Chris Vickery from Upguard found an Army Amazon Web Services instance with no password or encryption, containing 100GB of data on a defunct NSA program called Red Disk.
Red Disk was to have been a cloud system for the NSA to use to coordinate battlefield intelligence. The Agency spent more than $93 million on the program before the Pentagon pulled the plug. Nothing of any value was salvaged from that $93 million investment.
While Red Disk never came to be and the existence of its files online mostly serve as a reminder of the program's failure, it remains troubling that the program was exposed in a server that had no protection and allowed anyone who found the domain where it was hosted to view it.
Documents contained within the Red Disk cache also contained sensitive information, including private keys used for the system to access other servers maintained by the intelligence community. The keys belonged a Invertix, a third-party firm that worked with INSCOM to develop Red Disk.
The NSA, INSCOM and Invertix—now Altamira Technologies—have yet to acknowledge or comment on the public-facing server.
Army Spent $100 Million On Intelligence System It Never Used, NSA Leak Says
[AJ Dellinger/IB Times]
(via Naked Capitalism)
(Image: Damian Gadal, CC-BY)