US Army doxes itself, reveals $100 million NSA spy program that got flushed before it was ever used

doctorow · November 29, 2017, 7:08pm

Originally published at: https://boingboing.net/2017/11/29/100m-here-100m-there-it-adds-u.html

…

Papasan · November 29, 2017, 7:17pm

Do you ever get that feeling that the right hand doesn’t know what the left hand is doing.

ugh · November 29, 2017, 7:26pm

Why is the U.S. military even using AWS? Shouldn’t they have their own infrastructure?

redesigned · November 30, 2017, 2:51am

army doxes itself?

the unsecured rds was found by a security researcher.

also how does doxing come into it? doxing is releasing someone’s personal identity or details online as a form of harassment or intimidation. i don’t think that word means what you think it means.

Michael_R_Smith · November 30, 2017, 9:24am

I am in charge of hundreds of AWS instances at work and home and I wouldn’t know how to create an instance you could log in to without an SSH key. It has never been a requirement and its not a standard option.

Michael_R_Smith · November 30, 2017, 9:27am

Amazon has a US government focused availability zone.

FGD135 · November 30, 2017, 11:11am

You’d think that the NSA would be able to provide a secure cloud for government agencies.
OTOH, the other TLAs probably wouldn’t want to use it, for fear of having their own budget cut, turf wars, jockeying for position, and most of all, assuming that the NSA would read all their stuff (instead of merely suspecting this as they do now).

anon35475645 · November 30, 2017, 11:36am

I’m paraphrasing Patrick Gray here, but you probably don’t want to put your documents marked TS-NOFORN in something called a “bucket”.

anon35475645 · November 30, 2017, 11:51am

You’d think that the NSA would be able to provide a secure cloud for government agencies.

Actually, the dual roll of intelligence collection and protecting military networks is something the government has been looking at moving NSA away from. Even if they did provide one though, it wouldn’t fix issues like this. The documents didn’t wind up on AWS because it was the only place to put them. They wound up there in the same way contractors go home with classified documents on thumb drives.

redesigned · November 30, 2017, 6:33pm

Most the standard AMI require ssh keys, it sounded like this was an RDS database instance though, so likely it just had port 3306 open to the public in its security group and no root password set.

AWS is pretty amazing in scope isn’t it?

Michael_R_Smith · December 1, 2017, 6:09am

Oh yeah I love AWS.

The time I spun up a new application instance intending to hook it up with an existing RDS instance, I failed completely to open up the security on RDS and eventually moved the app into the correct subnet. You really have to try hard to stuff up this badly.

doctorow · December 4, 2017, 7:09pm

This topic was automatically closed after 5 days. New replies are no longer allowed.

Topic		Replies	Views
A prolific credit-card theft ring is scanning for unsecured "buckets" in Amazon's cloud and has compromised 17,000 domains (so far) boing	8	788	July 16, 2019
NSA and UK intel agency GCHQ target online anonymity tool Tor, according to leaked Snowden documents boing	15	3358	October 9, 2013
The NSA sure breaks a lot of "unbreakable" crypto. This is probably how they do it boing	72	5011	October 20, 2015
Google security engineer on NSA: "Fuck these guys" boing	34	6582	November 12, 2013
NSA uses Google's tracking cookies to target and "exploit" their subjects boing	9	2384	December 16, 2013

US Army doxes itself, reveals $100 million NSA spy program that got flushed before it was ever used

Related topics