Data breaches and ransomware have been the tunes in 2017, but there’s a new beat that has joined, the National Security Agency (NSA). This time, it isn’t clear whether the NSA was hacked, but it seems that it hasn’t entirely fixed its leaking problem. According to ZDNet, an NSA virtual disk image (hard disk) was left openly exposed to the public on the famous Amazon Web Services (AWS) storage server.
What makes matters worse regarding the current cybersecurity situation is that the server didn’t have a password. Anyone could dig through top-secret government documents including hackers. It is said the storage server housed more than 100GB of data belonging to the joint task force between the NSA and United States Army Intelligence and Security Command (INSCOM) project. This project is codenamed Red Disk.
Chris Vickery, a director and security researcher for the UpGuard cyber resilient platform, discovered the leak back late in September and reported it to the US government in October. In a statement, Vickery said getting access to the data was as simple as typing a URL. “This data was top secret classification, as well as files obviously related to US intelligence networks. Its stuff used to target people for death, and it was all available in a URL,” Vickery added. Ever since Vickery alerted the US government the information has been secured, but it’s not yet known how many people had downloaded it.
What was on the server
The discovery revealed that the data was located in the AWS subdomain known as INSCOM. The repository of the subdomain contained the highly sensitive hard disk with over 100GB of data. Vickery discovered that the repository contained 47 viewable files and other folders three which were downloadable. The downloadable confirmed the information indeed was highly sensitive, and the contents could expose a lot of national security data.
Loading the virtual image into a proper virtual handler such as a VirtualBox, the image revealed to be of a Linux based system specifically used by the department of defense to receive data from a remote location. It was also discovered that most of the data couldn’t be accessed without linking it to the Pentagon systems. This might be a security mechanism in that whenever the data fell into the wrong hands who don’t have access to the Pentagon could do nothing with it. Other properties of the files also revealed the image contained technical configurations marked top-secret as well as NOFORN, an additional classification of intelligence.
The leaked data contained biometric analysis tools, technology for human language integration used for querying reports and playing audio in English. Another image on the drive revealed the know-how used by analysts to target persons of interest such as terrorists in the Distributed Common Ground System-Army (DCGS-A) system which are later used by autonomous drones or by ground troops.
Other revealed details include six partitions varying in size from 1GB – 69GB. The hard drive’s metadata indicated that a defunct third-party contractor is known as Invertix, an INSCOM partner was also working on the project. Invertix administrator’s private keys for access intelligence systems as well as hashed passwords were among the exposed virtual drive.
What is Red Disk?
According to security and defense professionals, Red Disk is a highly customizable, modular and scalable system that could perform complex military operations and also share intelligence across the battlefield. The information included drone footage, electronic intercept, classified reports and even satellite imagery. In a nutshell, it could provide a consistent picture form the Pentagon to battled filed soldiers. At least that was the hope and core reason why Red disk was built.
Red Disk could also collect vast amounts of intelligence and data from various sources others directly from the NSA. Raw unstructured data would be processed by software known as NiFi, a declassified NSA system capable of supporting scalable and flexible data while directing different kinds of data to multiple computer networks. The collected data is then stored in s central repository to be sorted via various filters. Based on a security clearance, analysts could pull data from the repository; access is obtained from respective certificated based credentials from the Pentagon. The sorting included analyzing, indexing and also correlating. The indexed data would then be used to run a provenance process to verify the owner/source of the data.
To enhance the system’s capabilities, there were support plugins that allow analysts to interact with the data. It also included programs such as a document and media program (DOMEX), for analyzing docs and electronic evidence. On the negative side, Red Disk was slow, difficult to use and crash-prone. It was termed as a major hindrance to operations. It is estimated that Pentagon spent at least $93 million on the project which was never fully deployed.
The aftermath
It is not clear what potential value does the exposed data is to foreign intelligence services or even malicious actors such hackers and attackers. But if anything is bound to happen, it will be of a significant magnitude as the exposed data makes the work too easy for identification purposes. Labels used such as top secret, NOFORN and INSCOM will give everyone a clue what to expect from bad guys. This is also the first-time classified information has been clearly exposed hence leaving the digital tools with great power for anyone to use and use.
Considering the leaks that have been happening in the NSA in the past years, clearly indicates that it should change its approach to cybersecurity as it involves large amounts of intelligence data and information.
