US Army doxes itself, reveals $100 million NSA spy program that got flushed before it was ever used


#1

Originally published at: https://boingboing.net/2017/11/29/100m-here-100m-there-it-adds-u.html


#2

Do you ever get that feeling that the right hand doesn’t know what the left hand is doing.


#3

Why is the U.S. military even using AWS? Shouldn’t they have their own infrastructure?


#4

army doxes itself?

the unsecured rds was found by a security researcher.

also how does doxing come into it? doxing is releasing someone’s personal identity or details online as a form of harassment or intimidation. i don’t think that word means what you think it means.


#5

I am in charge of hundreds of AWS instances at work and home and I wouldn’t know how to create an instance you could log in to without an SSH key. It has never been a requirement and its not a standard option.


#6

Amazon has a US government focused availability zone.


#7

You’d think that the NSA would be able to provide a secure cloud for government agencies.
OTOH, the other TLAs probably wouldn’t want to use it, for fear of having their own budget cut, turf wars, jockeying for position, and most of all, assuming that the NSA would read all their stuff (instead of merely suspecting this as they do now).


#8

I’m paraphrasing Patrick Gray here, but you probably don’t want to put your documents marked TS-NOFORN in something called a “bucket”.


#9

You’d think that the NSA would be able to provide a secure cloud for government agencies.

Actually, the dual roll of intelligence collection and protecting military networks is something the government has been looking at moving NSA away from. Even if they did provide one though, it wouldn’t fix issues like this. The documents didn’t wind up on AWS because it was the only place to put them. They wound up there in the same way contractors go home with classified documents on thumb drives.


#10

Most the standard AMI require ssh keys, it sounded like this was an RDS database instance though, so likely it just had port 3306 open to the public in its security group and no root password set.

AWS is pretty amazing in scope isn’t it?


#11

Oh yeah I love AWS.

The time I spun up a new application instance intending to hook it up with an existing RDS instance, I failed completely to open up the security on RDS and eventually moved the app into the correct subnet. You really have to try hard to stuff up this badly.


#12

This topic was automatically closed after 5 days. New replies are no longer allowed.