Pentagon Investigating Reported Leak of Emails From Military Server

Pentagon Investigating Reported Leak of Emails From Military Server
The U.S. Department of Defense seal is seen on the lecturn in the media briefing room at the Pentagon in Washington, on Dec. 12, 2013. (Paul J. Richards/AFP/Getty Images)
Katabella Roberts
2/22/2023
Updated:
2/24/2023
0:00

A Department of Defense (DOD) email server reportedly leaked internal military communications inadvertently across the internet for roughly two weeks before it was discovered by an independent cybersecurity researcher and subsequently secured.

The DOD’s Special Operations Command (USSOCOM) has since launched a probe into the incident, Special Operations Command (SOCOM) spokesperson Ken McGraw told The Epoch Times.

USSOCOM, also known as SOCOM, is a unit within the DOD that oversees and coordinates special operations in various military branches, including the Army, Navy, Marine Corps, and Air Force.

The open server was secured on Feb. 20 by the DOD, McGraw said, adding that the command “initiated an investigation into information we were provided about a potential issue with the command’s Cloud service.”

“The only other information we can confirm at this point is no one has hacked US Special Operations Command’s information systems,” McGraw added.

The data leak was first reported by TechCrunch, which said that independent cybersecurity researcher Anurag Sen discovered it and contacted the publication, which then informed USSOCOM.

Sensitive Information on Server

A misconfiguration with the DOD server allegedly hosted on Microsoft Azure’s government cloud left it accessible with a password, meaning that it could be accessed by anyone on the internet via the server’s correct IP address, according to Tech Crunch.
Microsoft, as well as Amazon, Google, and Oracle, were all awarded lucrative cloud contracts with the DOD valued at up to $9 billion in total in December.

The exposed server was part of an internal mailbox system that stored around three terabytes of military emails, some of which dated back years and mainly related to USSOCOM, the report said.

Such data included the sensitive personal and health information of federal employees that were being vetted for security clearance, according to TechCrunch.

While the information accessible on the server was personal in nature, none of the data that was viewed by TechCrunch appeared to be classified, it said.

Sen said on Twitter on Feb. 21 that he had reported the exposed server and that it has since been secured.

“The U.S. Department of Defense was spilling terabytes of internal U.S. military emails to the internet,” Sen wrote.
TechCrunch, citing the search engine Shodan, which gathers information about internet-connected devices and systems, said the unsecured server began leaking data on Feb. 8.

No-Fly List Exposed

It is unclear if anyone else was able to access the exposed server and the data on it within the two-week period that it was unsecured.
Separately, a spokesperson for the U.S. Cyber Command told The Hill: “As a matter of practice and operational security, we do not comment on the status of our networks and systems. Our defensive cyber operators proactively scan and mitigate the networks they manage.”

“Should any incidents be discovered during these regular operations, we fully mitigate, protect, and defend our networks and systems. Any information or insight is shared with relevant agencies and partners if appropriate,” the spokesperson added.

This is not the first time that databases belonging to the U.S. government have allegedly been exposed.

In January, the Transportation Security Administration said it had launched an investigation after a Swiss hacker claimed to have come across a copy of its no-fly list, which lists known or suspected terrorists who are prohibited from flying, on an unsecured server linked to the commercial airline company, CommuteAir.

That server was also found through the search engine Shodan.

A Department of Defense Spokesperson told the Epoch Times in an emailed statement: “The Department of Defense DoD is aware of the potential exposure of DoD unclassified, commercially cloud-hosted data to the Internet over the past two weeks. The affected server was identified and removed from public access on February 20.”

“U.S. Cyber Command and Joint Force Headquarters-Department of Defense Information Network continue to work with affected DoD entities and the Cloud Service Provider to assess the scope and impact of this potential data exposure. The DoD Chief Information Officer in coordination with JFHQ-DODIN is working with the CSP to understand the root cause of the exposure and why this problem was not detected sooner. DOD CIO will direct changes in CSP security measures as required based on any findings and recommendations. We will notify any DoD personnel affected by the incident appropriately and following Federal Law and DoD Policy. DoD takes this matter very seriously and will incorporate all lessons learned from this event to strengthen its cybersecurity posture.”

This report has been updated to include the DoD’s statement.