NSA breach spills over 100GB of top secret data

The US spy agency is supposed to be all about secrecy, but once again its secrets have leaked out into public view.

The latest NSA data breach leaked more than 100 GB of data. 

Aaron Robinson/CNET

The National Security Agency still hasn't fixed its leaking problem.

A virtual disk image belonging to the NSA -- essentially the contents of a hard drive -- was left exposed on a public Amazon Web Services storage server. The server contained more than 100 gigabytes of data from an Army intelligence project codenamed "Red Disk," ZDNet first reported.

The server was unlisted, but it didn't have a password, which meant that anyone who found it could dig through the government's secret documents. That's exactly what happened in late September when Chris Vickery, director of cyber risk research at security company UpGuard, discovered the server. He alerted the government in October.

It was on the AWS subdomain "inscom," an abbreviation for the US Army Intelligence and Security Command. 

"It was as simple as typing in a URL," Vickery said. "This data was top secret classification, as well as files obviously related to US intelligence networks. It's stuff used to target people for death, and it was all available in a URL."

Vickery said it had been so unbelievably easy to access that when he first discovered it, his first thought was, "is this real?" 

Data breaches from both AWS servers and the NSA have become a common in recent years. Poor security on AWS servers led to exposed data tied to the Pentagon, Verizon, Dow Jones and nearly 200 million American voter records.

The NSA, meanwhile, has suffered notorious leaks dating back to Edward Snowden's whistle-blowing in 2013 on the agency's massive surveillance program. Since then, thieves have stolen the NSA's hacking tools, and an NSA contractor faced charges after leaking the agency's secrets to the public. Another contractor faces up to 11 years in prison for stealing top secret documents.

The agency did not respond to a request for comment.

Data theft from the NSA can lead to serious collateral damage. The massive WannaCry ransomware attack spread rapidly because hackers took advantage of a stolen NSA tool.

A look at some of the files stored on the AWS server. 

UpGuard

In the latest incident, the contents on the insecure AWS server are classified as "NOFORN," meaning the information is sensitive enough that even foreign allies are not allowed to see it, UpGuard said. The server contained 47 viewable files, three of which were downloadable and exposed national security data.

Most of the data couldn't be accessed without connecting to the Pentagon's network, the security firm's researchers said.

ZDNet was able to get a look at some of the files, and spotted a connection to Red Disk, a cloud-based intelligence system developed by the Army in 2013. Red Disk, a $93 million program considered a military failure, was designed to help the Pentagon with soldiers on the field collecting classified reports, drone footage and satellite images. The data all belonged to INSCOM, a division of both the Army and the NSA.

"Plainly put, the digital tools needed to potentially access the networks relied upon by multiple Pentagon intelligence agencies to disseminate information should not be something available to anybody entering a URL into a web browser," UpGuard said in a blog post.