• DOD Allowed Unsecured Server To Dump Sensitive Military Emails Online For Two Weeks

    February 22, 2023
    Views: 996

    Please Follow us on GabMindsTelegramRumbleGab TVGETTRTruth Social

    On Monday, it was discovered that an unsecured server at the Department of Defense (DOD) had been leaking sensitive military emails online for two full weeks. The incident is being blamed on a misconfiguration that left the server without a password.

    The server contained files with sensitive personnel information from the past several years, including completed SF-86 questionnaires, which contain background information for personnel with security clearance. The server is a treasure trove of sensitive information for anyone looking to do harm to the U.S.

    The compromised server was hosted on Microsoft's Azure government cloud, which is exclusively for DOD customers. The Azure servers are physically separated from those for commercial customers and can be used to share sensitive information, although no classified material. The exposed server acted as part of an internal email system storing roughly 3 terabytes of internal military emails, several of which pertained to U.S. Special Operations Command (USSOCOM), which is the military unit that conducts special operations.

    A misconfiguration of the server left it, and its sensitive email contents, without a password and openly exposed on the internet. Anyone could access the server using only an internet browser and the server's IP address.

    Data on the server includes military emails, some of which contain sensitive personnel information, dating back years. Included in the exposed emails were several SF-86 questionnaires, which is a document that is completed by anyone seeking security clearance and contains highly sensitive personal background and health information used to vet individuals for possible security clearance. The information contained in the SF-86 questionnaires would be valuable to U.S. adversaries.

    Get gains in the gym in style with AFP Merch!

    Regrettably, this is not the first such breach of sensitive information. In 2015 the U.S. Office of Personnel Management had a significant data breach when a Chinese hacker stole millions of background check files for government employees applying for security clearance.

    None of the limited data reviewed by the media thus far has been classified, which is consistent with USSOCOM's civilian network. For security purposes, all classified networks are internal and inaccessible from the internet.

    It appears that the vulnerable server was first discovered to be leaking sensitive data on February 8. While it is still unclear exactly how the server came to be dumping data on the public internet, it is most likely due to a misconfiguration, which would have been caused by human error.

    The server was finally secured Monday afternoon, and a senior Pentagon official has confirmed that details of the exposure have been passed along to USSOCOM to be handled accordingly.



    Jen Snow

    Jen Snow is a former paralegal turned freelance writer who has a passion for foreign affairs. When not writing, she can be found curled up with her dog and a good book or outside playing in the Florida sun.
    Notify of
    Inline Feedbacks
    View all comments
    © Copyright 2024 - Armed Forces Press - All Rights Reserved