One would think that the US military would have the most secure technology in the world. That does not appear to be the case all of the time. The Department of Defense is now looking into an email leak.
The US Special Operations Command (USSOCOM) of the Defense Department is investigating after an unprotected server exposed critical emails online for two weeks. According to TechCrunch, Anurag Sen, a security researcher, contacted the website after discovering that the Pentagon’s data had been unintentionally exposed online. The researcher requested that Tech Crunch notify federal authorities about the hack.
The server, according to the website, included internal military correspondence dating back years. Some of the mails contained classified military information, such as a completed SF-86 questionnaire. While applying for a security clearance, federal personnel must complete this form. The email server was connected to the internet but not password protected, allowing anyone with the IP address to view the data.
The U.S. Department of Defense has fixed a misconfigured internet-connected cloud server that for the past two weeks had been left accessible to public view without a password. https://t.co/IQnGn4xQOd
— Anthony DeRosa (@Anthony) February 22, 2023
On February 19, TechCrunch contacted USSOCOM. Nevertheless, the military server was not secured until the next day, giving a bad actor even more time to read the important emails. According to USSOCOM spokesman Ken McGraw, his organization was able to determine the disclosure was not the product of a hack. When asked if the Department of Defense would know if anyone else accessed the data while the server was unsafe, the spokeswoman did not comment.
A representative for US Cyber Command issued a statement to The Hill claiming that “defensive cyber operators proactively scan and mitigate the networks they manage.” The official said if an incident is found during the scans, they “fully mitigate, protect, and defend” the networks.
It is unknown how many military personnel and government officials had their data compromised as a result of the leak.