that it was not protected by a password, which made it possible, at least in theory, for anyone on the Internet to access sensitive mailbox data via a browser. The only requirement was knowledge of the appropriate IP address.
The data on the affected server can undoubtedly be described as sensitive: because it contained a mailbox system on which around three terabytes of internal military e-mails were stored. Many of these concerned the US Special Operations Command (USSOCOM), which is a US military unit responsible for conducting special military operations.
The gap was tracked down by security researcher Anurag Sen last weekend, including with the help of the crawler Shodan. Sen immediately informed the US authorities and later also TechCrunch. A large amount of sensitive information about military personnel was stored on the server, including “SF-86” forms that government employees must fill out in order to obtain a security clearance.
According to TechCrunch, the potential damage is limited because no information could be classified as secret or confidential – at least what was seen. A Pentagon spokesman said no one had “hacked” the systems. Whether there was access to the system, apart from Anurag Sen’s discovery, the DoD would not or could not say.
It has been a long time since I joined Research Snipers. Though I have been working as a part-time tech-news writer, it feels good to be part of the team. Besides that, I am building a finance-based blog, working as a freelance content writer/blogger, and a video editor.