US intelligence agencies are suffering so many leaks these days, they probably don’t know whether to call out a cyber security expert or an emergency plumber (*ba-dum tsh*). The latest debacle involves the exposure of 28GB of intelligence data from the Pentagon’s National Geospatial-Intelligence Agency (NGA) on a public Amazon server. The culprit is American defence contractor, and former employer of Edward Snowden, Booz Allen Hamilton.
Security firm UpGuard discovered around 60,000 Pentagon files, including several unencrypted passwords of US government contractors, and immediately alerted Booz Allen’s CISO – who didn’t respond. UpGuard then contacted the NGA, the Pentagon’s top secret ‘map-makers,’ who immediately secured the exposed data.
As well as being another embarrassment for the US spook community, this kind of leak leaves the door wide open for nation-state hackers from the likes of Russia, China and North Korea – and bored 13-year-olds working from their parents’ basement. As with most data leaks, this one seems to be the result not of a breach but of simple human error. Unsecured databases are all too often email or stored without proper encryption or other protection in place, jeopardising not just individuals’ privacy but also, it seems, national security.