Internet

Security Risk: Pentagon Mail Server Was Open On The Internet

The US Department of Defense is considered one of the world’s “most attractive” targets for hacker attacks and the systems are correspondingly well secured. Or rather, you should be. Because until the beginning of the week, a server was unsecured in the network for two weeks.

The Department of Defense (DoD) houses information and secrets about one of the largest military apparatuses in the world and the US authorities leave nothing to chance here. Security is particularly important. The glitch that TechCrunch has just made public is all the more embarrassing: As the site reports, a (self-inflicted) security gap was closed on Monday of this week that went unnoticed for two weeks.

The server was open in the network

Because the misconfiguration of a server meant that it was not protected by a password, which made it possible, at least in theory, for anyone on the Internet to access sensitive mailbox data via a browser. The only requirement was knowledge of the appropriate IP address.

The data on the affected server can undoubtedly be described as sensitive: because it contained a mailbox system on which around three terabytes of internal military e-mails were stored. Many of these concerned the US Special Operations Command (USSOCOM), which is a US military unit responsible for conducting special military operations.

The gap was tracked down by security researcher Anurag Sen last weekend, including with the help of the crawler Shodan. Sen immediately informed the US authorities and later also TechCrunch. A large amount of sensitive information about military personnel was stored on the server, including “SF-86” forms that government employees must fill out in order to obtain a security clearance.

According to TechCrunch, the potential damage is limited because no information could be classified as secret or confidential – at least what was seen. A Pentagon spokesman said no one had “hacked” the systems. Whether there was access to the system, apart from Anurag Sen’s discovery, the DoD would not or could not say.

Share
Published by
Research Snipers

Recent Posts

Google Health: A bug is currently really annoying Pixel Watch users

An annoying software error is currently plaguing many owners of the Google Pixel Watch. The…

7 hours ago

Pixel Watch 5: Leak shows the design of the new Google smartwatch in advance

After the new Google smartphones in the Pixel 11 series, official marketing images of the…

7 hours ago

Epson is in court: first lawsuit over planned obsolescence

A French consumer protection association is taking Epson to court. The accusation is of planned…

7 hours ago

EU brings Meta to its knees: ChatGPT is running again in WhatsApp chat

After a months-long exclusion by the Facebook group Meta, the well-known AI chatbot ChatGPT has…

8 hours ago

Good news for Windows 11: Microsoft is banning advertising from search

Microsoft is fundamentally redesigning the search in Windows 11. The operating system loses advertising, forced…

8 hours ago

iOS 27 public beta is here: Apple starts the test phase for all iPhone users

Interested users can now install the first public beta version of iOS 27 on their…

8 hours ago